MANAGING IN THE DIGITAL WORLD

Information Systems Today

• Change is not gradually, it’s DISRUPTIVE

• Technologies affect every market, every life’s dimension

• «Good enough» is dead

– We need to adapt and to learn just in time and not just in case

– How to discover new opportunities in this transformational time?

• The skills we need are dramatically different

• Anything that cannot be digitized or automated becomes extremely valuable

– Focus on things that cannot be automated

• Machines are very good at simulating but not at being

– It’s about how to use technology not about how to become it

The implication of digital Disrupt

• The proliferation of mobile devices such as smart phones, tablets, and iPads are all around
us and affect every dimensions of our daily life.

• From the management perspective: organizations increasingly accelerate digital

innovations in their business.

– COVID-19 pandemic: opportunity to “dance into the storm” e display

“organizational resilience”

• Changes in technology enables new organizational forms, new ways of working and
socializing

– Example: Robotic Operating Room

– Effect on decision making, tasks, roles and communication

- People can complete their “working tasks” everywhere they have a cellphone signal

- Workdays don’t have a clear beginning and end anymore

- Changes in technology ® social changes ® technological changes

• Boundaries between work and leisure time are blurring

– How workplace tech helps

1
 – The effect on work-life balance (work ‘smarter’ not harder)

– Always being available at a moment’s notice is the new normal

– “This “ASAP culture” is thriving throughout the business world and imposing a
sense of immediacy and urgency on account of the instantaneous nature of
communications. This phenomenon is only compounded by the pressure imposed by
social media, where immediate responses are required all the time” (Garo, 2019)

– Need for a redefinition of the digital workplace

- Employees demand devices that support both work and leisure time

5 IT Megatrends that shape the digital future

1.Internet of things
A broad range of physical objects that can automatically share data over the Internet. In
2008 more devices were connected than there were people living on the Earth.
As the number of devices connected to the Internet grows, Internet of things tends to
become the Internet of everything, where any devices’ functionally is enhanced through
connectivity and intelligence.

2.Social Media
Most people use social media, companies also. Companies control the power of the crowd
by using social media to get people to participate in innovation and other activities.
Organisations also use social media to encourage employees’ collaboration.

3.Mobile devices
Thanks to the mobile devices we can say that we are living in the post PC era.
The main implications of Mobile Devices are:
- Consumerization of IT (Businesses use more and more of the same tech)
-Bring your own device (BYOD) to work is a major concern
-Security concerns
Also new costumers can be reached through mobile apps.

4.Cloud Computing

Web technologies enable using the Internet as the platform for applications and data.
Applications that used to be installed on individual computers are increasingly kept in the
cloud f.e. Google Docs, Gmail….
Can enable advanced analytics of massive amounts of Big Data.

5.Big Data
Big Data are typically described as extremely large and complex datasets, which are
characterized as being of high volume, variety (i.e., many different types of data), and
velocity (i.e., the data are being collected and analysed at ever-increasing rates).
Transformations of our social and work interactions encourage increase of Big Data.

2
+Artificial intelligence
+blockchain

Wearable Technology = clothing or accessories that incorporate electronic technologies. For

Example, smart watches, Fitness trackers, Google Glass…

INFORMATION SYSTEMS
IS = Combination of people and IT that create, collect, process, store, distribute data.

Information systems use information technology to collect, create, and distribute useful
data. They are made of data, people, organisations, and information technology.

Information technology includes:

-Hardware: physical computer equipment
-Software: programs that tells computers to perform certain tasks
-Telecommunication networks: groups of more computers system linked with
communication equipment.

Data ——-> Information ——-> Knowledge

1. Alone, raw data are not very useful

2. When processed, data transforms into information
3. When information is understood and used for decisions it becomes knowledge

Systems

- Hardware: computer, tablet, printer, computer monitor

technologies to INPUT data – OUTPUT useful information

- Software: computer program (to perform tasks)

provides instructions on what processing functions to perfom

- Telecommunications Networks: group of computer systems linked together w/

communications equipment

computer shares data and services

® global collaboration, communication, commerce

People: The Builders, Managers, and Users of Information Systems

Develop, maintain, manage, study IS

3
Careers in Information Systems

• Examples of Careers in IS

– Systems analyst

– Systems programmer

– Systems operators

– Network administrators

– Database administrators

– IS audit

Organisations: The Context of Information Systems

Information systems can help organisations

– To become more productive and profitable
– Gain competitive advantage
– Reach more customers
– Improve customer service

INFORMATION SYSTEM ETHICS

Ethical concerns are related to information privacy and intellectual property. A code of
ethical conduct can safeguard organizations’ private data and employees’ information.
The Digital Divide

• Many people are being left behind in the Information Age

– Strong linkage between computer literacy and a person’s ability to compete in the
Information Age
– People in rural communities, the elderly, people with disabilities, and minorities ignore
national averages for Internet access and computer literacy
– The challenges in overcoming the digital divide are ever greater in developing countries.

Information Systems Outsourcing

Companies are offshoring production to overseas countries (such as China) to utilise

talented workers or reduce costs.
Key reasons for Outsourcing:
-To reduce or control costs
-To reduce time market
-To be able to focus on core activities

4
-To gain access to world-class capabilities.

Challenges of operating in digital world

-Government f.e. regulatory such as laws, standards…

-Geo-economic f.e. infrastructure differences, demographics…
-Cultural f.e. language differences, beliefs, life focus….

INNOVATIONS

Valuing Innovations

Innovation is a key for organisations to gain or sustain a competitive advantage.

Innovation involves creating new products or services that return value to organisation.

Example of MC Donalds
McDonald’s example
• In 1975 a group of potential McDonald's customers had a problem: They were soldiers
and, at that time, soldiers where they were located weren't permitted to get out of their
cars while wearing their fatigues
• After learning of this problem, McDonald's came up with an INNOVATIVE SOLUTION: add a
drive-thru.
• The first McDonald's drive-thru was located near military base Fort Huachuca in Sierra
Vista, Arizona to serve the soldiers there. Additional drive-thru locations in Georgia and
Oklahoma City soon followed. What followed is known.
• McDonald's became the leader in the fast food industry with their strong focus on
customer service, response to competition, and use of marketing techniques early on in
their development.

Innovation: practical implementation of a new idea into a new product or process

• Sources of innovation
– Individual creativity: can originate with individuals (lone inventor) or user who designs
solutions for his own needs.
– Organizational creativity: It can arise from research efforts of universities, governments,
laboratories and incubators, or private or non profit organizations
– Creativity by users: open innovation

Types of innovation
• Product Innovation
– relates to a) either a completely new product (i.e. bitcoin currency) or b) a new
feature in an existing product (i.e. the introduction of camera features in a mobile
phone) or c) the enhancement of an existing product feature (i.e. higher resolution
version of the camera
– It is most often a result of new technology or new insights about customer need
• Process innovation

5
 – Relates to how a product or service is produced or delivered to the client. It can be
a combination of methods, capabilities and technologies to produce, market, deliver
and support a product or provide a service.
– Examples: automated assembly line for car manufacturing, automated AI-based
chatbots to provide intelligent 24/7 support to their clients
• Organizational and Business Model Innovation
– More holistic and organization-wide transformation
– Relates to the ability to experiment with the way organizations operate their business
changing their existing business model

Radical innovation, aka disruptive innovation, use a markedly new or different technology to
access new costumer segment and greater benefits.
Successful innovation is often difficult

There are limits of using information system to gain or sustain a competitive advantage.
Information systems are often bought from or built by someone else. The information
systems are usually not proprietary technologies owned by the organisation.

4. Innovation is often fleeting (the space of change is fast and smart rivals quickly adopt any
advantage)
5. Innovation is often risky (competitive technologies result is a winner and loser)
6. Innovation choices are often difficult (it is difficult to predict which opportunities will
lead to success)

Organisational requirements for innovation

-Process requirements (focus on success over other objectives)

-Resource requirements (employees with knowledge, skills, time, and resources, also
partner with appropriate requirements)
-Risk tolerance requirements (tolerance for risk and tolerance for failure)

Implementing the innovation process

Wheeler (2002) has summarized this process as the disruptive innovation cycle = the model
holds that the key to success for modern organizations is the extent to which they use
information technologies and systems in timely, innovative ways. The vertical dimension
shows the extent to which an organization derives value from a particular information
technology and the horizontal shows time.

Choosing enabling/emerging technologies

Successful organizations first create jobs,

groups and processes that are all devoted to scanning the environment for new emerging
and enabling technologies that appear to be relevant for the organization.

6
Matching technologies to opportunities

The organization matches the most promising
new technologies with current economic opportunities.

Executing business innovation for growth

It represents the process of selecting, among
myriad opportunities to take advantage of, those emerging technologies that have biggest
potential to address the current opportunities

Assessing value 

The process of assessing the value of that use of technology, not only to
customers but also to internal clients

The diffusion of innovations

Everett Rogers theorised in his book “the diffusion of innovations” that the adoption of
innovations usually follows an S-shaped curve. When an innovation is brought to market,
initially only a small group “innovators” will adopt that innovation. After some time, sales pick
up as the innovators are followed by the “early adopters” and the increase in sales is
strongest. Then sales slowly level off when the “late majority” starts adopting the innovation.
Finally, sales stay level as only the “laggards” are left to adopt the innovation.

BUSINESS MODELS IN THE DIGITAL WORLD

A business model is a summary of business strategic direction that shows how objectives
will be achieved. It describes how company try to create, organise and capture values.
It is related to the questions like What does a company do, How they reach, keep and grow
costumers, What are the costs?…

Managing in the Digital World: Startups and New Business Model

Information technology enables new business models such as

-Operating a platform (enables other businesses / users to create value)

-Cutting out the middleman (by passing traditional retail channels and interacting directly
with costumers)
-Selling subscriptions
-Providing on-demand services

A Sharing Economy is defined as “an economic system in which assets or services are shared
between private individuals, free or for fee, typically by means of the Internet.

A Revenue Models in the Digital World

A revenue model describes how the firm will earn revenue, generate profits and produce
superior return on invested capital;

7
Affiliate marketing-paying businesses that bring or refer costumers to another business.
Revenue sharing is typically used (Amazon)

Advertising

Subscription-users pay a monthly or yearly fee for the use of the product ( Netflix)

Licensing-users pay a fee for using protected intellectual property (Norton)

Transaction fees/brokerage-a commission is paid to the business for aiding in transactions

(PayPal)

Traditional sales- a costumer buys a product from the website (iTunes)

Freemium- is a marketing approach companies use to obtain costumers by offering

something for free to build a larger costumer base and then charge a premium for
unrestricted versions with more functionality. (Just because products are free for costumers
doesn’t mean that someone is not paying for it and that someone is not making profit from
it).

Crowdfunding is the securing of business financing from individuals in the marketplace to

fund an initiative.

Organisational Strategy through Information Systems

This actually describes how information systems can be used for automation, organisational
learning and strategic advantage.

- Organizational Decision-Making Levels

- Organizational Functional Areas
- Information Systems for Automating: Doing things Faster
- Information Systems for Organizational Learning: Doing Things Better

Organizational Decision Making Levels:

-Executive/Strategic level (Upper Management)

Who:Executive level manager
What: Summarize past organisational data and plan projections of the future
Why:Improve organisational strategy and planning.

-Managerial/Tactical Level (Middle Management)

Who: MidLevel Managers and Functional Managers
What:Automate the monitoring and controlling of operational activities
Why: Improve organisational effectiveness

8
-Operational Level (Operational Employees, Foremen, Supervisors)
Who: Foremen and Supervisors
What: Automate routine and repetitive activities
Why: improve organisational efficiency

Organisational Functional Areas:

A functional area represents a discrete area of an organisation that focus on specific set of
activities. These organisational functional areas are designed to support the unique business
processes of specific functional area.
When you develop information system across organisational levels and functions there are 3
general ways of information system that provide values:

1.Information system for automating (doing things faster)

It helps to complete task faster, cheaper and more efficiently. Also, it helps costumer f.e. to
complete applications online, rather than manually. For example to complete and submit
some applications at home it takes 1.5 days, while online it takes only 15 minutes.
At operational level, automating helps in repetitive, but it can help also in the decision
making level.

2.Information system for organisational learning (doing things better)

Organisational learning is ability of an organisation to use past behaviour and information to
improve its business processes. A combines automatic and learning approach is more
effective.

3.Organizational strategy and strategy fit

The best way to use it is to support organisation’s strategy in order to gain competitive
advantages. Organisational strategy (firm plans to accomplish its mission and goals).

Organisations try to maximise business/IT aligning and this means to match the IT
investments to the strategy.

Companies that see the greatest competitive benefit are the ones that focus the business
process management on the value creation strategy.

Informational systems can help doing things faster. Here some examples:

• Information systems can track and identify trends and seasonality

• Managers can use this to plan for timely staffing and training of personnel
• Example: It can identify how the business is functioning in general and at different times of
the year
• Managers can learn from this information and utilize it to run the business more
efficiently, planning in advance how they handle seasonal demand fluctuations or changing
business processes that are flawed and generating problems, such as approving loans that
will be defaulted

9
• Firms have a competitive strategy
• Information systems should be implemented to support the organization’s strategy
– Identifying Where to Compete: analyzing Competitive Forces

VALUE CHAIN ANALYSIS

– The process of analyzing an organization’s activities to determine where value is added to
products or services
– Used to identify opportunities where information systems can be used to gain a
competitive advantage
– The Role of Information Systems in Value Chain Analysis
– The Technology/Strategy Fit
• It is important that when firms are choosing technologies to implement they make sure
the technologies support the business strategies already in place
• By making sure that the projects selected are focused on helping the company meet its
core business objectives, a company can help ensure that the projects are adding value.
• Therefore, organizations try to maximize business/IT alignment
• In any significant IS implementation, there must be commensurate, significant
organizational change
– This typically comes in the form of business process management (a method of improving
functioning of an organization)

Managing the Information Systems Infrastructure and Services

LEARNING OBJECTIVES
➢ - Describe how changes in businesses’ competitive landscape influence changing IS
infrastructure needs
➢ - Describe the essential components of an organization’s IS infrastructure
➢ - Discuss managerial issues associated with managing an organization’s IS infrastructure
➢ - Describe cloud computing and other current tends that can help an organizational
address IS infrastructure-related challenges.

1. • Applications and Databases Supporting Processes of Businesses rely on an information

systems infrastructure
– Hardware
– System software
– Storage
– Networking
– Data centers

Applications and Databases Supporting Business Process:

• Application Software
– Software Tools
• Process automation

10
 • Decision support
• Other business and user needs
• Databases
– Collections of data
– Organized to facilitate data searches

2.Describe the essential components of an organization’s IS infrastructure

The main components are : Hardware, System Software, Storage, Networking ,Data Centers

The Software:
-Control computer hardware operations
•-Operating systems
– Examples: Windows, OS X, Ubuntu, Linux
– Manages hard drives and storage
– Manages keyboard, mouse, monitor, and printers
– Coordinates application access to computing resources

Networking:
• Both human and computer communication involve senders, a message to share, and
receivers.
Network requires:
• Sender and receiver • Transmission pathway • Rules/protocols for communication

• Servers – Host (serve up) data, databases, files applications, Web sites, video, and other
content for access over the network

11
• Clients – Consume hosted resources
• Peers (P2P) – Serve and consume resources, both a server and a client interacting with
similar computers
Types of networks

THE INTERNET AND THE WWW

• The Internet is a large worldwide collection of networks that use a common protocol to
communicate with each other
– The Internet is based on internetworking, or combining networks to form larger networks
• The World Wide Web is a system of interlinked documents on the Internet
– Web protocols (e.g., HTML and HTTP)
– Web pages (documents containing HTML)
– Web servers (provides access via a Web site)
– Web browsers (provides interface to Web pages)

WORLD WIDE WEB ARCHITECTURE

Components:

– Interconnected Web servers

– Communicate over the Internet

▪ Clients request Web page hosted on server
▪ Server breaks into packets
▪ Packets stream over Internet to client
▪ Client reassembles
▪ Client can request retransmission of any missing packets ▪ Web browser translates Web
page into visible output

WEB DOMAIN NAMES

• Uniform Resource Locator (URL) is used to identify and locate a particular Web page
• Domain name is a term that helps people recognize the company or person – Prefix, like
“google” or “Microsoft” – Suffix, like .com, .edu, .org, .gov, or two-letter country codes

THE IP ADDRESS
• The Internet uses IP addresses – IPV4: Old style, 32-bit, running out of addresses – IPV6:
New style, 128-bit, huge address space • The WWW translates domain names into IP
addresses – www.arizona.edu translates to (IPV4) 128.196.134.37 – A URL could be
expressed directly as an IP address, although it’s more common to use it’s related domain
name

WORLD WIDE WEB FUNCTIONING

• Components
– Interconnected Web servers
– Utilize Transmission Control Protocol/Internet Protocol (TCP/IP)
– Communicate over the Internet

12
 • Clients request Web page hosted on server
• Server breaks into packets
• Packets stream over Internet to client
• Client reassembles
• Client can request retransmission of any missing packets
• Web browser translates Web page into visible output

EXTRANETS AND INTRANETS

• Companies have confidential data
• These data still need to be shared on a limited basis
– Intranet: password-protected Web site designed for sharing within the company
– Extranet: password-protected Web site designed for sharing with select partners
• Data and communication are protected via firewalls and virtual private networks (VPNs)
DATA CENTERS
• Large amounts of data to be managed
• Dedicated space for infrastructure components such as data centers
• Data center centralization facilitates
– Management – Repairs – Upgrades – Security

3.Discuss managerial issues associated with managing an organization’s IS infrastructure

CLOUD COMPUTING SYSTEM MODELS

• Software as a Service (SaaS)

• Platform as a Service (PaaS)
• Infrastructure as a Service (IaaS)

*Cloud Computing is a way to allocate resources much like a utility sells power

• Resources are used “on- demand,” as needed

• Customers only pay for what they consume
• Resources can be rapidly allocated and reallocated
• • Consumption becomes an operating expenses
• % utilization and efficiency increase dramatically

Cloud Computing Characteristics

- On-Demand Self Service

-Resource Pooling

-Rapid Elasticity

13
-Measured Service

- Broad Network Access

Managing the Cloud

-Availability/Reliability
- Scalability
- Viability
- Security, Privacy, and Compliance

-Diversity of offerings

-Openness

-Costs

E-COMMERCE

E-Commerce (EC) Defined

E-Commerce is the exchange of goods, services, and money among firms and their
costumers, and between costumers, supported by communication technologies and the
Internet.

Types of E-Commerce

14
E-Government

Government-to- Citizens (G2C)

It allows interaction between federal, state and local governments and their constituents.
Some states are already working on e-voting initiatives, allowing citizens to vote online.

Government to business (G2B)

It’s the relationships between business and all levels of government. This includes e-
procurement, in which the government streamlines its supply chain by purchasing materials
directly from suppliers using its proprietary Internet-enabled procurement system. 


Government-to- Government (G2G)

It’s the electronic interactions between countries or between different levels of government
within a country. Government has provided comprehensive e- government tools that allow
foreign entities to find government-wide information related to business topic 


E-FINANCE
• Finance: Big data analytics has brought about many radical changes for this industry
– using data analytics, the banking and finance industry is able to look at a customer’s credit
worthiness to determine the amount of loan the customer could handle
• E-finance is the use of information systems to provide financial services and markets
– E-banking and online brokerage
– Paying bills online using electronic bill pay
– People can turn to multiple sites to get the latest information about stock prices
• Fintech
– Refers to technologies that support activities in the financial sector

EC BUSINESS STRATEGIES

- Brick and mortar: companies that choose to operate in the traditional physical
markets. These companies approach business activities in a traditional manner by operating
physical locations such as retail stores and not offering their products or service online. 


- Click only: virtual companies that conduct their business electronically in cyberspace, no
physical store locations, allowing them to focus purely on e- commerce. 


15
 - Click and mortar: companies that choose to utilize the Internet to extend their
traditional offline retail channels (bricks-and-clicks business strategy). 


E-Tailing


E Tailing is Global platform where firms from across the world can effectively compete for
customers and gain access to new markets. 


E-Tailing Capabilities and Benefits

Capabilities

• Mass Customization: firms can tailor their products and services to meet
customer’s particular needs, linking online product configuration systems with just-
in-time production allows companies to assemble each individual product based on
the customers’ specifications, companies are able to provide individualized products
while at the same time reaping the economies of scale provided by mass production.

• Disintermediation: cutting out the “middleman” and reaching customers more
directly and efficiently, it creates both opportunities and challenges.

• Group Buying: if many people agree to purchase the product or service they get
significant discounts, the business offering the product or service uses these deals to
either reduce unsold inventory or to get new customers “into the door” (local
businesses face the danger of making significant losses on these deals). 


Benefits


• Product benefits: with no store size and shelf space restrictions, companies can
sell a far wider variety of goods. Comparison shopping is much easier on Web, for
example Booking.com can force sellers to focus on relatively low prices; they
generate revenue by charging a small commission on transactions. 



• Place benefits: Internet storefronts are available on almost every computer

connected to the Internet. Whereas traditional retailers are bound to physical store
locations and open hours, e-tailers can conduct business anywhere at any time.


• Price benefits: online retailers are efficient, with high volumes and low overhead
allow for very competitive pricing also because virtual companies have no need to
rent expensive retail space or employ sales clerks. 



• The long Tail: these benefits of e-tailing have enabled a form of business model
centered on the “long tails”, this concept refers to catering to niche markets in
addition to purely selling mainstream products. The distribution of consumers’ needs
and wants can be compared to a statical normal distribution: the center of the
distribution reflects the “mass market” characterized by relatively similar
“mainstream” needs and wants 


16
Mobile E-Commerce

-Location based M-Commerce

Services can be offered tailored to the persons’ needs based on their current location.

-Information on the Go

Costumers can get further information about the product wherever they are, including in
the store, but this can lead to ‘showrooming’

-Product and Content Sales

Costumers use mobile apps to make purchases while on the go.

ELECTRONIC COMMERCE WEBSITES AND INTERNET MARKETING

In order to attract the costumers and increase conversation rate, companies should follow
these recommendations.

1.The web site should offer something unique.

2.The web site must motivate people to visit, to stay and to return.

3.Company must advertise the presence of the web site.

4.Company should learn from their web site.

SEARCH ENGINE OPTIMIZATION (SEO)

Seo attempts to improve a page’s ranking in search engines like Google. Techniques include
having other pages link to the page, keeping content updated and including key words.

Securing Payments in the Digital World

• Must be sure that online transactions are secure •

• Issues related to different forms of online

payments are:

1. Payment Services—involves the use of independent payment services such as PayPal,

Google Wallet

2. Cryptocurrencies—involves the use of a non-banking currency such as Bitcoin.

17
3. Managing Risk—businesses are financially liable for fraudulent transactions, thus have to
look for these and sometimes have to reject risky transactions.

Possible indicators of fraud

In e-commerce transactions, there is no imprint of the physical card and no cardholder

signature, so online merchants have to be especially careful when deciding whether or not
to make a transaction.
Online merchants often use automated fraud screening services that provide the merchants
with a risk score based on a number of variables such as match between shipping address,
billing address, and phone number; the time of the order and the customer’s time zone;
transaction volume; and the customer’s IP address and its geographic location.

Electronic Business: E-Commerce and E-Government

Companies are traditionally organized around five distinct functional areas: marketing &
sales, supply chain management, manufacturing and operations, accounting and finance,

18
human resources. The different functional areas are highly interrelated because most
business processes cross the boundaries of business functions
• Core Business Processes
• Organizational Activities Along the Value Chain
• Value Systems: Connecting Multiple Organizational Value Chains

Core Business Processes

• Order-to-Cash
– The process of selling goods or services and collecting revenue for them
• Procure-to-Pay
– The process of ordering goods or services and paying for them
• Make-to-Stock/Make-to-Order (for manufacturing companies)
– The process of manufacturing goods, either based on forecasts or based on orders

The Order-to-Cash Process

Every aspect of receiving an order, fulfilling it, and receiving payment for the same. It
involves multiple steps as well as multiple business functions to be completed successfully.

• Functional Areas in Order-to-Cash

– Sales and Marketing
– Accounting and Finance
– Manufacturing and Operations

The Procure-to-Pay Process (as opposite of order-to-cash)

• Functional Areas in Procure-to-Pay

– Supply Chain Management
– Accounting and Finance
– Manufacturing and Operations

19
The Make-to-Stock and Maketo-Order Processes

In the make-to-stock process, goods are produced based on forecasts and are stocked in a
warehouse (push-based approach): customers' orders are then fulfilled from inventory.

In contrast, in the make-to-order process, raw materials, subcomponents, and accessories

are procured based on forecasts, but actual manufacturing does not start until an order is
received (a pull-based approach)

The Rise of Enterprise Systems

• Businesses have leveraged information systems to support business processes for
decades, beginning with the installation of Standalone Applications (Legacy Systems)
– Each department had their own proprietary systems that were not designed to
communicate with other systems
– Information reentered from one system to the next manually
• Enterprise System (Integrated Suite)
– All departments are integrated into one system
– No duplication of data and more efficient

20
Standalone systems
When organizations first started using information systems, they typically implemented
proprietary systems from multiple vendors on a department-by-department or process-by-
process basis This resulted in multiple information systems optimizing the practices of each
department or process independent of the rest of the organization, with a marked lack of
data flow between business departments or processes (this lack of continuous data flow
created large inefficiencies!!!) These older standalone systems are now typically referred to
as legacy systems, reflecting their advancing age and lack of
upgradability

Integrated enterprise system

Enterprise systems perform all the functions legacy systems used to perform, but with the
added benefit of being integrated across the value chain with a consolidated database.
This ensures that all departments and processes have access to both their internal
information and the information of upstream and downstream
processes and functions. This integrated approach streamlines operations
across the entire value chain.

21
Integrated enterprise system
Enterprise systems perform all the functions legacy systems used to perform, but with the
added benefit of being integrated across the value chain with a consolidated database. This
ensures that all departments and processes have access to both their internal information
and the information of upstream and downstream processes and functions. This integrated
approach streamlines operations across the entire value chain.

Business process management- BPR

Given the magnitude of change that an enterprise system can impose on an organization’s
business processes, understanding the role of Business Process Management in the
implementation of an Enterprise System is necessary.

• Business Process Management (or Business Process Rengineering – BPR)

– Systematic, structured improvement approach by all part of the organization whereby
people critically examine, rethink, redesign business processes in order to achieve dramatic
improvements in one or more performance measures, such as quality, cycle, time and cost
• Basic Steps
– Develop a vision for the organization that specifies business objectives (i.e.reducing costs)
– Identify the critical processes that are to be redesigned
– Understand and measure the existing processes as a baseline for future improvements
– Identify ways that information systems can be used to improve processes

Enterprise resource planning

Today, many enterprise-wide information systems come in the form of Enterprise Resource
Planning (ERP) Systems

• ERP Systems replace standalone applications by providing various models based on a

common database and similar application interfaces that serve the entire enterprise rather
than portions of it

22
• Data stored on legacy systems is converted into a large, centralized database that stores
data related to the various business activities of an organization
• ERP systems make accessing data easier
– By providing a central repository
– Giving personnel access to accurate, up-to-date information throughout the
organization
– Example: inventory data is accessible not only to logistics and operations but also
to accounting, sales, purchasing and customer service personnel

The ERP core components are internally focused, dealing with activities and processes
within the organization.
• Financial management components support accounting, financial reporting,
performance management, and corporate governance
• Operations management components simplify, standardize, and automate
business processes related to logistics, product development, manufacturing, and
sales and service
• Human resource\management components support employee recruitment,
assignment tracking, performance reviews, payroll, and regulatory requirements

• Responding to Compliance and Regulatory Demands

– ERP systems were designed for organizations needing to meet modern regulatory
requirements; they have the functionality necessary to support the implementation and
documentation of internal controls, procedures, and policies
• Choosing an ERP System
– ERP Control (over the computing systems and data contained in those systems as
well as decision-making authority)
– Centralized or decentralized across business units
– Policies and procedures (More flexible? More Standardized?)
• ERP Business Requirements
– What modules are available?
– How well do they meet specific business needs?

Enabling Business Processes Using ERP Core Components

• ERP systems support core business processes
• Assist with:
– Order-to-cash
– Procure-to-pay
– Make-to-stock/Make-to-order
– Other business processes
• Often packaged industry-specific ERP versions
– Support industry-specific core processes
• Health care
• Automotive
• Construction
• Retail
• Specialized manufacturing industries ERP Limitations

23
• ERP systems often require organizations to change their business processes
• Once implemented, a company is locked in
• Difficult and costly to make future changes
• Modifications require extra costly programming

• Secure executive sponsorship

• Get help from outside experts
• Thoroughly Train Users
• Take a multidisciplinary approach to implementations
• Evolve the implementation (i.e. with cloud-based solutions)

Enhancing Business Processes Using Enterprise Information Systems

Supply Chain Management
Learning Objective: Describe supply chain management systems and how they help to
improve business-to business processes.
• What is a Supply Chain
• Business-to-Business Electronic Commerce: Exchanging Data in Supply Networks
• Managing Complex Supply Networks

THE SUPPLY CHAIN

• A collection of companies and processes involved in moving a product from the suppliers
of raw materials to the suppliers of intermediate components, then to final production, and,
ultimately, to the customer
• Referred to as “chain” as one supplier feeds into the next, then the next, then the next
• The flow of materials from suppliers to customers can thus be more accurately described
as “network”, because businesses have multiple suppliers, who have multiple suppliers.

• Most companies are depending on a steady source of key suppliers to produce their goods
or services; thus they are seeking long term B2B relationships with a limited number of

24
carefully selected suppliers or business partners, which are selected on product features but
also on suppliers’ characteristics (trustworthiness, commitment, viability)
• Business-to-Business (B2B) Electronic commerce
– 90% Of all Electronic Commerce in the United States
– Involve proprietary information (keep the secret is a strategic value)
– Before Internet, secure communication was facilitated by Electronic Data
Interchange (EDI), computer-computer communication without human intervention
– Now suppliers use Web-based EDI protocols – Companies also use extranets
(Chapter 3), Portals and Marketplaces to facilitate B2B EC

Benefits of Effectively Managing Supply Chains

• Just-in-Time Production
– Inventory delivered just as it is needed
– Minimizes stock and handling costs
– Reduces obsolescence charges
• Vendor-Managed Inventory
– Vendors track usage and replenish supplies
– Reduces procurement and inventory replenishment costs
• Reducing the Bullwhip Effect (Forrester effect)
– The observed propensity for the material orders to be more variable than demand
signals
– Ripple effects due to forecast errors
– Coordinated supply chain helps mitigate this
• Corporate Social Responsibility
– Product recalls
– Sustainable business practices

Optimizing the Supply Chain Through Supply Chain Management

Information Systems focusing on impoving supply chains have two main objectives: to
accelerate product development and innovation and to reduce costs. These systems are
called Supply Chain Management (SCM) systems. They are aimed at improving the
coordination of suppliers, product or service production and distribution. SCM systems
often have multiple modules available to meet specific organizational supply chain needs.

Developing an Supply Chain Management (SCM) Strategy

A supply chain strategy should be developed that mirrors the corporation’s overall strategy.
If the corporation is focused on customer service, then the company should ensure
customer needs can always be met on a timely basis. If a company is focused on being the
lowest-cost provider, then the supply chain should push for cost reduction wherever
possible, even though that increases the probability that sometimes the supply chain will
not meet immediate customer needs.

25
• Trade-offs
– Supply Chain Efficiency
• Minimizes cost, but increased risk of stock-outs
• May sacrifice customer service
– Supply Chain Effectiveness
• Maximizes likelihood of meeting objectives

Supply Chain Planning (SCP)

• SCP involves multiple SCM tools and modules working together to meet business needs
and customer demands
The supply chain plan starts with demand planning, and works backwards through the
distribution plan, the production plan, and finally to the sourcing plan to determine what
materials need to be sourced and when to ensure effective business operations.

Customer Relationship Management

Learning Objective: Describe customer relationship management systems and how they
help to improve the activities involved in promoting and selling products to customers as
well as providing customer service and nourishing long-term relationships.
• Developing a CRM Strategy
• Architecture of a CRM System

Interactions With Customers

• The megatrends mobile, social media, Big Data, cloud computing, and IoT have
tremendously changed the way organizations interact with their customers
• With social media a customer can post either a negative post or a positive one.
• The old adage is that if an organization has a positive impact on you, then you will tell 10
friends; but, if an organization does wrong, you will tell 100 friends.

Benefits of a CRM System

Successful CRM strategies need to integrate the different facets of CRM functions. This
includes consistent policies and business processes, employee training, customer service,
and data collection and analysis.
Key Elements of a CRM Strategy
• Policies and Business Processes
– Reflect a customer-focused culture
• Customer Service
– Quality, satisfaction, enhanced customer experience
• Employee Training
– For employees from all areas
• Data Collection, Analysis, and Sharing
– Track all aspects of the customer experience
• A successful CRM strategy must carefully consider the ethical and privacy concerns of
customers’ data.

26
In a nutshell: the closer an organization is to the end customer, the more important CRM
becomes!

Architecture of a CRM System

A complete CRM system includes not only the operational CRM, which manages customer
interactions, but also analytical CRM, which is focused on having appropriate business
intelligence, and collaborative CRM, which facilitates communication.

Enhancing Organizational Communication and Collaboration Using Social Media

learning objectives:
- Explain organizations’ needs for communication and collaboration
• - Explain social media and evolving web capabilities
• - Describe various social media applications, and explain their role in enhancing
communication, collaboration, cooperation, and connection
• - Describe how companies can manage enterprise oriented social media applications and
deal with potential pitfalls associated with social media

• Virtual Teams • Groupware • Videoconferencing • Intranets and Employee Portals

collaboration
Organizations require collaboration between employees of different departments as well as
outside business partners such as suppliers, customers, and other external stakeholders
• Collaboration is where two or more people are working together to achieve a common
goal
• A small company can collaborate very easily usually at a set time and place
• Global companies require effective and efficient communication channels for
collaboration

27
Categories of Collaboration Tools

Many different technologies have emerged over the years that are used for each category of
collaboration tools :

Virtual Teams

• Organizations typically strive to put together the right members of a team or task force to
solve challenging business problems, regardless of where they are located geographically

within the organization

• Virtual teams face the challenge of communicating and collaborating at a distance and use
modern technologies such as teleconferencing and online Web technologies to interact and
share documents and information

• Virtual teams are composed of members from different geographic areas and assembled
as needed to collaborate on a certain project

Groupware
• Groupware is a class of software that enables people to work together more effectively
• Groupware can be divided into synchronous and asynchronous tools, as well as into tools
that enhance working at the same location or across different locations
• Synchronous means at the same time, such as when two people are talking on the
telephone
• Asynchronous means disconnected in time, such as when someone reads an email a day
after it was sent
• Asynchronous groupware tools include e-mail, mailing lists, workflow automation systems,
intranets, group calendars, collaborative writing tools, and discussion forums
• Synchronous groupware tools include shared whiteboards, online chat, electronic meeting
systems, and video communication systems

Electronic Meeting System (EMS)

An electronic meeting system utilizes networked computers and sophisticated software to
support various group tasks
Electronic meeting systems provide a synchronous and structured meeting process. The
process includes electronic idea generation, idea evaluation, and voting. In this way, EMS
helps groups stay on track and avoid costly diversions that can often occur in less structured
meetings

Videoconferencing
• Today, organizations are routinely conducting videoconferences to replace traditional
meetings through:
• Desktop Videoconferencing (just a webcam, a speaker telephone, videoconferencing
software – Skype, FaceTime – and a high-speed Internet connection)
– Simple and low cost
– Internet based
• Dedicated Videoconferencing
28
 – Located within an organizational conference rooms
– Multiple people and/or locations
– Highly realistic/excellent video and audio quality
– Can be extremely expensive, up to $500K

Intranets and Employee Portals

Companies create intranets to share documents and information within the organization
• Real-Time Access to Information
– Updated information instantly available throughout the organization
• Enterprise Search
– Company focused, including corporate databases
• Collaboration
– Document sharing and coediting
• Employee Portals
- Often set up so employees can access self-service benefits

The Evolving Web

• The traditional collaboration tools previously introduced are based on Internet
technologies. However, up until a few years ago, the web was regarded as a one-way
medium – sometimes referred to as web 1.0 – with a strict distinction between content
creators and content consumers.
• Changes in technologies have enabled new uses of the web: dynamic web application,
often referred to as web 2.0 applications, allow people to collaborate and share contents on
line, shifting the role from passive consumers of content to content creators
Learning Objective: Explain social media and evolving web capabilities.
• Evolving Web Capabilities
• Evolving Social Interaction
• The Evolving Workspace
• Future Web Capabilities

Evolving web capabilities

• The network effect refers to the notion that the value of a network (or tool or application
based on a network) increases with the number of other users. The more users, the higher
the value.
• Many successful websites or service providers (Google) try to provide value to users by
making parts of their functionality or data (map data) available for other websites to use
and thus enable creating unique and dynamic applications (mashups)
• A mashup is an application or Web site that uses data from one or more service providers
that dynamically includes information or content from multiple sources. An example could
be a website or an app that, by acquiring a list of apartments from a website, shows their
location using the Google Maps service to highlight the place where the same apartments
are located.
• Web 2.0 applications shift a Web user’s role from a passive consumer of content to its
creator

29
Evolving Social Interaction
• Now that users can readily share information as well as consume it, social media have
changed dramatically to take advantage of these capabilities and have changed how people
interact
– Online information at our fingertips
– Ability to express their opinion 24/7
• Explosion in the sharing of personal information, often very private
– About themselves
– About others
– Without thinking about the consequences

The evolving workspace

The current generation of workers grew up in an Internet-enabled world and expect an
Internet-enabled workplace They expect to have multiple jobs with multiple companies
throughout their lives and value a workplace where they can leverage modern technologies
• A generation of social media users
– Millenniums, “Generation Y”
– Different workplace expectations
– Portfolio careers, not cradle-to-grave jobs
– Don’t just serve customers, but collaborate with customers
– Companies now create a corporate culture that embraces trends of the digital
world – Embracing social media attracts and retains top talent

Social media and the enterprises

Learning Objective: Describe various social media applications, and explain their role in
enhancing communication, collaboration, cooperation, and connection.

1. Enhancing Communication Using Social Media

Companies can enhance their communication through the effective use of social media.
Depending on the objectives, many different tools can be implemented

• Blogs
– Topical blogs of interest to customers
– Critics call blogs “amateurization of journalism”
• Microblogging
– Post news to customers
– An example is Twitter which is limited to 140 characters
• Instant Messaging
– Enables multiple participants to have conversations
– Example: WhatsApp allows group chat, free texts

2. Enhancing Cooperation with Social Media

Cooperation between users can be increased using cooperative tools, where everybody gets
to take advantage of each user’s contributions. This builds a repository of useful information

30
references that can be accessed by other participants, who are also contributing to the pool
for the greater good
• Media Sharing – Via Flickr, Instagram, Vimeo, YouTube, SlideShare – Webcasting,
podcasting
• Tagging – Manually adding metadata to content
• Geotagging – Geospatial data added
• Social Bookmarking and Cataloging – Allows users to refine data (and their search) –
Creation of a categorization system by users

3. Enhancing Collaboration with Social Media

• Collaboration can also benefit from social media. There are multiple different ways people
can work together, and collaboration tools facilitate that process.
• Cloud-Based Collaboration Tools

• Content Management Systems

– Allow multiple users to coordinate working on documents, without accidently
overwriting or deleting each other’s work, and often saving multiple prior versions in
case the need to access them arises.
– Learning management systems
• Collective Intelligence
– Based on the notion that distributed groups of people with a divergent range of
information and expertise will be able to outperform the capabilities of individual
experts.
– Open source software
– Wikis
• Human-Based Computing (Crowdsourcing)
– People from all over the world as a cheap labor force.

4. Enhancing Connection with Social Media

• Social Networking
– One of the most popular uses of the Internet
– Facebook had 1.65 billion users as of March 2016
– Social Search
• Increase the relevance of search results by including content from social
networks, blogs or microblogging services
• Viral Marketing
– Based on users promoting content they find interesting or engaging to their
friends; in effect, users are “infecting” other users. This can be a very powerful and
effective marketing strategy
– Good marketing techniques can be driven by word-of-mouth or person-to-person
communication
– The power of viral marketing can be a great tool

31
Organizational Issues
Various factors have to be taken into account when using social media applications within
an organization

1 Corporate culture plays a critical role

• When corporations have an open culture based on sharing, then employees will be more
supportive of initiatives requiring sharing.
2 The Web 2.0 tool deployed should be tailored to the organizational context
• Focused departmental initiatives can be more readily successful than enterprise-wide
initiatives, which typically require cultural changes and senior management championship.
3 Not everyone will participate in contributing content, so there needs to be enough
support from those who will contribute to achieve critical mass.
• Employees unused to Web 2.0 technologies may be slow to adopt them or learn them
unless they see tangible benefits.
4 Once deployed, these applications need to be integrated into the overarching
technological framework and have appropriate security controls just like any other
enterprise application.

DEVELOPING AND ACQUIRING IS

Business case objectives

• The business case sells an investment

– Build a strong, integrated set of arguments
– Show how an IS adds value to the organization
– Lays out the costs and benefits
– Used to make a “go” or “no-go” decision
– May be used to justify continued funding

A business case is, quite simply, a complete justification for making or continuing to make
an investment in a new or ongoing information system. It demonstrates how the investment
is justified and better than the possible alternatives.

The Productivity Paradox

The Productivity Paradox stems from the difficulty many early professionals had showing
that worker productivity, measured as worker output per employee hour, was increasing
due to investments in information technologies. There are, however, many reasons for this
apparent dilemma that have come to light since the initial research.

• There is also a timing issue; many information systems take years to hit the bottom line, so
any measurement immediately after implementation may show no, or even a negative,
productivity impact

32
• Some industries have a limited size, so the first mover in the industry may get a bigger
slice of the pie, but overall it is a zero-sum game, so once everyone has implemented the
new technology to catch up, overall it looks like there is no improvement across the
industry.
• Finally, some IS implementations are the result of mismanagement and aren’t
appropriate, so the investment actually has a negative return.

Making a Successful Business Case

Identifying Costs and Benefits

• Identifying Costs
– Tangible costs—total cost of ownership (TCO)
• Non-recurring costs (acquisition)
• Recurring costs (use and maintenance)
– Intangible costs (e.g., loss of customers)
• Identifying Benefits
– Tangible benefits (e.g., estimated sales gains)
– Intangible benefits (e.g., improved customer service)

Performing Cost-Benefit Analyses

• Here is an example cost-benefit analysis for a project starting in 2014 and running through
2018, which is a reasonable time frame for an IS development project
• Costs are divided into recurring and non-recurring, and benefits are shown here as
recurring, with sales benefits growing slowly over time.
• The bottom line is the net of costs and benefits, and is suitable for a return on investment
(ROI) analysis.

Comparing Competing Investments

• Weighted Multicriteria Analysis
• Sometimes the justification for a system has more intangibles then tangibles, or a financial
analysis doesn’t paint a clear picture between alternatives
• In these cases a weighted multicriteria analysis can be performed instead, showing which
alternatives meet organizational goals and priorities more completely than others
• Weights indicate the importance of each criterion.
When presenting a business case
• Know the Audience
– Know who you are presenting to, what their background is, and what they care
about
• Convert Benefits to Monetary Terms
– Show benefits as $ per time period, often annual
• Use Proxy Variables
– A proxy variable is a variable that is relevant to the audience if your normal metrics
aren’t. For example, if spending hours with the customer is important, you could

33
 translate hours saved planning each days sales stops to annual additional customer
contact hours.
• Measure What Is Important to Management
– Know management “hot-button” issues
– Describe how the system impacts them

Stakeholder and factors

• There are at least four different perspectives among stakeholders. Managers and user
groups may come from different functional units within the firm, and therefore have
narrower interests
• The steering committee is made of representatives from all across the organization, so will
have broader focus
• And the IS executive has a better view of the costs and benefits of IS projects, and the
likelihood of how much time and resources will be required.
Making a business case requires looking at multiple factors and based on these there may
be a variety of decisions for any particular project.

The Systems Development Process

• Learning Objective: Describe the systems development life cycle and its various phases
• Customized Software
– Customizability—tailored to unique needs
– Problem specificity—pay only for what is needed
• Off-the-Shelf Software (Packaged Software)
– Less costly than customized systems
– Faster to procure than customized systems
– Of higher quality than customized systems
– Less risky than customized systems

Off-the-Shelf Software: Examples

Commercial off-the-shelf (COTS) software—typically developed by software companies that
spread the development costs over a large number of customers

Open Source Software

• Program’s source code is freely available for use and/or modification
– Linux and MySQL are prevalent examples
• Free to use, but “hidden” support costs
– Typically no support for the free version
– Commercial vendors may offer commercial-grade support to industry users for a
fee

Combining Customized, Open Source, and Off-the-Shelf Systems

• There is no reason companies can’t use all three types of software where it makes sense.
• However, using all three types will mean integrating them, which could require additional
custom code.
– Some commercial applications are designed to work with specific open source
products.

34
 – Off-the-Shelf systems can often be customized
– Off-the-Shelf systems may interact with open-source systems (e.g., the MySQL
open source database can be used to store data for a small business ERP system)

IS Development in Action
There are a variety of sources for any new information system initiative a company is
considering. Which one makes the most sense will depend on many factors, and a
structured approach is necessary to ensure a suitable solution is found and implemented

IS Development in Action

The Role of Users in the Systems Development Process:

• Although system analysts have the background to design new systems, they typically
aren’t the subject-matter experts in every aspect of the business
• That honor generally goes to the users, who know what the current system does, and
often what the new system needs to accomplish, even if they aren’t versed on the latest
technologies that might be implemented to accomplish it
• As such, system user involvement is critical throughout the process

• System analysts design the system • System users know what is needed • System analysts
depend on system users • System users are key throughout the process

Steps in the System Development Process

1. Systems planning and selection
• All organizations face resource constraints, they need to limit their IS projects to
those that can succeed given the resources at hand
• This may take place through a very formal IS planning process, or organizations
may have a more informal ad-hoc process for generating and approving IS
investments
2. Systems analysis
• Systems analysis involves determining what the optimal approach will be. This
requires gathering requirements
• This is almost an iterative step, where the goal is just to gather enough information
and put together enough models that an optimal final direction can be chosen and
pursued
3. Systems design
• The systems design phase takes the output of Phase 2. This includes the Phase 2
models and optimal architecture or system design
• In this phase the system is completely modeled based on those decisions, the prior
knowledge from the analysis phase, and the additional work being done to complete
the design
4. Systems implementation and operation
• The final phase is implementation and operation, which involves converting the
design to a system, implementing the database, creating the user guides, conducting
the training, and switching over to the new system

35
Note that this is a cyclical process. At any phase, you may return to an earlier phase. For
example, during design there may be the recognition that more analysis is needed.

COMPUTER CRIME
Computer crime is defined as the use of a computer to commit an illegal act. This broad
definition
includes: targeting a computer while committing an offense, using a computer to commit an
offense, and using a computer to support a criminal activity despite the fact that computer
are not
actually targeted.
Hacking and Cracking
• Those individuals who are knowledgeable enough to gain access to computer systems
without
authorization, motivated by curiosity and not by a desire to harm, have long been referred
to as
hackers (or “white hats”).
• Today, those who break into computer systems with the intention of doing damage or
committing
a crime are usually called crackers (or “black hats”).
• Some computer criminals attempt to break into systems or deface Web sites to promote
political
or ideological goals and they’re referred to as hacktivists.
Types of Computer Criminals and Crimes
Computer crimes are almost as varied as users who commit them. Some involve the use of a
computer to steal money or other assets, to steal and alter information, for cyberterrorism,
stalking,
and so on.
• WHO COMMITS COMPUTER CRIMES? Studies attempting yo categorize computer
criminals
show that they generally fall into one of the four following groups:
1. Current or former employees; most organizations report insider abuses as their most
common crime.
2. People with technical knowledge who commit business or information sabotage for
personal gain.
3. Career criminals who use computers to assist in crimes.
4. Outside crackers simply hoping to find information of value.
Frequently, computer criminal use sophisticated software such as
- vulnerability scanners that automatically test targeted systems for weaknesses
- pack sniffers to analyze network traffic and capture unencrypted passwords.
• UNAUTHORIZED ACCESS. It occurs whenever people who are not authorized to see,
manipulate, or otherwise handle information look through electronically stored information
for
interesting or useful data and intercept electronic information on the way to its destination.

36
=> The term insider treats refers to “trusted adversaries” who operate within an
organization’s boundaries and are a significant danger to both private and public sectors.
Insider threats include disgruntled employees or ex-employees, potential employees,
contractors, business partners, or auditors. The damage caused by an insider threat can
take many forms, including workplace violence, the introduction of a malware into
corporate
network, the theft of information and corporate secrets, and so on.
• INFORMATION MODIFICATION. It occurs when someone accesses information and then
changes the information in some ways, such as when crackers hack into government Web
sites
and change information or when employees give themselves electronic raises and bonuses.
• OTHER THREATS TO IS SECURITY. Many time, IS security is breached simply because
organizations and individuals do not exercise proper care in safeguarding information.
Some examples follow:
- employees keep passwords or access codes on slips of paper in plain sight.
- Individuals never install antivirus softwares.
- Employees are careless about letting outsiders view computer monitors.
- Organizations fail to limit access to company files and system resources and to install
effective firewalls.
Computer Viruses and Destructive Code
Malware (short for “malicious softwares, such as viruses, worms, and Trojan horses)
continue to
have tremendous economic impacts on the world, costing organizations more than 114$ US
billion
dollars to respond to and to enact countermeasures.
• COMPUTER VIRUSES. A virus is a destructive program that disrupts the normal functioning
of
computer systems. Viruses differ from other types of malicious code in that they can
reproduce
themselves. Some viruses are intended to be harmless pranks, but more often they do
damage
to a computer system by erasing files on the hard drive or by slowing computer processing
or
otherwise compromising the system. Viruses infect a single computer only, potentially
spreading
to other computers if infected files are shared.
• WORMS, TROJAN HORSES, AND OTHER SINISTER PROGRAMS.
- A worm, a variation of a virus that is targeted at network, is designed to spread by itself,
without the need for an infected host file to be shared. Worms take advantage of security
holes in operating systems and other software to replicate endlessly across the Internet.
- Trojan horses appear to be legitimate, being programs, but carry a destructive payload.
Trojan horses do not typically replicate themselves, but like viruses can do much damage.
When a Trojan horse is planted in a computer, its instructions remain hidden; the computer
appear to function normally, but in fact it is performing underlying functions dictated by the
intrusive code.
- Logic bombs or time bombs are variations of Trojan horses. They also do not reproduce
themselves, and are designed to operate witty disruption normal computer function.

37
Instead, they lie in wait for unsuspecting computer users to perform a triggering operation.
Time bombs are set off by specific dates and logic bombs are set off by certain types of
operations.
- Recently another type of malware has emerged, called ransomware. Ransomware holds a
user’s computer hostage by locking or taking control of the user’s computer, or encrypting
files or documents. Once infected, the scammers demand a ransom (= riscatto) to be paid
by a certain deadline in order to unlock the computer or decrypt the files.
• DENIAL OF SERVICE. Denial of service attacks occur when electronic intruders deliberately
attempt to prevent legitimate users of a service from using that service. To execute such
attacks,
intruders often create armies of zombie computers by infecting computers that are located
in
homes, schools and businesses with viruses and worms. The zombie computers, without
users’
knowledge or consent, are used to spread the malware to other computers and to launch
attacks
on popular Web sites.
• SPYWARE, SPAM, AND COOKIES. They are three additional ways in which information
systems can be threatened.

- Spyware. It is any software that covertly gathers information about a user through an
Internet connection without the users’s knowledge. Spyware can monitor your activity and
secretly transmit that information to someone else. Key-loggers can capture every
keystroke and thus gather information such as e-mail addresses, passwords, and credit
card numbers.

- Spam. It is electronic junk mail or junk newsgroup postings, usually for the purpose of
advertising for some product and/or service. In addition to being of nuisance and wasting
our time, spam also east up huge amounts of storage space and network bandwidth. Spam
includes attachments that carry destructive computer viruses. As a result, Internet service
providers and those who manage e-mail within an organization often use spam filters to
fight spam. In its worth form, spam is used for phishing, which are attempts to trick
financial account and credit card holders into giving away their authentication information,
usually by sending spam messages to literally millions of e-mail accounts. Spear phishing
is a more sophisticate fraudulent e-mail attack that targets a specific person or organization
by personalizing the message. One commonly used approach for preventing robots from
submitting forma is the use of CAPTCHAs. A CAPTCHA (Completely Automated Public
Turing Test to Tell Computers and Human Apart) typically consist of a distorted image
displaying a combination of letters and/or numbers that a user has to input into a form
before submitting it. As the image is distorted, only humans can interpret the letters/
numbers, preventing the use of automated robots for creating accounts or posting spam to
forums, blogs, or wikis.

- Cookies. A cookie is a small text file passed to a Web browser on a user’s computer by a
Web server. The browser than stores the message in a text file, and the message is sent
back to the server each time the user’s browser requests a page from that server. Cookies
are normally used for legitimate purposes, such as identifying a user in order to present

38
customized Web page or for authentication purposes.
• THE RISE OF BOTNETS AND THE CYBERATTACK SUPPLY CHAIN. Destructive software
robots, called bots, working toothier on a collection of zombie computers via the Internet,
called
botnets, have become the standard method of operation for professional cybercriminals.
• IDENTITY THEFT. It is the stealing of another person’s Social Security number, credit card
number, and other personal information for the purpose of using victim’s credit rating to
borrow
money, buy merchandise, and otherwise run up debts that are never repaid.
Cyberharassment, Cyberstalking, Cyberbullying, and Cybersquatting

The Internet has become a place where people utilize its anonymity to harass, stalk, and
bully
others.
- Cyberharassment, a crime in many states and countries, broadly refers to the use pf a
computer to communicate obscene, vulgar, or threatening content that causes a reasonable
person to endure distress.
- Repeated contacts with a custom are referred to as cyberstalking.
- While cyberstalking can take many forms and can go undetected, the intent of
cyberbullying is
to deliberately cause emotional distress in the victim.
- Online predators typically target vulnerable people, usually the young or old, for sexual or
financial purposes.
- Cybersquatting is another form of piracy, which is the dubious practice of registering a
domain name and then trying to sell the name for big bucks to the person, company, or
organization most likely to want it.
Software Piracy
Software developer and marketers want you to buy as many copies of their products as you
want,
of course. But vendors take a dim view of companies that buy one copy of a software
application
and then make many copies to distribute to employees. In fact, this practice is called
software
piracy.
Both patient and copyright laws can apply to software, which is a form of intellectual
property.

- Patents typically refer to process, machine, or material inventions (ex. amazon.com's “one-
click” business process).

- Copyright generally refers to cartoons of the mind such as music, literature, or software.
- => SOFTWARE PIRACY IS A GLOBAL BUSINESS. Worldwide loss due to piracy exceeded
US$63 billion in 2011.
Federal and State Laws
In the United States, there are two main federal laws against computer crime.
(1) The Computer Fraud and Abuse Act of 1986. It prohibits the following:
- Stealing or compromising data about national defense, foreign relations, atomic energy, or

39
other restricted information and prohibition of dissemination of computer viruses and other
harmful codes.
- Gaining unauthorized access to computers owner by any agency or department of the U.S.
government and violating data belonging to banks or other financial institutions.
- Interception or otherwise intruding on communications between states or foreign
countries.
- Threatening to damage computer systems in order to extort money or other valuables
from
persons, businesses, or institutions.
- Threatening the U.S. president, vice president, members of Congress, and other
administrative members (even if its just in a critical e-mail).
(2) The Electronic Communications Privacy Act of 1986, which makes it a crime to break into
any electronic communication service, including telephone services.

CYBERWAR AND CYBERTERRORISM

Most experts believe that cyberwar and cyberterrorism are imminent threats to the United
States
and other technologically advanced countries. A major attack that cripples a country’s
information
infrastructure or power grid or even the global Internet could have devastating implications
for a
country’s economic system and make transportation systems, medical capabilities, and
other key
infrastructure extremely vulnerable.
• Cyberwar. It refers to an organized attempt by a country's military to disrupt or destroy
the
information and communication systems of another country.
CYBERWAR VULNERABILITIES. The goal of cyberwar is to turn the balance of
information and knowledge in one’s favor in order to enhance one’s capabilities while
diminishing those of an opponent. Cyberwar utilizes a diverse range of technologies,
including software, hardware, and networking technologies, to gain an information
advantage, and to diminish various capabilities, including:
- Command-and-control systems
- Intelligence collection, processing, and distribution systems
- Tactical communication systems and methods
- Troop and weapon positioning systems
- Friend-Or-Foe identification systems
- Part weapons systems
Typically, governments accused of cyberwar activities blame uncontrolled patriot hackers.
• Cyberterrorism. It is launched by individuals and organized groups. Cyberterrorism is the
use
of computer and networking technologies against persons or property to intimidate or
coerce
governments, civilians, or any segment of society in order to attain political, religious, or
ideological goals.
- WHAT KINDS OF ATTACKS ARE CONSIDERED CYBERTERRORISM? Cyberterrorism
could involve physical destruction of computer system or acts that destroy economic

40
stability or infrastructure. Cyberterrorist could likely damage the machines tat control
traffic lights, power plants, dams, or airline traffic in order to create fear and panic.
Attacks launched in cyberspace could take many forms, such as viruses, denial of
service, destruction of government computers, stealing classified files, altering Web
pages content, deleting or corrupting information, disrupting media broadcasts, and
otherwise interrupting the flow of information.
- HOW THE INTERNET IS CHANGING THE BUSINESS OF TERRORISTS. Virtually all
modern terrorist groups utilize the Internet, which is a powerful tool for improving and
streamlining the business processes of modern terrorists.
- ASSESSING THE CYBERTERRORISM THREAT. Some experts claim that because of
the general openness of access, the Internet infrastructure is extremely vulnerable to
cyberterrorism. Each year, cyberattacks on critical infrastructure such as nuclear power
plants, dams, and power grids are increasing. Terrorists use the Internet for information
dissemination, data mining, fundraising, recruiting, networking, information sharing,
training, planning and coordinating, information gathering and location monitoring.
- RESPONDING TO GLOBAL CYBERTERRORISM THREATS. To be adequately
prepared, national governments along with industry partners must design coordinated
responses to various attack scenarios and they must improve their intelligence-gathering
capabilities so that potential attacks are stopped before they begin. Clearly, great
chances are ahed.

Managing information systems security

The primary threats to the security of information systems include:
- Natural disasters: power outages, hurricanes, floods and so on
- Accidents: inexperienced or careless computer operators
- Employees and consultants: people within an organization who have access to electronic
files
- Links to outside business contacts: electronic info that can be at risk when it travels
between or among business affiliates as part of doing business
- Outsiders: hackers and crackers who penetrate networks and computer systems to snoop
or to cause damage (virus).
No information system is immune to intentional or unintentional physical harm.
Information systems security refers to precautions taken to keep all aspects of information
systems (hardware, software, data...) safe from destruction, manipulation or unauthorized
use or
access, while providing the intended functionality to legitimate users.
Organizations have to consider:
- Availability: ensuring that legitimate users can access the system
- Integrity: ensuring that unauthorized manipulations of data and systems are prevented
- Confidentiality: ensuring that data are protected from unauthorized access
- Accountability: ensuring that actions can be traced
Organizations must ensure business continuity by securing there is infrastructure.
There are a variety of managerial methods and security technologies that can be used to
manage
IS security effectively. However, as threats to information systems constantly evolve,
information

41
systems security is an ongoing process, consisting of:
1. Assessing risks
2. Developing a security strategy
3. Implementing controls and training
4. Monitoring security
1. Assessing risks: in order to obtain an understanding of the risks to the availability,
integrity
and confidentiality of data and systems.
Threats are defined as undesirable events that can cause harm, and can arise from actions
performed by agents internal or external to an organization.
Vulnerabilities are defined as weaknesses in an organization’s systems or security policies
that can be exploited to cause damage, and can encompass both known vulnerabilities and
expected ones.
- Risk reduction: taking active countermeasures to protect your systems
- Risk acceptance: implementing no countermeasures and simply absorbing any damages
that occur
- Risk transference: having someone else absorb the risk
- Risk avoidance: using alternate means, or not perform tasks that would cause risk
2. Developing a security strategy: once risks are assessed, a strategy should be formulated
that details what information systems controls should be implemented.
To be most effective, an IS security strategy should focus on:
- Preventive controls: to prevent any potentially negative event from occurring, such as by
preventing outside intruders from accessing a facility
- Detective controls: to assess whether anything went wrong, such as unauthorized access
attempts, and to limit damage
- Corrective controls: to mitigate the impact of any problem after it has arisen, such as
restoring compromised data.
In general policies and procedures that guide users’ decisions and establish responsibilities
are:

a. Information Policy: outlines how sensitive information will be handled, stored,

transmitted and destroyed.
b. Security Policy: explains technical controls on all organizational computer systems,
such as access limitations, audit-control software, firewalls and so on
c. Use Policy: outlines the organization’s policy regarding appropriate use of in-house
computer systems
d. Backup Policy: explains requirements for backing up info, so that critical data can be
restored in case of data loss.
e. Account Management Policy: lists of procedures for adding new users to systems and
removing users who have left the organization
f. Incident handing procedures: lists procedures to follow when handling a security breach
g. Disaster recovery plan: lists all the steps an organization will take to restore computer
operations in case of natural or deliberate disaster.

Cold backup site is like an empty warehouse with all necessary connections for power and
communication but nothing else

42
Hot backup site is a fully equipped backup facility, having everything from office chairs to a
one-to-
one replication of the most current data.

3. Implementing controls and training: organizations can decide which controls to

implement and train personnel regarding security policies and measures such as:
♣ Physical access restrictions (form of authentication to confirm the identity) ex:
Biometrics is one of the most sophisticated forms of governing access to systems,
data, and/or facilities; through fingerprints, patterns in the eye, facial features etc...
VPN (virtual private network) is a network connection that is constructed
dynamically within an existing network (tunnel) in order to connect users or nodes.
“tunneling” is the practice of creating an encrypted “tunnel” to send secure (private)
data over the public Internet.
♣ Firewalls: is a part of a computer system designed to detect intrusion and prevent
unauthorized access to or from a private network.
♣ Encryption: is the process of encoding messages using an encryption key before
they enter the network or airwaves then decoding them using a matching key at the
receiving end of the transmission so that the intended recipients can rea sot hear
them.
♣ Virus monitoring and prevention: is a set of activities for detecting and preventing
computer viruses.
♣ Secure data centers: specialized facilities in order to secure IS infrastructure
(Ensuring business continuity, securing the facilities infrastructure)
♣ Systems development controls: final set of technological controls to ensure that
all systems are properly developed, acquired and maintained.
♣ Human controls

4. Monitoring security: organization should monitor the effectiveness of the controls to

minimize risks.
Information system audit can help organizations access the state of their IS controls to
determine necessary changes and to help ensure the info systems availability, integrity and
confidentiality.
The Sarbanes-Oxley Act: of 2002 helps to protect investors from fraudulent practices by
organizations, it mandates companies to demonstrate compliance with accounting
standards and to establish controls and sound corporate governance.
COBIT (Control objectives for information and related technology) is a set of best practices
that helps organizations both maximize the benefits from there is infrastructure and
establish appropriate controls.
Computer forensics is the use of formal investigative techniques to evaluate digital
information for judicial review, they evaluate various types of storage devices to find traces
of illegal activity.
Honeypot is a computer, data, or network site that is designed to be enticing to crackers so
as to detect, deflect or counteract illegal activity. (Ex. Fbi uses it).
The State of information systems security management: Crackers won’t become
complacent, thus
organizations need to guard against attacks, they need to continue to implement vigilant
43
approaches to better manage info systems security in the digital world.

44