Information Management for Digital

Business Models
Lecture 5: Information Supply

Prof. Jens Grossklags, Ph.D.

Professorship of Cyber Trust
Department of Informatics
Technical University of Munich

June 1, 2022
Information Supply
Learning Objectives

1. You know the tasks associated with the management of

information sources, information resources, information
supply, and information usage, and you are able to locate
them in the Management of Information Life Cycle.
2. You are familiar with methods for organizing and modeling
information.
3. You know information quality criteria, methods for the
management of information quality, and you are able to
challenge the concept of information value.

3
Agenda

I. Management of Information Sources

II. Management of Information Resources

III. Management of Information Supply

IV. Management of Information Usage

4
 Why do Facebook and other
organizations reward people who hack
their service?
Introductory Example for Information Supply
 Meet Anand Prakash

Source: https://www.freecodecamp.org/news/meet-anand-prakash-
a-white-hat-hacker-whos-earned-bug-bounties-from-facebook-
6

twitter-and-uber-74e30d709b97/ accessed at: June 18, 2021

 Story of Anand Prakash

Image source: https://www.facebook.com/BugBounty

• Indian “white hat” or “ethical” hacker from
Bengaluru (Karnataka, India)
• Facebook rewarded him $15,000 after he
found an important bug in 2016: No limit to
PIN guessing on beta.facebook.com

accessed at: April 27, 2016

• Hackers were able to access your photos,
messages, and payment information
stored in your Facebook profile
• Anand is now a security researcher,
working with companies like Facebook,
Twitter, Uber, LinkedIn, Salesforce
Source: https://twitter.com/sehacure?lang=en accessed at: June 18, 2021 7
 A Successful “White Hat” Hacker

Source: https://twitter.com/sehacure?lang=en, accessed at:

June 18, 2021
 Why Rely on External Expertise?

• Crowdsourcing security:
“Given enough eyeballs, all bugs are shallow.”
[Eric Raymond, in The Cathedral and the Bazaar]

• Different expertise from

internal team
• Attacker mindset;
different expectations
Data from Chromium projects (2008 – 2021)
[Chromium web browser and Chromium OS]
9
Source: https://weis2021.econinfosec.org/wp-content/uploads/sites/9/2021/06/weis21-sivagnanam.pdf
Bug-Bounty History
Bug Bounty Programs Bug Bounty Platforms
(Vulnerability (Vulnerability
Discovery Programs) Discovery Ecosystems)

HackerOne

(1995)

BugCrowd, YesWeHack, Cobalt etc.

10
 Bug-Bounty Platforms
• Connect hackers and organizations
• Facilitate setting up a program (infrastructure, advertisement, payments, etc.)
• Resolve trust issues between hackers and organizations

“White hat” Platform Organizations

hackers

Interesting example of
a 2-sided market
11
Diverse Set of Organizations:
An Example
Pentagon
budget: $712
billion in 2020

 Extremely
cheap

12
 Information What information do we need?
How is information used?

Lifecycle MANAGEMENT OF INFORMATION DEMAND

Provision:
Requirements INFORMATION USER distribute, transmit

need for network

decision, use/apply
curiosity interpret
evaluate
MANAGEMENT OF
MANAGEMENT OF INFORMATION SUPPLY
INFORMATION SOURCES MANAGEMENT OF
INFORMATION USAGE INFORMATION How to transfer
Where can we INFORMATION
PRODUCT | SERVICE
SOURCE Offer information Evaluate information to
find information? understandable information
1. detect, 2. ascertain, 3. explicate, analyze, reorder, its users?
and interpretable
4. network, 5. collect, 6. capture reproduce, reduce,
compress
MANAGEMENT OF
INFORMATION RESOURCES
INFORMATION
RESOURCE
Utilize
1. structure , 2. represent, 3. save,
4. ensure physical access, 5. verify, Customization for
6. enable intellectual access user needs
7. maintain

How to create
Based on Rehäuser/Krcmar (1996) [in German]
information resources?
I. Information Sources

WHERE DO WE GET THE INFORMATION

FROM?

14
 project
Evolving
over time

“How Much
Remember:

Information“
company?
• External sources:

Personal contacts
Print/digital media
Information Sources

Internet/
Broadcast media

External databases
e.g., ethical hackers
paid external experts
Analysts/consultants/
Books/Documentation
• How many different information sources are used in one

Sources: http://www.duden.de/_media_/full/Z/Zeitung-201100280544.jpg;
http://www.ard-digital.de/files/1/118/Fernsehen_am_Laptop_bzw_Computer_512x288.jpg;
15

http://bernetblog.ch/wp-content/uploads/2010/11/buecherstapel.jpg;
http://www.sozial-pr.net/wp-content/uploads/2012/12/GesprächKommunikation.jpg;
http://diepresse.com/images/uploads/0/7/6/356470/Boerse_APBerndKammerer20080118195724.jpg;
http://upload.wikimedia.org/wikipedia/commons/7/75/Internet1.jpg
Information Sources (2)
• Internal sources:

Reporting systems Controlling/ Team meetings

Finance

Databases Transaction systems Coffee corners/

“Water cooler talk” 16
Managerial Tasks Associated with
Information Sources
• Detect and assess information, which have not been
added to the information resources, yet
− Re-valuation of existing information (e.g., determine
correctness, completeness)
− Are we up-to-date?
− What is missing?
• Collect and capture information
− At source and decentralized to ensure up-to-date information
− Create new information
17
Thought Exercise:
Information Sources
Situation
Claims Settlement at an
Insurance Company

What are suitable Information Sources to satisfy

the Information Demand in the claims settlement process of
an insurance company?
18
Some Thoughts
• External:
– Video evidence: Traffic and surveillance cameras, and mobile
phone videos
– Medical reports
• Internal:
– Information from previous cases on an individual and
aggregated level

Other ideas?
19
II. Information Resources

HOW TO MAKE INFORMATION

REUSABLE? OR: HOW TO TURN
INFORMATION INTO RESOURCES?
20
Managerial Tasks Associated with
Information Resources
• Resources = Reusable information sources:
− Verified and stored considering organizational, economic, data
safety and security aspects
− Physical or virtual access is ensured through networking of
information media and including users in the network
− Intellectual access is ensured through descriptor systems,
meta information, decision support systems and navigation aids
• Information resources need to be updated (changed,
deleted) and maintained
21
 Provide Structure to Information
Using Metadata

gekürzte Fassung aus (n.a.1996) and (n.a. 2003),Krcmar (2015),

Metadata enable the description and detection of information

Source : Dublin Core – Metadaten für digitale Bibliotheken,

objects, and thereby their usage, and their management.

Descriptive metadata: Describes a resource for

Informationsmanagement, pp. 131 et seqq.

purposes such as discovery and identification
Element Description
Example:
Title A name given to the resource.
Object: Book or Creator An entity primarily responsible for making the resource.
research paper
Subject Typically, the subject will be represented using keywords, key phrases,
Use case: or classification codes. Recommended best practice is to use a
Finding the object controlled vocabulary.
in a database or Description Description may include but is not limited to: an abstract, a table of
library contents, a graphical representation, or a free-text account of the
resource.
22
Other Metadata Types

Structural metadata: e.g., how compound objects are put together (for
example, how pages are ordered to form chapters)

Administrative metadata: Information to help manage a resource

– When and how it was created, file type and other technical information
– Who can access it:
• Rights management metadata, which deals with intellectual property rights
• Preservation metadata, which contains information needed to archive and preserve
a resource

Source: https://marciazeng.slis.kent.edu/metadatabasics/types.htm 23
Example metadata: iPhone photo

What type of
metadata is presented
in this example?

Are there multiple types?

24
Methods for Information Structuring
Metadata allows structuring, but how should we actually

Source : Schmaltz (2004) and Wedekind (2001) as cited in

structure information?

Krcmar (2015), Informationsmanagement, p. 133

Description Entity
Hierarchical Classification Taxonomy

Indexing with Keywords Thesaurus

Associative Representation Semantic Web/Ontology

using Graphs Topic Map

25
Taxonomy
• Hierarchy of classificatory groups (groups are called taxa)
• Mapping of parent- and child-relationships
• Mapping inheritance (of attributes) is possible
(e.g., floating on water, transporting people)
• Distinction between mono-hierarchical and poly-hierarchical
taxonomies
• Example: Biological classification of plants and animals:
Domain  ..  Family  Genus  Species

Ship Passenger
Ship Fishing
transport

Passenger ship Cargo ship Fishing vessel Passenger ship Cargo ship Fishing vessel

mono-hierarchical classification poly-hierarchical classification

(one parent) (multiple parents possible) 26
Example: Linnaean Taxonomy
10th edition of Systema Naturae (1758/59)
by Swedish researcher Carl Linnaeus

In one of his autobiographies Linnaeus lists his own achievements:

"No one has been a greater Botanicus or Zoologist. No one has written
more books, more correctly, more methodically, from his own
experience. No one has more completely changed a whole science and
initiated a new epoch. No one has become more of a household name
throughout the world...", plus another fourteen exploits.

Source: http://www2.linnaeus.uu.se/online/life/8_3.html 27
Example: Linnaean Taxonomy
Taxonomy in the
Systema Naturae
contains a predefined
hierarchy of classificatory
groups, and associated
descriptions

Animals are motile (able to move), heterotrophic

(consume organic material), reproduce sexually, and
their embryonic development includes a blastula stage
Any organism whose cells have a cell nucleus
and other organelles enclosed within membranes 28
Example:
App

Should help with the

identification of 391,000+
species of plants
(presumably most
vascular plants)

29
Thesaurus Executives (= keyword)
Synonyms: meaning exactly/nearly the same as keyword
Manager
Director
• Systematically ordered directory of CEO (Chief Executive Officer)
keywords (descriptors) ....
Hypernyms: terms with broader meaning
• Terminological relationships Service occupations
among each other (synonyms, Labor status
Hyponyms: more specific meaning than a general term
equality relationships) Bank manager
within a specific domain Finance manager
Middle management
• Example of controlled and ....
structured vocabulary = means for Related terms
Manager selection
organizing knowledge in a domain Manager development
to facilitate effective retrieval Manager personality
Female managers
through browsing and searching Assignment
• Not a hierarchy of descriptors, but B.01.01 Management and business planning
B.04 Human resources
can be combined with a hierarchy
Also homonyms = Same spelling or
 Useful for cross-domain search; work pronounciation but different meaning
in interdisciplinary team (e.g., bank/finance, bank/sitting) 30
Ontologies as a Model of Semantics
• Formal description of the semantics (=meaning) of information objects
• Relations between the terms of the subject-area or application-area

• Typically an ontology consists of a taxonomy and multiple inference

rules
• Example
- The term “post-impressionism“ is a historical era of painting
- Van Gogh is related to post-impressionism, because his work has
been assigned to this epoch
- Inference rule: An exhibition for post-impressionism artists most
likely also shows paintings of Van Gogh
• Need standardized approaches to describe semantics; also to make
them machine-readable  Topic Maps / Semantic Web
31
 Topic Maps
• Associative representation:
Model of terms and their
relations
• Nodes (topics = real entities)
and edges (content relations)
• May also include
occurrences (= relevant Note: Since it is a standardized approach, you can
information resources) also merge different topic maps.

• Formally standardized as Topic maps should also be useful to humans to

ISO/IEC 13250:2003 explore a topic space.

Source: Wikipedia (Topic Map) 32

Concept of the Semantic Web
Vision: Large collections of documents and information in the world wide
web become manageable and usable by providing
machine-readable meta information via web resources and their
relationships to each other
• Machine-readable semantic representation of web-resources:
- Standards for the elements and semantic terms and their usage are necessary
- Concepts for the modeling and encoding of semantics are necessary
- Concepts for the architecture and tools for semantic modeling need to be
developed
• Specific applications for the Semantic Web need to be developed:
Semantic Services

33
Example: Semantic Search
• Challenge 1: Search queries are often imprecise: For example,
we may not know the term of what we are looking for
• Challenge 2: Or many different results apply to concrete search
terms
• Various approaches to understand search requests better: Less
focus on exact words, but rather meanings and relationships, and
broader context

34
Towards Information Quality

Source : aeria.phil.uni-erlangen.de, ann53.wordpress.com.

Truthfulness

Socrates (~400 BC)

35
Triple Filter Test of Socrates
In ancient Greece (469 - 399 BC), Socrates was widely lauded for his wisdom. One day an acquaintance ran up to him
excitedly & said, “Socrates, do you know what I just heard about Diogenes?"
"Wait a moment," Socrates replied, "Before you tell me, I’d like you to pass a little test. It's called the Triple Filter Test."
"Triple filter?" asked the acquaintance.
"That’s right," Socrates continued, "Before you talk to me about Diogenes let’s take a moment to filter what you’re going
to say. The first filter is Truth. Have you made absolutely sure that what you are about to tell me is true?"
"No," the man said, "actually I just heard about it."
"All right," said Socrates, "So you don't really know if it's true or not. Now let’s try the second filter, the filter of
Goodness. Is what you are about to tell me about Diogenes something good?"
"No, on the contrary..."
"So," Socrates continued, "You want to tell me something about Diogenes that may be bad, even though you’re not
certain it’s true?"
The man shrugged, a little embarrassed.
Socrates continued, "You may still pass the test though, because there is a third filter, the filter of Usefulness. Is
what you want to tell me about Diogenes going to be useful to me?"
"No, not really."
"Well," concluded Socrates, "If what you want to tell me is neither True nor Good nor even Useful, why tell it to
me or anyone at all?"
36
Definition: Information Quality
• No general binding standard or generalizable set of
objectives
• Definition for quality, more broadly, can be derived from:
– ISO norm for quality management
– From the point of view of a customer
– Legal or regulatory requirements
• Pragmatic definition: “Fitness for use“ - Appropriateness
for the particular application is crucial for assessing the
quality of information
37
 Perspectives on Information Quality
Extent to which data are Extent to which data are presented
applicable (pertinent) to in an intelligible and clear manner
the task of the data user

Extent to which To which degree

data values are data are available
in conformance or obtainable
with the actual
or true values

Source: Wang and Strong -- Beyond Accuracy: What Data Quality Means to Data Consumers
38
https://mitcdoiq.org/wp-content/uploads/2019/02/14_Beyond_Accuracy.pdf
 Example: Information Quality
“Feb 22nd, 2016: Report sent to
Facebook team.”
Important Note:

Many of the information

quality perspectives may
be in conflict, e.g.,
timeliness vs.
completeness and ease
of understanding

Small task:
Can you find more
potential conflicts?
Comprehensive, but not accessible Concise, but not comprehensive
to other interested parties
39
Thought Exercise: Information
Resources
Situation
Claims Settlement at an
Insurance Company

How would you make the identified Information Sources reusable?

 Intellectual accessibility

How would you ensure information quality for your Information Resources?
 Perspectives of information quality

40
III. Information Supply

HOW CAN WE DISTRIBUTE

INFORMATION?

41
Managerial Tasks Associated with
Information Supply and Provision
• Objective: Provide information that meets requirements
− Information resources need to be built up
− Company-wide availability of data, databases, (data) warehouses

• Information resources
− Passive: User initiative required for usage
− Active: Resource content is converted to information products and
services that are distributed among information users
 During that process the information value increases by analysis,
rearranging, reproduction, reduction and compression

42
User Modeling for User Interfaces
• “User modeling are mechanisms that allow a computer to

Source: Krcmar (2015), Informationsmanagement, p. 148

adjust to a human in the best possible way. They are used
by application systems to adjust problem solving
strategies and dialog behaviors individually to the
receiver.” (Mertens/Griese 2000)

• Based on the user models, user interfaces are designed that

are responsible for the user-oriented integration of
subsystems as well as the human-friendly preparation of
the graphical user interface. (Kemper 1999)

Example of academic conference: ACM UMAP https://www.um.org/umap2021/ 43

Implicit and Explicit User Models
Google News suggests relevant
news based on user’s behavior
Implicit modeling = generated by
computer algorithms directly from
a combination of measured data
and user interpretation

Source : http://news.google.de
User can explicitly adjust the
composition of news feed
 User-edited models or
model building dialogs
 Places burden on the user
44
 Reporting:

Portals:
Data
warehouse:
Reporting, Data Warehouse, Portals

Source : http://crm.prospectsoft.com/PRS/PRS-CRM/images/screenshots/
45

reporting/business_summary.jpg; zugegriffen am 25.03.2014;

httphttps://www.researchgate.net/publication/236954456_Leveraging_247_Availability_and_P
erformance_for_Distributed_Real-Time_Data_Warehouses; accessed at
June 18, 2021
Reporting
The reporting provides the corporate decision makers with the required

Source : Krcmar (2015), Informationsmanagement, p. 149

corporate-internal information. The reports are visualized either on paper,
screens, and, in some cases, on boards and specifically equipped rooms
(“control rooms”). (Mertens/ Griese 2000)

SAP
Virtual Board Room

46
Guidelines for Better Information
Visualization

Source : Mertens/ Griese (2000), Krcmar (2015),

• A reporting system should have a unified structure
• Information should be displayed with comparables instead of using an isolated
representation

Informationsmanagement, p. 149
• Reporting systems gain significance by comparing the included information to target
figures, historical data, trends, etc.
• Overviews and detailed views must be separated clearly
• Uncommon data patterns must be highlighted
• If a report is created in a non-standard way,
the data elicitation methods, the evaluation
approach, and exemplary computation
procedures must be explained
• Figures are often better than tables

47
Data Warehouse
A data warehouse is a subject-oriented, integrated, time-variant and

Source : Krcmar (2015), Informationsmanagement, p. 148f.

non-volatile collection of data in support of management’s decision making.
 stores processed data in a usable condition
Subject-oriented: Oriented towards the issues of the company.
Integrated: A data warehouse integrates data from multiple data sources in a
uniformly designed system.
Time-variant: Consideration of a time frame. Therefore, the reference to time is
either an explicit or implicit component.
Permanent: Once data is in the data warehouse, it will not change. So, historical
data in a data warehouse should never be altered or removed.

• Technology concept from the 1980s, but still applied widely

• Now: Handle petabytes of batched and streaming data, and integrate
with other components of the big data ecosystem in a cloud-based
environment  advanced analytics and ML for business insights
48
Portals
“A portal is a central starting and navigation point that provides their users with access to a
virtual offer room and leads them – in accordance to their personal interests – to further
information.” (Fricke 2001)

Classification by topic focus:

• Horizontal portals: Information about different topics, Nowadays, perhaps
e.g. meta portals less relevant in B2C
context

E-government, and
• Vertical portals: focus on one topic, e.g. on- internal corporate
information supply
topic or expert portals, usually with additional could be organized
exchange possibilities for interested people via portals

49
Portals: Advanced Features
• Personalization: Users can customize content and layout in accordance with

Source : Bauer (2001); Ovum (2000), Krcmar (2015),

their interests
• Search and navigation: Searches in the WWW or databases using search
engines and an appealing visualization
• Push-technology: Notify users about new information

Informationsmanagement, p. 155f.
• Collaboration and groupware components: Coordination and exchange between
employees and/or customers and/or suppliers
• Workflow components: Automation of procedures
• Integration of applications: For example, both external WWW applications and
corporate applications are available on the portal
• Integration of diverse information sources: different information sources can be
integrated in one portal and can be visualized dynamically
• User administration and security services: User data are maintained and data
security needs to be ensured.
50
Example: Employee/Student Portal
Principle of Information Logistics

The goal is the ability to provide and to ensure the availability of:
► the right information
needed at the moment, understandable, error-free
► at the right point in time
“Just in time” (JIT) for momentary use, sufficient for making decisions
► in the right amount
as much as necessary, as little as possible
► at the right place
available for the receiver
► in the required quality
sufficient details and genuine, immediately useable

Source: Augustin (1990) cited in Krcmar (2015, 117)

52
Thought Exercise: Information
Supply
Situation
Claims Settlement at an
Insurance Company

What would be a good way to represent

information resources for the insurance clerk?
53
IV. Information Usage

HOW CAN WE MAKE SURE

THAT INFORMATION IS USED?

54
Technology Acceptance
Model (TAM)
Psychological Perspective: When would you use information?

More details in the lecture on Innovative ICT.

Source : Davis (1989)

55
Usage and Value of Information
The usage of information determines the value of
information.

Source : Ahituv et al. 1994, Krcmar (2015),

As part of this context specific and temporal usage,

Informationsmanagement, p. 161
the value of information is influenced by adding,
omitting, concretizing, selecting, and aggregating.

 Different notions of information value

 Circular notion: Of course, information is acquired
and used if it is expected to be of value
56
Information Value (1)
Normative information value
• Is determined by a comparison between the rational decision with and
without additional information acquisition, that is “decision-making prior
to information” and an unbiased decision after acquisition of additional
Information, that is “decision-making after information”
• Opportunity cost principle: The information value is the difference
between the value of the optimal alternative after information acquisition
and the value of the optimal alternative prior to the information
acquisition
 In a nutshell: You want to avoid spending more for information than
what you can gain from exploiting the information
57
Information Value (2)
Realistic information value
• Empirically measureable profit due to the use of information by
the decision-maker
• Information value equals the value of actions, which were
induced by information, e.g. profit, response time, accuracy
• For computing this value all other variables that can influence
the action’s value have to be kept constant  Hardly possible

Subjective information value

• Uncertain and dynamic: Decisions often need to be made under
time pressure
• Subjective value is bound to an individual
58
Initiation of Further Life Cycle
Iterations

Typically the Management of Information Life Cycle is not

concluded after one iteration
• Unmet needs: At the first attempt not all support and information demands
of the information users are covered
• Changes: When demands change, adjustments of the supply are
necessary

59
Learning Objectives

1. You know the tasks associated with the management of

information sources, information resources, information
supply, and information usage, and you are able to locate
them in the Management of Information Life Cycle.
2. You are familiar with methods for organizing and modeling
information.
3. You know information quality criteria, methods for the
management of information quality, and you are able to
challenge the concept of information value.

60