Table of Contents

Introduction: What is Information management?

Chapter 1: Strategy and Strategic Management
Chapter 2: SWOT Analysis
Chapter 3: Strategic Planning
Chapter 4: Procurement vs. Acquisition
Chapter 5: Policy, Process, and Procedure
Chapter 6: The Information System Strategy Triangle
Chapter 7: Information System and Digital Transformation
Chapter 8: Business of Information Systems
Chapter 9: Information Systems Security
Chapter 10: Managing IS Projects

Subject: Information System Strategy, Management, and Acquisition

Course Description: General overview of IS management aligned with strategic planning and analysis
which focuses on process implementation and improvement.
Course Objective: To give learners basic understanding and perspective in the utilization of IS resources
and continuous improvement of different processes
Pre-requisite: Project Management
Required Applications: MS Word, Excel, Powerpoint, MS Visio

Introduction:
What is Information Management?
Information, as we know it today, includes both electronic and physical information. The
organizational structure must be capable of managing this information throughout the information lifecycle
regardless of source or format (data, paper documents, electronic documents, audio, video, etc.) for
delivery through multiple channels that may include cell phones and web interfaces.
According to Wikipedia, Information management (IM) is the collection and management of
information from one or more sources and the distribution of that information to one or more audiences.
This sometimes involves those who have a stake in or a right to that information. Management means the
organization of and control over the structure, processing, and delivery of information.
 Information management is the key to success for any organization. It can help organizations
achieve their goals by efficiently managing information. It also helps them avoid security breaches and data
loss which could lead to financial loss or other consequences.
Information management is the process of acquiring, organizing, storing, and using information.
The goal is to ensure that information is delivered to the right audience at the right time, to the right place,
and in the right format in an efficient and effective manner.
We live in a highly competitive business environment where the efficient use of knowledge
management and information may be one of the most important aspects of an organization’s success. In a
nutshell, information is the “organizational currency” for decision-making.
Managing information is a key component of any organization’s success. This includes ensuring
that the right people have access to the right data at the right time. It also includes making sure that data is
not lost, exposed to unauthorized users, or information silos are managed properly. IM can be difficult for
organizations with high volumes of data and for those that are constantly changing their business models or
operations.
What is information management and why is it important?
By definition, Information management is the process of managing the complete lifecycle of
information, from its identification and collection to its disposal through archiving or deletion. it
encompasses all physical and electronic data collected by a business from its customers, employees, and
vendors.
The major functions of IM include records management, document imaging, knowledge
management, and data mining.
The role of information management is to assist employees with organizational roles or functions to
make quicker and better-informed decisions to deliver information to the right people at the right time and
place.
You can find plenty of definitions for the management of information but we believe what we
provided at the beginning of the article is the most appropriate definition.
Intelligent Info management deals with the business value, quality, ownership, use and security of
information in the context of organizational performance
(T.D. Wilson PhD)
The role of information professionals is to ensure that accurate and up-to-date information is
available to those who need it. They may work in a variety of settings, such as libraries, colleges and
universities, businesses, and government agencies to control the full information lifecycle.
Data and information management requires a wide range of activities such as document
management, records management, enterprise content management, data management, enterprise
search, business process management, digital asset management, and collaboration.
 Management of information is the process of acquiring, organizing, and using information. Data
management is the process of acquiring, storing, and using data.
Data, records, infrastructure, information systems, business processes, and most significantly
PEOPLE are all part of the business information lifecycle.
Since the management of information is a company’s duty, it should be viewed not only by the
highest levels of strategic management but also by employees at all levels.
Information is not just the lifeblood of companies and the glue that holds human relationships and
business processes together; Information assets are also a commodity in today’s and tomorrow’s
economies.
What Are The 5 Key Areas of Information Management?
The five key areas of information management are information collection, storage, distribution,
archiving, and destruction. Each of these key areas plays a vital role in the effective management of
information throughout its lifecycle.
1- Collection
At this stage, we must examine how the business collects information, whether it is created
internally or externally, electronically or as paper documents, verbally, written, audio, or video.
At this point, it is crucial to collect just the necessary information in order to save storage costs,
prevent analyzing data that is unnecessary to business governance, and guarantee that the information
obtained is of good quality.
2- Storage
We must determine where the information collected in the previous phase will be stored. Paper
documents should be stored and arranged in physical cabinets with fire-resistance measures in place.
Electronic information, on the other hand, might be kept in databases, document management systems,
information systems, and so on.
We must also identify and configure user access, version and change control, backups, and audit trails.
3- Distribution
This step entails deciding how different types of information should be distributed, in what format,
to whom, how frequently, and through what media, among other things.
Information is only valuable when it is presented to the appropriate person in order for the proper
action to be taken. This is a critical phase since it helps the overall success of your program.

4- Archiving
 Archiving is the process of securely storing inactive information in any format (both digital and
paper) that you no longer use regularly for long-term retention. Such information is still important to
organizations and must be retained for future reference or regulatory compliance.
You need to clearly state where the information is going to be archived and for how long.
5- Destruction
According to various rules and regulations, such as GDPR, HIPPA, and others, information should
not be maintained or preserved for longer than necessary, necessitating the necessity of a destruction
process for information that has outlived its usefulness.
This step is critical because it eliminates fines and penalties for noncompliance with various laws
and regulations while also lowering storage costs.
Why Is It Important?
Today’s business world is rife with fearless competitors. One of the most significant differences
between a successful and a failed business is that the latter is better at comprehending and taking
advantage of information.
Information management ensures that businesses can overcome challenges, improve business
operations, fulfill employee and client needs, improve business productivity and efficiency, improve
decision-making, and enhance employee collaboration.
Information management can be a complex process with many stakeholders involved from different
departments. It’s important to ensure that there is an accurate understanding of what information needs to
be managed and how it will be used by all stakeholders involved in order to avoid confusion and conflict
among them.
We all need easy access to the right information at the right time. Achieving this transformation has
an enormous impact on both the culture and the outcomes of the organization.
By linking individuals, processes, and technology, effective companies will unlock the full value of
their information. When information is handled effectively and only high-quality information is kept,
organizations may turn it into knowledge to get additional insights into their business and redirect their
operations to more profitable activities.

The Future of IM
 The future of managing information is promising, but it is not without challenges.
 New data sources are being developed as technology advances. Data can be obtained from
almost any piece of hardware that is connected to the internet using the Internet of Things (IoT).
 Artificial intelligence also is playing a very important role in capturing information and classifying
them without any human intervention.
 Information assets are extremely valuable for companies, and they must learn how to efficiently
handle them.
 “Chief information officers (CIOs) have the difficult job of running a function that rues a lot of resources
but offers little measurable evidence of its value. Line managers are increasingly assuming responsibility
for planning, building, and running information systems that affect their operations. To respond to business
and technological changes, CIOs now must build relationships with line managers and assume new and
more strategic roles. The strategic role of the CIO is becoming ever more complex, requiring an expansion
of the organizational and structural possibilities for filling that role.” (P. Gottschalk, 2000)

Chapter 1
Strategy and Strategic Management

What is Strategy?
Strategy is an action that managers take to attain one or more of the organization’s goals. Strategy
can also be defined as “A general direction set for the company and its various components to achieve a
desired state in the future. Strategy results from the detailed strategic planning process”.
A strategy is all about integrating organizational
activities and utilizing and allocating the scarce
resources within the organizational environment so as
to meet the present objectives. While planning a
strategy it is essential to consider that decisions are
not taken in a vacuum and that any act taken by a firm
is likely to be met by a reaction from those affected,
competitors, customers, employees or suppliers.

Features of Strategy
 Strategy is Significant because it is not possible to foresee the future. Without a perfect foresight,
the firms must be ready to deal with the uncertain events which constitute the business
environment.
 Strategy deals with long term developments rather than routine operations, i.e. it deals with
probability of innovations or new products, new methods of productions, or new markets to be
developed in future.
 Strategy is created to take into account the probable behaviour of customers and competitors.
Strategies dealing with employees will predict the employee behaviour.

Thinking Strategically:
The 3 big strategic questions
1. Where are we now?
2. Where do we want to go?
a. Where to be in and positions
b. Client need and groups to serve
c. Outcomes to achieve
3. How will we get there?

Strategic Management
Strategic management is the planned use of a business' resources to reach company goals and
objectives. Strategic management requires ongoing evaluation of the processes and procedures within an
organization and external factors that may impact how the company functions. The process of strategic
management should guide top-level programs and decisions. Companies of all sizes and in all industries
can benefit from the practice of strategic management.
How does strategic management work?
Strategic management requires setting objectives for the company, analyzing the actions of competitors,
reviewing the organization's internal structure, evaluating current strategies and confirming that strategies
are implemented company-wide.
Strategic management can be either prescriptive or descriptive.
Prescriptive strategic management means developing strategies in advance of an organizational issue.
Descriptive strategic management means putting strategies into practice when needed. Both methods of
strategic management employ management theory and practices.
While upper management is responsible for implementing strategies, ideas, goals or organizational
challenges can come from any member of the company. Many companies employ strategists whose job it
is to think and plan strategically to improve company function.

Five steps of Strategic Management

While there are different approaches and frameworks for strategic management, there are generally the
same five steps in the process:
Identification, Analysis, Formation, Execution, Evaluation
1. Identification
The first step in strategic management is evaluating the company’s current direction. This often includes
understanding the company’s goal, mission and overall strategic direction. Assessing where the company’s
current process will help you achieve your goal.
2. Analysis
Once you understand the current process, you must analyze the details. What is working? What is not
working? What input from organizational stakeholders can you gather? This is the time to answer any
questions that will help solidify the necessary elements of the strategic plan. A SWOT analysis, or
identification of strengths, weaknesses, opportunities and threats, is a useful tool.
3. Formation
Once you have the information you need, it is time to create an action plan for reaching the goal. Make sure
the steps are clear, focused and directly related to the goal. Prepare easy-to-understand implementation
guidelines if the process or procedure will impact many people within the organization.
4. Execution
Follow the steps outlined in your strategic plan. Make sure that all stakeholders are implementing the plan
as designed for maximum efficiency.
5. Evaluation
Evaluate the final product. Did you achieve your goal? Was the process implemented appropriately
company-wide? Based on your answers to these questions, you can reflect and revise as needed.
Assignment: Look for any quotation from the internet related to Strategy. Tell something about it.

Chapter 2
The SWOT Analysis
SWOT stands for strengths, weaknesses, opportunities and threats. This analysis allows you to
investigate internal and external factors. Internal factors include positive (strengths) or negative
(weaknesses) factors that exist within your organization and are able to be changed or affected in some
way, while external factors include positive (opportunities) or negative (threats) factors that exist outside of
the subject you are evaluating and cannot necessarily be changed or affected by you or your organization
in any way.
A SWOT Analysis is one of the most commonly used tools to assess the internal and external
environments of a company and is part of a company’s strategic planning process. In addition, a SWOT
analysis can be done for a product, place, industry, or person. A SWOT analysis helps with both strategic
planning and decision-making, as it introduces opportunities to the company as a forward-looking bridge to
generating strategic alternatives.
 It s important to point out that strengths and weaknesses are current or backward-looking, and
opportunities and threats are forward-looking. By performing a SWOT analysis, we will be able to build a
bridge between what the company has accomplished to date and the strategic alternatives that are going to
be generated.

Internal:
Internal factors are the strengths and weaknesses of the company. Strengths are the
characteristics that give the business its competitive advantage, while weaknesses are characteristics that
a company needs to overcome in order to improve its performance.
Examples of internal factors include:
Company culture, Company image, Operational efficiency, Operational capacity, Brand awareness,
Market share, Financial resources, Key staff, Organizational structure
External:
External factors are the opportunities and threats to the company. Opportunities are elements that
the company sees in the external environment that it could pursue in the future to generate value. Threats
are elements in the external environment that could prevent the company from achieving its goal or its
mission or creating value.
Changes in the external environment may be due to:
Societal changes, Customers, Competitors, Economic environment, Government regulations,
Suppliers
Partners, Market trends
Conducting SWOT Analysis:

Strengths:
 Consider strengths from an internal and consumer perspective.
 What advantages does your company have?
 What unique resources you have that others do not?
What is your company’s Unique Selling Proposition?
What positive consumer perception does your company have?
What low-cost resources do you have access to that others do not?

Weaknesses:
Consider weaknesses from an internal and consumer perspective.
What does your company not do well?
What weaknesses do consumers see in your company?
What factors contribute to a weaker brand image?

Opportunities:
Consider opportunities from an external perspective.
What good opportunities are available in the marketplace?
What are some trends that your company can capitalize on?
Are there any changes in technology or markets that your company can take advantage of?
Are there any changes in lifestyle, social patterns, etc., that your company can take advantage of?
Threats:
Consider threats from an external perspective.
What obstacles does your company face?
What are your competitors doing better than you?
Is a change in technology threatening the position of your company?
What threats do your weaknesses put you at risk of?
The SWOT analysis does not cover the entire business, just the factors that may influence their
ability to introduce a new product.
To get the most out of the SWOT, they have made specific statements in each category. For
example, rather than simply list 'competitors' as a threat, they have included specific details about how their
competitors are a threat.
The following is an example of a SWOT (strengths, weaknesses, opportunities and threats)
analysis conducted by a business trying to decide if they should introduce a new product to their range.

Internal Environment
Strengths (S) Weaknesses (W)

1. Excellent sales staff with strong 1. Currently struggling to meet

knowledge of existing products deadlines - too much work?
2. Good relationship with customers 2. High rental costs
3. Good internal communications 3. Market research data may be out
4. High traffic location of date
5. Successful marketing strategies 4. Cash flow problems
6. Reputation for innovation 5. Holding too much stock
6. Poor record keeping

Opportunities (O) Threats (T)

1. Similar products on the market are 1. Competitors have a similar product

not as reliable or are more
expensive
2. Loyal customers
3. Product could be on the market for
Christmas
4. Customer demand - have asked
sales staff for similar product
2. Competitors have launched a new
advertising campaign
3. Competitor opening shop nearby
4. Downturn in economy may mean
people are spending less
Assignment: Design a SWOT analysis of your career path which you think you may encounter on looking
for a job.

Chapter 3
Strategic Planning

What is Strategic Planning?

Strategic planning is the art of creating specific
business strategies, implementing them, and evaluating the
results of executing the plan, in regard to a company’s overall
long-term goals or desires. It is a concept that focuses on
integrating various departments (such as accounting and
finance, marketing, and human resources) within a company to
accomplish its strategic goals. The term strategic planning is
essentially synonymous with strategic management.
Strategic Planning Process
The strategic planning process requires considerable thought
and planning on the part of a company’s upper-level management.
Before settling on a plan of action and then determining how to
strategically implement it, executives may consider many possible
options. In the end, a company’s management will, hopefully, settle on a
strategy that is most likely to produce positive results (usually defined as
improving the company’s bottom line) and that can be executed in a
cost-efficient manner with a high likelihood of success, while avoiding
undue financial risk.
 The development and execution of strategic planning are typically viewed as consisting of being
performed in three critical steps:
1. Strategy Formulation
In the process of formulating a strategy, a company will first assess its current situation by
performing an internal and external audit. The purpose of this is to help identify the organization’s strengths
and weaknesses, as well as opportunities and threats (SWOT Analysis). As a result of the analysis,
managers decide on which plans or markets they should focus on or abandon, how to best allocate the
company’s resources, and whether to take actions such as expanding operations through a joint venture or
merger.
Business strategies have long-term effects on organizational success. Only upper management
executives are usually authorized to assign the resources necessary for their implementation.
2. Strategy Implementation
After a strategy is formulated, the company needs to establish specific targets or goals related to
putting the strategy into action, and allocate resources for the strategy’s execution. The success of the
implementation stage is often determined by how good a job upper management does in regard to clearly
communicating the chosen strategy throughout the company and getting all of its employees to “buy into”
the desire to put the strategy into action.
Effective strategy implementation involves developing a solid structure, or framework, for
implementing the strategy, maximizing the utilization of relevant resources, and redirecting marketing
efforts in line with the strategy’s goals and objectives.
3. Strategy Evaluation
Any savvy business person knows that success today does not guarantee success tomorrow. As
such, it is important for managers to evaluate the performance of a chosen strategy after the
implementation phase.
Strategy evaluation involves three crucial activities: reviewing the internal and external factors
affecting the implementation of the strategy, measuring performance, and taking corrective steps to make
the strategy more effective. For example, after implementing a strategy to improve customer service, a
company may discover that it needs to adopt a new customer relationship management (CRM) software
program in order to attain the desired improvements in customer relations.
All three steps in strategic planning occur within three hierarchical levels: upper management,
middle management, and operational levels . Thus, it is imperative to foster communication and interaction
among employees and managers at all levels, so as to help the firm to operate as a more functional and
effective team.
Benefits of Strategic Planning
The volatility of the business environment causes many firms to adopt reactive strategies rather
than proactive ones. However, reactive strategies are typically only viable for the short-term, even though
they may require spending a significant amount of resources and time to execute. Strategic planning helps
firms prepare proactively and address issues with a more long-term view. They enable a company to
initiate influence instead of just responding to situations.
Among the primary benefits derived from strategic planning are the following:
1. Helps formulate better strategies using a logical, systematic approach
This is often the most important benefit. Some studies show that the strategic planning process
itself makes a significant contribution to improving a company’s overall performance, regardless of the
success of a specific strategy.
2. Enhanced communication between employers and employees
Communication is crucial to the success of the strategic planning process. It is initiated through
participation and dialogue among the managers and employees, which shows their commitment to
achieving organizational goals.
Strategic planning also helps managers and employees show commitment to the organization’s
goals. This is because they know what the company is doing and the reasons behind it. Strategic planning
makes organizational goals and objectives real, and employees can more readily understand the
relationship between their performance, the company’s success, and compensation. As a result, both
employees and managers tend to become more innovative and creative, which fosters further growth of the
company.
3. Empowers individuals working in the organization
The increased dialogue and communication across all stages of the process strengthens
employees’ sense of effectiveness and importance in the company’s overall success. For this reason, it is
important for companies to decentralize the strategic planning process by involving lower-level managers
and employees throughout the organization. A good example is that of the Walt Disney Co., which
dissolved its separate strategic planning department, in favor of assigning the planning roles to individual
Disney business divisions.
Wrap Up
An increasing number of companies use strategic planning to formulate and implement effective
decisions. While planning requires a significant amount of time, effort, and money, a well-thought-out
strategic plan efficiently fosters company growth, goal achievement, and employee satisfaction.
“Strategic planning is the approach used in forming an organization's direction (e.g., its
vision, mission and priorities). On the other hand, strategic management is the overall
process of achieving that direction, from planning to execution.”

Assignment: In flowchart format, create your own strategic planning showing your own career direction.

Chapter 4
Procurement and Acquisition
 Procurement is the act of buying goods and services. Acquisition is
defined as a corporate transaction where one company purchases a
portion or all of another company’s shares or assets. Acquisitions
are typically made in order to take control of, and build on, the target
company’s strengths and capture synergies. There are several
types of business combinations: acquisitions (both companies
survive), mergers (one company survives), and amalgamations
(neither company survives).Acquisition Management is the process
of obtaining resources needed for a company to produce the
products sold to consumers. Other terms for this process include
procurement or contract management. Large organizations and publicly held companies are common users
of acquisition management because they have the most need for it and can allocate personnel to this task.
Acquisition vs. Merger
Mergers and Acquisitions (M&A) are similar transactions, however, they are significantly different
legal constructs.
In an acquisition, both companies continue to exist as separate legal entities. One of the
companies becomes the parent company of the other.
In a merger, both entities combine and only one continues to survive while the other company
ceases to exist.
Another type of transaction is an amalgamation, where neither legal entity continues to survive.
Instead, an entirely new company is created.
Benefits of Acquisitions
Acquisitions offer the following advantages for the acquiring party:
1. Reduced entry barriers
With M&A, a company is able to enter into new markets and product lines instantaneously with a
brand that is already recognized, with a good reputation and an existing client base. An acquisition can help
to overcome market entry barriers that were previously challenging.
Market entry can be a costly scheme for small businesses due to expenses in market research,
development of a new product, and the time needed to build a substantial client base.
2. Market power
An acquisition can help to increase the market share of your company quickly. Even though
competition can be challenging, growth through acquisition can be helpful in gaining a competitive edge in
the marketplace. The process helps achieves market synergies.
3. New competencies and resources
 A company can choose to take over other businesses to gain competencies and resources it does
not hold currently. Doing so can provide many benefits, such as rapid growth in revenues or an
improvement in the long-term financial position of the company, which makes raising capital for growth
strategies easier. Expansion and diversity can also help a company to withstand an economic slump.
4. Access to experts
When small businesses join with larger businesses, they are able to access specialists such as
financial, legal or human resource specialists.
5. Access to capital
After an acquisition, access to capital as a larger company is improved. Small business owners are
usually forced to invest their own money in business growth, due to their inability to access large loan
funds. However, with an acquisition, there is an availability of a greater level of capital, enabling business
owners to acquire funds needed without the need to dip into their own pockets.
6. Fresh ideas and perspective
M&A often helps put together a new team of experts with fresh perspectives and ideas and who
are passionate about helping the business reach its goals.
Challenges with Acquisitions
M&A can be a good way to grow your business by increasing your revenues when you acquire a
complimentary company that is able to contribute to your income. Nevertheless, M&A deals can also create
some hitches and disadvantage your business. You must take these potential pitfalls into consideration
before pursuing an acquisition.
1. Culture clashes
A company usually has its own distinct culture that has been developing since its inception.
Acquiring a company that has a culture that conflicts with yours can be problematic. Employees and
managers from both companies, as well as their activities, may not integrate as well as anticipated.
Employees may also dislike the move, which may breed antagonism and anxiety.
2. Duplication
Acquisitions may lead to employees duplicating each other’s duties. When two similar businesses
combine, there may be cases where two departments or people do the same activity. This can cause
excessive costs on wages. M&A transactions, therefore, often lead to reorganization and job cuts to
maximize efficiencies. However, job cuts can reduce employee morale and lead to low productivity.
3. Conflicting objectives
The two companies involved in the acquisition may have distinct objectives since they have been
operating individually before. For instance, the original company may want to expand into new markets, but
the acquired company may be looking to cut costs. This can bring resistance within the acquisition that can
undermine efforts being made.
 4. Poorly matched businesses
A business that doesn’t look for expert advice when trying to identify the most suitable company to
acquire may end up targeting a company that brings more challenges to the equation than benefits. This
can deny an otherwise productive company the chance to grow.
5. Pressure on suppliers
Following an acquisition, the capacity of the suppliers of the company may not be enough to
provide the additional services, supplies, or materials that will be needed. This may create production
problems.

6. Brand damage
M&A may hurt the image of the new company or damage the existing brand. An evaluation of
whether the two different brands should be kept separate must be done before the deal is made.
Key Takeaways
When a company is looking to expand, one way many business owners consider doing so is
through the acquisition of another similar business. An acquisition is a great way for a company to achieve
rapid growth over a short period of time. Companies choose to grow through M&A to improve market share,
achieve synergies in their various operations, and to gain control of assets. It is less expensive, less risky,
and faster, as compared to traditional growth methods such as sales and marketing efforts.
While an acquisition can create substantial and rapid growth for a company, it can also cause
some problematic issues along the way. Several things can go wrong even when there is a well-laid plan.
There may be a clash between the different corporate cultures, synergies may not match, some key
employees may be forced to leave, assets may have a lower value than perceived, or company objectives
may conflict.
Before putting the acquisition of another business into consideration, it is essential to analyze the
advantages and disadvantages that will be presented by the business deal. A well-executed strategic
acquisition that takes advantage of potential synergies can be one of the best ways for a company to
achieve growth.
Companies today often prefer to have employees with a certain degree of technical skills. Most
individuals first learn these skills by obtaining a four-year college degree or a graduate degree in acquisition
management. Coursework for the undergraduate degree includes general management, accounting,
corporate finance and organizational management. Core courses include contract law, government pricing
and contracts, negotiation and general contract management. Other concentrated courses can include
pricing and financial management, cost analysis, project management, managerial economics and
performance-based contract service.
 During the acquisition management process, companies must find and select business partners
who are adequate enough to fill long-term business needs. For major purchases or continuous future
relationships, companies will use contracts to ensure they receive specific benefits from the vendor or
supplier. The acquisitions manager often takes the lead, as this position is responsible for doing the
legwork on the process and reporting the information to upper management. Executive management will
then make a decision based on this information.
In a technologically advanced business environment, acquisition management will need a
background in business information systems or other computer software used by the company. For
example, many companies operate using electronic data interchange. Through this tool, most orders from a
company and its suppliers or vendors occur through computer-transferred orders. The acquisitions
manager will need to monitor these systems, however, and ensure they operate according to preset
designs. The management team may also need to integrate these systems as they change between
different suppliers and vendors, making it important that the acquisitions manager has a background in this
area.
Another focus of acquisition management is performance evaluation. This is necessary to ensure
the company receives the maximum benefits from materials purchased through suppliers and vendors.
Owners and managers will often work with the acquisitions manager to ensure the procurement department
has policies in place to maximize benefits. Cost analysis and performance reviews also find new areas for
the company to find ways for saving money, a improving the return on capital spent for business
operations.
Acquisition covers a much broader range of topics than procurement. Acquisition spans the whole
life cycle of acquired systems. The procurement of appropriate systems engineering (SE) acquisition
activities and levels of SE support is critical for an organization to meet the challenge of developing and
maintaining complex systems.
Assignment: Using the internet, search one Acquisition Process Model and give some insights about the
model.

Chapter 5
Policy, Process, and Procedure

What is a Policy?
At the top of the pyramid are the policies.
A policy sets out the strategic direction of the organization as
decided by senior management. A policy will lay out a
destination, but won’t give any direction on how this is to be
executed. For example, a policy would contain a statement such as: ‘Time and attendance with be tracked
for all staff and contractors in a clear and consistent way', but wouldn't give any indication as to how that
should be done.

What is a workplace policy?

Workplace policies are statements of principles and practices dealing with the ongoing
management and administration of the organization or business. Policies act as a guiding frame of
reference for how the organization deals with everything from its day to-day operational problems or how to
respond to requirements to comply with legislation, regulation and codes of practice.
The need for effective workplace policies and procedures has never been more important than in
today. Creating formal policies and procedures allows you and your staff to make better decisions and also
adds legitimacy to your decisions. Having an agreed process will allow you to reduce risk within your
business, and can provide the following benefits to your workplace:
 It will help employees understand what is expected of them with respect to standards of behavior
and performance, and gives clear and defined boundaries that are consistent with the values of the
organization.
 It provides a set of rules and guidelines for decision-making in everyday situations for staff to easily
refer to. This can help maintain the direction of the organization even during periods of change.
 It allows you to demonstrate to your employees, and potential employees, that all employees will
be treated fairly and equally, and it ensures uniformity and consistency in decision-making and
operational procedures
 It can provide you with a documented and accepted method of dealing with complaints and
misunderstandings to help avoid claims of favoritism or discrimination.
 It can set a framework for delegation of decision making in the absence of senior management or
line management.
 It is a very useful means of communicating important information to new employees, and can
clarify functions and responsibilities.
 If done properly, they can offer you protection from breaches of employment legislation, such as
equal opportunity laws and other associated legislation.
 It can assist in assessing performance and establishing accountability.
A workplace policy should:
 set out the aim of the policy
 explain why the policy was developed
 list who the policy applies to
 set out what is acceptable or unacceptable behavior
 set out the consequences of not complying with the policy
 provide a date when the policy was developed or updated.
 Policies also need to be reviewed on a regular basis and updated where necessary. For example, if
there is a change in equipment or workplace procedures you may need to amend your current policy or
develop a new one.
Employment law changes, changes to your award or agreement may also require a review of your
policies and procedures. Stay up to date with relevant changes by regularly checking Fair Work Online [Fair
Work Ombudsman]
Types of workplace policies
Here are some examples of common workplace policies that could assist your workplace:
 code of conduct
 recruitment policy
 internet and email policy
 mobile phone policy
 non-smoking policy
 drug and alcohol policy
 health and safety policy
 anti-discrimination and harassment policy
 grievance handling policy
 discipline and termination policy
 using social media.

What is a Process?
Under policies are the processes.
The ISO definition of a process is:
‘A process is a set of inter-related
activities that turn inputs into outputs’
A process sets out what you
do, but not how you do it. A business
process for tracking time and
attendance for all staff and contractors,
may contain an activity such as
‘Complete time and attendance
spreadsheet’ but give no detail on how
that is performed. There is an
assumption that the responsible
person would know how to perform the
task and where to find the appropriate
materials to do so. Any further guidance or detail should be set out in a procedure or work instruction.
What is a Procedure or Work Instruction?
A procedure or work instruction should detail the exact steps
an individual would need to go through to complete any
activity detailed in a process.
The Practical Application
A common reason for being interested in the difference
between a policy, a process and a procedure is that having
clarity and consistency around different types of information
is absolutely key in encouraging your employees to follow
the agreed process. However, this is still the most difficult thing to achieve in any process improvement
project - because it relies on people to individually check and follow the correct documentation.
The 8 benefits of having good procedures.
1. Know what you have to do
This is the first use of a procedure: describe a job that needs to be done. To be the most efficient,
keep it short, simple and visual.
2. Access information to quickly solve problems and reduce downtime
Procedures are useful when a quick response is needed for an uncommon situation. Downtimes on
a production line can cost thousands of dollars each minute. It’s important to find the relevant
information as fast as possible. Your DMS (Document Management System) has a key role. Cloud
solutions are efficient and let you easily find document in seconds thanks to a search bar or tags.
3. Easily onboard new employees
Good procedures can be used as training content. Again, a short, simple and visual document will
help a new employee to understand the work that has to be done.
4. Be in compliance with norms/certifications
Procedures are often mandatory. The ISO 9001 certification - the most common - is a good
example. However, it becomes a hassle when your quality engineer has to work full-time updating
documentation during the 2 months before the audit. Having quality procedures in a good
management system takes away this pain.
5. Improve quality
Process standardization is the key to managing quality. Having clear procedures helps in this
standardization. It also helps to track defects and to find the cause of a problem. While your
process improves, the procedure must be updated as well and this is where a system like JITbase,
which allows employees to suggest improvements, becomes powerful.
6. Make sure everyone is on the same page
 Having a “snapshot” of the current situation helps everyone know where the company is on a
certain process. It becomes easier for the company to set goals and makes every employee move
in the same direction.
7. Reduce risk & improve security
Procedures are a great way to signal dangers. They are the perfect place to mention what’s
mandatory or forbidden while doing the job. It leads to less downtime, and even more importantly, it
leads to fewer accidents and injuries. Again, it must be visual, using icons and photos.
8. Improve
A procedure allows for evaluating the current way a task is done. A task written down and shared
among team members is easier to analyze and improve upon. A procedure should be a dynamic
document, where employees collaborate and continuously propose improvements.
Assignment: Create a process that you usually encountered during face-to-face enrolment based on your
own experience

Chapter 6
The Information System Strategy Triangle
IS Strategy Triangle is a correlation between Business Triangle, Organizational Strategy and Information
Strategy. Those strategies are coordinated in a set of actions to fulfill their respective objectives, purpose
and goals. A business strategy is a plan articulating where a business seeks to go and how it expects to get
there.
Information Strategy
The Information Systems Strategy is a simple framework for understanding the impact of the
Information System inside the organizations. This business strategy drives both Organizational and
Information strategy.
Organization’s information resources should therefore be managed using a strategy based on:
 Its strategic objectives, information system should support both Business Strategy and
Organizational Strategy.
 A clear idea of the needs of Information and how staff should use that information.
Benefits of having an information strategy. The following is an adaptation:
 decision making on investment in systems and IT is based on organizational strategy and user
needs (rather than technology push or the latest trends)
 a strategy avoids wasting time on unnecessary activities, particularly users having to interpret
information received in unsuitable formats
  a strategy also ensures an organization meets its legal requirements, so avoiding unnecessary
costs and risk to reputation
 properly managed information supports innovation, productivity and competitiveness
 information activities are unified, so fully contributing to organizational objectives
 a strategy encourages co-operation and openness between managers of information resources.
This results in more effective use of the organization’s information and in more innovation.

4 Keys of IS Strategy :
These key components are sufficient to allow the general manager to assess critical IS issues.

Business Strategy
A coordinated strategy with some set of actions to fulfill objectives, purposes and goals. Business Strategy
always starts with a mission. Those mission will be stated in mission statements.
Business Frameworks
These are the Business frameworks that often be used in the company :
 Porter’s Competitive Advantages.
 Differentiation Strategy Variants.
  Hypercompetition
Organizational Strategies
Organizational strategy includes the organization’s design as well as the choices it makes in its work
processes. There are 2 frameworks in the Organizational Strategies :
1. Business Diamond
Simple framework for identifying crucial components of an
organization’s plan

2. Managerial Levers
– Another framework for organizational design, states that successful execution of the firm’s
organizational strategy is the best combination of organizational, control, and cultural variables.

Analyzing the Role of Information Systems in Supporting Business and Organizational Strategies
Information technology plays a key role in the business world. In fact, it could be said that business
cannot flourish unless there is a good information technology framework. In this regard, an information
system is like a network of various integrated information technology initiatives geared towards supporting
the business process. According to Pollack (2010), the information systems (IS) strategy is a plan carried
out by a business organization to provide services related to information domains.
The role of information systems in any organization cannot be underscored. With regard to the
business strategy, the IS strategy plays a complimentary role. This is because while the business strategy
would involve envisioning the strategic direction that a company would pursue, the IS strategy seeks to
help in the execution of wider strategy envisions. In any case, aspirations of the business exist in terms of
information. The IS strategy supports business communication of the intended achievements. With the
evolution of strategic management into what it is today, business strategies have integrated all the related
components of a business venture. Therefore, a closer scrutiny of the IS strategy reveals that the
relationship between the business strategy and the IS strategy is purely strategic. Consequently, changing
the business strategy leads to a change in the IS strategy. If these changes are not consistent and in
tandem with each other, there is an imbalance in the Information Systems Strategy Triangle (ISST).

While the business strategy involves how a business will tackle competition, for instance through
positioning or segmentation, the IS strategy includes capabilities of an organization to achieve the set
goals. It could be said that the IS strategy empowers a company to move ahead and face competition in the
industry.
There is a need to demystify the exact ways through which the IS strategy supports business
strategy implementation. Pollack (2010) identifies four components of the IS strategy. These include
hardware, software, networking, and data .
 The hardware includes physical components of the IS system such as servers and desktop units.
The IS strategy also determines who would be responsible for electronic machines and where they
would be located.
 The second component, which is software, includes the intangible components of the IS. These are
applications or programs that are used to enhance business communications, inter-system
linkages, and smooth business operations. The IS includes people who will develop necessary
programs and what applications would be compatible with the hardware at the disposal of the
company.
 Thirdly, the IS stipulates how hardware will be networked. In other words, it specifies ways in which
information will be shared between different computers or servers. A part of this strategy is a
diagrammatic representation of how hardware and software will be aligned, where nodes will be
located, and how wires will be connected.
 Lastly, the IS strategy includes policies regarding data or information of the company. This is
perhaps the most important aspect of the IS strategy, as in case information about the company is
not secure, confidential information about clients could be revealed to wrong people. In addition,
secret company information could be accessed by competitors, which would be lethal to the
company. The IS strategy specifies a formula that would establish which software contains what
data in which servers.
 Assignment: In your own words, give your own understanding about the four components of IS
strategy

Chapter 7
Information System and Digital Transformation

Digital transformation is the cultural, organizational and operational change of an organization,

industry or ecosystem through a smart integration of digital technologies, processes and competencies
across all levels and functions in a staged and strategic way. Digital transformation (also DX or DT)
leverages technologies to create value and new services for various stakeholders (customers in the
broadest possible sense),
innovate and acquire the
capabilities to rapidly adapt to
changing circumstances.
While DX is predominantly used in
a business context, it also impacts
other organizations such as
governments, public sector
agencies and organizations which
are involved in tackling societal
challenges such as pollution and
aging populations by leveraging
one or more of these existing and
emerging technologies.
In some countries, such as Japan,
digital transformation even aims to
impact all aspects of life with the
country’s Society 5.0 initiative (which has some similarities with the Industry 4.0 industrial transformation
vision).
Digital transformation is the profound transformation of business and organizational activities,
processes, competencies and models to fully leverage the changes and opportunities of a mix of digital
technologies and their accelerating impact across society in a strategic and prioritized way, with present
and future shifts in mind.
The development of new competencies revolves around the capacities to be more agile, people-
oriented, innovative, customer-centric, streamlined, efficient and able to induce/leverage opportunities to
change the status quo and tap into big data and new, increasingly unstructured data sources – and service-
driven revenues, with IoT as a vital enabler. Digital transformation efforts and strategies are often more
urgent and present in markets with a high degree of commoditization.
Digital transformation is not just about disruption or technology. It’s about value, people,
optimization and the capability to rapidly adapt when such is needed through an intelligent use of
technologies and information.
Present and future shifts and changes, leading to the necessity of a faster deployment of a digital
transformation strategy, can be induced by several causes, often at the same time, on the levels of
customer behavior and expectations, new economic realities, societal shifts (e.g. aging populations),
ecosystem/industry disruption and (the accelerating adoption and innovation regarding) emerging or
existing digital technologies.
In practice, end-to-end customer experience optimization, operational flexibility and innovation are
key drivers and goals of digital transformation, along with the development of new revenue sources and
information-powered ecosystems of value, leading to business model transformations and new forms of
digital processes. However, before getting there it’s key to solve internal challenges as well, among others
on the level of legacy systems and disconnects in processes, whereby internal goals are inevitable for the
next steps.
Digital transformation is a journey with multiple connected intermediary goals, in the end, striving
towards ubiquitous optimization across processes, divisions and the business ecosystem of a hyper-
connected age where building the right bridges (between front end and back office, data from ‘things’ and
decisions, people, teams, technologies, various players in ecosystems etc.) in function of that journey is
key to succeed.
The human element is key in it on all levels: in the stages of transformation as such (collaboration,
ecosystems, skills, culture, empowerment etc.) and obviously in the goals of digital transformation. Since
people don’t want ‘digital’ for everything and do value human and face-to-face interactions there will always
be an ‘offline’ element, depending on the context. Yet, also in non-digital interactions and transactions
digital transformation plays a role in the sense of empowering any customer-facing agent and worker.
A DX strategy aims to create the capabilities of fully leveraging the possibilities and opportunities of
new technologies and their impact faster, better and in more innovative way in the future. A digital
transformation journey needs a staged approach with a clear roadmap, involving a variety of stakeholders,
beyond silos and internal/external limitations. This roadmap takes into account that end goals will continue
to move as digital transformation de facto is an ongoing journey, as is change and digital innovation.
Digital business transformation – a holistic approach
Digital technologies – and the ways we use them in our personal lives, work and society – have
changed the face of business and will continue to do so. This has always been so but the pace at which it is
happening is accelerating and faster than the pace of transformation in organizations.
Digital transformation is probably not the best term to describe the realities it covers. Some prefer
to use the term digital business transformation, which is more in line with the business aspect. However, as
an umbrella term, digital transformation is also used for changes in meanings that are not about business in
the strict sense but about evolutions and changes in, for instance, government and society, regulations and
economic conditions on top of the challenges posed by so-called disruptive newcomers. It’s clear that
changes/shifts in society have an impact on organizations and can be highly disruptive as such when
looking at transformations from a holistic perspective. No company, industry, economic actor/stakeholder
and area of society stands on its own.
It is key to recognize the umbrella term dimension of digital transformation at all times. While digital
transformation maturity models can help in defining visions they are too simplistic and/or general in
practice.
Digital transformation covers a huge number of processes, interactions, transactions, technological
evolutions, changes, internal and external factors, industries, stakeholders and so forth. So, when reading
advice on digital transformation or reading reports and predictions it’s essential to keep this in mind.
Although there are common challenges, goals and traits in organizations across the globe, there are also
enormous differences per industry, region and organization. What could make sense in one region, doesn’t
have to make sense in another, even if we just look at regulatory environments.
This guide is about mainly about digital business transformation. In other words: about
transformation in a context of digital business where there is a decentralizing shift of focus towards the
edges of the enterprise ecosystem. The customer in the broadest sense (external and internal with the
borders between both blurring) is a key dimension in this equation with customer experience, worker
satisfaction, stakeholder value/outcomes, partnerships and a clear customer-centric approach as
components.
Technological evolutions and technologies, ranging from cloud computing, big data, advanced
analytics, artificial intelligence, machine learning and mobile/mobility (a key game changer) to the Internet
of Things and more recent emerging technological realities are 1) enablers of digital transformation and/or,
2) causes of digital transformation needs (among others as they impact behavior of consumers or reshape
entire industries, as in the digital transformation of manufacturing), and/or 3) accelerators of innovation and
transformation. Yet, technology is only part of the equation as digital transformation is by definition holistic.
DX and hyper-connectedness: focus on the edges
Customer and customer experience, purpose and end goals, partners, stakeholders, the last mile
of processes and disruption often sit and occur at these edges and are key for digital transformation.
Sometimes digital transformation is even narrowed down to customer experience alone but, strictly
speaking, this a mistake, leaving out several other aspects.
The end goals of the business, customers and stakeholders, however, do drive the agenda. The
central role of the organization is to connect the dots and overcome internal silos in all areas in order to
reach these different goals as interconnection is the norm. In other words: although the focus shift towards
the edges, the central capabilities are realized in order to work faster and better for and at the edges. This
happens for instance at organizational (integrated, ecosystems), technological (an ‘as-a-service approach’,
cloud and agility enablers) and at a cultural level.
The movement towards the edges also reflects in technologies and computing paradigms such as
edge computing and the decentralization of work and business models.

Think about how significant data management and analysis capacity is moving to the edge in a
datasphere where real-time demands increase while cloud computing grows in the core, the
decentralization of information management, the shifts in security towards the endpoints and much more.
Still, it does not mean that strategic decisions move to the edges or that digital transformation is
only possibly in organizations with “new” organizational models. Enterprise-wide digital transformation
requires leadership, regardless of how it is organized and as long as the holistic approach towards the
goals with the edges in mind prevails over internal silos and de facto gaps between reality and perception.
In practice we see that pilot projects on the way to a more holistic and enterprise-wide approach often
happen bottom-up, ad hoc or in specific departments. This is normal, typical in early stages but, if not
followed through on a broader level, a potential risk for long-term success. From the same holistic
imperative, it’s also essential to note that security requires a holistic view and even a cyber resilience
strategy as data sits everywhere, attacks increase and technological environments become more complex
with ever-growing external attack surface challenges and increasing software supply chain attacks.
“Digital transformation as a strategy is rarely an end in itself, but rather, a way to meet other strategic
objectives – business growth and innovation; a more agile operating model; a great customer experience;
and connected and collaborative employees” (Bas Burger)
Assignment: Is it important to a company or organization to align their business processes digitally? Why or
why not?

Chapter 8
Business of Information System
The data-driven world has
changed the way businesses
interact with customers,
employees, and competition.
 Greater access to information increases internal knowledge and allows stakeholders to make
critical business choices with confidence.

Unfortunately, a small business isn't always sure how to use its business analytics to generate
insights that can help increase profits and attract new customers. Data collection is meaningless
without a powerful system in place to make sense of the information and present findings
understandably.

Organizations that use optimized business information systems can effectively manage
their data and use it to increase knowledge and pinpoint growth opportunities. Companies without
quality information systems must understand how to use software to their advantage if they want to
be successful.

Top Industries that Use Information Systems:

 Healthcare and hospitals

 Airports and travelling companies
 Financial services and bankers
 Manufacturers

Benefits of Information System

Organizations collect large quantities of data that must be sorted through, analyzed, and
properly handled. A common problem is assessing how to effectively manage this process to
ensure the needs of customers and suppliers are met.

While most larger businesses utilize some type of information system to help manage big
data, other small to mid-sized companies have not employed the best software solutions to derive
any benefits.

By utilizing an IS, organizations can collect accurate data, learn from it, make it accessible
to everyone, and use those insights to optimize decision-making and systemize the supply chain.
The top benefits derived from using an IS include-

1. Relevant Data
A business information system is a cloud-based database that stores all of the information
related to a variety of business units, functions, clients, transactions, worker performance, and
client activity. Decision-makers can use this real-time data to know which actions to take and when.

For example, a sales manager may analyze real-time sales employee performance data to
see how is meeting their goals and who needs further monitoring. Team leaders no longer have to
use guesswork to make choices, ensuring decisions are based entirely on statistical evidence.

2. Optimizes Communication
A business administration system ensures all relevant computer information is accessible
to everyone, which they can view in a customized format. Workers can easily share data and
 inputs are immediately updated into the database, so everyone has access to the most accurate
and relevant information.

An optimized information system minimizes the need for emails or phone calls while
making it easier for everyone to communicate with different business units. It can also be used
externally to correspond with customers or provide answers to important questions.

Because an IS improves internal and external communication, team members can work
quickly to complete tasks, improve the quality of outcome, and streamline activities so the
organization maintains a competitive edge.

3. Minimizes Human Error

Automating manual processes by utilizing an information system can help to minimize
human error and ensure compliance with tax laws/regulations. Because data will not have to be
replicated, workers can rest assured that the information they view is accurate and up-to-date.

An optimized management information system notifies authorized individuals of a

suspicious or inaccurate transaction, so management can fix a problem before it worsens. This is
especially useful when it pertains to human resource management and payroll, as incorrect
payments can cost money and generate compliance problems.

As a result of using different types of information systems that minimize human error,
organizations will save money, resources, optimize communication, and improve the quality of
deliverables.

4. Information Security
Spreadsheets, file cabinets, and other outdated systems management methods used to
store valuable information can easily be tampered with.

By having all data stored in one or more secure business intelligence databases, it's much
easier to prevent theft or misplaced information. Audit trails maintain historical records for long
periods and are easily accessible to regulators or other authorized individuals.

This is especially relevant for enterprise information systems or other databases that hold
valuable financial/sales data. An IS with sensitive information can be programmed to only allow
access to authorized individuals, which helps to protect the company and save money.

5. Streamlines Business Processes

An IS optimizes resource management by completing many repetitive processes automatically,
freeing up time for employees to work on more important aspects of their jobs.
For example, a human resource information system integrates with time clock software and
calculates employee pay according to specific requirements.
 HR staffers no longer have to estimate overtime hours, verify timesheets, or convert hours to
minutes to perform payroll. The department can then focus on more valuable activities, such as recruiting
or ensuring training materials are up-to-par.
By streamlining everyday business processes, organizations can complete projects and meet goals
more efficiently.
They can focus on building marketing strategies to target new customers, or strengthening the
relationships they already have. Moreover, an organization can use business technology to pinpoint growth
opportunities and new revenue streams rather than wasting time on repetitive tasks.

Examples of Processes Streamlined by an IS:

 Data entry
 Inventory management
 Reporting
 Payroll
 Accounting
 Sales and marketing
 Customer service
Key Takeaways
In conclusion, here is how a business information system assists in long term success-
 A business information system stores, collects, and handles large quantities of data that help
organizations make better business decisions.
 An IS collects real-time data, which allows decision-makers to take the right actions at the right
time.
 A business information system optimizes communication by giving everyone access to customized
and relevant data that help them perform their jobs and share expertise.
 Automated management information systems reduce human error, which helps save an
organization time, money, and resources.
 Business information systems store data in a safe and secure location to prevent sensitive
information theft or misplaced documents.
 Business information systems streamline processes by allowing everyone to work together quickly
to complete projects. This generates new growth opportunities and minimizes the time spent
working on repetitive tasks.
The Importance of Collaboration Systems in Business

Because completing business activities require collaboration between various departments, utilizing an

information system is an essential tool to ensure company goals are met. It provides a mechanism for team
members to share knowledge and expertise with other members so a project can be completed accurately
and promptly.

For example, a collaborative web-based mind mapping tool allows employees to structure ideas while other
members can make updates to the map simultaneously. Because there is not a constant back and forth
between members through email or phone calls, it's much simpler to complete the project at hand.

An organization can use collaboration tools to maximize efficiency in the workplace and decrease the need
for in-person meetings and communication through traditional methods. It also is helpful for remote workers
or off-site managers, who can contribute to the project without being physically present at the organization.

In conclusion, here are the key takeaways to remember how information systems help collaboration in the
workplace-
Collaboration systems include a network of tools and technologies utilized to maximize knowledge-
sharing and helping everyone work together to meet a specific goal.
Because completing business activities require collaboration between various departments,
utilizing an information system is an essential tool to ensure company goals are met.
The five components of an information system include data, hardware, software, people, and
procedures. Various software and hardware solutions provide the tools needed to streamline collaboration
in the workplace. Data inputs must be accurate, hardware must be well-maintained, software tools need to
be programmed properly, and people need to have the skills and tools available to work together.
Assignment: What do you think will happen if one of the component of Information System is not included?

Chapter 9
Information Systems Security
Online consumer activity is at an all-time high. From online banking to e-commerce, customers
across the country have left manual processes behind.

Though moving consumer data online has boosted efficiency and connected thousands of
customers to sellers across the world, there are also risks involved. Hackers and cybersecurity threats to
information systems are increasing by the day, resulting in stolen consumer and company sensitive
information.

Many companies lose their reputation and are driven to bankruptcy from one of these attacks.
Because the stakes are so high, organizations across the country seek to ensure proper cyber security
measures and security controls are in place to protect computer information from being stolen, lost, or
misused.
 Both small and large companies must make sure to invest in an optimized security policy to protect
themselves and their customers.

Read ahead for an overview of the importance of ensuring information assurance and maintaining
system security measures in the digital age.

Information security requires specialized skills. For many organizations, outsourcing makes more
sense than having employees handle it all. You gain access to expertise without having to hire full-time
specialists. It leaves you free to focus on your business with confidence that your IT systems are well
protected. The type of cybersecurity service you need depends on the type of business and the required
level of security. There are several business models to choose from.

The Stats on Cyber Security:

 95% of attacks come from only 3 industries-Government, Retail, and Technology
 43% of cyber attacks are on small businesses
 The cost of data breaches for small businesses is 3.9 million

The Importance of Information System Security

Information systems security refers to the protection of data and business intelligence systems
against unauthorized usage or tampering of information either when in storage, processing, or transport.
Computer security measures encompass all of the security management methods utilized to pinpoint,
record, and prevent any security threats.

Because organizations are collecting and storing large quantities of data in databases and other
intelligence networks, they must ensure proper security policies and best practices are in place.

If a customer or financial data is stolen or tampered with, it can result in financial harm, a damaged
reputation, and litigation. As the need for information system security grows, there is an increase in security
analyst professionals ready to assist these organizations.

Those who seek to protect data struggle with attacks on-

 Malware - Hackers attack portions of software by using malicious code to cause damage to data.
 Vulnerabilities - Criminals look for information systems security vulnerabilities such as negligence
or a lack of investment in security measures. Older equipment and unprotected networks are
especially vulnerable to an attack by hackers.
 Phishing - Attackers seek to gain access to personal data by pretending to be someone related to
an employee at the organization. For example, a hacker may write an email with a stolen work
address to gain the trust of another worker.
 Offline System - Hackers attack the stability of offline computer systems by generating crashes that
hurt the company's reputation.
 Misuse of Data - When unauthorized individuals inside or outside the organization attempt to gain
access to inside information, they are typically hackers.

Here are the top reasons why businesses benefit from ensuring proper information system security to
protect their data is in place-

1. Ensure Compliance
Bankers, the healthcare industry, and online companies collect vast amounts of confidential
customer information every day. Unfortunately, consumers in the United States account for 47% of all fraud
even though they only constitute 27% of all credit card transactions worldwide.
Hackers have become increasingly sophisticated in their methods, forcing organizations to invest in
further security to prevent a breach. Regulations have been put in place to protect consumers and ensure
that companies comply with certain security measures.
Because these regulations can be complex and difficult to navigate, hiring an information system
security professional can help ensure compliance is met.
2. Prevent Bankruptcy in Smaller Companies
Many small to mid-sized companies believe they are immune from a breach and only put minimum
protections in place as a result. This is an unfortunate mistake, as their lack of protection results in many
successful attacks by hackers.
Though larger organizations tend to receive a larger percentage of attacks and threats, their increased
resources make them less likely to suffer as much financial harm as a small business. In summary, having
valuable information leaked or stolen leads to enormous financial problems that can destroy a small
company with minimal resources.
3. Protect Internal Data
The media typically focuses on stolen consumer data incidents, but protecting valuable company
information is also essential. Financial documents, legal paperwork, and tax information can be misused by
disgruntled employees or another type of attacker.
Because organizations hold years' worth of valuable internal data, they must do everything possible to
protect themselves. If company data is stolen or misplaced it can result in a ruined reputation, litigation, or
bankruptcy.
Fighting Cyber Attacks:
 Human intelligence and comprehension is the best mechanism to fight cyber attacks
 6 trillion will be spent by organizations to implement cyber security measures by 2021
 95% of cyber security breaches are due to human error
Types Of Cybersecurity Providers
You can outsource digital information security completely or in part. There are three major types of
information security providers, each offering different benefits and trade-offs.
 A managed service provider (MSP) for IT. Security is part of the package of information technology
services you get from an MSP. This approach gives you one-stop shopping; you know whom to
 talk to about all IT security issues. It tends to be less expensive than hiring a specialized security
service, but you generally won't get as high a level of dedicated expertise. Getting security through
an MSP can work well for small businesses and other organizations with moderate security needs.
 A managed security service provider (MSSP). This type of service specializes in information
systems security. You get a systems protection package from cybersecurity professionals who
know the subject well and constantly update their knowledge. Packages are generally available at
multiple levels to suit your needs. If you have fairly high-security requirements, a good MSSP
should be able to satisfy them and protect your sensitive information.
 A security consulting firm providing custom services. Consulting firms work closely with you to
assess your needs and provide a unique set of services to meet them. Cybersecurity professionals
will be available to answer questions and address issues quickly. Hiring a firm of this kind will cost
more, but it's worth it if you have very high information security needs.

Key Takeaways
In conclusion, here are the key takeaways to remember about information system security-
 Information system security involves the protection of valuable consumer and company data from
internal and external attacks. This requires a security program in place to monitor and protect data
during storage, transport, and processing.
 Because organizations hold large quantities of information, they must protect their customers and
maintain confidentiality integrity.
 Key information security struggles include malware, vulnerabilities, phishing, offline systems, and
misuse of data by employees or others.
 An information security policy and security management is important to organizations to ensure
compliance with federal regulations to protect consumers, prevent bankruptcy in small to mid-sized
organizations, and protect valuable internal information from a disgruntled employee or outside
attacker.
Assignment: Summarize the key takeaways of Information System

Chapter 10
Ethical Considerations in Information Systems
Information system Ethics
Ethics refers to rules of right and wrong that people use to make choices to guide their behaviours.
Ethics in MIS seek to protect and safeguard individuals and society by using information systems
responsibly. Most professions usually have defined a code of ethics or code of conduct guidelines that all
professionals affiliated with the profession must adhere to.
 In a nutshell, a code of ethics makes individuals acting on their free will responsible and
accountable for their actions. An example of a Code of Ethics for MIS professionals can be found on the
British Computer Society (BCS) website.

The term ethics is defined as “a set of moral principles” or “the principles of conduct governing an
individual or a group.” Since the dawn of civilization, the study of ethics and their impact has fascinated
mankind. But what do ethics have to do with information systems?
The introduction of new technology can have a profound effect on human behavior. New
technologies give us capabilities that we did not have before, which in turn create environments and
situations that have not been specifically addressed in ethical terms. Those who master new technologies
gain new power; those who cannot or do not master them may lose power. In 1913, Henry Ford
implemented the first moving assembly line to create his Model T cars. While this was a great step forward
technologically (and economically), the assembly line reduced the value of human beings in the production
process. The development of the atomic bomb concentrated unimaginable power in the hands of one
government, who then had to wrestle with the decision to use it. Today’s digital technologies have created
new categories of ethical dilemmas.
For example, the ability to anonymously make perfect copies of digital music has tempted many
music fans to download copyrighted music for their own use without making payment to the music’s owner.
Many of those who would never have walked into a music store and stolen a CD find themselves with
dozens of illegally downloaded albums.
Digital technologies have given us the ability to aggregate information from multiple sources to
create profiles of people. What would have taken weeks of work in the past can now be done in seconds,
allowing private organizations and governments to know more about individuals than at any time in history.
This information has value, but also chips away at the privacy of consumers and citizens.
Acceptable Use Policies
Many organizations that provide technology services to a group of constituents or the public require
agreement to an acceptable use policy (AUP) before those services can be accessed. Similar to a code of
ethics, this policy outlines what is allowed and what is not allowed while someone is using the
organization’s services. An everyday example of this is the terms of service that must be agreed to before
using the public Wi-Fi at Starbucks, McDonald’s, or even a university. Here is an example of an acceptable
use policy from Virginia Tech.
Just as with a code of ethics, these acceptable use policies specify what is allowed and what is not
allowed. Again, while some of the items listed are obvious to most, others are not so obvious:
“Borrowing” someone else’s login ID and password is prohibited.
Using the provided access for commercial purposes, such as hosting your own business website,
is not allowed.
Sending out unsolicited email to a large group of people is prohibited.
 Also as with codes of ethics, violations of these policies have various consequences. In most
cases, such as with Wi-Fi, violating the acceptable use policy will mean that you will lose your access to the
resource. While losing access to Wi-Fi at Starbucks may not have a lasting impact, a university student
getting banned from the university’s Wi-Fi (or possibly all network resources) could have a large impact.
Intellectual Property
One of the domains that have been deeply impacted by digital technologies is the domain of
intellectual property. Digital technologies have driven a rise in new intellectual property claims and made it
much more difficult to defend intellectual property.
Intellectual property is defined as “property (as an idea, invention, or process) that derives from the
work of the mind or intellect.” This could include creations such as song lyrics, a computer program, a new
type of toaster, or even a sculpture.
Practically speaking, it is very difficult to protect an idea. Instead, intellectual property laws are
written to protect the tangible results of an idea. In other words, just coming up with a song in your head is
not protected, but if you write it down it can be protected.
Protection of intellectual property is important because it gives people an incentive to be creative.
Innovators with great ideas will be more likely to pursue those ideas if they have a clear understanding of
how they will benefit. In the US Constitution, Article 8, Section 8, the authors saw fit to recognize the
importance of protecting creative works:
Congress shall have the power . . . To promote the Progress of Science and useful Arts, by
securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and
Discoveries.
An important point to note here is the “limited time” qualification. While protecting intellectual
property is important because of the incentives it provides, it is also necessary to limit the amount of benefit
that can be received and allow the results of ideas to become part of the public domain.
Outside of the US, intellectual property protections vary. You can find out more about a specific
country’s intellectual property laws by visiting the World Intellectual Property Organization.
In the following sections we will review three of the best-known intellectual property protections:
copyright, patent, and trademark.
Copyright
Copyright is the protection given to songs, computer programs, books, and other creative works;
any work that has an “author” can be copyrighted. Under the terms of copyright, the author of a work
controls what can be done with the work, including:
 Who can make copies of the work.
 Who can make derivative works from the original work.
 Who can perform the work publicly.
 Who can display the work publicly.
  Who can distribute the work.
Many times, a work is not owned by an individual but is instead owned by a publisher with whom the
original author has an agreement. In return for the rights to the work, the publisher will market and distribute
the work and then pay the original author a portion of the proceeds.
Copyright protection lasts for the life of the original author plus seventy years. In the case of a
copyrighted work owned by a publisher or another third party, the protection lasts for ninety-five years from
the original creation date. For works created before 1978, the protections vary slightly. You can see the full
details on copyright protections by reviewing the Copyright Basics document available at the US Copyright
Office’s website.
Assignment: You are in-charge of your company’s IS process development and somebody asked your help
to improve their system. What will you do?
References:
1. https://ieeexplore.ieee.org/
2. Proceedings of the 33rd Annual Hawaii International Conference on System Sciences
3. https://www.indeed.com/career-advice/career-development/what-is-strategic-management
4. https://corporatefinanceinstitute.com/resources/knowledge/strategy/swot-analysis/
5. https://www.managementstudyguide.com/planning_function.htm
6. https://www.wipfli.com/
7. https://www.practicaladultinsights.com/what-is-acquisition-management.htm
8. https://blog.triaster.co.uk/blog/policy-vs-process-vs-procedure
9. https://end2endbusinesssolutions.com.au/advantages-of-having-workplace-policies-in-place/
10. https://sis.binus.ac.id/2018/02/13/is-strategy-triangle/
11. https://www.i-scoop.eu/digital-transformation/
12. https://altametrics.com/en/information-systems/business-information-system.html
13. https://www.guru99.com/mis-ethical-social-issue.html