Professional Documents
Culture Documents
BCOM ITM - Information Technology Management 2B
BCOM ITM - Information Technology Management 2B
INFORMATION TECHNOLOGY
MANAGEMENT 2B
Module Guide
Copyright© 2021
MANCOSA
All rights reserved, no part of this book may be reproduced in any form or by any means, including photocopying machines,
without the written permission of the publisher. Please report all errors and omissions to the following email address:
modulefeedback@mancosa.co.za
IT Management 2B
Bachelor of Commerce
in Information and Technology Management (Year 2)
INFORMATION TECHNOLOGY MANAGEMENT 2B
List of Content
List of Figures
Figure 3 - The Abacus : One of the very first information processors. .............................................................. 18
Figure 4 - The Slide Rule : Early 1600s, William Oughtred, an English clergyman, invented the slide rule...... 18
Figure 6 - The Pascaline Interior : One of the first mechanical computing machines, around 1642. ................ 19
Figure 7 - Charles Babbage (1792-1871), eccentric English mathematician - The Difference Engine. ............ 20
Figure 9 - Joseph Marie Jacquard's loom. Parts are remarkably similar to modern-day computers, designed in
the 1830's, inspired binary logic. ....................................................................................................................... 21
Figure 11- 1890 : International Business Machines Corporation (IBM). The first logo, still a very big player in
modern day computing. .................................................................................................................................... 22
Figure 12- Howard Aiken, a Ph.D. student at Harvard University Built the Mark I, which was completed
January 1942 8 feet tall, 51 feet long, 2 feet thick, weighed 5 tons, used about 750,000 parts ........................ 22
Figure 14 - Electronic Numerical Integrator and Computer (ENIAC) - 1946: Rear View - Note vaccum tubes. 23
Figure 15- The Manchester University Mark I (prototype). First stored program computer .............................. 23
Figure 19- MIS Hierarchical planning stages (Schniederjans, 2004, p. 16) ..................................................... 60
Figure 21- A Management Information System - Allocating all resources to this can be considered to be an IT
investment (Schniederjans, 2004) .................................................................................................................... 63
Figure 26: Relation between requirements engineering and enterprise architecture ........................................ 72
Figure 37- The three forms of BI must work according towards a common goal. ........................................... 102
Figure 38 - The Latency between a business event and an action Taken from Richard Hackathorn, Bolder
Technologies. ................................................................................................................................................. 102
Figure 40 - Components of Information Security (Whitman & Mattford, 2012) ............................................... 121
Figure 41- Components of an Information System (Whitman & Mattford, 2012) ............................................ 124
Figure 42- Balancing Security and Access to information (Whitman & Mattford, 2012, p. 19) ........................ 127
Preface
A. Welcome
Dear Student
It is a great pleasure to welcome you to Information and Technology Management 2B (ITM2B6). To make sure
that you share our passion about this area of study, we encourage you to read this overview thoroughly. Refer to
it as often as you need to, since it will certainly make studying this module a lot easier. The intention of this module
is to develop both your confidence and proficiency in this module.
The field of Information and Technology Management 2B is extremely dynamic and challenging. The learning
content, activities and self- study questions contained in this guide will therefore provide you with opportunities to
explore the latest developments in this field and help you to discover the field of Information and Technology
Management 2B as it is practiced today.
This is a distance-learning module. Since you do not have a tutor standing next to you while you study, you need
to apply self-discipline. You will have the opportunity to collaborate with each other via social media tools. Your
study skills will include self-direction and responsibility. However, you will gain a lot from the experience! These
study skills will contribute to your life skills, which will help you to succeed in all areas of life.
This module, IT Management, forms an integral part of the MANCOSA qualification and serves to introduce the
student to the fundamentals of Information Technology (IT) Management together with the methods and theories
that support the integration of these technologies within business objectives. In doing so, the module expands on
the building blocks of Information Technology and their integration and application in the world and how it impacts
on the individual, the organisation and on society. After exploring Information Technology in terms of those impact
areas, we consider how strategy is key to investing in IT. Part of any organisation strategy should be to gather
business intelligence from the information it holds. This will lead to an in-depth discussion on Data Warehousing
and Data Mining. We will conclude this module with look at the principles of Information Security.
Thus this module will provide you with a holistic understanding of the impacts of Technology and contextualizing
this information. It will firm up your understanding of Business Intelligence and will finally look at the process and
principles of protecting your data and using your data with business intelligence.
MANCOSA does not own or purport to own, unless explicitly stated otherwise, any intellectual property
rights in or to multimedia used or provided in this module guide. Such multimedia is copyrighted by the
respective creators thereto and used by MANCOSA for educational purposes only. Should you wish to use
copyrighted material from this guide for purposes of your own that extend beyond fair dealing/use, you
must obtain permission from the copyright owner.
B. Module Overview
The module is a 15 credit module at NQF level 6
Expose learners to information technology and processes that will facilitate management and decision making
in organisations.
Understand the impact of information technology on the organisation, individual and society.
Evaluate the benefits and drawbacks of information technology investments.
Understand and apply the principles of data warehousing and data mining.
Understand and apply the basic principles of information security.
We challenge you to identify opportunities and risks within your organisation together with some case studies for
review and will lay the basis for section 5 which deals with Data Warehousing and Data Mining
Remembering the information in the previous module regarding Information Technology, we will look at Information
Technology in the light of how this knowledge will facilitate management and decision making in an organisation.
The organisation can only benefit from understanding intelligently the facts and trends that are presented by the
data the organisation has gleaned from its customers. This business intelligence can tip the scale for the future of
the organisation.
In a nutshell this module will recap the Information Technology fundamentals that we have learnt and will then
tackle the impact of Information Technology. Knowing the impact of Information Technology in the various areas
will assist us in understanding the benefits and drawbacks of Information Technology investments and ways in
which managers can tackle this contentious area. We take an in-depth look at Business Intelligence as a tool to
be leveraged in making the organisations future more than just survival but also of profitability. We cover the
cornerstone of Business Intelligence being Data Warehousing and Data Mining
The structure of data, information and Structure of data, information and knowledge is
knowledge in an organisational setting reviewed within an organisational setting to
emphasize data processes
Expose learners to information technology Information technology and processes are explored to
and processes that will facilitate facilitate management and decision making in
management and decision making in organisations
organisations
Evaluate the benefits and drawbacks of Benefits and drawbacks of information technology
information technology investments investments is explored within an organisation to
demonstrate possible changes that may transpire due
to IT
Understand and apply the principles of data Principles of data warehousing and data mining is
warehousing and data mining understood and applied in an organisation to secure
organisational assets
Understand and apply the basic principles of Principles of security is understood and applied in an
information security organisation to form a secured IT system
Learning time
Types of learning activities
%
Independent self-study of standard texts and references (study guides, books, journal 27
articles)
Other: Online 18
TOTAL 100
The purpose of the Module Guide is to allow you the opportunity to integrate the theoretical concepts from the
prescribed textbook and recommended readings. We suggest that you briefly skim read through the entire guide
to get an overview of its contents. At the beginning of each Unit, you will find a list of Learning Outcomes and
Associated Assessment Criteria. This outlines the main points that you should understand when you have
completed the Unit/s. Do not attempt to read and study everything at once. Each study session should be 90
minutes without a break
This module should be studied using the prescribed and recommended textbooks/readings and the relevant
sections of this Module Guide. You must read about the topic that you intend to study in the appropriate section
before you start reading the textbook in detail. Ensure that you make your own notes as you work through both the
textbook and this module. In the event that you do not have the prescribed and recommended textbooks/readings,
you must make use of any other source that deals with the sections in this module. If you want to do further reading,
and want to obtain publications that were used as source documents when we wrote this guide, you should look
at the reference list and the bibliography at the end of the Module Guide. In addition, at the end of each Unit there
may be link to the PowerPoint presentation and other useful reading.
H. Study Material
The study material for this module includes tutorial letters, programme handbook, this Module Guide, a list of
prescribed and recommended textbooks/readings which may be supplemented by additional readings.
Web Resources:
https://docs.google.com/open?id=0B1ZF9spPlWD-Z2VjbVM4UExtYWsWeb Resources:
See (Case Sensitive) https://docs.google.com/open?id=0B1ZF9spPlWD-Z2VjbVM4UExtYWs
J. Special Features
In the Module Guide, you will find the following icons together with a description. These are designed to help you
study. It is imperative that you work through them as they also provide guidelines for examination purposes.
The Learning Outcomes indicate aspects of the particular Unit you have
LEARNING to master.
OUTCOMES
A Think Point asks you to stop and think about an issue. Sometimes you
THINK POINT are asked to apply a concept to your own experience or to think of an
example.
You may come across Activities that ask you to carry out specific tasks.
In most cases, there are no right or wrong answers to these activities.
ACTIVITY
The purpose of the activities is to give you an opportunity to apply what
you have learned.
At this point, you should read the references supplied. If you are unable
READINGS to acquire the suggested readings, then you are welcome to consult any
current source that deals with the subject.
OR EXAMPLES
KNOWLEDGE You may come across Knowledge Check Questions at the end of each
CHECK Unit in the form of Knowledge Check Questions (KCQ’s) that will test
QUESTIONS your knowledge. You should refer to the Module Guide or your
textbook(s) for the answers.
You may come across Revision Questions that test your understanding
REVISION
of what you have learned so far. These may be attempted with the aid
QUESTIONS
of your textbooks, journal articles and Module Guide.
CASE STUDY This activity provides students with the opportunity to apply theory to
practice.
Unit
1: Introduction to
Information Technology
1.3 Timeline of Information Technology Discuss the Four basic periods that are in the timeline of
through the ages information technology through the ages
1.4 The Four Generations of Digital Understand the history of computers and how it changed the
Computing world and grasp that these changes need to be spotted
1.5 Information and Communication so that a company can adopt disruptive technologies in time to
Technology and the Future ensure their sustainability for the future and perhaps become
market leaders themselves
Williams, B and Sawyer,S. (2010) Using Information Technology, 8th Edition. USA,
New York: McGraw-Hill
Chapter 9 THE CHALLENGES OF THE DIGITAL AGE: Society & Information Technology
Today
Chapter 3: SOFTWARE: Tools for Productivity & Creativity
Chapter 4: HARDWARE: THE CPU & STORAGE: How to Choose a Multimedia Computer
System
1.1 Introduction
In this unit we will be reviewing what we have learnt about Information Technology in the previous module and
use this as the basis for the next unit on the Impact of Information Technology on ourselves, the organisation and
society.
Think Point
How has information technology developed over time and where is it heading to?
REMEMBER:
Information
Technology:
Ways of finding,
gathering,
manipulating
information and
then presenting or
communicating it
"ICT (information and communications technology - or technologies) is an umbrella term that includes any
communication device or application, encompassing: radio, television, cellular phones, computer and network
1 Poverty Reduction Dictionary. 2011. Poverty Reduction Dictionary. [ONLINE] Available at:
http://www.srds.co.uk/mdg/dictionary.htm. [Accessed 15 October 2011].
hardware and software, satellite systems and so on, as well as the various services and applications associated
with them, such as videoconferencing and distance learning."2
"ICT consists of all technical means used to handle information and aid communication, including computer and
network hardware, communication middleware as well as necessary software. In other words, ICT consists of IT
as well as telephony, broadcast media, all types of audio and video processing and transmission and network
based control and monitoring functions."3
Using these definitions, we can see that we have quite a wide and diverse area that is classified as Information
Technology.
Figure 4 - The Slide Rule : Early 1600s, William Oughtred, an English clergyman, invented the slide rule
Figure 6 - The Pascaline Interior : One of the first mechanical computing machines, around 1642.
5. Babbage's Engines
Figure 7 - Charles Babbage (1792-1871), eccentric English mathematician - The Difference Engine.
Figure 9 - Joseph Marie Jacquard's loom. Parts are remarkably similar to modern-day computers,
designed in the 1830's, inspired binary logic.
Guglielmo Marconi
1894
2. Electromechanical Computing
1. Herman Hollerith and IBM.
Herman Hollerith (1860-1929) in 1880.
Figure 11- 1890 : International Business Machines Corporation (IBM). The first logo, still a very big player
in modern day computing.
Figure 12- Howard Aiken, a Ph.D. student at Harvard University Built the Mark I, which was completed
January 1942 8 feet tall, 51 feet long, 2 feet thick, weighed 5 tons, used about 750,000 parts
o Eckert and Mauchly. The First High-Speed, General-Purpose Computer Using Vacuum Tubes:
Electronic Numerical Integrator and Computer (ENIAC)
Figure 14 - Electronic Numerical Integrator and Computer (ENIAC) - 1946: Rear View - Note vaccum tubes.
Used vacuum tubes (not mechanical devices) to do its calculations. Hence, first electronic computer.
Figure 15- The Manchester University Mark I (prototype). First stored program computer
The First General-Purpose Computer for Commercial Use: Universal Automatic Computer
(UNIVAC). First UNIVAC delivered to Census Bureau in 1951. A machine called LEO (Lyons Electronic
Office) went into action a few months before UNIVAC and became the world's first commercial
computer.
3. Magnetic tape and disks began to replace punched cards as external storage devices.
4. Magnetic cores (very small donut-shaped magnets that could be polarized in one of two directions to represent
data) strung on wire within the computer became the primary internal storage technology.
5. High-level programming languages
6. E.g., FORTRAN and COBOL
The Third Generation (1964-1979).
REMEMBER:
4 BASIC
PERIODS
Pre-Mechanical,
Mechanical,
Electromechanical,
A. Electronic
Operating systems
Advanced programming languages like BASIC developed. This is where Bill Gates and Microsoft got their start in
1975.
Miniaturization
Radio-style vacuum tubes have given away to transistors, which enabled the development of integrated circuits,
which are now smaller than your thumbnail. In the past the processing power of the processer (CPU) found on a
desktop PC was equivalent to the size of one that filled a room.
Speed
Due to the advancements made in miniaturization and the research into new materials to make computer
components, we have seen that both speed and data storage rise significantly.
Affordability
Imagine that a processor that costs around R7000 today in terms of its processing power cost around 7 Million
Rand back then.
Connectivity
Because of the expansion in computer networks, e-mail and online shopping became more viable. This
interconnected network created the infrastructure for growth.
Interactivity
Without interaction a computer program such as backing up the system will perform its task until completion or
error. In our normal computer use, we interact with ICT, and it is very much like a dialogue between people, except
that you can simply continue a dialogue with a computer at exactly the same point you left off. This interaction
when the computer responds to our requests makes them useful.
We are seeing changes in interactivity, for instance it is now possible to give a vehicle verbal instructions or voice
commands, or you can go online after a news broadcast and respond to what you saw. Quite often you will hear
on the radio, what people have sms'ed or e-mailed about a topic being discussed.
Multimedia
The World Wide Web transformed how multimedia was presented and accessed, and thus resulted in such a
widespread adoption. Even modern vehicles now, have visual and audiovisual devices that enable navigation,
movies and music.
The future where computers and communications combine will create even more exciting possibilities. Possibilities
in Convergence, Portability and Personalization are in the future and already rearing its head into the consumer
markets at the time of writing this module.
Convergence
People smirked when the concepts of phones combined with cameras were introduced, today that has become
the standard for a cellphone. Convergence is when you combine various industry needs into one device or product,
such as the TV watch, or lately the IPAD 2/3 or the other android devices that have more processing power than
the space shuttle in 1981 which was "The IBM AP-101 which had about 424 kilobytes of magnetic core memory
each. The CPU could process about 400,000 instructions per second. They had no hard disk drive, and load
software from magnetic tape cartridges." 5
5Space Shuttle - Wikipedia, the free encyclopedia. 2011. Space Shuttle - Wikipedia, the free
encyclopedia. [ONLINE] Available at: http://en.wikipedia.org/wiki/Space_Shuttle. [Accessed 04
October 2011].
Portability
The beauty and convenience of Andriod, Blackberry, and Iphones have left no doubt to the power of handheld
power and portability. There is however the downside that, we now have our personal time often invaded with
business.
1. Personalization
The key to contentment is personalization. This is from covers to themes- to gadgets. The more you can tailor it to
your own needs, the more you love the item you can personalize.
2. Collaboration
Action towards common goals, is what collaboration is all about. Collaboration has become a very powerful force,
especially with the power of communication mediums that are becoming easier to access and cheaper to use.
Collaboration via these mediums, bypass many humans conceived barriers of race, religion, physical appearance.
Collaboration software together with these communication mediums have created giants like skype and facebook
and will continue to grow. We will learn more about collaboration in Section 4.
Please read the table on the next few pages to understand more about the History of Computers adapted from:
Computer Timeline.
YEAR EVENT
2400 BC Abacus: The abacus, the first known calculator, was invented in Babylonia
1492 Leonardo da Vinci: Drawings by Leonardo da Vinci depict inventions such as flying
machines, including a helicopter, the first mechanical calculator and one of the first
programmable robots
1614 John Napier: John Napier invents a system of moveable rods (Napier's Rods) based on
logarithms which was able to multiply, divide and calculate square and cube roots
1642 Blaise Pascal: Blaise Pascal invents the the "Pascaline", a mechanical adding machine
1671 Gottfried Leibniz: Gottfried Leibniz is known as one of the founding fathers of calculus
1820 Arithmometer: The Arithmometer was the first mass-produced calculator invented by
Charles Xavier Thomas de Colmar
1822 Charles Babbage: Charles Babbage designs his first mechanical computer
1834 Analytical Engine: The Analytical Engine was invented by Charles Babbage
1853 Tabulating Machine: Per Georg Scheutz and his son Edvard invent the Tabulating
Machine
1869 William Stanley Jevons: William Stanley Jevons designs a practical logic machine
1878 Ramon Verea: Ramon Verea invents a fast calculator with an internal multiplication table
1880 Alexander Graham Bell: Alexander Graham Bell invents the telephone called the
Photophone
1884 Comptometer: The Comptometer is an invention of Dorr E. Felt which is operated by
pressing keys
1890 Herman Hollerith: Herman Hollerith invents a counting machine which increment
mechanical counters
1896 Tabulating Machine Company: Herman Hollerith forms the Tabulating Machine Company
which later becomes IBM
1924 John Logie Baird: Electro Mechanical television system was invented by John Logie
Baird
Walther Bothe: Walther Bothe develops the logic gate
1930 Vannevar Bush: Vannevar Bush develops a partly electronic Difference Engine
1931 Kurt Godel: Kurt Godel publishes a paper on the use of a universal formal language
1937 Alan Turing: Alan Turing develops the concept of a theoretical computing machine
1938 Konrad Zuse: Konrad Zuse creates the Z1 Computer a binary digital computer using
punch tape
1939 George Stibitz: George Stibitz develops the Complex Number Calculator - a
foundation for digital computers
Hewlett Packard: William Hewlett and David Packard start Hewlett Packard
John Vincent Atanasoff and Clifford Berry: John Vincent Atanasoff and Clifford
Berry develop the ABC (Atanasoft-Berry Computer) prototype
1944 Howard Aiken & Grace Hopper: Howard Aiken and Grace Hopper designed the MARK
series of computers at Harvard University
1945 ENIAC: John Presper Eckert & John W. Mauchly: John Presper Eckert & John W. Mauchly
develop the ENIAC ( Electronic Numerical Integrator and Computer)
Computer Bug: The term computer ‘bug’ as computer bug was first used by Grace Hopper
1946 F.C. Williams: F.C. Williams develops his cathode-ray tube (CRT) storing device the
forerunner to random-access memory (RAM)
1947 Pilot ACE: Donald Watts Davies joins Alan Turing to build the fastest digital
computer in England at the time, the Pilot ACE
William Shockley: William Shockley invents the transistor at Bell Labs
Douglas Engelbart: Douglas Engelbart theorises on interactive computing with
keyboard and screen display instead of on punchcards
1948 Andrew Donald Booth: Andrew Donald Booth invents magnetic drum memory
Frederic Calland Williams & Tom Kilburn: Frederic Calland Williams & Tom Kilburn
develop the SSEM "Small Scale Experimental Machine" digital CRT storage which was
soon nicknamed the "Baby"
1949 Claude Shannon: Claude Shannon builds the first machine that plays chess
1950 Hideo Yamachito: The first electronic computer is created in Japan by Hideo Yamachito.
Alan Turing: Alan Turing publishes his paper Computing Machinery and Intelligence
which helps create the Turing Test.
1951 LEO: T. Raymond Thompson and John Simmons develop the first business computer,
the Lyons Electronic Office (LEO) at Lyons Co.
UNIVAC: UNIVAC I (UNIVersal Automatic Computer I) was introduced - the first
commercial computer made in the United States and designed principally by John
Presper Eckert & John W. Mauchly
EDVAC: The EDVAC (Electronic Discrete Variable Automatic Computer) begins
performing basic tasks. Unlike the ENIAC, it was binary rather than decimal
1953 The IBM 701 becomes available and a total of 19 are sold to the scientific community.
1954 John Backus & IBM: John Backus & IBM develop the FORTRAN Computer Programming
Language
1956 Optical fiber was invented by Basil Hirschowitz, C. Wilbur Peters, and Lawrence E.
Curtiss
1957 Sputnik I and Sputnik II: Sputnik I and Sputnik II are launched by the Russians
1959 Paul Baran: Paul Baran theorises on the "survivability of communication systems under
nuclear attack", digital technology and symbiosis between humans and machines
1961 Unimate: General Motors puts the first industrial robot, Unimate, to work in a New Jersey
factory.
1962 The first computer game: The first computer game Spacewar Computer Game invented
BY Steve Russell & MIT
1963 The Computer Mouse: Douglas Engelbart invents and patents the first computer mouse
(nicknamed the mouse because the tail came out the end)
1965 Hypertext: Andries van Dam and Ted Nelson coin the term "hypertext"
1969 Seymour Cray: Seymour Cray develops the CDC 7600, the first supercomputer
Gary Starkweather: Gary Starkweather invents the laser printer whilst working with Xerox
ARPANET: The U.S. Department of Defense sets up the Advanced Research Projects
Agency Network (ARPANET ) this network was the first building blocks to what the
internet is today but originally with the intention of creating a computer network that
could withstand any type of disaster.
1970 RAM: Intel introduces the world's first available dynamic RAM ( random-access memory)
chip and the first microprocessor, the Intel 4004.
1972 First Video Game: Atari releases Pong, the first commercial video game
The CD: The compact disc is invented in the United States.
1973 Robert Metcalfe and David Boggs: Robert Metcalfe creates the Ethernet, a local-area
network (LAN) protocol
Personal computer: The minicomputer Xerox Alto (1973) was a landmark step in the
development of personal computers
Gateways: Vint Cerf and Bob Kahn develop gateway routing computers to negotiate
between the various national networks
1974 SQL: IBM develops SEQUEL (Structured English Query Language ) now known as SQL
WYSIWYG: Charles Simonyi coins the term WYSIWYG (What You See Is What You Get)
to describe the ability of being able to display a file or document exactly how it is going to
be printed or viewed
1976 Apple: Apple Computers was founded Steve Wozniak and Steve Jobs
1977 Apple Computer’s Apple II, the first personal computer with color graphics, is
demonstrated
MODEM: Ward Christensen writes the programme "MODEM" allowing two
microcomputers to exchange files with each other over a phone line
1979 Over half a million computers are in use in the United States.
1980 Paul Allen and Bill Gates: IBM hires Paul Allen and Bill Gates to create an operating
system for a new PC. They buy the rights to a simple operating system manufactured by
Seattle Computer Products and use it as a template to develop DOS.
1983 More than 10 million computers are in use in the United States
Domain Name System (DNS): Domain Name System (DNS) pioneered by Jon Postel, Paul
Mockapetris and Craig Partridge. Seven 'top-level' domain names are initially introduced:
edu, com, gov, mil, net, org and int.
Windows: Microsoft Windows introduced eliminating the need for a user to have to type
each command, like MS-DOS, by using a mouse to navigate through drop-down menus,
tabs and icons
1984 Apple Macintosh: Apple introduces the Macintosh with mouse and window interface
Cyberspace: William Gibson coins the word cyberspace when he publishes Neuromancer
1985 Paul Brainard: Paul Brainard introduces Pagemaker for the Macintosh creating the
desktop publishing field.
1986 More than 30 million computers are in use in the United States.
1990 The Internet, World Wide Web & Tim Berners-Lee: Tim Berners-Lee and Robert Cailliau
propose a 'hypertext' system starting the modern Internet
Microsoft and IBM stop working together to develop operating systems
1991 The World Wide Web: The World Wide Web is launched to the public on August 6, 1991
1993 At the beginning of the year only 50 World Wide Web servers are known to exist
1994 The World Wide Web Consortium is founded by Tim Berners-Lee to help with the
development of common protocols for the evolution of the World Wide Web
YAHOO: YAHOO is created in April, 1994.
1998 Google: Google is founded by Sergey Brin and Larry Page on September 7, 1998
PayPal is founded by Peter Thiel and Max Levchin
2001 Xbox: Bill Gates introduces the Xbox on January 7th 2001.
2006 Skype announces that it has over 100 million registered users.
2008 At Macworld Expo, Apple introduces the MacBook Air laptop computer. It features Core2
Duo processor, 2 GB RAM, fixed battery, no optical drive, USB and micro-DVI ports, iSight
camera, 80 GB hard drive, 64 GB solid-state drive, 13.3-inch diagonal widescreen LED
1280x800 color screen, AirPort Extreme WiFi, Bluetooth 2.1+EDR, full-size keyboard and
trackpad. Battery life is 5 hours. Weight is 3 pounds; size 12.8
2008 World of Warcraft Released
2008 The European Commission fines Microsoft 899 million euros (US$1.35 billion) for using
high prices to discourage software competition, in defiance of a 2004 order from Brussels
to provide the information on reasonable terms
2008 At the Intel Developer Forum in Shanghai, China, Intel introduces the low-power Atom
microprocessor, in speeds up to 1.86 GHz
2009 South Africa issues a 2.05r postage stamp for "Ergonomics in the office" depicting a
personal computer
2009 Electronic Arts releases The Sims 3 game for personal computers in the USA.
2009 Microsoft launches Windows 7 operating system. Price is US$199.99 for the Home
Premium version, or US$119.99 for an upgrade from older versions.
2009 United States Court of Appeals for the Federal Circuit upholds a US$290 million jury
verdict for i4i against Microsoft for patent infringement by the Microsoft Word program.
Microsoft is barred from selling the current Microsoft Word and Microsoft Office as of
January 11. The company will modify the programs to remove the disputed feature, which
relates to the use of XML. [2322]
2010 At Macworld conference in San Francisco, California, Apple CEO Steve Jobs unveils the
iPad tablet computer. It features 9.7-inch touchscreen, 0.5 thick unit. Price starts at
US$499 with 16 GB RAM. [2322]
2010 Market capitalization of Apple (US$222 billion) passes Microsoft (US$219 billion) for the
first time since December 19,1989. Apple stock is worth more than 10 times what they
were 10 years ago, whereas Microsoft stock is down 20 percent over the same time period
2011 At Microsoft's annual developer conference, Microsoft distributes 5000 Samsung tablet
computers running a test version of Windows 8 operating system.
2012 Ipad 3 released, Steve Job Dies,
Samsung sells more units than apple, however apples profits are much higher.
2012 - You fill in the rest…
xxxx
1.6 Summary
Now we have a holistic view of information technology including how history
contributed to the birth of our current state of Information Technology. It is
time to look at the impact that technology has had and is having on humans.
REMEMBER:
It is important to put into perspective the history of Information Technology
and one should make not at what speed Information Technology is Information
transforming organisations. Prices have changed; computing power has Technology has grown
at an incredible rate.
changed and we will see that the way we do business and the way we make
History shows
decisions is also changing. We will discover that organisations are seeking
patterns. Business
to make decisions based on fact, and modern trends are highlighting the Intelligence exposes
need and desire of these organisations to do this in real time and not just those patterns so they
based on historical data. can be manipulated by
an organisation.
Unit
2: Impact of Information
Technology
2.3 Positive Impact of Technology On Understand the positive impact of technology on the
the Organisation, Individual and organisation, individual and society
Society
Prescribed Textbook:
2.1 Introduction
Technology runs in the veins of society. It is the fuel that drives our lives. It is an integral part of daily life. It has
definitely benefited society. It has brought luxury in the life of every common man. Automation brought about by
technology has saved human effort and time to a large extent. It has brought distant places closer and simplified
information access. It has made the world a smaller place to live in. Let us look at some of the important areas,
where technology has brought a positive change.
Read/Research and write additional notes. Make sure you use the prescribed
textbook and useful Internet websites to write additional notes.
Think Point
We think of technology as a boon to society, but is it really? The Internet has bred many unethical practices like
hacking, spamming and phishing. Internet crime is on the rise. The Internet, being an open platform lacks
regulation. There is no regulation on the content displayed on websites. Internet gambling has become an addiction
for many. Overexposure to the Internet has taken its toll. In this virtual world, you can be who you are not; you can
be virtually living even after you die. Isn't this weird? Children are spending all their time playing online and less or
almost no time playing on the ground. Youngsters are spending most of their time on social networking, and
possibly missing out on the joys of real social life.
Think of the days when there were no online messengers, no emails and no cell phones. Indeed, cellular
technology made it possible for us to communicate over wireless media. Web communication facilities have worked
wonders in speeding long-distance communication. On the other hand, they have deprived mankind of the warmth
of personal contact. Emails replaced handwritten letters and communication lost its personal touch. With the means
of communication so easily accessible, that magic in waiting to reach someone and the excitement that followed
have vanished.
6What is the Impact of Technology on Our Society?. 2012. What is the Impact of Technology on Our
Society?. [ONLINE] Available at: http://www.buzzle.com/articles/what-is-the-impact-of-technology-
on-our-society.html. [Accessed 27 April 2012]. Adapted.
Changed Modes of Transport: The automobile industry and technology are interwoven. Time has witnessed this
industry evolve from mechanical scooters to automated aircraft. Animals were the only modes of transport in the
olden days. Technology was the driving force behind the creation and design of the modern-day automobiles.
Bicycles evolved into scooters and sports bikes. The idea of having four-wheeled modes of transport gave rise to
the creation of cars. Modes of air and water transport came up, thanks to technology.
Reduced Risk to Human Life: Machines have automated many crucial industrial processes. Machines are now
taking up mundane jobs that were once done by human workers. Technology has evolved to an extent where
machines can perform tasks that are not feasible for man, either because they are risky or life-threatening or
because they are beyond human capacity. The use of advanced technologies like robotics and artificial intelligence
has proven to be helpful in life-risking endeavors like mining and space exploration.
Data Management and Information Retrieval: Computer technology, needless to say, has changed the face of
the world. Computers can store, organize and manage huge amounts of data. They can process large amounts of
information. Computers have given rise to the software industry, one of the most progressive industries of the
world. The Internet that seeded from computer networking concepts is the most effective communication platform
and the largest information base existing today.
Impact on the Entertainment and Advertising Industries: The Internet has brought a positive change to the
entertainment and advertising industries. Over the Internet, advertisements can reach the masses within seconds.
Internet advertisements have changed equations of the advertising industry. Branding on the Internet is much more
effective that other forms of product promotion. The entertainment media has progressed because of
advancements in technology. Movies, songs, games are a few clicks away. People have begun using the Internet
to watch and download movies, listen to music, play games and entertain themselves. Thanks to handy, mobile
and user-friendly devices, all this has become really easy.
Onset of the Digital Age: There's hardly anything analog now, we live in a digital world, a digital age. Talk pixels
and bytes. The digitization of information has made it possible for us to store it in a compact form. Ever wondered
how gigabytes of data can be stored on a small chip? Digitization it is! Also, digitization enriches the quality of data
storage. Digital voice and digital images are of a higher quality. Digital cameras and digital TVs provide users with
an enriched picture quality, thus bettering user experience with technology.
Communication Redefined: Cellular communication has revolutionized the communication industry. The
conventional telephone, also a piece of technology, was one of the earliest technological developments in
communication. Mobile phones have broadened the horizons of communication by enabling convenient long-
distance calling and mobile use. Letters have taken a backseat and emails and cell phone messages have become
the easiest means to connect. Owing to developments in technology, communication is wireless. Social networking
is another defining factor here. It has given an all new dimension to communication, entertainment and recreation.
Satellite Technology: Satellite communication is an important facet of technology. Satellite TV and satellite radio
have eased the broadcasting of events across the globe. How else do you think could matches and concerts be
broadcasted live? Not just TV and radio, even communication to ships and airplanes wouldn't have been possible
if not for satellite communication. Even your hand-held devices wouldn't be of use, if not for radio communication.
These were still a few fields influenced by technology. It is almost impossible to enlist all the positive effects of
technology on society. The fast-advancing technology on the whole, has given impetus to developments in various
fields and improved the quality of human life. There's less risk, less effort, less mess. There's more leisure, more
ease and more speed - all because of that ten-letter word - not a word, a phenomenon - technology. "
"Technology has progressed by leaps and bounds in the last few decades, and the benefits of technology are
there for all to see. One of the biggest arguments against technology is its sometimes ridiculously high cost which
limits its usage and places it out of reach of many people. But it is an undeniable fact that technology has helped
us make many tasks easier, and it has also made the world a much smaller place.
The latest developments in technology can be seen and felt in many industries, but there are some areas that have
been benefited more than others. Costs of production have fallen, networking has become easier, employment
levels have risen (in some cases), and we have certainly become more efficient at many complex tasks and
processes. With this in mind, let's look at some of the most obvious benefits of technology that we live with today.
Healthcare
Perhaps the single biggest beneficiary of advancing technology has been the healthcare sector. Medical research
has led to the end of many diseases and ailments, and also to the discovery of many drugs and medications that
have helped prevent many lethal diseases and disorders. Personal records are easier to study now, and medical
research has advanced magnificently. Millions of lives have been saved as a result of this. Here are some of the
benefits of technology in this industry in brief.
Communication between patients and doctors has become easier, more personal, more flexible and more
sensitive.
Personal records of patients are maintained, which makes it easier to study symptoms and carry out diagnosis
of previously unexplainable conditions.
Several medical aids have helped people overcome many medical conditions which they had to live with
earlier.
New medicines have led to the demise of many illnesses and diseases.
Medical research has become supremely advanced, and every ailment seemingly has a cure, or at least
prevention.
Costs of medical procedures and operations have fallen dramatically over the decades. positive effects of
technology on society.
Education
"Interactive learning and feedback systems
ICT is changing the face of education as we know it. ICT in many countries have already brought interactive and
individualized learning to these environments. Students press buttons in response to questions in a classroom,
instead of raising their hands. The results of the questions are then displayed to the whole class. Asking multiple
choice questions and giving the students immediate feedback to their responses could tip the scales in a learning
environment with this process of instant feedback to both the students and the lecturers. The lecturer can
immediately see when their explanations are not making sense to the students and change their explanations to
suit that class."
It is no surprise that the benefits of technology in the classroom and the benefits of technology in schools have
opened up a whole new learning environment. Knowledge can be easily procured with the help of Internet
technology now, and it is easier to help children with special needs as well. Here are some more benefits of
assistive technology that the educational sector has witnessed.
Personalized learning has come to the fore. Students can pick their own curriculum with ease, and set their
own personal targets.
Distance learning has become much easier, and this has led to a rise in the number of people who receive
education.
E-learning and online education has made it very simple and systematic for an individual to receive personal
attention, so that all his specific needs are fulfilled.
Immediate response to queries and tests have made the whole education process a lot faster.
The use of computers and technology in classrooms has opened up a whole new method of teaching and
effective learning.
Communication
The communication industry has witnessed a huge growth. Social networking and blogging has opened up a whole
new world to people from remote locations, and the reach of the mass media has increased thousand fold. People
can communicate with each other on the move, and there are no limitations anymore to the benefits of information
technology. Here are some more benefits.
The speed of talking to one another is instantaneous.
The mode of talking has become more personalized and can be done from just about anywhere.
The world has become a smaller place, since no one is out of reach anymore.
The clarity of communication has also improved with improvements in audio quality and video quality.
Information and news broadcasting has become more personalized as well. Moreover, it can reach more
people at a faster speed, and people's response can also be felt immediately.
Business
Companies have become more profitable with the help of various advanced machines and equipment, and this
has led to a rise in the standard of living of people. The national income of countries has also expanded as a result
of this.
Costs of production have fallen dramatically thanks to automated processes.
Research and development has become far more advanced than ever, and this leads to the invention of
ground breaking technology.
Company accounts and customer records can be easily stored and accessed, and this increases the market
penetration of the business.
Global collaborations and partnerships are easier to start and maintain, and this benefits everyone involved
with international business.
It has become easier to combat competition, and this has led to more choice for the consumer.
All of these benefits of technology are there for everyone to see. Even though there are certain repercussions and
a negative impact of technology as well, nobody can say that technology has not aided society on a whole. The
world is a better place thanks to technology, and the future looks much brighter, thanks to these advancements.
2.4 Summary
The effects of the use, misuse or non-use of technology can be seen within the strands of most of society. Although,
society is affected in various ways, modifications in our lifestyles are constantly occurring. From the invention of
the simplest of human accessory, like clothing to the most complex research, such as the human genome project,
there are very few areas of human activity that is out of bounds for technological intervention or has not been
touched by technology in one form or another.
It is the way that we have used or avoided technology, that has come to define the success of failure of people,
companies and even cities and countries. It is quite understandable that it is a challenging area of management to
both be aware of the latest technological developments and to also temper this with caution and foresight in
selecting the correct technological pathways that would suit the goals of those concerned.
The topic at hand is extremely important and the impact of Information Technology on the enterprise as well as its
people, both positive as well as negative, is something the IT manager has to be intimately aware of in order to
make informed decisions when setting up an IT infrastructure. Furthermore, this knowledge will equip the IT
manager to aid senior management in putting Information Technology policies in place and help the organisation
use Information Technology to support the driving goals of the organisation and in some cases even speed up the
attainment of those goals!
Attempt the following questions and research further if you could not
answer the question. Some Guidance is provided below
Communication has bloomed; two business organizations if they need to work together can easily do so. Hotmail,
when merged with MSN was easy since the service was online. Business these days require a lot of planning, due
to high tech organization systems on computers, planning can be done on an organized pattern, with schedule
formats, grant charts etc. Huge databases can now be controlled and stored on network and back -up drives.
Together with the advancement of science and technology, technological innovations grew along with it, resulting
to the emergence of new equipment and gadgets. No matter how big or small your company is, technology brings
both intangible and tangible benefits to become cost efficient and to meet the growing demands and needs of
customers. Technological innovations affect corporate efficiency, culture and relationship among employees,
clients, suppliers and customers. The type and quality of technology used affect the security of confidential
business information.
Due to the burden brought by administrative tasks, like inventory, bookkeeping and records keeping, both big and
small companies rely on computers to do their administrative works. The birth of Internet and online social
networking sites tremendously decreased the costs of business operations. It also makes it easier for companies
to use the Six Sigma management methodologies. Some firms shifted to outsourcing instead of hiring their own
personnel due to the low costs associated with it. Because of the huge impact of technological innovations to
companies, it is impossible for them to live with it.
"Related trends
Many CRM vendors offer Web-based tools (cloud computing) and software as a service (SaaS), which are
accessed via a secure Internet connection and displayed in a Web browser. These applications are sold as
subscriptions, with customers not needing to invest in purchasing and maintaining IT hardware, and subscription
fees are a fraction of the cost of purchasing software outright.
The trend towards cloud-based CRM has forced traditional providers to move into the “cloud” through acquisitions
of smaller providers: Oracle purchased RightNow in October 2011 and SAP acquired SuccessFactors in December
2011. Salesforce.com pioneered the concept of delivering enterprise applications through a web browser and
paved the way for future cloud companies to deliver software over the web Salesforce.com continues to be the
leader amongst providers in cloud CRM systems.
The era of the "social customer" refers to the use of social media (Twitter, Facebook, LinkedIn, Yelp, customer
reviews in Amazon, etc.) by customers in ways that allow other potential customers to glimpse real world
experience of current customers with the seller's products and services. This shift increases the power of
customers to make purchase decisions that are informed by other parties sometimes outside of the control of the
seller or seller's network. In response, CRM philosophy and strategy has shifted to encompass social networks
and user communities, podcasting, and personalization in addition to internally generated marketing, advertising
and webpage design. With the spread of self-initiated customer reviews, the user experience of a product or service
requires increased attention to design and simplicity, as customer expectations have risen. CRM as a philosophy
and strategy is growing to encompass these broader components of the customer relationship, so that businesses
may anticipate and innovate to better serve customers, referred to as "Social CRM".
Business Operations. With the use of technological innovations, business owners and entrepreneur understand
their cash flow better, how to manage their storage costs well and enables you to save time and money.
Corporate Culture. Technology lets employees communicate and interact with other employees in other
countries. It establishes clique and prevents social tensions from arising.
Security. Modern security equipment enables companies to protect their financial data, confidential business
information and decisions.
Research Opportunities. It provides a venue to conduct studies to keep themselves ahead of competitors. It
allows companies to virtually travel into unknown markets.
Corporate Reports. With technology, business enterprises communicate effectively with their branch offices
to deliver quality financial and operational reports.
Industrial Productivity. Through the use of business software programs or software packages, it automated
traditional manufacturing process, reduces labor costs and enhances manufacturing productivity. It enables
companies to increase efficiency and production output.
Business mobility. Technological innovations improved companies' sales, services, shorted lead time on
receiving and delivering goods and services. Enables them to penetrate multiple markets at least costs.
Research capacity. It enables them to conduct studies on various companies to gain knowledge on the new
trends in the market and way on avoiding them.
Technology affects businesses on many levels. The more efficient an employee is, the more productive he is to
the company. In addition, the more a business stays in touch with its customer base, the better the chance of
building customer loyalty. Advances in technology make that possible, as well as allowing employees from around
the world to work via video conferencing and telecommuting to work.
Consumers
The impact of technology on a business isn't restricted to business use. A business is also affected when
consumers use technology. At one time, the only way some people had to file their tax returns was through going
to either a certified public accountant or a professional tax preparer, or doing taxes themselves. The tax code is
complex and some people might not have felt secure in preparing their taxes on their own. However, accounting
software evolved to the point where many people simply had to answer a series of questions and the computer
would do the rest, including filing the information electronically.
Crossover
The technology a business uses might not have been designed for businesses. From a marketing point of view, a
company makes more money by going after consumers than businesses. Consumers might buy the latest upgrade
to a technological device, such as an iPhone, while businesses tend to use products for longer periods of time. On
the other hand, the more consumers purchase the latest product, the better the business side of manufacturing
does. A company can reach the consumer market first, then expand into the business arena. When Apple added
enhanced security features to the iPhone, businesses began to look at adding iPhones to the list of acceptable
phones to use in the business environment, resulting in a crossover market.
Social Networking
Social networking affects the business environment. Employees are connected to social networks. This can be a
double-edged sword, however. An employee might post something about the business publicly which should not
be shared. In addition, employees need to understand what gets posted for the public to see can have an impact
on the work environment, especially if the employee is posting negative comments about the work environment or
other employees. On the flip side, businesses can use social networks to monitor customer satisfaction. For
example, if a customer is not happy with a product and he posts his feelings online, the company can contact the
customer and try to resolve any problems. Since social networks have links to friends and family, seeing the
company work hard to make things right with the customer might turn the potential loss of a customer into the
chance to gain new customers.
Telecommuting
Technology has had a large impact on the business environment in terms of telecommuting. With broadband
access and computers today, as well as smartphones, employees can work out of their homes, saving the company
money by not needing as physically large a space to operate. With video conferencing, business meetings no
longer need to be face-to-face, saving on air fare and hotel reservations.
Case Study
Discuss what they are doing to combat some of the effects of modern technology such as
calculators
Look at your local Government and consider the ways it is deploying technology in
the various areas of our society. Provide a holistic view first then provide a more
detailed summary of the effects on Society.
What are Companies like Google and Microsoft doing that impact educational
organisations in terms of technology and cost?
Unit
3: Information Technology
Investments
3.3 Investigate The Following Explain some of the limitations that should be considered
Methodologies when using IT investment methodologies
3.4 Strategies for Making the Right IT Consider some strategies when facing Information
Investment Decisions and Avoiding Technology investment decisions
IT Costs
Prescribed Textbook:
Below is the prescribed reading for specific to this unit;
Schniederjans, M.J., 2004. Information Technology Investment: Decision-
Making Methodology. World Scientific Pub Co Inc.
See (CaseSensitive) https://docs.google.com/open?id=0B1ZF9spPlWD-
Z2VjbVM4UExtYWs
Paige Baltzan, A.P., 2009. Business Driven Information Systems. New York:
McGraw-Hill.
3.1 Introduction
"Periods of business activity are often marked by and referred to as “ages” in the historical development of the field
of business. According to most business historians we have advanced from the “age of information” into the “age
of knowledge”. In both of these periods of time, information technology has been a determining factor in the survival
and success of firms competing with one another. Those firms that know how to best invest in information
technology have been and will continue to be the successors in this and future eras of business history.
Regardless of your position in an Organization, investing in information technology may be the most important
decision you will ever face in business. Unfortunately, investing in information technology is not as easy as common
financial investment decisions. Careful consideration of financial and non-financial criteria may have to be included
in the analysis to render an optimal solution. To make good decisions on information technology today requires
the use of a variety of investment methodologies. These investment methodologies must be able to integrate the
complexity of decision criteria in such a way that a decision choice is clear and clearly supported by the analysis.
Today, just generating a decision is not enough. Information technology decisions must be supported by
comprehensive inclusion of all relevant decision-making criteria."
(Schniederjans, 2004, p. 4) Mentions the productivity paradox and the research that was undertaken to establish
the absence of a positive relationship between Information Technology spending and the resulting contribution to
productivity or profitability. The results were contradictory as several researchers had evidence that supported
each of their conflicting outcomes. Schniederjans indicates that this can be considered to be a metaphor on the
subject of Information Technology invetsment decision making.
The conclusion was: " That is, there are no single, simple methodologies that will give a consistent, reliable and
optimal solution to mangers facing an IT investment decision. One type of investment methodology can suggest
one alternative and another methodology a completely different alternative to an if investment decision choice. To
try to help in this very complex decision situation, the purpose of this book is to explore a series of methodologies
that can be used individually or in concert to help aid in IT investment decision-making."
Think Point
Software Asset Management is a similar process, focusing on software assets, including licenses, versions and
installed endpoints.
Included in this responsibility are development and maintenance of policies, standards, processes, systems and
measurements that enable the organization to manage the IT Asset Portfolio with respect to risk, cost, control, IT
Governance, compliance and business performance objectives as established by the business.
IT Asset Management uses integrated software solutions that work with all departments that are involved in the
procurement, deployment, management and expense reporting of IT assets.
Goals of ITAM
ITAM business practices have a common set of goals:
Uncover savings through process improvement and support for strategic decision making
Gain control of the inventory
Increase accountability to ensure compliance
Enhance performance of assets and the life cycle management
Improve Availability Time of the Business/Applications/Processes.
Process
ITAM business practices are process-driven and matured through iterative and focused improvements. Most
successful ITAM programs are invasive to the organization, involving everyone at some level, such as end users
In a nutshell, there was a lot of new technology that was employed to deal with high speed road tolls. However,
the greatest issue was the public was never fully consulted. The company then made a massive investment in
rolling this out, but the system was highly debated after it had been installed and may at the time of printing this be
still unused. Read Below:
Presenting his R39-billion departmental budget for the next financial year in the National Assembly, Transport
Minister S'bu Ndebele claimed that the Gauteng freeway improvement project had won the support of the majority
of its users.
But opposition parties - the DA, COPE and the African Christian Democratic Party - slammed the looming system,
some branding it the ''most expensive in the world".
Ndebele said a "huge majority" of the estimated 800000 regular users of Gauteng's freeways had given e-tolling
the thumbs-up by buying e-tags.
"We are encouraged that 501245 e-tags have so far been sold and distributed to regular users of this road network.
It's a clear indication that people are cooperating with us," he said.
A court battle waged by various lobby groups to interdict the implementation of the Gauteng tolling regime is
scheduled to resume today after a judge ruled that the matter was urgent.
The DA's Ian Ollis is leading the charge. "What we have been forced into with the e-tolls is the world's most
expensive toll collection system,'' said Ollis. ''It will cost over R1-billion a year just to collect the tolls. That money
will not go to upgrading highways but to the company that won the tender."
Ollis argued that it would cost only R4-million a year to administer a "small fuel levy" increase instead of the
"expensive tolls".
The ACDP's Steve Swart weighed in, saying his party was opposed to the tolling of suburban roads because of
rising fuel prices. He said the government should have thought about the high cost of collecting the tolls before it
entered into the R20-billion agreement.
"This tolling project will impose an indirect cost on the economy via the associated strikes and will impose a direct
cost by increasing transport costs," he said.
Ndebele hit back by insisting that there was "no way" the government would abandon e-tolling.
"Who is going to say which road toll should be stopped? Which project do you want stopped because you've got
R20-billion to pay. the road is there; you can't roll it away like a carpet.
He said failure to service the debt could cause it to skyrocket to R32-billion because of higher interest rates in the
near future, and could compromise the credit rating of the government.
In a nutshell the following are reasons and benefits that one needs to look at during the Information Technology
Investments process.
Means of achieving competitive advantage
Poor investments can be a competitive disadvantage
Avoid physical risks-Equipment
Avoid managerial risks-Goals
It is important to know where Information Technology investment and decision-making methodologies fits into the
general framework of an organisation
1. Strategic planning stage: Senior managers are expected to be involved in developing specific systems to
implement corporation-wide strategy, and also develop the strategies themselves. In this phase management
has to weigh the risks against the rewards for expanding on Information Technology resources within the
scope of the organisations mission or purpose. The outcomes of this stage are usually a general set of goals
and objectives with corporate governance mandates.
2. Tactical planning stage: Middle level managers are expected to
implement the goals and objectives defined in the prior Strategy stage.
This is where they will decide how to implement the stated goals and
objectives. While the prior stage may have a 5 year schedule, this stage
would break that down into smaller time chunks and what must be done in
each time period. This is where the general plans are transformed into
specific areas of work. The key outcome would be to determine the
resources that would be required to achieve the desired work. It is at this
stage the investment decisions on Information Technology are made.
3. Operational planning stage: The more detailed day to day work is
planned and scheduled. Where tactical planning takes into consideration
the total workload of a department, the operational planning stage targets individual goals and objectives.
The decision cannot always be objective as the criteria being used is often complex and has multiple
complicated dimensions of sub choices.
In the example (Schniederjans, 2004, p. 7) of choosing a personal computer we see the number of ways we
approach the problem, usually start of by looking at the cost factor and then looking at the options they can
purchase depending on their need and what they can afford to get. The table below illustrate the sequential manner
in which this is process is carried out.
Figure 21- A Management Information System - Allocating all resources to this can be considered to be
an IT investment (Schniederjans, 2004)
Activity
Attempt the following questions and research further if you could not
answer the questions.
3. What is the relationship between the components of an MIS and the use of
IT investment decision making methodologies? That is, give examples of the
MIS components that might require an investment.
5. Why is it important to see where IT investment decision making fits into the
overall planning of business organizations?
Introduction
After almost half a century of IT developments, many large organizations face an unfavorable ratio between old
(existing) IT and new IT. Because old IT systems tend to be monolithic, unwieldy and inflexible, organizations
experience maintenance as difficult and modernization to meet new business demands as improbable. Some
7 http://www.via-nova-architectura.org/en/magazine/magazine/architecture-based-it-valuation.html
organizations spend up to 90% of their IT budget in 2009 on maintaining the existing IT landscape, leaving only
10% for innovation. If this trend of increasing budget requirements for existing IT is not reversed, then in the
nearby future no budget at all will be available for new IT. In the worst case, innovation is squeezed out completely
and budgets to spend on existing IT may become insufficient to perform crucial maintenance tasks.
By focusing on the value of IT instead of considering costs only, organizations can decide which IT really
contributes to their business goals and make a well balanced division into budgets for maintenance, exploration,
realization and phasing out. Traditionally, IT has often been regarded only as a cost center in business case
calculations. Its less tangible benefits have often been more or less neglected in portfolio management decisions.
Furthermore, in the past information systems tended to be relatively stand-alone, supporting a single business
silo. This made it easier to attribute its costs and benefits.
Nowadays, however, IT systems and services are more and more interwoven with the business and may support
many different activities, generate independent revenue streams, attract new business, et cetera. To create a
clear insight in these effects, we need a valuation approach that takes as a starting point the overall coherence
of the organization, its products and services, business processes, applications, and infrastructure, i.e., from the
enterprise architecture.
Enterprise architecture makes the connection between enterprise goals and the business functions, processes,
people, IT systems and infrastructure required to reach these goals. It also considers the enterprise as an
interrelated whole, instead of as a set of unrelated point solutions for problems. The valuation approach described
in this paper uses enterprise architecture models to relate business goals to the IT artifacts, such as services,
processes and applications that realize these goals. In this way, the KPIs associated with each goal can be related
to the relevant attributes of the IT artifacts. This enables the development of automated and model-based
techniques to analyze KPIs and business goals. Moreover, by performing such analyses as part of the
architectural design process, different design alternatives can be assessed with regard to their contribution to
business goals. The enterprise architecture foundation ensures that local optimization is avoided and enterprise-
wide effects of changes are taken into account.
This paper describes the ingredients for an integrated IT valuation method that uses architectural models as its
backbone. First, we explore the generic business requirements that comprise the high-level strategy of the
organization with respect to its IT, such as its value center approach and operating model. These strategic choices
determine the aspects that need to be taken into account when assessing the value of the IT portfolio. Next, we
describe in more detail how business requirements can be modeled in conjunction with the enterprise architecture
of the organization. This helps in realizing the requirements traceability that is needed to perform a well-founded
portfolio assessment.
Business requirements and enterprise architecture are the main inputs for Bedell’s method, which computes the
‘value’ of IT systems. The method takes the importance of IT systems to the business and the effectiveness of
their support and creates aggregate metrics across the entire IT landscape. Such metrics should preferably be
as concrete as possible. We describe how to decide on such criteria and indicators for various aspects of the IT
landscape that need to be evaluated. These include quality attributes such as the ‘-ilities’ well-known from
software engineering, and risk analysis criteria. Finally, we give a first outline of a method in which the above-
mentioned ingredients are integrated, the structure of which is shown in Figure 22.
Venkatraman (1997) presents one approach to differentiation in IT goals: the value center orientation for IT. The
main idea is that each center represents a different way of extracting value from IT resources. Note that the
centers are interdependent. Venkatraman considers four different value centers (see Figure 23). ‘The cost center
reflects an operational focus that minimizes risks with a predominant focus on operational excellence. Service
center, while still minimizing risk, aims to create IT-enabled business capability to support current strategies.
Investment center, on the other hand, has a longer-term focus and aims to create new IT-based business
capabilities. Finally, profit center is designed to deliver IT services to the external marketplace to realize
incremental revenue as well as gain valuable learning and experience to become a world-class IT organization’.
(Venkatraman, 1998).
So on the one hand, there are the cost center and service center approaches, focusing on current business
strategies. On the other hand, there are investment center and profit center that aim at maximizing opportunities
from IT resources and shaping future business strategies.
For each center, specific business goals and performance indicators can be defined. This approach with different
IT strategies fits with the focus of the IT valuation method our applied research project is constructing. The
business strategy and the matching value centers provide important input for the choice of valuation and
assessment criteria for the IT portfolio.
Cost center
IT that is typically positioned in the cost center is not related to business goals. Examples are the operational
infrastructure involving most data centers, telecommunications network and routine maintenance like installing
and removing equipment, answering questions and administrative support. Specific performance metrics are used
as decision criteria, which are not related to business metrics. Cost center works well when input and output can
be clearly related, like doubling the budget results in a performance increase by factor 3. Relevant performance
metrics are quantitative in nature, for example costs per unit of something, maintenance costs per unit, or costs
per employee. Such measures need to be benchmarked against performance metrics of other organizations in
order to be able to find opportunities for improvement.
Service center
The service center aims to create IT-enabled business capabilities that drive current business strategy. IT
resources create tangible current business advantages. IT is strongly related to business goals. Investment
decisions are not solely based on costs but rather on improving service provisioning. Whether an IT system is a
cost centre or a service centre depends on the organization. In this way, an IT system can be considered as a
service centre for the one organisation and a cost centre for the other.
For example, service characteristics such as minimize downtime and improve reliability can also be considered
as performance metrics. The main question in the service centre category is whether an IT system gives the
organization a competitive edge and differentiates the organisation from its competitors. So the purpose of use
of an IT system is important and not the application and functionality in itself. From a service centre perspective
an organization should look at the degree that an IT system contributes to customer acquisition and retention.
Investment centre
The investment centre has a future orientation. It focuses on innovations, for example creating new business
capabilities by means of IT. This requires more than IT. New business capabilities are created with a unique
combination of structure, processes, systems and expertise. Investment centers should focus on more than
technology. Next to IT investments complementary investments will be needed to realise a business capability.
That is, IT investments become part of a total package. Investment center involves resource allocations based
on strategic redirection and reliance on IT for business innovations. The real options approach fits with the
investment center rather than traditional financial metrics, since the real options approach takes risks and
uncertainties into account. The investment center should be run as a venture capitalist. It requires the forward
look of a business innovator.
Profit center
The profit center has a focus on delivering IT products and services in an external marketplace. Next to financial
benefits the intangible benefits should also be taken into account in investment decisions. The profit center needs
an external, marketing orientation, instead of an internal captive monopoly. The profit center should work in value
networks and partner with other companies in combining complementary skills and resources to deliver value.
Operating model
Next to the commercial strategy that is chosen for IT operations, as outlined in the previous sections, we also
need to take into account the more operational aspects of the organization in defining an IT planning and valuation
approach. As Ross, Weill and Robertson (2006) show with numerous case studies, successful enterprises employ
an ‘operating model’ with clear choices on the levels of integration and standardization of business processes
across the enterprise (Figure 3):
1. Diversification: different business units are allowed to have their own business processes. Data is not
integrated across the enterprise. Example: diversified conglomerates that operate in different markets, with
different products.
2. Replication: business processes are standardized and replicated across the organization, but data is local
and not integrated. Example: business units in separate countries, serving different customers but using the
same centrally defined business processes. Example: a fast food chain replicating its way of working through
all its local branches.
3. Coordination: data is shared and business processes are integrated across the enterprise, but not
standardized. Example: a bank serving its clients by sharing customer and product data across the
enterprise, but with local branches and advisers having autonomy in tailoring processes to their clients.
4. Unification: global integration and standardization across the enterprise. Example: the integrated operations
and supply chain of a chemicals manufacturing company.
This operating model should fit both their area of business and their stage of development.
Ross et al. explain the role of enterprise architecture as the organizing logic for business processes and IT
infrastructure, which must reflect the integration and standardization requirements of the operating model. For
example, ERP systems are used extensively by companies that have a unification strategy, since these systems
are well-suited for both sharing data and standardizing business processes across the enterprise. In a
diversification scenario, however, investing in an ERP system might be a wrong choice, since the varied collection
of business processes and localized data do not lend themselves to the ‘one size fits all’ approach of such a
system.
Next to this operating model, they provide a stage model of the architectural development of organizations:
1. Business silos: every individual business unit has its own IT and does local optimization.
2. Standardized technology: a common set of infrastructure services is provided centrally and efficiently.
3. Optimized core: data and process standardization, as appropriate for the chosen operating model, are
provided through shared business applications (e.g. ERP or CRM systems).
4. Business modularity: loosely coupled IT-enabled business process components are managed and reused,
preserving global standards and enabling local differences at the same time.
5. Dynamic venturing: rapidly reconfigurable, self-contained modules are merged seamlessly and dynamically
with those of business partners.
In practice, most companies are still in stages 1–3. Investment decisions should be guided by the chosen
operating model and the current and desired stage of an organization. E.g. if an organization wants to move from
stage 1 to stage 2, the focus should be on standardizing and centralizing IT infrastructure in order to achieve
efficient operations. The contribution of IT systems and projects to achieving the desired stage, in concordance
with the chosen the operating model, should be a core criterion in valuating these systems or projects.
Another reason for using enterprise architecture in investment decisions is that it provides a coherent view of the
various dependencies between IT systems and of their contribution to business processes and services, and
hence of the broader effects of a localized IT investment decision.
A desired organizational and/or technical change requires the investigation of the stakeholders that are involved
and their concerns regarding the change. New goals and requirements are identified, or existing ones are
changed, to address these concerns. Analysis of these goals and requirements is needed to guarantee
consistency and completeness, and to propose one or more alternative architecture designs that realize the goals
and requirements. Validation of these alternative designs aims at assessing their suitability and selecting the best
alternative.
In this way, business requirements capture the motivation and rationale behind (the design of) enterprise
architectures. Furthermore, architecture artifacts, such as business services, processes and supporting software
applications, are related to the (high-level) goals and requirements they originate from. Or put in another way,
goals and requirements can be traced towards the architecture artifacts that realize them. This traceability
between goals and requirements on one side and architecture artifacts on the other side is important to valuate
these artifacts. In the context of this work, the valuation of artifacts that represent or require IT support is of
particular interest. The valuation of some artifact in terms of the allocation of costs and benefits may largely
depend on the goals and requirements to which the artifact contributes.
Problem chains
Requirements engineering (RE) is concerned with the process of finding a solution for some problem. This
concern can be approached from a problem-oriented view, which focuses on understanding the actual problem,
and a solution-oriented view, which focuses on the design and selection of solution alternatives.
Problem- and solution-oriented requirements engineering can be considered as two consecutive or
complementary phases. Iterations of these phases may be applied to address a problem progressively, i.e., in
multiple, successive steps. From this perspective we can identify so-called problem chains, where each chain
links a problem to a solution such that the solution is considered again as a problem by the next chain. For
example, a business analyst may investigate a business problem and specify a business solution for this problem.
This new solution may require IT support, therefore becoming a problem for the IT analyst. Figure 25 illustrates
the notion of problem chains.
Problem chains link requirements engineering to enterprise architecture. This is illustrated in Figure 26 The why
column represents the problem-oriented view and defines the business needs, goals, requirements and use-
cases that should be addressed. The what column represents the solution-oriented view in terms of enterprise
architecture artefacts, such as services, processes and applications. These architecture artefacts define what the
enterprise must do to address the business needs, goals, requirements and use-cases. At the same time, these
requirements engineering artefacts motivate and justify why the enterprise architecture is defined the way it is.
Figure 27 illustrates the relationship between requirements and architecture models, and indirectly, also the
relationship between the requirements management and enterprise architecture processes. These processes are
typically divided into distinct phases, which results in a series of requirements and architecture models such that
models in succeeding phases refine models from preceding phases (as represented by the dashed arrows). For
example, Figure 27 illustrates a process of two phases: the design and realization of some enterprise architecture.
Requirements engineering cycle
The idea of problem chains distinguishes two views on an architecture model: (i) as a design artifact that
represents a solution for some design problem, and (ii) as a frame of reference that delimits the design or solution
space. These views are illustrated in the left part of Figure 28.
These steps constitute a generic requirements engineering cycle that can be repeated at successive phases in
the development of some enterprise architecture, as indicated by the dashed arrows in
Figure 28. Furthermore, the identification, analysis and refinement of solution alternatives in the second step may
be repeated as well, leading to ‘sub-cycles’.
In Quartel, et al. (2009), a method and modeling language, as an adjunct to the ArchiMate language (Lankhorst
et al., 2009), have been presented that support business requirements management as outlined above. In this
paper, we will not go deeper into this topic, but merely use these ideas in an example below. The interested
reader is referred to the aforementioned publication.
An interesting and useful way of computing an IT portfolio’s value based on these business contributions is
Bedell’s method (Schuurman et al., 2008). This method answers three questions:
1. Should the organization invest in information systems?
2. On which business processes should the investment focus?
3. Which information systems should be developed or improved?
The underlying idea of the method is that a balance is needed between the level of effectiveness of the information
systems and their level of strategic importance. Investments are more crucial if the ratio between the effectiveness
of an information system and its importance is worse.
Based upon this information, three portfolios are calculated: for the organization as a whole, its business
processes, and the information systems that support these processes. Figure 29 depicts an example of all three
portfolios and associates a general investment decision to each quadrant of the portfolios. A dashed arrow points
to the ideal position of some organization, business process or information system (IS) in the portfolio.
The prioritization of investment proposals is determined by the contribution of each information system, which is
defined as the product of its importance and the projected improvement of its effectiveness. In addition, the value
of the investment can be evaluated by calculating a so-called project-return index. This index relates the
contribution of the information system to the development costs.
Foundation
Bedell’s method is well-suited to be used in combination with enterprise architecture models. Figure 9 depicts the
architecture elements on which the method operates: a business actor that represents the organization as a
whole, the business processes of the organization, the activities that are performed by the business processes,
and the information systems that support these activities. The architecture elements are represented in the
ArchiMate language (Lankhorst et al., 2009).
For convenience, the ‘used by’ relation is used to relate the architecture elements, except for the aggregation
relation between an individual ‘Information system’ (represented as an application service) and the collection of
(all) ‘Information systems’. As noted before, Bedell assumes the following restrictions on the architecture model:
(i) a business process may comprise multiple business activities, but a business activity contributes to only a
single business process, and (ii) a business activity is supported by a single information system (represented as
an application service), and an information system supports only a single business activity.
The names that are annotated to the ‘used-by’ relations in Figure 30 represent the variables that need to be
determined as input to the calculation of the investment portfolios as depicted in Figure 29:
Plotting portfolios
The information obtained from computing these indicators can be shown graphically, as illustrated by the figure
below. This type of plot is familiar to anyone who knows the business value – technical value diagrams used by,
for example, the ASL methodology, in particular its Application Lifecycle Duration
Figure 31 depicts an example of an activity-level portfolio. The importance of an activity to a business process is
represented by variable IAB at the y-axis. The effectiveness of a single information system in supporting an activity
is represented by variable ESA at the x-axis. Similar plots can be made at the business process and organizations
levels.
In Bedell’s method, an information system is considered effective when it is cost-effective, has high technical
quality and is functionally appropriate. It is considered strategically important when the activities it supports are
crucial to a business process or the organization in obtaining its strategic objectives. The prioritization of
investment proposals is determined by the contribution of each information system, which is defined as the
product of its importance and the projected improvement of its effectiveness. In addition, the value of the
investment can be evaluated by calculating a so-called project-return index. This index relates the contribution of
the information system to the development costs. However, the determination of all these variables is rather
subjective and lacks concrete guidance. Hence, we need more concrete measurements of the properties of the
IS landscape.
Tool support
The input variables IBO, IAB, IIB and ESA can be defined as attributes of the used-by relation in an ArchiMate
enterprise architecture model. This allows one to calculate the portfolios of Bedell’s method automatically. For
this purpose, the BiZZdesign Architect tool has been extended with a valuation profile for Bedell’s method and a
viewpoint for each portfolio. Figure 32 depicts part of the example from (Schuurman et al., 2008) as modelled in
ArchiMate. In addition, the figure shows the profile properties in the Architect tool that are used to represent the
Bedell variables, including the labelling of some of the architecture elements with the values of the properties.
The portfolio viewpoints calculate the values of the variables at the axes of the portfolios as explained before.
This information can be shown in a table (Figure 33) or in graphical form (Figure 34).
Although the scope of the concept of effectiveness is large, the various views can all be related to concepts of IT
quality that are addressed in the ISO 9126 standard for software quality (ISO/IEC, 1991). Although this standard
was originally intended for classifying various types of requirements posed to a system before it is built, the
attributes can also be used to assess its qualities after it has been constructed.
The notion of ‘importance’ is more difficult to address. Although methods such as ASL [Van der Pols & Backer,
2006] provide questionnaires to investigate the business value of applications, much of this value is dependent
on, for example, the value of the information a system provides to the business, the value of future opportunities
opened up by IT, or the value of customer satisfaction created by a user-friendly system. A future project phase
might pay more attention to these types of value assessments.
One important category of indicators related to importance addresses risk. Risk in general is one of the criteria
on which managers base their investment decisions. ‘Risk’ is often defined as the effect of uncertainty on business
goals (e.g. in the ISO 31000 guide (ISO, 2009)). In the value center approach, ‘risk propensity’ is an important
factor in the type of value center. The cost and service centers aim for low-risk operations, whereas the profit and
investment centers allow for higher risks in order to obtain possible (but uncertain) gains from future business
opportunities. There are also risks concerned with failure of projects.
To provide the connection between the IT strategy and value center approach, we have investigated a first
mapping between the four value centers and the specific indicators that are most relevant for these centers.
Further research is needed to come up with concrete indicators that can be used within the context of the method
outlined in the previous sections. Furthermore, decision making, whether the decisions apply to IT or not, is rarely
performed under conditions of complete certainty. We will have to deal with these uncertainties and the risks
associated with these decisions. Bayesian networks (Johnson et al., 2007) are an established mathematical
technique to deal with uncertainties in networks of dependencies like enterprise architectures.
Another challenge is dealing with imprecise measures. If one asks an expert or managerial opinion on a qualitative
aspect of an IT system, his or her answer is often expressed in rather vague terms, for example: ‘this system is
rather good’, ‘this business process is very important’. But what does ‘rather good’ or ‘very important’ mean?
Techniques such as fuzzy logic (Zadeh, 1965) could be used to express and reason about such terms.
(operational) requirements on the enterprise architecture and into the structure of its operating model, and further
refined into KPIs for the artifacts. ‘Importance’ can be determined by assessing the ‘strength’ of the relations
between the business goals and the artifacts. ‘Effectiveness’ or ‘quality’ is determined by measuring the identified
KPIs. Based on these measures of importance and effectiveness, we can then determine the value of the artifacts.
Decision making and evaluation of alternatives based on the valuation of an IT portfolio will require an assessment
of multiple aspects. An obvious case is the combination of financial aspects (e.g. direct cost, TCO, ROI, NPV) in
relation to measures of business and technical value or effectiveness and importance, as described in the
previous sections. Established financial instruments such as TCO or ROI calculations do not use the architectural
structure and dependencies but do their computations only on the individual elements present in the portfolio.
The outcomes of these techniques should of course be taken into account in making IT investment decisions.
Each of these techniques results in some assessment or valuation. These results alone are of course not enough.
Given an assessment of the cost, returns and qualities of different alternatives, for example renovating an
application, replacing it completely, or leaving it as-is, how can the organization decide upon such a multitude of
inputs?
Rather than use a separate method for each of these assessments and combining the results by hand, our
ultimate goal is to develop a flexible plug-in architecture for architecture-based valuation methods, in which
different criteria can be combined using a central framework for multi-criteria analysis. Our aim is to provide an
integral approach that can be implemented in tools for architectural design and analysis, to provide optimal
support for architects and IT managers.
Moreover, using these techniques as part of the architectural design process, the value of using enterprise
architecture as a foundation for decision making is strengthened. Different design alternatives can be assessed
on their contribution to business value and well-informed decisions can be made that take the enterprise-wide
effects of changes into account.
In summary the above article should be looked at in the light of Information Technology investment, however as
an Information Technology manager, it’s very simple! Know what you want and need before you invest, therefore
one must have a proper design that will feed and service the goals of the organisation, and then make Information
Technology investments based on this planned design.
Application Transfer Conduct a study to determine exact requirements of the IT and to Tangible and
Team support the business case intangible
Automatic Value Calculate the degree of automation based on a set of criteria Tangible and
Points concerning the contribution of IT to the overall business performance intangible
Information Economics Calculate the overall value of an investment based on enhanced Tangible and
ROI, business domain, and technology domain criteria intangible
Information Systems Make a financial comparison between the organization and its Tangible and
Investment Strategies competitors, examine the portfolio of existing applications and intangible
prepare the business case for areas with expected high returns
Investment Mapping Calculate evaluation criteria scores and plot investment alternatives Tangible and
on a grid intangible
Investment Portfolio Calculate contribution of IT system to business and technology Tangible and
domain and calculate financial consequences (NPV) of the system intangible
Information Economics Calculate the overall value of an investment based on enhanced Tangible and
ROI, business domain, and technology domain criteria intangible
Information Systems Make a financial comparison between the organization and its Tangible and
Investment Strategies competitors, examine the portfolio of existing applications and intangible
prepare the business case for areas with expected high returns
Investment Mapping Calculate evaluation criteria scores and plot investment alternatives Tangible and
on a grid intangible
Investment Portfolio Calculate contribution of IT system to business and technology Tangible and
domain and calculate financial consequences (NPV) of the system intangible
Investment Portfolio Calculate contribution of IT system to business and technology Tangible and
domain and calculate financial consequences (NPV) of the system intangible
Knowledge Based Obtain an overall quantitative rank based on traditional capital Tangible and
System for IS budgeting techniques and an overall qualitative rank of projects intangible
Evaluation based on rules established by MIS planning groups and MCDM
models
MIS Utilization Calculate the overall success of an IT investment based on 48 Tangible and
Technique performance criteria intangible
Process Quality Analyze mission, critical success factors and key business processes Tangible and
Management to identify areas for IT investment intangible
Description Type of
criteria
Requirements-Costing Calculate total cost of an investment as cost of the mandatory Tangible
Technique features plus additional costs for desirable but not included features
SIESTA Assess benefits and risks of the fit between IT technology Mostly
strategy/infrastructure and business strategy/infrastructure intangible
Strategic Application Analyze the extent of existing systems and identify the most Intangible
Search and Systems productive areas for future investment
Invest. Meth.
Value Analysis Establish value of a system (and/or prototype) by asking Tangible and
management simple value-related questions and compare that value intangible
to investment cost
Ward’s Portfolio Assess risk of investment and risk of the portfolio of investments after Tangible and
Approach undertaking investment intangible
Zero-based budgeting Partition projects into smaller projects, assess each smaller project Tangible and
based on the same evaluation framework, and select the most intangible
important smaller projects assuming limited funding
Balanced Scorecard Evaluate an investment from the user’s, business value, efficiency, Tangible and
and innovation/ learning perspectives intangible
Boundary Calculate the ratio of IT cost to a known aggregate value (total sales, Tangible
Values/Spending total assets, etc.)
Ratios
Cost Displacement/ Compare the cost of IT investment to the current costs displaced by Tangible
Avoidance the IT system plus the projected costs avoided by the system
Cost Effectiveness Compare the effectiveness of a system with its cost and select the Tangible and
Analysis system with the lowest cost, best effectiveness, or the optimal intangible
combination of both
Description Type of
criteria
Critical Success Obtain, compare, and rank factors critical to business success, and Intangible
Factors based on these rankings, deduce investment priorities
Hedonic Wage Based on employee activity time allocation, calculate the marginal Tangible
value of each employee and use these values to estimate the value
of IT investment benefits
Real Options Calculate additional value of investment that exists because it Tangible and
Valuation provides the option for a second investment intangible
Quality Engineering Translate perceived value and risk into a quality score Intangible
Satisfaction/ Priority Survey and compare user and IS professionals’ opinions on the Intangible
Surveys effectiveness and importance of installed systems
Structural Models Create a model to analyze how an information system affects the Tangible and
costs and revenues of the particular business function or line of intangible
business it is intended to serve
Time Savings Times Calculate the value added of an IT investment by estimating the Tangible
Salary percentage of time the system will save workers and multiply by the
cost of the workers
Value Chain Analysis Assess how an IT investment can provide competitive advantage in Tangible and
each phase of the chain intangible
(Schniederjans, 2004)
Government Poor IT can inhibit information between the firm and the government
agencies in monitoring problems. Earlier detection of problems and
notification by the government might save the firm unnecessary rework
costs. Poor IT can also burden the government in their efforts to do a better
service for all society and increases the government’s costs.
Society Poor IT can delay, delete, and cancel customer orders causing frustration
and costs of all kind. Poor IT investments will eventually be passed on to the
consumer, which means needless higher costs to them. Some bad decisions
can cause an entire company to go out of business, resulting in the loss of
jobs to the employees and revenue to their local economies.
3.4 Strategies for Making the Right IT Investment Decisions and Avoiding IT Costs
Schniederjans says "IT value and implementation must be discussed in the context of the organization’s goals,
strategies, tactics, operational plans, and culture. In order to determine a payback, you must determine the benefits
as they help an organization achieve their goals
Executive managers, not IT managers, should determine strategic allocation decisions. The total amount of funds
to invest in IT, which business processes should receive funding and which IT capabilities are needed organization-
wide are decisions that executive managers or vice presidents (VPs) should make, not IT managers
In order to measure IT value and its performance over time, utilize many measures of contribution and
performance. The fastest way to fail in IT value measurement is to limit an analysis of cost or benefits to just a few
points in an information system or just a few measures of performance
General guidelines on issues of security and privacy risks, project failure risks, and the quality of IT services should
be determined by executive managers and not IT managers. Security, privacy and project failure risks can be very
large risks, involving the potential destruction of the entire organization. They are, therefore, serious enough for
executive managers, CIOs or VPs to have a hand in establishing their willingness to access these risks.
IT evaluation methods must evolve with the organization. Organizations change over time, IT adapts to those
changes, and the measurement methods and systems used to monitor and assess the value of IT must also
change
Recognize the limitations of the IT investment methodologies at each phase of the IT investment decision process.
These limitations may in some cases disqualify methodologies from being applied, and rightfully so
Recognize in all the selection processes mentioned above that the IT manager has potential biases that can
preclude the right IT decision choice from the analysis. Making the right decision on both the criteria to include in
the IT investment decision analysis and the methodology to use requires decision making skills that make us aware
of factors that may bias our decision process.
3.5 Summary
If you make the right IT decisions, you will end up with an investment that
helps your organization to introduce, create or enhance a competitive REMEMBER:
advantage Invest in Information
Technology to:
Improving organization agility: One of the most important competitive Improve agility,
marketing efforts must
advantages in today’s markets is the ability to be agile or develop the
match consumer
capacity to react quickly and successfully to change so as to compete
expectations
effectively in many developed and emerging global markets. Strategic intelligence is a
pre-requisite for change
Helps organizations adjust marketing mix factors to better compete: As Information Technology
investments should be
markets for products change, so do what customers look for in a product
made only after proper
change. Successful firms must change their marketing efforts to match the
investigation
consumer expectations in the mix features offered with a product. Sometimes you should
not invest at all at that
A means of identifying strategic external competitive intelligence: Implicitly moment!
or explicitly an organization’s strategic intelligence is a pre-requisite for
change, and that effective investments in IT represent a critical requirement for implementing the changes that will
take place as a results of that intelligence
Reducing IT investment costs: The right decision on IT investment sometimes means not making an investment at
all
capturing the financial information about the hardware life cycle which aids the organization in making business
decisions based on meaningful and measurable financial objectives.
Software Asset Management is a similar process, focusing on software assets, including licenses, versions and
installed endpoints
Unit
4: Business Intelligence
4.3 Reasons for Business Intelligence Understand what Business Intelligence is?
4.4 Benefits of Business Intelligence Understand why we would want to use Business Intelligence
4.5 Factors Influencing Business Understand how to use various tools in the Business
Intelligence Intelligence process
4.6 Future of Business Intelligence Understand the different areas of future business intelligence
Prescribed Textbook:
Below is the prescribed reading for specific to this unit;
Reynolds, George W. (2010) Information Technology for Managers,
International Edition. United States of America: Cengage Learning
Web Links
Please view as many of these presentations as you wish:
BTI Presentations. 2012. BTI Presentations. [ONLINE] Available at:
http://www.bolder.com/presentations.htm. [Accessed 17 May 2012].
Think Point
One of the critical areas for success within an organisation is doing their
homework. What must the organisation do to in terms of the decisions it
makes in order increase profits and its success?
Who said to succeed in war, one should have full knowledge of one's own
strength and weaknesses and full knowledge of the enemies’ strength and
weaknesses?
How can we turn the tide on being data rich but information poor?
4.1 Introduction
Gartners 2008 CIO survey highlights that Business Intelligence (BI) is of extreme importance to all CIO's. The
Business performance of an enterprise can dramatically improve when decisions are no longer just decisions, but
smart decisions based factual relevant information.
If you are just learning about BI or trying to build BI into your own businesses and you are not sure where to start
or how to proceed, then you are not alone. It is a challenge to design a successful BI. Some key contributing factors
will be the selection of people, processes and technology and how they "gel" together to create a cohesive working
system.
BI helps you to get all the facts needed to make critical and well-timed decisions that will achieve the objectives of
advancing business. By making the very best use of the information available, smart decisions can be made which
are geared towards the objectives of the company, however this needs to be tempered by a conscious approach
of the dynamics of staff and resources within the organisation. In a nutshell you must establish a strategy before
you bring technology or techniques into play.
It is extremely important to understand the factors which influence BI and
learn how to design an effective BI strategy. Prior to starting work on a BI REMEMBER:
strategy, you must document your overall business objectives to help
To help formulate BI
formulate BI vision for the growth of business. After documenting the initial vision, you must
list of key objectives, you should work with the key stakeholders to confirm document your overall
the validity of items on the list and their prioritization. This will ensure that business objectives
you start building your BI strategy with a proper foundation aligned with your Then you should work
business and with the buy-in from stakeholders. with the key stakeholders
to confirm the validity of
Scope of BI should include making the best use of information for strategic, items on the list and their
prioritization
tactical, and operational needs. Your purpose in building BI strategy is to
help business with long-term planning, help middle management with
tactical reporting, and help operations with day-to-day decision making to
run the business efficiently. BI is all about providing people with the
information they need to do their jobs more effectively. A wide range of BI services needs to be provided to meet
a wide range of requirements. Scope of BI Strategy should be determined by the business drivers and business
goals. Scope should always account for the changing business requirements to keep the BI strategy aligned with
business. You should not limit your ability to apply the principles with a restrictive BI strategy. BI strategy should
include a broad set of processes, technologies, and stakeholders for collecting, integrating, accessing, and
analyzing information for the purpose of helping enterprise make better business decisions. BI solutions should
enable users to be able to quickly adapt to new business requirements and evolving sources of information. Overall,
BI vision should be planned in advance of any iteration being implemented. It is vital to establish a BI vision to
ensure that implementation of specific components fits in the overall BI strategy. BI strategy should state and
document the needs as identified by the stakeholders, highlighting how BI fits into the broader enterprise vision.
BI strategy should take into consideration appropriate framework, methodology, processes, governance, systems,
and technology to deliver value that aligns with the business objectives and priorities.
"Business intelligence (BI), relates to the intelligence as information valued for its currency and relevance. It is
expert information, knowledge and technologies efficient in the management of organizational and individual
business. Therefore, in this sense, business intelligence is a broad category of applications and technologies for
gathering, providing access to, and analyzing data for the purpose of helping enterprise users make better business
decisions. The term implies having a comprehensive knowledge of all of the factors that affect your business. It is
imperative that you have an in depth knowledge about factors such as your customers, competitors, business
partners, economic environment, and internal operations to make effective and good quality business decisions.
Business intelligence enables you to make these kinds of decisions.
A specialized field of business intelligence known as competitive intelligence focuses solely on the external
competitive environment. Information is gathered on the actions of competitors and decisions are made based on
this information. Little if any attention is paid to gathering internal information.
The ultimate objective of business intelligence is to improve the timeliness and quality of information. Timely and
good quality information is like having a crystal ball that can give you an indication of what's the best course to
take. Business intelligence reveals to you:
The position of your firm as in comparison to its competitors
Changes in customer behaviour and spending patterns
The capabilities of your firm
Market conditions, future trends, demographic and economic information
The social, regulatory, and political environment
Competitors can be a huge hurdle on your way to success. Their objectives are the same as yours and that is to
maximize profits and customer satisfaction. In order to be successful you must stay one step ahead of your
competitors. In business you don't want to play the catch up game because you would have lost valuable market
share. Business Intelligence tells you what actions your competitors are taking, so you can make better informed
decisions.
Business Partners must possess the same strategic information you have so that there is no miscommunication
that can lead to inefficiencies. For example, it is common now for businesses to allow their suppliers to see their
inventory levels, performance metrics, and other supply chain data in order to collaborate to improve supply chain
management. With Business Intelligence you and your business partners can share the same information.
Economic Environment such as the state of the economy and other key economic indicators are important
considerations when making business decisions. You don't want to roll out a new line of products during an
economic recession. BI gives you information on the state of the economy so that you can make prudent decisions
as to when is the right time to maybe expand or scale back your business operations.
Internal Operations are the day to day activities that go on in your business. You need in-depth knowledge about
the internal workings of your business from top to bottom. If you make an arbitrary decision without knowing how
your entire organization works it could have negative effects on your business. BI gives you information on how
your entire organization works.
Technology
Business intelligence provides organizational data in such a way that the organizational knowledge filters can
easily associate with this data and turn it into information for the organization. Persons involved in business
intelligence processes may use application software and other technologies to gather, store, analyze, and provide
access to data, and present that data in a simple, useful manner. The software aids in business performance
management, and aims to help people make "better" business decisions by making accurate, current, and relevant
information available to them when they need it. Some businesses use data warehouses because they are a logical
collection of information gathered from various operational databases for the purpose of creating business
intelligence.
Technology Requirements
For the Business Intelligence system to work effectively, enterprises must address the following technical issues:
Security and specified user access to the warehouse
Data volume (capacity)
How long data will be stored (data retention)
Benchmark and performance targets
Software Types
People working in business intelligence have developed tools that ease the work, especially when the intelligence
task involves gathering and analyzing large quantities of unstructured data. Each vendor typically defines Business
Intelligence their own way, and markets tools to do Business Intelligence the way that they see it.
Business intelligence includes tools in various categories, but the ones that we are able to help you with include
the following:
Data Mining, Data Marts
Decision Support Systems
Enterprise Integration and Reporting
Enterprise Reporting for Mainframes
History
An early reference to non-business intelligence occurs in Sun Tzu's The Art of War. Sun Tzu claims that to succeed
in war, one should have full knowledge of one's own strengths and weaknesses and full knowledge of one's
enemy's strengths and weaknesses. Lack of either one might result in defeat. A certain school of thought draws
parallels between the challenges in business and those of war, specifically:
Collecting data
Discerning patterns and meaning in the data (generating information)
Responding to the resultant information
Prior to the start of the Information Age in the late 20th century, businesses sometimes struggled to collect data
from non-automated sources. Businesses then lacked the computing resources to properly analyse the data, and
often made business decisions primarily on the basis of intuition.
As businesses started automating more and more systems, more and more data became available. However,
collection remained a challenge due to a lack of infrastructure for data exchange or to incompatibilities between
systems. Analysis of the data that was gathered and reports on the data sometimes took months to generate. Such
reports allowed informed long-term strategic decision-making. However, short-term tactical decision-making
continued to rely on intuition.
In modern businesses, increasing standards, automation, and technologies have led to vast amounts of data
becoming available. Data warehouse technologies have set up repositories to store this data. Improved Extract,
transform, load (ETL) and even recently Enterprise Application Integration tools have increased the speedy
collecting of data. OLAP reporting technologies have allowed faster generation of new reports which analyse the
data. Business intelligence has now become the art of sifting through large amounts of data, extracting pertinent
information, and turning that information into knowledge upon which actions can be taken.
Business intelligence software incorporates the ability to mine data, analyse, and report. Some modern BI software
allow users to cross-analyse and perform deep data research rapidly for better analysis of sales or performance
on an individual, department, or company level. In modern applications of business intelligence software, managers
are able to quickly compile reports from data for forecasting, analysis, and business decision making.
In 1989 Howard Dresner, a Research Fellow at Gartner Group popularized "BI" as an umbrella term to describe a
set of concepts and methods to improve business decision-making by using fact-based support systems.
In the not too distant future companies will become dependent on real time business information in much the same
fashion as people come to expect to get information on the internet in just one or two clicks.
Also in the near future business information will become more democratized where end users from throughout the
organization will be able to view information on their particular segment to see how it's performing.
So, in the future, the capability requirements of business intelligence will increase in the same way that consumer
expectations increase. It is therefore imperative that companies increase at the same pace or even faster to stay
competitive.
"BI 2.0" is the recently-coined term which is part of the continually developing Business Intelligence industry and
heralds the next step for BI. "BI 2.0" is used to describe the acquisition, provision and analysis of "real time" data,
the implication being that earlier Business Intelligence and Data Mining products (BI 1.0?) have not been capable
of providing the kind of timely, current data end-users are now clamouring to have. Realizing that hype has
historically outpaced reality as Business Intelligence software companies compete for market share as long as
Business Intelligence relies upon some kind of data warehouse structure (including web-based virtual data
"warehouses"), data will have to be converted into what Hayler calls "a lowest common denominator consistent
set." When it comes to dealing with multiple, disparate data sources and the constantly changing, often volatile,
business environment which requires tweaking and restructuring of IT systems, getting BI data in a genuinely true,
"real time" format remains, again according to Hayler, "a pipe dream...As long as people design data models and
databases the traditional way, you can forget about true 'real-time' business intelligence across an enterprise: the
real world gets in the way”. In the near future business information will become more democratized where end
users from throughout the organization will be able to view information on their particular segment to see how it's
performing.
In the future, the capability requirements of business intelligence will increase in the same way that consumer
expectations increase. It is therefore imperative that companies increase at the same pace or even faster to stay
competitive.
Business intelligence (BI) has two basic different meanings related to the use of the term intelligence. The primary,
less frequently, is the human intelligence capacity applied in business affairs/activities. Intelligence of Business is
a new field of the investigation of the application of human cognitive faculties and artificial intelligence technologies
to the management and decision support in different business problems. The second relates to the intelligence as
information valued for its currency and relevance. It is expert information, knowledge and technologies efficient in
the management of organizational and individual business. The paper explores the concepts of BI, its components,
emergence of BI, benefits of BI, factors influencing BI, technology requirements, designing and implementing
business intelligence, and various BI techniques. Powerful transaction-oriented information systems are now
commonplace in every major industry, effectively levelling the playing field for corporations around the world. To
remain competitive, however, now requires analytically oriented systems that can revolutionize a company's ability
to rediscover and utilize information they already own. The Business Intelligence (BI) has evolved over the past
decade to rely increasingly on real time data. The Business Intelligence (BI) has evolved to rely increasingly on
real time data. Business analysis is becoming essential. It involves actions in response to analysis of results and
instantaneously changes parameters of business processes making BI beneficial for several reasons.
The KPI methodology was further expanded with the Chief Performance Officer methodology which incorporated
KPIs and root cause analysis into a single methodology."
Business intelligence (BI) software is applied at three different levels in the enterprise: strategic, tactical and
operational. At the strategic level, BI provides performance metrics to management and executives, often in
conjunction with a formal management methodology such as Balanced Scorecard or Six Sigma. Strategic business
intelligence, one of the latest crazes, is generally called performance management (PM). Depending upon which
analyst firm you subscribe to, PM might be preceded by a C for corporate performance management, an E for
enterprise performance management or a B for business performance management (not to be confused with BPM,
the acronym for business process management).
Tactical business intelligence, called traditional and/or analytical in various industry articles, is the application of
business intelligence tools to analyse business trends, frequently comparing a specific metric (such as sales or
expenses) to the same metric from a previous month or year. In most companies, there are usually a few analysts
in each department who use online analytical processing (OLAP) and ad hoc query to perform this task. To date,
BI tools are mostly used to analyse historical business data to discover trends or anomalies that need attention.
Finally, operational business intelligence delivers information to the point of business - the front lines of a business
where information is used as part of an operational process. For example, when a person calls a toll-free number
to speak to a customer service representative about his or her telephone bill, that representative will most likely be
looking at a report about the caller's previous billing history and payment record on a computer monitor. The most
interesting thing about this example, as in many examples of operational BI, is that the person using the BI tool
has probably never even heard of the term business intelligence. Customer service reps do not consciously use a
business intelligence tool. The information is simply put in front of them when they're doing their operational jobs -
in this case, customer support.
Strategic, tactical and operational business intelligence are like the navigation system, the dashboard, and the gas
pedal, brake pedal and steering wheel in an automobile. The navigation system constantly shows you whether or
not you are on course to reach your destination. This works exactly like a strategic BI scorecard or performance
management system that tells management whether or not the company is on target to meet its goals. In both
cases, the driver and management will take corrective action if they see that they are off course.
The dashboard, with its fuel gauge, odometer, speedometer and engine lights, mimics tactical business
intelligence. The gauges tell the driver how far he or she has travelled, if the car's systems are functioning correctly
and whether or not more fuel is needed. Similarly, tactical BI looks at historical data to see if enough has been sold
compared to last month and whether or not there is inventory to meet expected demands.
Finally, operational BI is very much like the steering wheel and the gas and brake pedals, which are used for all
immediate front-line reactions in driving. There is a detour in the road; you must turn right here to avoid it. A car in
front of you has stopped, so you need to slow down and stop as well. The customer support call is handled in the
same way. It is an immediate reactive business process.
Figure 37- The three forms of BI must work according towards a common goal.
Figure 38 - The Latency between a business event and an action Taken from Richard Hackathorn, Bolder
Technologies.
4.7 Summary
We can see that time and analysed data is key to decision making in an organisation. Let’s conclude this with an
analogy of an automotive system to the car and driver and of the three levels of BI to the company. Of the three
levels of automobile components - navigation system, dashboard, and steering, brake and gas - which can you not
live without, even for one second? The steering, brake and gas. Without them, you would either crash or potentially
make no progress. The same is true for operational BI. While strategic and tactical BI look at historical data to tell
management and analysts where the business has been and how it is performing, it is the company's operational
processes that keep it running. Ask the corporate executive whether the company could live without its performance
scorecard report or without the customer support system for a day or two. Customer support cannot stop. It is part
and parcel of how a business operates.
Many people can drive a car with just a steering wheel, gas pedal and brake, and even get to their final destination.
Sooner or later, however, they will either run out of gas or get lost. It is the same for business. To truly get the most
out of business intelligence, you need to have all three levels - strategic, tactical and operational - working in
conjunction with one another. However, a business executive cannot forget the importance of operational delivery
of information to front-line workers - without it the company might crash.
Look at the following example of business intelligence software in a live context and
answer the following questions:
vizMapEditor allows users to make changes and updates to the casino floor map image
within the floorVizPLUS software to reflect actual changes on the gaming floor (Figure 1). This
ensures that the analysis is correctly represented against the correct casino floor map.
vizMapEditor is fully integrated into floorVizPLUS and allows a user to change an existing map
or create multiple designs for analysis purposes and for future use.
vizMapEditor is web based and not only does it manage the casino floor maps, it also
manages the slowly changing dimensions that are associated with the casino floor map. The
management of the slowly changing dimensions is very important for analysis of changes
on the gaming floor. The software makes the management of this data very straight forward.
Furthermore, when the updates
to the floor maps are made, they are automatically made in the database, so the normal
data management such as backups and restores can be managed by the data team"
1. If Company ABC wanted to implement this, what would the reason be for implementing
this?
3. What other software is out there geared for BI. Find at least 3 and compare them and the
value especially in terms of dashboards and live information, IE: BI 2
Unit
5: Data Warehousing and Data
Mining
5.6 What is data mining and predictive How is data mining useful?
analytics used for?
Prescribed Textbook:
Below is the prescribed reading for specific to this unit;
Paige Baltzan, A.P., 2009. Business Driven Information Systems.
New York: McGraw-Hill.
DETAILS: Chapter of Book that should be read.
Chapter 6: Databases and Data Warehouses
5.1 Introduction
Rapid developments in information technology have resulted in the construction of many business application
systems in numerous areas. Within these systems, databases often play an essential role. Data has become a
critical resource in many organisations, and therefore, efficient access to the data, sharing the data, extracting
information from the data, and making use of the information stored, has become an urgent need. As a result,
there have been many efforts on firstly integrating the various data sources (e.g. databases) scattered across
different sites to build a corporate data warehouse, and then extracting information from the warehouse in the form
of patterns and trends.
Think Point
What underlying infrastructure is required to make BI function?
What is the difference between raw data and analyzed data?
What are some of the data mining tools that are used?
What are some of the data mining activities?.
The typical data warehouse uses staging, integration, and access layers to house its key functions. The staging
layer or staging database stores raw data extracted from each of the disparate source data systems. The
integration layer integrates the disparate data sets by transforming the data from the staging layer often storing
this transformed data in an operational data store (ODS) database. The integrated data is then moved to yet
another database, often called the data warehouse database, where the data is arranged into hierarchal groups
often called dimensions and into facts and aggregate facts. The combination of facts and dimensions is sometimes
called a star schema. The access layer helps users retrieve data.
A data warehouse constructed from integrated data source systems does not require ETL, staging databases, or
operational data store databases. The integrated data source systems may be considered to be a part of a
distributed operational data store layer. Data federation methods or data virtualization methods may be used to
access the distributed integrated source data systems to consolidate and aggregate data directly into the data
warehouse database tables. Unlike the ETL-based data warehouse, the integrated source data systems and the
data warehouse are all integrated since there is no transformation of dimensional or reference data. This integrated
data warehouse architecture supports the drill down from the aggregate data of the data warehouse to the
transactional data of the integrated source data systems.
Data warehouses can be subdivided into data marts. Data marts store subsets of data from a warehouse.
This definition of the data warehouse focuses on data storage. The main source of the data is cleaned, transformed,
cataloged and made available for use by managers and other business professionals for data mining, online
analytical processing, market research and decision support."
Information about data mining is widely available. No matter what your level of expertise, you will be able to find
helpful books and articles on data mining. Here are two web sites to help you get started:
http://www.kdnuggets.com/ — this site is an excellent source of information about data mining. It includes a
bibliography of publications.
http://www.twocrows.com/ — on this site, you will find the free tutorial, Introduction to Data Mining and
Knowledge Discovery, and other useful information about data mining.
In a nutshell, a company can analyse all the large data it has on its clients to then draw conclusions or emerging
opportunities which it can then use to create new avenues of income.
2. Data fusion & Cleaning: Is the data in the correct format and is it consistent and free of errors?
This is where the data, regardless of the sources is mashed or fused together and put through a process known
as "data cleaning" or data scrubbing". During this process, the information is made into a standard format and
checked for errors in consistency. Poor quality data is removed and Meta data is created.
Meta data is additional information about the properties of the information is recorded. In a nutshell it is data about
the data!
Data mining is a set of automated techniques used to extract buried or previously unknown pieces of information
from large databases. Successful data mining makes it possible to unearth patterns and relationships, and then
use this “new” information to make proactive knowledge-driven business decisions. Data mining then, “centers on
the automated discovery of new facts and relationships in data. The raw material is the business data, and the
data-mining algorithm is the excavator, sifting through the vast quantities of raw data looking for the valuable
nuggets of business information.
The challenge of marketing is that while there are constantly more and more competing offers, the number of
channels (ways of communication) available to communicate with the buyer also increases. In addition to traditional
direct marketing means such as direct mailing, advertising in newspapers, TV and other media, new means of
communication such as the Internet, not only has introduced a large number of new channels for direct marketing,
it has also brought measurability of the response to a whole new level. Today, there is a large amount of data
being generated not only in internal customer data bases, but also related to the response of the audience to
marketing campaigns. This is where predictive data mining comes in. By applying predictive data mining to
historical data, such as customer response for the various channels, demographic, geographic, sales history etc,
it is possible to significantly improve the odds of directing a campaign towards the right audience. By successfully
applying predictive data mining, you not only will be able to target the right audience, thereby increasing return on
invested marketing money. In addition to this, you will also get to know them better, and by adapting the message
to the preferences of your audience you will be able to communicate more effectively.
Collection
All companies with a large customer base have a number of customers who do not pay their dues on time.
Collecting these payments from the debtors requires a great deal of resources, and a large proportion of this work
is wasted on customers that are difficult or impossible to recover. By applying predictive data mining to historical
customer debt data, the collection procedure can be optimized by identifying the debtors most likely to pay and
finding the most effective contact methods or legal actions for each debtor.
By successfully applying predictive data mining within collection, you will recover more money while reducing
collection costs.
Scientific applications
In pharmaceutical companies, chemistry is one of the most resource intensive areas within the research and
development (R&D) activities. The whole purpose of the pharmaceutical company’s R&D is to produce new
chemical entities (NCE) that will make it all the way through clinical trials to the market as new drugs. The search
for new chemical compounds is in essence a trial-and-error process. The job of the R&D chemist is to synthesise
(produce) new compounds for testing in the laboratory. One such chemist may spend up to three weeks for making
just one such compound.
Despite the expensive production of new compounds, pharmaceutical companies test very many compounds in
their R&D activities and stores all the results in large databases (there is also a fairly large industry selling chemical
compounds of great diversity). By applying predictive data mining to such historical laboratory test data, it is
possible to reasonably predict the outcome of the laboratory tests without having to synthesise the compounds.
This means that the chemist can find out the most likely properties of the alternative compounds and choose to
work on the most promising ones, before spending the next three weeks in the laboratory, thereby increasing the
quality of the resulting compounds.
Recommendation systems
All companies want to sell more to existing customers. This is often the most effective way of increasing the
profitability. For companies that sell many different products to large customer bases and that keep records of
sales transactions for their customers, it is possible to apply predictive data mining to identify sales opportunities
as products likely to appeal to a particular customer who has not yet bought them. This type of application is also
commonly referred to as cross-selling, and some of the most notable examples of companies using it are
Amazon.com where you will get relevant books recommended, and the DVD rental site Netflix, who now even has
arranged a $1Million prize money competition for the best improvement of their recommendation system.
Other applications
Other applications of predictive data mining include fraud detection (e.g. within credit card transactions, taxation,
telephony, and insurance industry) and risk management (e.g. for determining insurance policy rates or managing
credit applications).
5.7 Summary
Data Warehousing is the strategy of ensuring that the data used in an organization is available in a consistent and
accurate form wherever it is needed. Often this involves the replication of the contents of departmental computers
in a centralized site, where it can be ensured that common data definitions are in the departmental computers in a
centralized site, where it can be ensured that the common data definitions are in use… The reason Data
Warehousing is closely connected with Data Mining is that when data about the organization’s processes becomes
readily available, it becomes easy and therefore economical to mine it for new and profitable relationships.
Thus, data warehousing introduces greater efficiencies to the data mining exercise. “Without the pool of validated
and scrubbed data that a data warehouse provides, the data mining process requires considerable additional effort
to pre-process the data. Notwithstanding, it is also possible for companies to obtain data from other sources via
the Internet, mine the data, and then convey the findings and new relationships internally within the company via
an Intranet. There are four stages in the data warehousing process:
1. The first stage is the acquisition of data from multiple internal and external sources and platforms.
2. The second stage is the management of the acquired data in a central, integrated repository.
3. Stage three is the provision of flexible access, reporting and analysis tools to interpret selected data.
4. Stage four is the production of timely and accurate corporate reports to support managerial and decision-
making processes.
Though the term data mining is relatively new, the technology is not. Many of the techniques used in data mining
originated in the artificial intelligence research of the 80s and 90s. It is only more recently that these tools have
been applied to large databases. Why then are data mining and data warehousing mushrooming now? IBM has
identified six factors that have brought data mining to the attention of the business world:
A general recognition that there is untapped value in large databases;
A consolidation of database records tending toward a single customer view;
A consolidation of databases, including the concept of an information warehouse;
A reduction in the cost of data storage and processing, providing for the ability to collect and accumulate data;
Intense competition for a customer’s attention in an increasingly saturated marketplace;
The movement toward the de-massification of business practices.
With reference to point six above, “de-massification” is a term originated by Alvin Toffler. It refers to the shift from
mass manufacturing, mass advertising and mass marketing that began during the industrial revolution, to
customized manufacturing, advertising and marketing targeted to small segments of the population.
Data mining usually yields five types of information: associations, sequences, classifications, clusters, and
forecasting:
Associations happen when occurrences are linked in a single event. For example, a study of supermarket baskets
might reveal that when corn chips are purchased, 65% of the time cola is also purchased, unless there is a
promotion, in which case cola is purchased 85% of the time.
In sequences, events are linked over time. [For example] [ I] f a house is bought, then 45% of the time a new oven
will be bought within one month and 60% of the time a new refrigerator will be bought within two weeks.
Classification is probably the most common data mining activity today… Classification can help you discover the
characteristics of customers who are likely to leave and provide[s] a model that can be used to predict who they
are. It can also help you determine which kinds of promotions have been effective in keeping which types of
customers, so that you spend only as much money as necessary to retain a customer.
Using clustering, the data mining tool discovers different groupings with the data. This can be applied to problems
as diverse as detecting defects in manufacturing or finding affinity groups for bank cards.
All of these applications may involve predictions, such as whether a customer will renew a subscription …
forecasting, is a different form of prediction. It estimates the future value of continuous variables — like sales
figures — based on patterns within the data.
Generally, then, applications of data mining can generate outputs such as:
Buying patterns of customers; associations among customer demographic characteristics; predictions on
which customers will respond to which mailings;
Patterns of fraudulent credit card usage; identities of “loyal” customers; credit card spending by customer
groups; predictions of customers who are likely to change their credit card affiliation;
Predictions on which customers will buy new insurance policies; behaviour patterns of risky customers;
expectations of fraudulent behaviour;
No secret there. That’s the business model for the entire web these days. You pay for
services with your personal information, which in turn enables advertisers to target you more
accurately.
Social networking services (SNS) are the ultimate expression of this imbalanced exchange.
Who you communicate with, when and how, reveals far more than you may realise.
Research on Facebook, for example, has shown that you can predict when people will
develop a romantic relationship before they know it themselves. Gays can be outed by
algorithm. Semantic analysis of the words you use reveals your mood.
Yet you can’t make meaningful use of an SNS without revealing this personal data. It’s kind
of the point. Just as you can’t make use of accounting software without first revealing how
you spend your money, you can’t use the SNS until you reveal and categorise your family,
friends and acquaintances — your social graph, it’s called.
Facebook has been copping flak over two ongoing privacy outrages. One, continually
changing how its insanely complicated privacy controls work and trying to trick people into
accepting a wide-open setting by default. Two, a legalistic privacy policy that’s longer than
the US Constitution.
Google seems to have addressed the first problem. The Circles feature in Google+ allows
you to categorise your contacts into circles of friends — family, workmates, your hockey
team, payday drinking buddies — and you post information only to specific circles. Things
are private by default. Mostly.
But when it comes to the terms and conditions, Google is no better than the rest. As Paul
Ducklin from information security vendor Sophos points out, there’s Google’s general
privacy policy, a separateprivacy policy for Google+, the user content and conduct policy,
the+1 button privacy policy for Google’s equivalent of the “Like” button, the mobile privacy
policy if you use your smartphone, the Picasa privacy notice if you upload a photo …
When I started writing this article, I’d intended to have a go at people who were foolish
enough to reveal which of their contacts were “prayer group” and which “rough trade” — and
which were both — without reading and understanding the rules. But I think they can be
forgiven. In Google’s privacy centre you’ll find 37 written policies. And of course any of those
policies can be changed upon Google’s whim. After they’ve got your data.
Talk to any privacy analyst and they’ll tell you that “informed consent” is the key. By all
means let people exchange privacy for services, as long as they understand the trade-off.
But how can anyone possibly comprehend 37 policies?"
QUESTIONS:
1. Facebook's use of data mining. How far do you think that is true? Does the article below
have any truth about SNS?
Unit
6: Principles of Information
Security
6.4 Key Information Security Terms and Define key terms and critical concepts of information security
Concepts
6.7 Procedures
6.8 Networks
6.9 Balancing Information Security and Understand and apply the basic principles of information
Access security
6.10 Information Security Project Team Identify and understand the role played by project teams
Prescribed Textbook:
Below is the prescribed reading for specific to this unit;
Whitman, M.E. & Mattford, H.J., 2012. Principles of Information
Security. 4th ed. China: China Translation and Printing Services
Limited.
1. Introduction to Information Security.
2. The Need for Security.
3. Legal, Ethical, and Professional Issues in Information Security.
4. Risk Management.
5. Planning for Security.
6. Security Technology: Firewalls, VPNs, and Wireless
7. Security Technology: Intrusion Detection and Prevention Systems
8. Cryptography.
9. Physical Security.
10. Implementing Information Security.
11. Security and Personnel.
12. Information Security Maintenance and eDiscovery.
6.1 Introduction
Information is one of the most important organisation assets. For an organisation, information is valuable and
should be appropriately protected. Security is to combine systems, operations and internal controls to ensure
integrity and confidentiality of data and operation procedures in an organization. Information security history begins
with the history of computer security. It started around year 1980. In 1980, the use of computers has concentrated
on computer centres, where the implementation of a computer security focuses on securing physical computing
infrastructure that is highly effective organization. Although the openness of the Internet enabled businesses to
quickly adopt its technology ecosystem, it also proved to be a great weakness from an information security
perspective.
Think Point
Why does information security make an impact on our lives and organisations?
Should we keep our data disconnected from the net? - Pros and Cons
While the above definition gives a nice insight in all the different aspects of information security, the enumeration
of "what is protected", "how it is protected" and "what it is protected from", will always leave something out.
Unfortunately, this last definition gives a lot less insight in what is involved with information security. It is so broad
that it also includes the even more complex issue of privacy, which I would prefer to keep separate from information
security.
6.3 Is It Just the Information Technology Department Who Should Be Involved in Security?
Clearly it is the perception amongst many people and organisations that information security is only the domain of
the Information Technology department. It is imperative that when and organisation is tackling information security
that there are members from every department that are present to contribute to the process and success of tackling
information security.
What are the areas and organization should tackle in security operations?
A successful organization should have the following multiple layers of security in place to protect its operations:
Physical security, to protect physical items, objects, or areas from unauthorized access and misuse
Personnel security, to protect the individual or group of individuals who are authorized to access the
organization and its operations
Operations security, to protect the details of a particular operation or series of activities
Communications security, to protect communications media, technology, and content
Network security, to protect networking components, connections, and contents
Information security, to protect the confidentiality, integrity and availability of achieved via the application of
policy, education, training and awareness, and technology.
Asset: The organizational resource that is being protected. An asset can be logical, such as a Web site,
information, or data; or an asset can be physical, such as a person, computer system, or other tangible object.
Assets, and particularly information assets, are the focus of security efforts; they are what those efforts are
attempting to protect.
Attack: An intentional or unintentional act that can cause damage to or otherwise compromise information
and/or the systems that support it. Attacks can be active or passive, intentional or unintentional, and direct or
indirect. Someone casually reading sensitive information not intended for his or her use is a passive attack. A
hacker attempting to break into an information system is an intentional attack. A lightning strike that causes a
fire in a building is an unintentional attack. A direct attack is a hacker using a personal computer to break into
a system. An indirect attack is a hacker compromising a system and using it to attack other systems, for
example, as part of a botnet (slang for robot network). This group of compromised computers, running software
of the attacker’s choosing, can operate autonomously or under the attacker’s direct control to attack systems
and steal user information or conduct distributed denial-of-service attacks. Direct attacks originate from the
threat itself. Indirect attacks originate from a compromised system or resource that is malfunctioning or working
under the control of a threat.
Control, safeguard, or countermeasure: Security mechanisms, policies, or procedures that can successfully
counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization.
The various levels and types of controls are discussed more fully in the following chapters.
Exploit: A technique used to compromise a system. This term can be a verb or a noun. Threat agents may
attempt to exploit a system or other information asset by using it illegally for their personal gain. Or, an exploit
can be a documented process to take advantage of a vulnerability or exposure, usually in software, that is
either inherent in the software or is created by the attacker. Exploits make use of existing software tools or
custom-made software components.
Exposure: A condition or state of being exposed. In information security, exposure exists when a vulnerability
known to an attacker is present.
Loss: A single instance of an information asset suffering damage or unintended or unauthorized modification
or disclosure. When an organization’s information is stolen, it has suffered a loss.
Protection profile or security posture: The entire set of controls and safeguards, including policy, education,
training and awareness, and technology, that the organization implements (or fails to implement) to protect
the asset. The terms are sometimes used interchangeably with the term security program, although the
security program often comprises managerial aspects of security, including planning, personnel, and
subordinate programs.
Risk: The probability that something unwanted will happen. Organizations must minimize risk to match their
risk appetite—the quantity and nature of risk the organization is willing to accept.
Subjects and objects: A computer can be either the subject of an attack—an agent entity used to conduct the
attack—or the object of an attack—the target entity, as shown in Figure 1-5. A computer can be both the
subject and object of an attack, when, for example, it is compromised by an attack (object), and is then used
to attack other systems (subject).
Threat: A category of objects, persons, or other entities that presents a danger to an asset. Threats are always
present and can be purposeful or undirected. For example, hackers purposefully threaten unprotected
information systems, while severe storms incidentally threaten buildings and their contents.
"An information system (IS) is much more than computer hardware; it is the entire set of software, hardware, data,
people, procedures, and networks that make possible the use of information resources in the organization. These
six critical components enable information to be input, processed, output, and stored. Each of these IS components
has its own strengths and weaknesses, as well as its own characteristics and uses. Each component of the
information system also has its own security requirements.
Software
The software component of the IS comprises applications, operating systems, and assorted command utilities.
Software is perhaps the most difficult IS component to secure. The exploitation of errors in software programming
accounts for a substantial portion of the attacks on information. The information technology industry is rife with
reports warning of holes, bugs, weaknesses, or other fundamental problems in software. In fact, many facets of
daily life are affected by buggy software, from smart phones that crash to flawed automotive control computers
that lead to recalls.
Software carries the lifeblood of information through an organization. Unfortunately, software programs are often
created under the constraints of project management, which limit time, cost, and manpower. Information security
is all too often implemented as an afterthought, rather than developed as an integral component from the beginning.
In this way, software programs become an easy target of accidental or intentional attacks.
Hardware
Hardware is the physical technology that houses and executes the software, stores and transports the data, and
provides interfaces for the entry and removal of information from the system. Physical security policies deal with
hardware as a physical asset and with the protection of physical assets from harm or theft. Applying the traditional
tools of physical security, such as locks and keys, restricts access to and interaction with the hardware components
of an information system. Securing the physical location of computers and
the computers themselves is important because a breach of physical REMEMBER:
security can result in a loss of information. Unfortunately, most information
Information
systems are built on hardware platforms that cannot guarantee any level of
systems are made
information security if unrestricted access to the hardware is possible.
up of six major
Before September 11, 2001, laptop thefts in airports were common. A two-
components:
person team worked to steal a computer as its owner passed it through the
hardware, software,
conveyor scanning devices. The first perpetrator entered the security area
data, people,
ahead of an unsuspecting target and quickly went through. Then, the
procedures, and
second perpetrator waited behind the target until the target placed his/her
networks
computer on the baggage scanner. As the computer was whisked through,
the second agent slipped ahead of the victim and entered the metal detector with a substantial collection of keys,
coins, and the like, thereby slowing the detection process and allowing the first perpetrator to grab the computer
and disappear in a crowded walkway.
While the security response to September 11, 2001 did tighten the security process at airports, hardware can still
be stolen in airports and other public places. Although laptops and notebook computers are worth a few thousand
dollars, the information contained in them can be worth a great deal more to organizations and individuals.
6.5 Data
Data stored, processed, and transmitted by a computer system must be protected. Data is often the most valuable
asset possessed by an organization and it is the main target of intentional attacks. Systems developed in recent
years are likely to make use of database management systems. When done properly, this should improve the
security of the data and the application. Unfortunately, many system development projects do not make full use of
the database management system’s security capabilities, and in some cases the database is implemented in ways
that are less secure than traditional file systems.
6.6 People
Though often overlooked in computer security considerations, people have always been a threat to information
security. Legend has it that around 200 B.C. a great army threatened the security and stability of the Chinese
empire. So ferocious were the invaders that the Chinese emperor commanded the construction of a great wall that
would defend against the Hun invaders. Around 1275 A.D., Kublai Khan finally achieved what the Huns had been
trying for thousands of years. Initially, the Khan’s army tried to climb over, dig under, and break through the wall.
In the end, the Khan simply bribed the gatekeeper—and the rest is history. Whether this event actually occurred
or not, the moral of the story is that people can be the weakest link in an organization’s information security
program. And unless policy, education and training, awareness, and technology are properly employed to prevent
people from accidentally or intentionally damaging or losing information, they will remain the weakest link. Social
engineering can prey on the tendency to cut corners and the commonplace nature of human error. It can be used
to manipulate the actions of people to obtain access information about a system.
6.7 Procedures
Another frequently overlooked component of an IS is procedures. Procedures are written instructions for
accomplishing a specific task. When an unauthorized user obtains an organization's procedures, this poses a
threat to the integrity of the information. For example, a consultant to a bank learned how to wire funds by using
the computer center’s procedures, which were readily available. By taking advantage of a security weakness (lack
of authentication), this bank consultant ordered millions of dollars to be transferred by wire to his own account. Lax
security procedures caused the loss of over ten million dollars before the situation was corrected. Most
organizations distribute procedures to their legitimate employees so they can access the information system, but
many of these companies often fail to provide proper education on the protection of the procedures. Educating
employees about safeguarding procedures is as important as physically securing the information system. After all,
procedures are information in their own right. Therefore, knowledge of procedures, as with all critical information,
should be disseminated among members of the organization only on a need-to-know basis.
6.8 Networks
The IS component that created much of the need for increased computer and information security is networking.
When information systems are connected to each other to form local area networks (LANs), and these LANs are
connected to other networks such as the Internet, new security challenges rapidly emerge. The physical technology
that enables network functions is becoming more and more accessible to organizations of every size. Applying the
traditional tools of physical security, such as locks and keys, to restrict access to and interaction with the hardware
components of an information system are still important; but when computer systems are networked, this approach
is no longer enough. Steps to provide network security are essential, as is the implementation of alarm and intrusion
systems to make system owners aware of ongoing compromises.
Figure 42- Balancing Security and Access to information (Whitman & Mattford, 2012, p. 19)
Data custodians: Working directly with data owners, data custodians are responsible for the storage,
maintenance, and protection of the information. Depending on the size of the organization, this may
be a dedicated position, such as the CISO, or it may be an additional responsibility of a systems
administrator or other technology manager. The duties of a data custodian often include overseeing
data storage and backups, implementing the specific procedures and policies laid out in the security
policies and plans, and reporting to the data owner.
Data users: End users who work with the information to perform their assigned roles supporting the
mission of the organization. Everyone in the organization is responsible for the security of data, so
data users are included here as individuals with an information security role.
Communities of Interest
Each organization develops and maintains its own unique culture and values. Within each organizational culture,
there are communities of interest that develop and evolve. As defined here, a community of interest is a group of
individuals who are united by similar interests or values within an organization and who share a common goal of
helping the organization to meet its objectives. While there can be many different communities of interest in an
organization, this book identifies the three that are most common and that have roles and responsibilities in
information security. In theory, each role must complement the other; in practice, this is often not the case.
information security community are not always in complete alignment, and depending on the organizational
structure, this may cause conflict.
6.12 Summary
Security is needed in an organisation, especially information security. This responsibility however does not just
rest with a single person or department. There are many areas that need attention, such as physical security,
personal security, operations security, communications security, national security, and network security, to name
a few. We can only protect the information from risk by the application of policy, education and technology.
Summary Questions:
4. Who should lead a security team? Should the approach to security be more managerial or technical?
Ideally, the lead of a security team should have some technical background, but it isn't essential. A good manager
is one who listens to what other team members are saying and is able to make decisions based on the evidence.
The manager must rely on the technical expertise of the members, even if they themselves are also technical in
nature. For a security team it is usually the case where a senior technical lead becomes the manager after a period
of time. That would be the best case scenario, but as mentioned, you have to have a person with good management
skills overall, whether they are technical in the area or not. A balanced approach is the goal from this team. The
end results are technical, but the decisions and how the team operates come from management, and how they
interface with the rest of the corporation is very important.
Group Work
Exercises:
Consider the information stored on your personal computer. For each of the terms listed,
find an example and document it: threat, threat agent, vulnerability, exposure, risk, attack,
and exploit.
Using the Web, identify the chief information officer, chief information security officer, and
systems administrator for Apple the makers of the IPAD. Which of these individuals
represents the data owner? Data custodian?
Using the Web, find out more about Kevin Mitnick. What did he do? Who caught him? Write
a short summary of his activities and explain why he is infamous.
Introduction
"The Sequential Label and Supply Company (often referred to as SLS) is a national supplier of stock labels as well
as a manufacturer of custom labels and distributor of supplies often used in conjunction with labels, such as
envelopes, adhesive tape, mailing cartons, and related office supplies. The company was founded by Fred Chin
in 1992 and has grown steadily in the intervening years. As the case study begins, the company has recognized
its growing dependence on information technology and has organized its information technology group as shown
below:
Taking calls and helping the office workers with PC problems was not glamorous, but it was challenging and paid
pretty well. Some of her friends worked at bigger companies, some at higher-tech companies, but everyone kept
up with each other, and they all agreed that technology jobs were a good way to pay the bills. The phone rang.
This was not a big deal for Amy. She answered her phone about 35 times an hour, 315 times a day, and nine days
every two weeks. The first call of the day started out the same as usual, with a worried user hoping Amy could help
him out of a jam. The call display on her screen gave her all the facts: the user's name, his phone number, the
department in which he worked, where his office was on the company campus, and a list of all the calls he'd made
in the past. "Hi, Bob," she said. "Did you get that document formatting problem squared away after our last call?"
"Sure did, Amy. Hope we can figure out what's going on today." "We'll try, Bob. Tell me about it."
"Well, my PC is acting weird," Bob said. "When I go to the screen that has my e-mail program running, it doesn't
respond to the mouse or the keyboard." "Did you try a reboot yet, Bob?" "Sure did. But the window wouldn't close,
and I had to turn it off. Once it finished the reboot, and I opened the e-mail program. Tt's just like it was before-no
response at all. The other stuff is working OK, but really, really slowly. Even my Internet browser is sluggish." "OK,
Bob. We've tried the usual stuff we can do over the phone. Let me open a case, and I'll dispatch a tech over as
soon as possible."
Amy looked up at the LED tally board on the wall at the end of the room. She saw that there were only two
technicians dispatched to desks ide support at the moment, and since it was the day shift, there were four available.
"Shouldn't be long at all, Bob."
She clicked off the line from Bob and typed her notes into ISIS, the company's Information Status and Issues
System. She assigned the newly generated case to the desk side dispatch queue, knowing the roving desk side
team would be paged with the details and would attend to Bob's problem
in just a few minutes.
A moment later, Amy looked up to see Charles Moody walking briskly down the hall. Charlie was the senior
manager of the server administration team. He was being trailed by three of his senior technicians as he made a
beeline from his office to the door of the server room where the company servers were kept in a controlled
environment. They all looked worried. Just then, Amy's screen beeped to alert her of a new e-mail. She glanced
down. It beeped again-and again. It started beeping constantly. She clicked on the envelope icon, and after a short
delay, the mail window opened. She had 47 new e-mails in her inbox. She opened one from Davey Martinez, an
acquaintance from the Accounting Department. The subject line said, "Wait till you see this." The message body
read, "Look what this has to say about our managers' salaries" There was an icon for a file attachment that Amy
did not recognize. But, she knew Davey, he often sent her interesting and funny e-mails. She clicked on the icon.
Her PC showed the hourglass pointer icon for a second and then resumed showing its normal pointer. Nothing
happened. She clicked on the icon for the next e-mail message. Nothing happened. Her phone rang again. She
clicked on the ISIS icon on her computer desktop to activate the call management software, and activated her
headset. "Hello, Tech Support, how can I help you?" She couldn't greet the caller by name because ISIS had not
yet opened the screen on her Pc.
"Hello, this is Erin Williams in Receiving." Amy glanced down at her screen. Still no ISIS. She glanced up to the
tally board and was surprised to see the inbound call counter tallying up waiting calls like digits on a stopwatch.
Amy had never seen so many calls come in at one time. "Hi, Erin," Amy said. "What's up?" "Nothing," Erin
answered. "That's the problem." The rest of the call was an exact replay of Bob's earlier call, except Amy couldn't
type the notes into ISIS and had to jot them down on a legal pad. She also couldn't dispatch the desk side support
team either. She looked at the tally board. It had gone dark. No numbers at all. Then she saw Charlie running down
the hall from the server room. He didn't look worried anymore. He looked frantic. Amy picked up the phone. She
wanted to check with her supervisor about what to do now. There was no dial tone. The next day at SLS found
everyone in technical support busy restoring computer systems to their former state and installing new virus and
worm control software. Amy found herself learning how to install desktop computer operating systems and
applications as SLS made a heroic effort to recover from the previous day's attack.
1. Do you think this event was caused by an insider or outsider? Why do you think this?
2. Other than installing virus and worm control software, what can SLS do to be ready for the next incident?
3. Do you think this attack was the result of a virus, or a worm? Why do you think this?
Starting Out
Fred Chin, CEO of Sequential Label and Supply, leaned back in his leather chair. He propped his feet up on the
long mahogany table in the conference room where the SLS Board of Directors had just adjourned their quarterly
meeting.
"What do you think about our computer security problem?" he asked Gladys Williams, the company's chief
information officer, or CIa. He was referring to last month's outbreak of a malicious worm on the company's
computer network. Gladys replied, "I think we have a real problem this time, and we need to put together a real
solution, not just a quick patch like the last time." Eighteen months ago someone had brought an infected floppy
disk in from home and infected the network. To prevent this from happening again, all the floppy drives were
removed from the company computers. Fred wasn't convinced. "Let's just add another thousand dollars in the next
budget to fix it up." Gladys shook her head. "You've known for some time now that this business runs on computers.
That's why you hired me as CIa. I've been researching information security, and my staff and I have some ideas
to discuss with you. I've asked Charlie Moody to come in today to talk about it. He's waiting to speak with us."
Charlie joined the meeting, and Fred said, "Hello, Charlie. As you know the Board of Directors met today. They
received a report on the expenses and lost production from the virus outbreak last month, and they directed us to
improve the security of our computers. Gladys says you can help me understand what we need to do about it."
"To start with," Charlie said, "instead of setting up a computer security solution, we need to develop an information
security program. We need a thorough review of our policies and practices, and we need to establish an ongoing
risk management program. There are some other things that are part of the process as well, but these would be a
good start." "Sounds expensive," said Fred. Charlie looked at Gladys, and then answered, "Well, there will be some
extra expenses for specific controls and software tools, and we may have to slow down our product development
projects a bit, but the program will be more of a change in our attitude about security than a spending spreeI don't
have accurate estimates yet, but you can be sure we will put cost- benefit worksheets in front of you before we
spend any money. “Fred thought about this for a few seconds. "OK. What is our next step?" Gladys answered, "To
start with, we need to initiate a project plan to develop our new information security program. We'll use our usual
systems development and project management approach. There are a few differences, but we can adapt our
current models easily. We will need to appoint or hire a person to be responsible for information security."
"Information security? What about computer security?" asked Fred. Charlie responded, "Information security
includes all the things we use to do business: software, procedures, data, networks, our staff, and computers. "I
see," Fred said. "Bring me the draft project plan and budget in two weeks. The audit committee of the board meets
in four weeks, and we'll need to report our progress."
Soon after the board of directors meeting, Charlie was promoted to chief information security officer, a new position
that reports to the CIa Gladys Williams, and that was created to provide leadership for SLS's efforts to improve its
security profile.
1. How do Fred, Gladys, and Charlie perceive the scope and scale of thenew information security effort?
2. How will Fred measure success when he evaluates Gladys' performance for this project? How about Charlie's
performance?
3. Which of the threats discussed in this chapter should receive Charlie's attention early in his planning process?
Industrial Espionage
Henry Magruder made a mistake: he left a CD at the coffee station. Later, Iris Majwabu was at the coffee station,
topping off her coffee cup, hoping to wrap up her work on the current SQL code module before it was time to go
home. As she turned to leave, she saw the unlabelled CD on the counter.
Being the helpful sort, she picked it up, intending to return it to the person who'd left it behind.
Expecting to find perhaps the latest device drivers, or someone's work from the development team's office, Iris
slipped the disk into the drive of her computer and ran a virus scan against its contents. She then opened the file
explorer program. She had been correct in assuming the CD contained data files, lots of them. She opened a file
at random, and names, addresses, and Social Security numbers scrolled down her screen. These were not the
test records she expected; instead they looked more like critical payroll data. Concerned, she found a readme.txt
file and opened it. It read: Jill, see files on this disc. Hope they meet your expectations. Wire money to my
account as arranged. Rest of data sent on payment. Iris realized that someone was selling sensitive company
data to an out- side information broker. She looked back at the directory listing and saw that the files spanned
the range of every department at Sequential Label and Supply-everything from customer lists to shipping
invoices. She saw one file that she knew contained the credit card numbers for every Web customer the
company supplied. She opened another file and saw that it stopped about halfway through the data. Whoever did
this had split the data into two parts. That made sense: payment on delivery of the first half.
Now, who did this belong to? She opened up the file properties option on the readme.txt file. The file owner was
listed as "hmagruder." That must be Henry Magruder, the developer two cubes over in the next aisle. Iris
pondered her next action. Iris called the company security hotline. The hotline was an anonymous way to report
any suspicious activity or abuse of company policy, although Iris chose to identify herself. The next morning, she
was called to a meeting with an investigator from corporate security, which led to more meetings with others in
corporate security, and then finally a meeting with the
Director of Human Resources and Gladys Williams, the CIO of SLS.
1. Was Iris justified in determining who the owner of the CD was?
2. Should Iris have approached Henry directly, or was the hotline the most effective way to take action?
3. Should Iris have placed the CD back at the coffee station and forgotten the whole thing? Would that response
have been ethical on her part?
1. Did Charlie effectively organize the work before the meeting? Why or why not? Make a list of the important
issues you think should be covered by the work plan. For each issue, provide a short explanation. 2. Will the
company get useful information from the team it has assembled? Why or why not?
3. Why might some attendees resist the goals of the meeting? Does it seem that each person invited was briefed
on the importance of the event and the issues behind it?
"Government executives expressed widespread concern about data leakage, whether caused by malicious actions
or accidental missteps, according to an online survey of 209 executives, conducted by 1105 Government
Information Group Content Solutions. In total, the survey conducted online in February, garnered 209 responses
from public sector executives from organizations ranging from the Department of Defense to civilian federal
agencies, to executives from state and local governments. Roughly a fifth of government agencies responding to
the survey reported that external IT security incidents have increased in the past year.
The seemingly constant stream of viruses, worms, rootkits, denial-of-service (DoS) attacks and other security
threats underscore how the government’s network perimeter has expanded and blurred, as the proliferation of
mobile and remote users has grown. A whopping 92% of those surveyed said they expect to spend at least as
much, if not more for information security threat prevention in the coming year. The average annual agency budget
for IT security threat prevention, across all levels of government was reported at $2.75 million
Progressive or leading edge agencies expressed concern about the proliferation of mobile devices and the impact
of cloud computing on security, and are most likely to be investigating single-sign on authentication alternatives,
in their ongoing efforts to improve agency IT threat prevention infrastructures. The proliferation of mobile devices
with confidential information and access to internal systems was viewed as an increasing security concern, by 78%
of respondents.
IT security audits are conducted to test and ensure an agency’s IT assets are, in fact, protected. Not surprisingly,
those respondents who reported failing an IT security audit were also more apt to increase their budgets for IT
security protections. Since agencies undergo both external security audits as well as internal audits, the survey
results indicated that nearly 20% of respondents had failed at least one external audit and 22% had failed at least
one recent internal security audit.
Although a lack of adequate protection against data loss or leaks is considered a serious problem, survey
respondents to the 1105 Government Information Group Content Solutions Information Security Survey, said
investments in content security and data loss prevention were not as high on the priority list, as were investments
in intrusion detection, firewalls, VPNs, IP security and continuous monitoring. Data loss prevention (DLP) helps
ensure that sensitive personal information and classified information housed on government networks remains
safe and secure.
Conclusion
In conclusion I would like to thank you for taking the time to go through this module. The journey ahead is bright
and positive. The foundations laid in this and the previous module will put you on a very rewarding track in terms
of gearing towards taking an organisation to new modes of acquiring success simply by understanding this module
and applying relevant methods or methodologies.
I hope this study guide has helped in contextualizing this information. It should have firmed up your understanding
of Business Intelligence and at the processes, policies and principles of protecting your data and using your data
with business intelligence.
This diagram should help you recap what we have already covered. Thank you
Bibliography
Paige Baltzan, A. P. (2009). Business Driven Information Systems. New York: McGraw-Hill.
Schniederjans, M. J. (2004). Information Technology Investment: Decision-Making Methodology. World
Scientific Pub Co Inc.
Whitman, M. E., & Mattford, H. J. (2012). Principles of Information Security (4th Edition ed.). China: China
Translation and Printing Services Limited.
Williams, B. K., & Sawyer, S. C. (2010). Using Information Technology (International Edition ed.). New York:
Mcgraw & Hill.