BCOM ITM - Information Technology Management 2B

Bachelor of Commerce
in Information and Technology

Management
(Year 2)
INFORMATION TECHNOLOGY
MANAGEMENT 2B
Module Guide
Copyright© 2021
MANCOSA
All rights reserved, no part of this book may be reproduced in any form or by any means, including photocopying machines,
without the written permission of the publisher. Please report all errors and omissions to the following email address:
modulefeedback@mancosa.co.za
IT Management 2B
Bachelor of Commerce
in Information and Technology Management (Year 2)
INFORMATION TECHNOLOGY MANAGEMENT 2B
Unit 1: Introduction To Information Technology .................................................................................................... 13

Unit 2: Impact Of Information Technology ............................................................................................................. 40
Unit 3: Information Technology Investments ......................................................................................................... 54
Unit 4: Business Intelligence ................................................................................................................................ 90
Unit 5: Data Warehousing And Data Mining ..................................................................................................... 106
Unit 6: Principles Of Information Security .......................................................................................................... 117
Conclusion .......................................................................................................................................................... 140
Bibliography ........................................................................................................................................................ 141
i MANCOSA – BCOM ITM Yeari 2

Information Technology Management 2B
List of Content
List of Figures
Figure 1 - IT covered in Module 2A..................................................................................................................... 5
Figure 2 - IT Covered in this Module 2B ............................................................................................................. 6
Figure 3 - The Abacus : One of the very first information processors. .............................................................. 18
Figure 4 - The Slide Rule : Early 1600s, William Oughtred, an English clergyman, invented the slide rule...... 18
Figure 5 - The Pascaline : The Pascaline. Invented by Blaise Pascal (1623-62).............................................. 19
Figure 6 - The Pascaline Interior : One of the first mechanical computing machines, around 1642. ................ 19
Figure 7 - Charles Babbage (1792-1871), eccentric English mathematician - The Difference Engine. ............ 20
Figure 8 - The Analytical Engine. ...................................................................................................................... 20
Figure 9 - Joseph Marie Jacquard's loom. Parts are remarkably similar to modern-day computers, designed in
the 1830's, inspired binary logic. ....................................................................................................................... 21
Figure 10- Census Machine, used punch cards. .............................................................................................. 22
Figure 11- 1890 : International Business Machines Corporation (IBM). The first logo, still a very big player in
modern day computing. .................................................................................................................................... 22
Figure 12- Howard Aiken, a Ph.D. student at Harvard University Built the Mark I, which was completed
January 1942 8 feet tall, 51 feet long, 2 feet thick, weighed 5 tons, used about 750,000 parts ........................ 22
Figure 13 - Electronic Numerical Integrator and Computer (ENIAC) - 1946 ..................................................... 23
Figure 14 - Electronic Numerical Integrator and Computer (ENIAC) - 1946: Rear View - Note vaccum tubes. 23
Figure 15- The Manchester University Mark I (prototype). First stored program computer .............................. 23
Figure 16- The First Generation (1951-1958). .................................................................................................. 24
Figure 17 - The Second Generation (1959-1963). ............................................................................................ 24
Figure 18- The Third Generation ...................................................................................................................... 25
Figure 19- MIS Hierarchical planning stages (Schniederjans, 2004, p. 16) ..................................................... 60
Figure 20- Complicated dimensions of sub choices.......................................................................................... 63
Figure 21- A Management Information System - Allocating all resources to this can be considered to be an IT
investment (Schniederjans, 2004) .................................................................................................................... 63
Figure 22: Overall structure of our method. ...................................................................................................... 66
1 MANCOSA – Bachelor of Commerce Information and Technology Management Year 2

Figure 23: The concept of a value center (Venkatraman,1997) ........................................................................ 67
Figure 24:Operating models (Ross et al., 2006). .............................................................................................. 69
Figure 25: Problem chains ................................................................................................................................ 71
Figure 26: Relation between requirements engineering and enterprise architecture ........................................ 72
Figure 27: Relation between requirements and architecture models ................................................................ 72
Figure 28: Views on an architecture model ....................................................................................................... 73
Figure 29: Investment portfolios........................................................................................................................ 75
Figure 30: Bedell’s method and enterprise architecture.................................................................................... 75
Figure 31: Example of an activity level portfolio ................................................................................................ 76
Figure 32: Valuation profile for Bedell’s method .............................................................................................. 77
Figure 33: Business process portfolio in BiZZdesign Architect ......................................................................... 78
Figure 34: Business process folio in Excel ....................................................................................................... 78
Figure 35- BI Strategic, Tactical and Operational ........................................................................................... 101
Figure 36 - Operational Tactical and Strategic BI ........................................................................................... 102
Figure 37- The three forms of BI must work according towards a common goal. ........................................... 102
Figure 38 - The Latency between a business event and an action Taken from Richard Hackathorn, Bolder
Technologies. ................................................................................................................................................. 102
Figure 39- Data Warehouse (Wikimedia Commons) ...................................................................................... 109
Figure 40 - Components of Information Security (Whitman & Mattford, 2012) ............................................... 121
Figure 41- Components of an Information System (Whitman & Mattford, 2012) ............................................ 124
Figure 42- Balancing Security and Access to information (Whitman & Mattford, 2012, p. 19) ........................ 127
Figure 43- SLS Organisation .......................................................................................................................... 132
MANCOSA – Bachelor of Commerce in Information and Technology Management Year 2 2

Preface
A. Welcome
Dear Student
It is a great pleasure to welcome you to Information and Technology Management 2B (ITM2B6). To make sure
that you share our passion about this area of study, we encourage you to read this overview thoroughly. Refer to
it as often as you need to, since it will certainly make studying this module a lot easier. The intention of this module
is to develop both your confidence and proficiency in this module.
The field of Information and Technology Management 2B is extremely dynamic and challenging. The learning
content, activities and self- study questions contained in this guide will therefore provide you with opportunities to
explore the latest developments in this field and help you to discover the field of Information and Technology
Management 2B as it is practiced today.
This is a distance-learning module. Since you do not have a tutor standing next to you while you study, you need
to apply self-discipline. You will have the opportunity to collaborate with each other via social media tools. Your
study skills will include self-direction and responsibility. However, you will gain a lot from the experience! These
study skills will contribute to your life skills, which will help you to succeed in all areas of life.
This module, IT Management, forms an integral part of the MANCOSA qualification and serves to introduce the
student to the fundamentals of Information Technology (IT) Management together with the methods and theories
that support the integration of these technologies within business objectives. In doing so, the module expands on
the building blocks of Information Technology and their integration and application in the world and how it impacts
on the individual, the organisation and on society. After exploring Information Technology in terms of those impact
areas, we consider how strategy is key to investing in IT. Part of any organisation strategy should be to gather
business intelligence from the information it holds. This will lead to an in-depth discussion on Data Warehousing
and Data Mining. We will conclude this module with look at the principles of Information Security.
Thus this module will provide you with a holistic understanding of the impacts of Technology and contextualizing
this information. It will firm up your understanding of Business Intelligence and will finally look at the process and
principles of protecting your data and using your data with business intelligence.
We hope you enjoy the module.
MANCOSA does not own or purport to own, unless explicitly stated otherwise, any intellectual property
rights in or to multimedia used or provided in this module guide. Such multimedia is copyrighted by the
respective creators thereto and used by MANCOSA for educational purposes only. Should you wish to use
copyrighted material from this guide for purposes of your own that extend beyond fair dealing/use, you
must obtain permission from the copyright owner.
3 MANCOSA – Bachelor of Commerce in Information and Technology Management Year 2

B. Module Overview
 The module is a 15 credit module at NQF level 6
 Expose learners to information technology and processes that will facilitate management and decision making
in organisations.
 Understand the impact of information technology on the organisation, individual and society.
 Evaluate the benefits and drawbacks of information technology investments.
 Understand and apply the principles of data warehousing and data mining.
 Understand and apply the basic principles of information security.
Contents and Structure

Unit 1: Information Technology Fundamentals
This first section revisits the concepts of Information Technology (ICT). In this section the nature and definition of
Information Technology are reviewed bearing in mind the information we have covered in the previous module.
The idea in this section is to provide the framework and context for the rest of the module within which we will
operate.
Unit 2: Impact of Information Technology

In this section we will review some of the ways in which Information Technology has impacted the organisation,
individual and society.
Unit 3: Information Technology Investments

Bearing the previous section in mind, section three puts the student in touch with understanding how the strategies
that one adopts in respect to Information Technologies affect the investments in Information Technology. We
consider the trends in Technology and the strategies and then the investments one should make.
Unit 4: Business Intelligence

We will realize that it is imperative to understand and prepare for ICT so that your organisation is ready to embrace
these changes and then to capitalize on these Investments. However, we will also see that one needs to evaluate
current trends and patterns within an organisation by making use of Business Intelligence methods to help the
decision making process. The use or lack of use of Business Intelligence can often spell the difference between,
organisations becoming insolvent and just surviving to the ones that are thriving through innovation that their
customers are craving, ultimately this is where the larger profit margins are!
We challenge you to identify opportunities and risks within your organisation together with some case studies for
review and will lay the basis for section 5 which deals with Data Warehousing and Data Mining

Unit 5: Data Warehousing and Data Mining

Data warehousing often happens without any conscious intention, however when that happens the organisation is
usually not prepared to harvest and analyze the information they are collecting so that they can make business
decisions based on factual data which they would get through analyzing the data (data mining) they own. The key
is to identify how we mine the data we have obtained in order to take the organisation forward by using the
information we have to draw conclusions based on trends so we can innovate and meet customers' needs or be
disruptive in our innovation so that we can be leaders in that new area.
Unit 6: Principles of Information Security

Data of individuals and the company have value and needs to be protected from abuse or from being compromised.
In a very real sense we will discover that data and business intelligence data is almost a currency of its own and
commands the need for security.
What have we learnt about Information Technology in the previous module?
Figure 1 - IT covered in Module 2A
Remembering the information in the previous module regarding Information Technology, we will look at Information
Technology in the light of how this knowledge will facilitate management and decision making in an organisation.
The organisation can only benefit from understanding intelligently the facts and trends that are presented by the

data the organisation has gleaned from its customers. This business intelligence can tip the scale for the future of
the organisation.
Let us look closer at the way this module is set out?

What we will learn about Information Technology in this module?
Figure 2 - IT Covered in this Module 2B
In a nutshell this module will recap the Information Technology fundamentals that we have learnt and will then
tackle the impact of Information Technology. Knowing the impact of Information Technology in the various areas
will assist us in understanding the benefits and drawbacks of Information Technology investments and ways in
which managers can tackle this contentious area. We take an in-depth look at Business Intelligence as a tool to
be leveraged in making the organisations future more than just survival but also of profitability. We cover the
cornerstone of Business Intelligence being Data Warehousing and Data Mining

C. Exit Level Outcomes and Associated Assessment Criteria of the Programme

Exit Level Outcomes (ELOs) Associated Assessment Criteria (AACs)
 The structure of data, information and  Structure of data, information and knowledge is
knowledge in an organisational setting reviewed within an organisational setting to
emphasize data processes
 The application of information and knowledge  Information and knowledge management

management principles and theories in a variety principles and theories are applied in a variety of
of organisational settings organisational settings to eliminate disarray
 The application of information and knowledge  Information and knowledge management

management principles in the different principles is applied in different functional units of
functional units of an enterprise an enterprise to maintain consistency
 The architecture, platforms and configuration of  Architecture, platforms and configuration of

systems to generate information and knowledge systems is examined to generate information and
for decision making knowledge for decision making
 Utilisation of information and knowledge  Information and knowledge management is

management as a strategic tool for competitive applied as a strategic tool for competitive
advantage advantage to promote organisational information
and knowledge management skills
 Analysis, evaluation and representation of  Financial, quantitative and functional information

financial, quantitative and functional information and knowledge is analysed, evaluated and
and knowledge for meaningful interpretation presented for meaningful interpretation to
establish organisational information
and knowledge management needs
 Proposal of business solutions through  Business solutions are proposed utilising

information and knowledge management information and knowledge management
techniques techniques to enhance organisational
performance

D. Learning Outcomes and Associated Assessment Criteria of the Module

LEARNING OUTCOMES OF THE MODULE ASSOCIATED ASSESSMENT CRITERIA OF THE MODULE
 Expose learners to information technology  Information technology and processes are explored to
and processes that will facilitate facilitate management and decision making in
management and decision making in organisations
organisations
 Understand the impact of information  Impact of information technology on the organisation,

technology on the organisation, individual individual and society is reviewed to enable industrial
and society changes
 Evaluate the benefits and drawbacks of  Benefits and drawbacks of information technology
information technology investments investments is explored within an organisation to
demonstrate possible changes that may transpire due
to IT
 Understand and apply the principles of data  Principles of data warehousing and data mining is
warehousing and data mining understood and applied in an organisation to secure
organisational assets
 Understand and apply the basic principles of  Principles of security is understood and applied in an
information security organisation to form a secured IT system
E. Unit Learning Outcomes

You will find the Unit Learning Outcomes on the introductory pages of each Unit in the Module Guide. The Unit
Learning Outcomes lists an overview of the areas you must demonstrate knowledge in and the practical skills you
must be able to achieve at the end of each Unit lesson in the Module Guide.

F. Notional Learning Hours
Notional Learning Hour Table for the Programme
Learning time
Types of learning activities
%
Lectures/Workshops (face to face, limited or technologically mediated) 15
Tutorials: individual groups of 30 or less 0

0
Syndicate groups
0
Practical workplace experience (experiential learning/work-based learning etc.)
Independent self-study of standard texts and references (study guides, books, journal 27
articles)
Independent self-study of specially prepared materials (case studies, multi-media, etc.) 40
Other: Online 18
TOTAL 100
G. How to Use this Module

This Module Guide was compiled to help you work through your units and textbook for this module, by breaking
your studies into manageable parts. The Module Guide gives you extra theory and explanations where necessary,
and so enables you to get the most from your module.
The purpose of the Module Guide is to allow you the opportunity to integrate the theoretical concepts from the
prescribed textbook and recommended readings. We suggest that you briefly skim read through the entire guide
to get an overview of its contents. At the beginning of each Unit, you will find a list of Learning Outcomes and
Associated Assessment Criteria. This outlines the main points that you should understand when you have
completed the Unit/s. Do not attempt to read and study everything at once. Each study session should be 90
minutes without a break
This module should be studied using the prescribed and recommended textbooks/readings and the relevant
sections of this Module Guide. You must read about the topic that you intend to study in the appropriate section
before you start reading the textbook in detail. Ensure that you make your own notes as you work through both the
textbook and this module. In the event that you do not have the prescribed and recommended textbooks/readings,
you must make use of any other source that deals with the sections in this module. If you want to do further reading,
and want to obtain publications that were used as source documents when we wrote this guide, you should look

at the reference list and the bibliography at the end of the Module Guide. In addition, at the end of each Unit there
may be link to the PowerPoint presentation and other useful reading.
H. Study Material
The study material for this module includes tutorial letters, programme handbook, this Module Guide, a list of
prescribed and recommended textbooks/readings which may be supplemented by additional readings.
I. Prescribed and Recommended Textbook/Readings

The textbook presents a tremendous amount of material in a simple, easy-to-learn format. You should read ahead
during your course. Make a point of it to re-read the learning content in your module textbook. This will increase
your retention of important concepts and skills. You may wish to read more widely than just the Module Guide and
the prescribed textbook, the Bibliography and Reference list provides you with additional reading.
 Reynolds, George W. (2010) Information Technology for Managers, International Edition. United States of
America: Cengage Learning
 Schniederjans, M.J., 2004. Information Technology Investment: Decision-Making Methodology. World
Scientific Pub Co Inc.
 Williams, B and Sawyer,S. (2010) Using Information Technology, 8th Edition. USA, New York: Mcgraw-Hill
 Bidgoli, H. (2012) MIS2. Boston: Cengage Learning
 Whitman, Michael E. (2011) Principles of Information Security. 4 Edition. Course Technology.
 Paige Baltzan, A.P., 2009. Business Driven Information Systems. New York: McGraw-Hill.
Web Resources:
https://docs.google.com/open?id=0B1ZF9spPlWD-Z2VjbVM4UExtYWsWeb Resources:
 See (Case Sensitive) https://docs.google.com/open?id=0B1ZF9spPlWD-Z2VjbVM4UExtYWs

J. Special Features
In the Module Guide, you will find the following icons together with a description. These are designed to help you
study. It is imperative that you work through them as they also provide guidelines for examination purposes.
Special Feature Icon Explanation
The Learning Outcomes indicate aspects of the particular Unit you have
LEARNING to master.
OUTCOMES
The Associated Assessment Criteria is the evaluation of the students’

ASSOCIATED
understanding which are aligned to the outcomes. The Associated
ASSESSMENT
Assessment Criteria sets the standard for the successful demonstration
CRITERIA
of the understanding of a concept or skill.
A Think Point asks you to stop and think about an issue. Sometimes you
THINK POINT are asked to apply a concept to your own experience or to think of an
example.
You may come across Activities that ask you to carry out specific tasks.
In most cases, there are no right or wrong answers to these activities.
ACTIVITY
The purpose of the activities is to give you an opportunity to apply what
you have learned.
At this point, you should read the references supplied. If you are unable
READINGS to acquire the suggested readings, then you are welcome to consult any
current source that deals with the subject.
PRACTICAL Practical Application or Examples will be discussed to enhance
APPLICATION understanding of this module.
OR EXAMPLES
KNOWLEDGE You may come across Knowledge Check Questions at the end of each
CHECK Unit in the form of Knowledge Check Questions (KCQ’s) that will test
QUESTIONS your knowledge. You should refer to the Module Guide or your
textbook(s) for the answers.
You may come across Revision Questions that test your understanding
REVISION
of what you have learned so far. These may be attempted with the aid
QUESTIONS
of your textbooks, journal articles and Module Guide.

Case Studies are included in different sections in this Module Guide.
CASE STUDY This activity provides students with the opportunity to apply theory to
practice.
You may come across links to Videos Activities as well as instructions
VIDEO ACTIVITY on activities to attend to after watching the video.

Unit
1: Introduction to
Information Technology

Unit Learning Outcomes

CONTENT LIST LEARNING OUTCOMES
1.1 Introduction  Define Information Technology
1.2 Information Technology Definition
1.3 Timeline of Information Technology  Discuss the Four basic periods that are in the timeline of
through the ages information technology through the ages
1.4 The Four Generations of Digital  Understand the history of computers and how it changed the
Computing world and grasp that these changes need to be spotted
1.5 Information and Communication so that a company can adopt disruptive technologies in time to
Technology and the Future ensure their sustainability for the future and perhaps become
market leaders themselves
1.6 Summary  Summarise topic areas covered in unit

Prescribed / Recommended Readings
 Reynolds, George W. (2010) Information Technology for Managers, International

Edition. United States of America: Cengage Learning
DETAILS: Chapter of Book that should be read.

Chapter 1: Managers: Key to Information Technology Results.
Chapter 2: Strategic Planning.
 Williams, B and Sawyer,S. (2010) Using Information Technology, 8th Edition. USA,
New York: McGraw-Hill

Chapter 1 INTRODUCTION TO INFORMATION TECHNOLOGY: Your Digital World
(should have been read from previous module)
Chapter 9 THE CHALLENGES OF THE DIGITAL AGE: Society & Information Technology
Today
Chapter 3: SOFTWARE: Tools for Productivity & Creativity
Chapter 4: HARDWARE: THE CPU & STORAGE: How to Choose a Multimedia Computer
System
Chapter 5: HARDWARE: INPUT & OUTPUT: Taking Charge of Computing &

Communications
Chapter 6: COMMUNICATIONS, NETWORKS, & SAFEGUARDS: The Wired & Wireless

World
Chapter 7: PERSONAL TECHNOLOGY: The Future Is You
Chapter 8: DATABASES & INFORMATION SYSTEMS: Digital Engines for Today’s

Economy
Chapter 10: SYSTEMS ANALYSIS & PROGRAMMING: Software Development,

Programming, & Languages

1.1 Introduction
In this unit we will be reviewing what we have learnt about Information Technology in the previous module and
use this as the basis for the next unit on the Impact of Information Technology on ourselves, the organisation and
society.
Think Point
 What is Information Technology?
 Do we embrace or resist Information Technology?
 Has Information Technology already infiltrated our lives?
 How has information technology developed over time and where is it heading to?
1.2 Information Technology Definition

Information and communication technology (ICT) can be defined as - "ways of finding, gathering, and
manipulating information and then presenting or communicating it. ICT includes making computers and providing
software, programming and communication services such as email and the Internet"1.
REMEMBER:
Information
Technology:
Ways of finding,
gathering,
manipulating
information and
then presenting or
communicating it
"ICT (information and communications technology - or technologies) is an umbrella term that includes any
communication device or application, encompassing: radio, television, cellular phones, computer and network
1 Poverty Reduction Dictionary. 2011. Poverty Reduction Dictionary. [ONLINE] Available at:
http://www.srds.co.uk/mdg/dictionary.htm. [Accessed 15 October 2011].

hardware and software, satellite systems and so on, as well as the various services and applications associated
with them, such as videoconferencing and distance learning."2
"ICT consists of all technical means used to handle information and aid communication, including computer and
network hardware, communication middleware as well as necessary software. In other words, ICT consists of IT
as well as telephony, broadcast media, all types of audio and video processing and transmission and network
based control and monitoring functions."3
Using these definitions, we can see that we have quite a wide and diverse area that is classified as Information
Technology.
1.3 Timeline of Information Technology through the ages:

Four basic periods
"Each of these periods are characterized by a principal technology used to solve the input, processing, output
and communication problems of the time:
A. Premechanical,
B. Mechanical,
C. Electromechanical, and
D. Electronic
A. The Pre-Mechanical Age: 3000 B.C. - 1450 A.D.

We can attribute the following in the pre-mechanical age, towards being among the key technological steps
towards our current technologies,
1. Books and Libraries--output technologies (permanent storage devices).

- Religious leaders in Mesopotamia kept the earliest "books"
- The Egyptians kept scrolls.
- Around 600 B.C., the Greeks began to fold sheets of papyrus vertically into leaves and bind them together.
2. The First Numbering Systems.

- Egyptian system: The numbers 1-9 as vertical lines, the number 10 as a U or circle, the number 100 as a coiled
rope, and the number 1,000 as a lotus blossom.
- The first numbering systems similar to those in use today were invented between 100 and 200 A.D. by Hindus
in India who created a nine-digit numbering system.
- Around 875 A.D., the concept of zero was developed.
2 What is ICT (information and communications technology - or technologies)? - Definition from

Whatis.com. 2011. What is ICT (information and communications technology - or technologies)? -
Definition from Whatis.com. [ONLINE] Available at: http://searchcio-
midmarket.techtarget.com/definition/ICT. [Accessed 15 October 2011].
3 http://foldoc.org/Information+and+Communication+Technology

3. The First Calculators: The Abacus.
Figure 3 - The Abacus : One of the very first information processors.
B. The Mechanical Age: 1450 - 1840

1. The First Information Explosion.
o Johann Gutenberg (Mainz, Germany; c. 1387-1468)
 Invented the movable metal-type printing process in 1450.
o The development of book indexes and the widespread use of page numbers.
2. The first general purpose "computers"

o Actually people who held the job title "computer: one who works with numbers."
3. Slide Rules, the Pascaline and Leibniz's Machine.
Figure 4 - The Slide Rule : Early 1600s, William Oughtred, an English clergyman, invented the slide rule

4. Early example of an analog computer.
Figure 5 - The Pascaline : The Pascaline. Invented by Blaise Pascal (1623-62).
Figure 6 - The Pascaline Interior : One of the first mechanical computing machines, around 1642.

5. Babbage's Engines
Figure 7 - Charles Babbage (1792-1871), eccentric English mathematician - The Difference Engine.
Figure 8 - The Analytical Engine.

Figure 9 - Joseph Marie Jacquard's loom. Parts are remarkably similar to modern-day computers,
designed in the 1830's, inspired binary logic.
C. The Electromechanical Age: 1840 - 1940.

The discovery of ways to harness electricity was the key advance made during this period. Knowledge and
information could now be converted into electrical impulses.
The Beginnings of Telecommunication.

1. Voltaic Battery.
 Late 18th century.
2. Telegraph.
 Early 1800s.
3. Morse Code.
 Developed in1835 by Samuel Morse
 Dots and dashes.
4. Telephone and Radio.
 Alexander Graham Bell.
 1876
5. Followed by the discovery that electrical waves travel through space and can produce an effect far from the
point at which they originated.
6. The invention of the radio

 Guglielmo Marconi
 1894
2. Electromechanical Computing
1. Herman Hollerith and IBM.
Herman Hollerith (1860-1929) in 1880.
Figure 10- Census Machine, used punch cards.
Figure 11- 1890 : International Business Machines Corporation (IBM). The first logo, still a very big player
in modern day computing.
Figure 12- Howard Aiken, a Ph.D. student at Harvard University Built the Mark I, which was completed
January 1942 8 feet tall, 51 feet long, 2 feet thick, weighed 5 tons, used about 750,000 parts
D. The Electronic Age: 1940 - Present.

1. First Tries.
 Early 1940s
 Electronic vacuum tubes.

o Eckert and Mauchly. The First High-Speed, General-Purpose Computer Using Vacuum Tubes:
Electronic Numerical Integrator and Computer (ENIAC)
Figure 13 - Electronic Numerical Integrator and Computer (ENIAC) - 1946
Figure 14 - Electronic Numerical Integrator and Computer (ENIAC) - 1946: Rear View - Note vaccum tubes.
 Used vacuum tubes (not mechanical devices) to do its calculations. Hence, first electronic computer.
Figure 15- The Manchester University Mark I (prototype). First stored program computer

 The First General-Purpose Computer for Commercial Use: Universal Automatic Computer
(UNIVAC). First UNIVAC delivered to Census Bureau in 1951. A machine called LEO (Lyons Electronic
Office) went into action a few months before UNIVAC and became the world's first commercial
computer.
1.4 The Four Generations of Digital Computing.

The First Generation (1951-1958)
Figure 16- The First Generation (1951-1958).

1. Vacuum tubes as their main logic elements.
2. Punch cards to input and externally store data.
3. Rotating magnetic drums for internal storage of data and programs
4. Programs written in Machine language
5. Assembly language requires a compiler.
The Second Generation (1959-1963).
Figure 17 - The Second Generation (1959-1963).
1. Vacuum tubes replaced by transistors as main logic element.

2. Crystalline mineral materials called semiconductors could be used in the design of a device called a
transistor

3. Magnetic tape and disks began to replace punched cards as external storage devices.
4. Magnetic cores (very small donut-shaped magnets that could be polarized in one of two directions to represent
data) strung on wire within the computer became the primary internal storage technology.
5. High-level programming languages
6. E.g., FORTRAN and COBOL
The Third Generation (1964-1979).
REMEMBER:
4 BASIC
PERIODS
Pre-Mechanical,
Mechanical,
Electromechanical,
A. Electronic
Figure 18- The Third Generation

1. Individual transistors were replaced by integrated circuits.
2. Magnetic tape and disks completely replace punch cards as external storage devices.
3. Magnetic core internal memories began to give way to a new form, metal oxide semiconductor (MOS) memory,
which, like integrated circuits, used silicon-backed chips.
Operating systems
Advanced programming languages like BASIC developed. This is where Bill Gates and Microsoft got their start in
1975.
The Fourth Generation (1979- Present).

1. Large-scale and very large-scale integrated circuits (LSIs and VLSICs)
2. Microprocessors that contained memory, logic, and control circuits (an entire CPU = Central Processing
Unit) on a single chip.
 Which allowed for home-use personal computers or PCs, like the Apple (II and Mac) and IBM PC.
 Apple II released to public in 1977, by Stephen Wozniak and Steven Jobs.
 Initially sold for $1,195 (R9 560) (without a monitor); had 16k RAM.
 First Apple Mac released in 1984.

 IBM PC introduced in 1981.

 Debuts with MS-DOS (Microsoft Disk Operating System)
 Fourth generation language software products E.g., Visicalc, Lotus 1-2-3, dBase, Microsoft Word, and
many others.
 Graphical User Interfaces (GUI) for PCs arrive in early 1980s
1. MS Windows debuts in 1983, but is quite a clunker.
Windows wouldn't take off until version 3 was released in 1990
Source: Information Technology History - Outline. 4
1.5 Information and Communication Technology and the Future

Computer Development
When we look back at the rapid pace of technology and the change we make in our own lives to embrace
technology, we realize that more change is a certainty. According to Invalid source specified. Page 34, the
exciting changes that lie ahead in computer development are speed, miniaturization and affordability. History is
showing us that this is exactly the direction we have always being heading.
Miniaturization
Radio-style vacuum tubes have given away to transistors, which enabled the development of integrated circuits,
which are now smaller than your thumbnail. In the past the processing power of the processer (CPU) found on a
desktop PC was equivalent to the size of one that filled a room.
Speed
Due to the advancements made in miniaturization and the research into new materials to make computer
components, we have seen that both speed and data storage rise significantly.
4 Information Technology History - Outline. 2012. Information Technology History - Outline.

[ONLINE] Available at: http://www.tcf.ua.edu/Classes/Jbutler/T389/ITHistoryOutline.htm. [Accessed
27 April 2012].

Affordability
Imagine that a processor that costs around R7000 today in terms of its processing power cost around 7 Million
Rand back then.
Connectivity
Because of the expansion in computer networks, e-mail and online shopping became more viable. This
interconnected network created the infrastructure for growth.
Interactivity
Without interaction a computer program such as backing up the system will perform its task until completion or
error. In our normal computer use, we interact with ICT, and it is very much like a dialogue between people, except
that you can simply continue a dialogue with a computer at exactly the same point you left off. This interaction
when the computer responds to our requests makes them useful.
We are seeing changes in interactivity, for instance it is now possible to give a vehicle verbal instructions or voice
commands, or you can go online after a news broadcast and respond to what you saw. Quite often you will hear
on the radio, what people have sms'ed or e-mailed about a topic being discussed.
Multimedia
The World Wide Web transformed how multimedia was presented and accessed, and thus resulted in such a
widespread adoption. Even modern vehicles now, have visual and audiovisual devices that enable navigation,
movies and music.
The future where computers and communications combine will create even more exciting possibilities. Possibilities
in Convergence, Portability and Personalization are in the future and already rearing its head into the consumer
markets at the time of writing this module.
Convergence
People smirked when the concepts of phones combined with cameras were introduced, today that has become
the standard for a cellphone. Convergence is when you combine various industry needs into one device or product,
such as the TV watch, or lately the IPAD 2/3 or the other android devices that have more processing power than
the space shuttle in 1981 which was "The IBM AP-101 which had about 424 kilobytes of magnetic core memory
each. The CPU could process about 400,000 instructions per second. They had no hard disk drive, and load
software from magnetic tape cartridges." 5
5Space Shuttle - Wikipedia, the free encyclopedia. 2011. Space Shuttle - Wikipedia, the free
encyclopedia. [ONLINE] Available at: http://en.wikipedia.org/wiki/Space_Shuttle. [Accessed 04
October 2011].

Portability
The beauty and convenience of Andriod, Blackberry, and Iphones have left no doubt to the power of handheld
power and portability. There is however the downside that, we now have our personal time often invaded with
business.
1. Personalization
The key to contentment is personalization. This is from covers to themes- to gadgets. The more you can tailor it to
your own needs, the more you love the item you can personalize.
2. Collaboration
Action towards common goals, is what collaboration is all about. Collaboration has become a very powerful force,
especially with the power of communication mediums that are becoming easier to access and cheaper to use.
Collaboration via these mediums, bypass many humans conceived barriers of race, religion, physical appearance.
Collaboration software together with these communication mediums have created giants like skype and facebook
and will continue to grow. We will learn more about collaboration in Section 4.
3. Cloud Computing: The Global Computer

Previously called grid computing, cloud computing is simply using computer resources from a network of computers
that are physically separate from your business and are usually stored in a secure data warehouse. Cloud
computing displaces the usual concerns that come with disaster recovery and management. Cloud computing has
really started taking off as a service and is becoming more the norm, rather than the exception.
Please read the table on the next few pages to understand more about the History of Computers adapted from:
Computer Timeline.

TIME LINE OF COMPUTER EVENTS
YEAR EVENT
2400 BC Abacus: The abacus, the first known calculator, was invented in Babylonia
500 BC Panini: Introduced the forerunner to modern formal language theory
300 BC Pingala: Pingala invented the binary number system
87 BC Antikythera Mechanism: Built in Rhodes to track movement of the stars
60 AD Heron of Alexandria: Heron of Alexandria invents machines which follow a series of

instructions
724 Liang Ling-Can: Liang Ling-Can invents the first fully mechanical clock
1492 Leonardo da Vinci: Drawings by Leonardo da Vinci depict inventions such as flying
machines, including a helicopter, the first mechanical calculator and one of the first
programmable robots
1614 John Napier: John Napier invents a system of moveable rods (Napier's Rods) based on
logarithms which was able to multiply, divide and calculate square and cube roots
1622 William Oughtred: William Oughtred develops slide rules
1623 Calculating Clock: Invented by Wilhelm Schickard
1642 Blaise Pascal: Blaise Pascal invents the the "Pascaline", a mechanical adding machine
1671 Gottfried Leibniz: Gottfried Leibniz is known as one of the founding fathers of calculus
1801 Joseph-Marie Jacquard: Joseph-Marie Jacquard invents an automatic loom controlled by

punched cards
1820 Arithmometer: The Arithmometer was the first mass-produced calculator invented by
Charles Xavier Thomas de Colmar
1822 Charles Babbage: Charles Babbage designs his first mechanical computer
1834 Analytical Engine: The Analytical Engine was invented by Charles Babbage

1835 Morse code: Samuel Morse invents Morse code
1848 Boolean algebra: Boolean algebra is invented by George Boole
1853 Tabulating Machine: Per Georg Scheutz and his son Edvard invent the Tabulating
Machine
1869 William Stanley Jevons: William Stanley Jevons designs a practical logic machine
1878 Ramon Verea: Ramon Verea invents a fast calculator with an internal multiplication table
1880 Alexander Graham Bell: Alexander Graham Bell invents the telephone called the
Photophone
1884 Comptometer: The Comptometer is an invention of Dorr E. Felt which is operated by
pressing keys
1890 Herman Hollerith: Herman Hollerith invents a counting machine which increment
mechanical counters
1895 Guglielmo Marconi: Radio signals were invented by Guglielmo Marconi
1896 Tabulating Machine Company: Herman Hollerith forms the Tabulating Machine Company
which later becomes IBM
1898 Nikola Tesla: Remote control was invented by Nikola Tesla
1906 Lee De Forest: Lee De Forest invents the electronic tube
1911 IBM: IBM is formed on June 15, 1911
1923 Philo Farnsworth: Television Electronic was invented by Philo Farnsworth
1924 John Logie Baird: Electro Mechanical television system was invented by John Logie
Baird
Walther Bothe: Walther Bothe develops the logic gate
1930 Vannevar Bush: Vannevar Bush develops a partly electronic Difference Engine
1931 Kurt Godel: Kurt Godel publishes a paper on the use of a universal formal language

1937 Alan Turing: Alan Turing develops the concept of a theoretical computing machine
1938 Konrad Zuse: Konrad Zuse creates the Z1 Computer a binary digital computer using
punch tape
1939  George Stibitz: George Stibitz develops the Complex Number Calculator - a
foundation for digital computers
 Hewlett Packard: William Hewlett and David Packard start Hewlett Packard
 John Vincent Atanasoff and Clifford Berry: John Vincent Atanasoff and Clifford
Berry develop the ABC (Atanasoft-Berry Computer) prototype
1943 Enigma: Adolf Hitler uses the Enigma encryption machine

Colossus: Alan Turing develops the the code-breaking machine Colossus
1944 Howard Aiken & Grace Hopper: Howard Aiken and Grace Hopper designed the MARK
series of computers at Harvard University
1945 ENIAC: John Presper Eckert & John W. Mauchly: John Presper Eckert & John W. Mauchly
develop the ENIAC ( Electronic Numerical Integrator and Computer)
Computer Bug: The term computer ‘bug’ as computer bug was first used by Grace Hopper
1946 F.C. Williams: F.C. Williams develops his cathode-ray tube (CRT) storing device the
forerunner to random-access memory (RAM)
1947  Pilot ACE: Donald Watts Davies joins Alan Turing to build the fastest digital
computer in England at the time, the Pilot ACE
 William Shockley: William Shockley invents the transistor at Bell Labs
 Douglas Engelbart: Douglas Engelbart theorises on interactive computing with
keyboard and screen display instead of on punchcards
1948 Andrew Donald Booth: Andrew Donald Booth invents magnetic drum memory
Frederic Calland Williams & Tom Kilburn: Frederic Calland Williams & Tom Kilburn
develop the SSEM "Small Scale Experimental Machine" digital CRT storage which was
soon nicknamed the "Baby"
1949 Claude Shannon: Claude Shannon builds the first machine that plays chess

Howard Aiken: Howard Aiken develops the Harvard-MARK III
1950 Hideo Yamachito: The first electronic computer is created in Japan by Hideo Yamachito.
Alan Turing: Alan Turing publishes his paper Computing Machinery and Intelligence
which helps create the Turing Test.
1951 LEO: T. Raymond Thompson and John Simmons develop the first business computer,
the Lyons Electronic Office (LEO) at Lyons Co.
UNIVAC: UNIVAC I (UNIVersal Automatic Computer I) was introduced - the first
commercial computer made in the United States and designed principally by John
Presper Eckert & John W. Mauchly
EDVAC: The EDVAC (Electronic Discrete Variable Automatic Computer) begins
performing basic tasks. Unlike the ENIAC, it was binary rather than decimal
1953 The IBM 701 becomes available and a total of 19 are sold to the scientific community.
1954 John Backus & IBM: John Backus & IBM develop the FORTRAN Computer Programming
Language
1955 Bell Labs introduces its first transistor computer.
1956 Optical fiber was invented by Basil Hirschowitz, C. Wilbur Peters, and Lawrence E.
Curtiss
1957 Sputnik I and Sputnik II: Sputnik I and Sputnik II are launched by the Russians
1958 ARPA (Advanced Research Projects Agency) and NASA is formed

Silicon chip: The first integrated circuit, or silicon chip, is produced by the US Jack Kilby
& Robert Noyce
1959 Paul Baran: Paul Baran theorises on the "survivability of communication systems under
nuclear attack", digital technology and symbiosis between humans and machines
1960 COBOL: The Common Business-Oriented Language (COBOL) programming language is

invented.

1961 Unimate: General Motors puts the first industrial robot, Unimate, to work in a New Jersey
factory.
1962 The first computer game: The first computer game Spacewar Computer Game invented
BY Steve Russell & MIT
1963 The Computer Mouse: Douglas Engelbart invents and patents the first computer mouse
(nicknamed the mouse because the tail came out the end)
The American Standard Code for Information Interchange (ASCII) is developed to

standardize data exchange among computers.
1964 Word processor: IBM introduces the first word processor

BASIC: John Kemeny and Thomas Kurtz develop Beginner’s All-purpose Symbolic
Instruction Language (BASIC)
1965 Hypertext: Andries van Dam and Ted Nelson coin the term "hypertext"
1967 Floppy Disk: IBM creates the first floppy disk
1969 Seymour Cray: Seymour Cray develops the CDC 7600, the first supercomputer
Gary Starkweather: Gary Starkweather invents the laser printer whilst working with Xerox
ARPANET: The U.S. Department of Defense sets up the Advanced Research Projects
Agency Network (ARPANET ) this network was the first building blocks to what the
internet is today but originally with the intention of creating a computer network that
could withstand any type of disaster.
1970 RAM: Intel introduces the world's first available dynamic RAM ( random-access memory)
chip and the first microprocessor, the Intel 4004.
1971 E-mail: E-mail was invented by Ray Tomlinson

Liquid Crystal Display ( LCD ): Liquid Crystal Display ( LCD ) was invented by James
Fergason
Pocket calculator: Pocket calculator was invented by Sharp Corporation
Floppy Disk: Floppy Disk was invented by David Noble with IBM - Nicknamed the
"Floppy" for its flexibility.

1972 First Video Game: Atari releases Pong, the first commercial video game
The CD: The compact disc is invented in the United States.
1973 Robert Metcalfe and David Boggs: Robert Metcalfe creates the Ethernet, a local-area
network (LAN) protocol
Personal computer: The minicomputer Xerox Alto (1973) was a landmark step in the
development of personal computers
Gateways: Vint Cerf and Bob Kahn develop gateway routing computers to negotiate
between the various national networks
1974 SQL: IBM develops SEQUEL (Structured English Query Language ) now known as SQL
WYSIWYG: Charles Simonyi coins the term WYSIWYG (What You See Is What You Get)
to describe the ability of being able to display a file or document exactly how it is going to
be printed or viewed
1975 Portable computers: Altair produces the first portable computer

Microsoft Corporation: The Microsoft Corporation was founded April 4, 1975 by Bill Gates
and Paul Allen to develop and sell BASIC interpreters for the Altair 8800
1976 Apple: Apple Computers was founded Steve Wozniak and Steve Jobs
1977 Apple Computer’s Apple II, the first personal computer with color graphics, is
demonstrated
MODEM: Ward Christensen writes the programme "MODEM" allowing two
microcomputers to exchange files with each other over a phone line
1978 Magnetic tape: The first magnetic tape is developed in the US
1979 Over half a million computers are in use in the United States.
1980 Paul Allen and Bill Gates: IBM hires Paul Allen and Bill Gates to create an operating
system for a new PC. They buy the rights to a simple operating system manufactured by
Seattle Computer Products and use it as a template to develop DOS.
1981 Microsoft: MS-DOS Computer Operating System increases its success

1982 WordPerfect: WordPerfect Corporation introduces WordPerfect 1.0 a word processing

program
Commodore 64: The Commodore 64 becomes the best-selling computer of all time.
SMTP: SMTP (Simple Mail Transfer Protocol) is introduced
1983 More than 10 million computers are in use in the United States
Domain Name System (DNS): Domain Name System (DNS) pioneered by Jon Postel, Paul
Mockapetris and Craig Partridge. Seven 'top-level' domain names are initially introduced:
edu, com, gov, mil, net, org and int.
Windows: Microsoft Windows introduced eliminating the need for a user to have to type
each command, like MS-DOS, by using a mouse to navigate through drop-down menus,
tabs and icons
1984 Apple Macintosh: Apple introduces the Macintosh with mouse and window interface
Cyberspace: William Gibson coins the word cyberspace when he publishes Neuromancer
1985 Paul Brainard: Paul Brainard introduces Pagemaker for the Macintosh creating the
desktop publishing field.
Nintendo: The Nintendo Entertainment System makes its debut.
1986 More than 30 million computers are in use in the United States.
1987 Microsoft introduces Microsoft Works
Perl: Larry Wall introduces Perl 1.0
1988 Over 45 million PCs are in use in the United States.
1990 The Internet, World Wide Web & Tim Berners-Lee: Tim Berners-Lee and Robert Cailliau
propose a 'hypertext' system starting the modern Internet
Microsoft and IBM stop working together to develop operating systems
1991 The World Wide Web: The World Wide Web is launched to the public on August 6, 1991

1993 At the beginning of the year only 50 World Wide Web servers are known to exist
1994 The World Wide Web Consortium is founded by Tim Berners-Lee to help with the
development of common protocols for the evolution of the World Wide Web
YAHOO: YAHOO is created in April, 1994.
1995 Java: Java is introduced

Amazon: Amazon.com is founded by Jeff Bezos
EBay: EBay is founded by Pierre Omidyar
Hotmail: Hotmail is started by Jack Smith and Sabeer Bhatia.
1996 WebTV: WebTV is introduced
1997 Altavista introduces its free online translator Babel Fish
Microsoft acquires Hotmail
1998 Google: Google is founded by Sergey Brin and Larry Page on September 7, 1998
PayPal is founded by Peter Thiel and Max Levchin
2001 Xbox: Bill Gates introduces the Xbox on January 7th 2001.
2002 Approximately 1 billion PCs been sold

PayPal is acquired by eBay
2005 September 12: eBay acquires Skype
2006 Skype announces that it has over 100 million registered users.
2008 At Macworld Expo, Apple introduces the MacBook Air laptop computer. It features Core2
Duo processor, 2 GB RAM, fixed battery, no optical drive, USB and micro-DVI ports, iSight
camera, 80 GB hard drive, 64 GB solid-state drive, 13.3-inch diagonal widescreen LED
1280x800 color screen, AirPort Extreme WiFi, Bluetooth 2.1+EDR, full-size keyboard and
trackpad. Battery life is 5 hours. Weight is 3 pounds; size 12.8
2008 World of Warcraft Released

2008 The European Commission fines Microsoft 899 million euros (US$1.35 billion) for using
high prices to discourage software competition, in defiance of a 2004 order from Brussels
to provide the information on reasonable terms
2008 At the Intel Developer Forum in Shanghai, China, Intel introduces the low-power Atom
microprocessor, in speeds up to 1.86 GHz
2009 South Africa issues a 2.05r postage stamp for "Ergonomics in the office" depicting a
personal computer
2009 Electronic Arts releases The Sims 3 game for personal computers in the USA.
2009 Microsoft launches Windows 7 operating system. Price is US$199.99 for the Home
Premium version, or US$119.99 for an upgrade from older versions.
2009 United States Court of Appeals for the Federal Circuit upholds a US$290 million jury
verdict for i4i against Microsoft for patent infringement by the Microsoft Word program.
Microsoft is barred from selling the current Microsoft Word and Microsoft Office as of
January 11. The company will modify the programs to remove the disputed feature, which
relates to the use of XML. [2322]
2010 At Macworld conference in San Francisco, California, Apple CEO Steve Jobs unveils the
iPad tablet computer. It features 9.7-inch touchscreen, 0.5 thick unit. Price starts at
US$499 with 16 GB RAM. [2322]
2010 Market capitalization of Apple (US$222 billion) passes Microsoft (US$219 billion) for the
first time since December 19,1989. Apple stock is worth more than 10 times what they
were 10 years ago, whereas Microsoft stock is down 20 percent over the same time period
2011 At Microsoft's annual developer conference, Microsoft distributes 5000 Samsung tablet
computers running a test version of Windows 8 operating system.
2012 Ipad 3 released, Steve Job Dies,
Samsung sells more units than apple, however apples profits are much higher.
2012 - You fill in the rest…
xxxx

Practical Application or Examples

1. Review the table above and discuss how the past has affected the present
technological advances.
2. In a group, discuss a particular technology such as the IPAD and trace its
roots through the ages.
3. Discuss some organisations that have been major role-players in shaping
the current technologies in Information Technology.
4. By use of some examples, research how companies have adapted to the
times to remain relevant in the world, to the world.
1.6 Summary
Now we have a holistic view of information technology including how history
contributed to the birth of our current state of Information Technology. It is
time to look at the impact that technology has had and is having on humans.
REMEMBER:
It is important to put into perspective the history of Information Technology
and one should make not at what speed Information Technology is Information
transforming organisations. Prices have changed; computing power has Technology has grown
at an incredible rate.
changed and we will see that the way we do business and the way we make
History shows
decisions is also changing. We will discover that organisations are seeking
patterns. Business
to make decisions based on fact, and modern trends are highlighting the Intelligence exposes
need and desire of these organisations to do this in real time and not just those patterns so they
based on historical data. can be manipulated by
an organisation.
1.7 Answers to Revision Questions and Activities

1.What is the definition of Information Management?
Information and communication technology (ICT) can be defined as - "ways of finding, gathering, and manipulating
information and then presenting or communicating it. ICT includes making computers and providing software,
programming and communication services such as email and the Internet
2.Describe the First generation of digital computing.
 Vacuum tubes as their main logic elements.
 Punch cards to input and externally store data.
 Rotating magnetic drums for internal storage of data and programs
 Programs written in Machine language
 Assembly language requires a compiler.

3.Explain the concept Cloud computing.

Previously called grid computing, cloud computing is simply using computer resources from a network of computers
that are physically separate from your business and are usually stored in a secure data warehouse. Cloud
computing displaces the usual concerns that come with disaster recovery and management. Cloud computing has
really started taking off as a service and is becoming more the norm, rather than the exception.

Unit
2: Impact of Information
Technology


2.1 Introduction  Understand the negative impact of technology on the
2.2 Negative Impact of Technology On organisation, individual and society
the Organisation, Individual and

Society
2.3 Positive Impact of Technology On  Understand the positive impact of technology on the
the Organisation, Individual and organisation, individual and society
Society
Prescribed Textbook:
Below is the prescribed reading for specific to this unit;

 Reynolds, George W. (2010) Information Technology for Managers, International
Edition. United States of America: Cengage Learning
Chapter 4: Business Process and IT Outsourcing.
Chapter 5: Corporate Governance and IT.
 Williams, B and Sawyer,S. (2010) Using Information Technology, 8th Edition.
USA, New York: Mcgraw-Hill
Chapter 7 PERSONAL TECHNOLOGY: The Future Is You
Chapter 9 THE CHALLENGES OF THE DIGITAL AGE: Society & Information Technology
Today

2.1 Introduction
Technology runs in the veins of society. It is the fuel that drives our lives. It is an integral part of daily life. It has
definitely benefited society. It has brought luxury in the life of every common man. Automation brought about by
technology has saved human effort and time to a large extent. It has brought distant places closer and simplified
information access. It has made the world a smaller place to live in. Let us look at some of the important areas,
where technology has brought a positive change.
Read/Research and write additional notes. Make sure you use the prescribed
textbook and useful Internet websites to write additional notes.
Think Point
What makes technology so effective in making an impact on our lives?

 Do we interact with Information Technology in the world today without even realising it?
 How and where do we interact with Information Technology?
 Has Information Technology transformed your life in anyway?
 What is Information Technology in the context of where we work?
 Does Information Technology affect society?
2.2 Negative Impact of Technology On the Organisation, Individual and Society

"When we speak of the impact of technology on society, we always talk about the positive effects of technology
and about how technology has made life easy. We talk about the Internet as an information resource and a
communication platform and conveniently ignore the fact that an overexposure to it leads to Internet addiction. We
often discuss how technology has made life easy but easily forget that it has made us overly dependent on it. Have
you thought of the impact of technology from this point of view? I am sure, most of you haven't. Let us look at this
aspect of technology here.
Impact of Technology on Our Society

Think of the days when there were no computers and no modern means
REMEMBER: of transport. Human life was highly restricted due to the unavailability of
Information Technology has technological applications. Daily life involved a lot of physical activity. Life
also created as many problems of the common man was not as luxurious as that of modern times, but he
as it has solved
was more active. Exercise was integrated into routine physical activities.
It was contrary to the sedentary lifestyle of today, which leaves no time for
exercise and fills days with inactivity and laze. Today we don't want to, and thanks to technology, don't even need
to, walk, move around or exert physically to get things done. We have the world at our fingertips.

We think of technology as a boon to society, but is it really? The Internet has bred many unethical practices like
hacking, spamming and phishing. Internet crime is on the rise. The Internet, being an open platform lacks
regulation. There is no regulation on the content displayed on websites. Internet gambling has become an addiction
for many. Overexposure to the Internet has taken its toll. In this virtual world, you can be who you are not; you can
be virtually living even after you die. Isn't this weird? Children are spending all their time playing online and less or
almost no time playing on the ground. Youngsters are spending most of their time on social networking, and
possibly missing out on the joys of real social life.
Think of the days when there were no online messengers, no emails and no cell phones. Indeed, cellular
technology made it possible for us to communicate over wireless media. Web communication facilities have worked
wonders in speeding long-distance communication. On the other hand, they have deprived mankind of the warmth
of personal contact. Emails replaced handwritten letters and communication lost its personal touch. With the means
of communication so easily accessible, that magic in waiting to reach someone and the excitement that followed
have vanished.
Moreover, we have become excessively dependent on technology. Is so much

of dependency good? Is it right to rely on machines to such an extent? Is it
right to depend on computers rather than relying on human intellect?
Computer technology and robotics are trying to substitute for human intellect. REMEMBER:
With the fast advancing technology, we have started harnessing artificial
Ask yourself:
intelligence in many fields. Where is the digital divide going to take us? How
is our 'tomorrow' going to be? 'Machines replacing human beings' does not Is Information
Technology
portray a rosy picture, does it? It can lead to serious issues like unemployment
Dependency, that good
and crime. An excessive use of machines in every field can result in an under- for us?
utilization of human brains. Over time, we may even lose our intellectual
Will humans evolve or
abilities. You know of the declining mathematical abilities in children due to
devolve because of
use of calculators in school?The impact of technology on society is deep. It is Information
both positive and negative. Technology has largely influenced every aspect Technology in the
of living. It has made life easy, but so easy that it may lose its charm one day. future and will the use
One can cherish an accomplishment only if it comes after effort. But of computers lead to a
drain in HUMAN BRAIN
everything has become so easily available due to technology that it has lost
POWER?
its value. There is a certain kind of enjoyment in achieving things after striving
for them. But with everything a few clicks away, there is no striving, there's only
striking."6
6What is the Impact of Technology on Our Society?. 2012. What is the Impact of Technology on Our
Society?. [ONLINE] Available at: http://www.buzzle.com/articles/what-is-the-impact-of-technology-
on-our-society.html. [Accessed 27 April 2012]. Adapted.

As an Information Technology manager one has to take the following into

consideration as the following if not looked at will result in a negative impact of
Information Technology on an organisation. Place yourself in the shoes of an
Information Technology Manager and discuss the following issues and their
relevance to the impact of Information Technology in an Organisation.
1. High costs of hardware and software, and the need to upgrade every few
years
2. Training costs
3. Maintenance costs, such as salaries of skilled IT personnel
4. Hacking
5. Phishing
6. Malware such as viruses, Trojans and worms
7. Load-shedding and its impact
8. Network down time and its impact
9. Internet abuse by employees
2.3 Positive Impact of Technology On the Organisation, Individual and Society

Automation of Processes in the Industry and the Household: Technology has automated many of the critical
processes in the industry as well as the household. Imagine the amount of labor that must have been involved in
industrial processes when the concept of automation did not exist. Electronic gadgets have entered homes of the
common man to rescue him from the boredom of daily chores. Imagine the amount of time people must be
spending doing household chores during the time there were no machines and household appliances. It's better
not imagined. Today's is the age of robotics. Machines can learn, adopt new things and perform tasks with near-
human efficiency.
Changed Modes of Transport: The automobile industry and technology are interwoven. Time has witnessed this
industry evolve from mechanical scooters to automated aircraft. Animals were the only modes of transport in the
olden days. Technology was the driving force behind the creation and design of the modern-day automobiles.
Bicycles evolved into scooters and sports bikes. The idea of having four-wheeled modes of transport gave rise to
the creation of cars. Modes of air and water transport came up, thanks to technology.
Reduced Risk to Human Life: Machines have automated many crucial industrial processes. Machines are now
taking up mundane jobs that were once done by human workers. Technology has evolved to an extent where
machines can perform tasks that are not feasible for man, either because they are risky or life-threatening or

because they are beyond human capacity. The use of advanced technologies like robotics and artificial intelligence
has proven to be helpful in life-risking endeavors like mining and space exploration.
Data Management and Information Retrieval: Computer technology, needless to say, has changed the face of
the world. Computers can store, organize and manage huge amounts of data. They can process large amounts of
information. Computers have given rise to the software industry, one of the most progressive industries of the
world. The Internet that seeded from computer networking concepts is the most effective communication platform
and the largest information base existing today.
Impact on the Entertainment and Advertising Industries: The Internet has brought a positive change to the
entertainment and advertising industries. Over the Internet, advertisements can reach the masses within seconds.
Internet advertisements have changed equations of the advertising industry. Branding on the Internet is much more
effective that other forms of product promotion. The entertainment media has progressed because of
advancements in technology. Movies, songs, games are a few clicks away. People have begun using the Internet
to watch and download movies, listen to music, play games and entertain themselves. Thanks to handy, mobile
and user-friendly devices, all this has become really easy.
Onset of the Digital Age: There's hardly anything analog now, we live in a digital world, a digital age. Talk pixels
and bytes. The digitization of information has made it possible for us to store it in a compact form. Ever wondered
how gigabytes of data can be stored on a small chip? Digitization it is! Also, digitization enriches the quality of data
storage. Digital voice and digital images are of a higher quality. Digital cameras and digital TVs provide users with
an enriched picture quality, thus bettering user experience with technology.
Communication Redefined: Cellular communication has revolutionized the communication industry. The
conventional telephone, also a piece of technology, was one of the earliest technological developments in
communication. Mobile phones have broadened the horizons of communication by enabling convenient long-
distance calling and mobile use. Letters have taken a backseat and emails and cell phone messages have become
the easiest means to connect. Owing to developments in technology, communication is wireless. Social networking
is another defining factor here. It has given an all new dimension to communication, entertainment and recreation.
Satellite Technology: Satellite communication is an important facet of technology. Satellite TV and satellite radio
have eased the broadcasting of events across the globe. How else do you think could matches and concerts be
broadcasted live? Not just TV and radio, even communication to ships and airplanes wouldn't have been possible
if not for satellite communication. Even your hand-held devices wouldn't be of use, if not for radio communication.
These were still a few fields influenced by technology. It is almost impossible to enlist all the positive effects of
technology on society. The fast-advancing technology on the whole, has given impetus to developments in various
fields and improved the quality of human life. There's less risk, less effort, less mess. There's more leisure, more
ease and more speed - all because of that ten-letter word - not a word, a phenomenon - technology. "

"Technology has progressed by leaps and bounds in the last few decades, and the benefits of technology are
there for all to see. One of the biggest arguments against technology is its sometimes ridiculously high cost which
limits its usage and places it out of reach of many people. But it is an undeniable fact that technology has helped
us make many tasks easier, and it has also made the world a much smaller place.
The latest developments in technology can be seen and felt in many industries, but there are some areas that have
been benefited more than others. Costs of production have fallen, networking has become easier, employment
levels have risen (in some cases), and we have certainly become more efficient at many complex tasks and
processes. With this in mind, let's look at some of the most obvious benefits of technology that we live with today.
Healthcare
Perhaps the single biggest beneficiary of advancing technology has been the healthcare sector. Medical research
has led to the end of many diseases and ailments, and also to the discovery of many drugs and medications that
have helped prevent many lethal diseases and disorders. Personal records are easier to study now, and medical
research has advanced magnificently. Millions of lives have been saved as a result of this. Here are some of the
benefits of technology in this industry in brief.
 Communication between patients and doctors has become easier, more personal, more flexible and more
sensitive.
 Personal records of patients are maintained, which makes it easier to study symptoms and carry out diagnosis
of previously unexplainable conditions.
 Several medical aids have helped people overcome many medical conditions which they had to live with
earlier.
 New medicines have led to the demise of many illnesses and diseases.
 Medical research has become supremely advanced, and every ailment seemingly has a cure, or at least
prevention.
 Costs of medical procedures and operations have fallen dramatically over the decades. positive effects of
technology on society.
Education
"Interactive learning and feedback systems
ICT is changing the face of education as we know it. ICT in many countries have already brought interactive and
individualized learning to these environments. Students press buttons in response to questions in a classroom,
instead of raising their hands. The results of the questions are then displayed to the whole class. Asking multiple
choice questions and giving the students immediate feedback to their responses could tip the scales in a learning
environment with this process of instant feedback to both the students and the lecturers. The lecturer can
immediately see when their explanations are not making sense to the students and change their explanations to
suit that class."

It is no surprise that the benefits of technology in the classroom and the benefits of technology in schools have
opened up a whole new learning environment. Knowledge can be easily procured with the help of Internet
technology now, and it is easier to help children with special needs as well. Here are some more benefits of
assistive technology that the educational sector has witnessed.
 Personalized learning has come to the fore. Students can pick their own curriculum with ease, and set their
own personal targets.
 Distance learning has become much easier, and this has led to a rise in the number of people who receive
education.
 E-learning and online education has made it very simple and systematic for an individual to receive personal
attention, so that all his specific needs are fulfilled.
 Immediate response to queries and tests have made the whole education process a lot faster.
 The use of computers and technology in classrooms has opened up a whole new method of teaching and
effective learning.
Communication
The communication industry has witnessed a huge growth. Social networking and blogging has opened up a whole
new world to people from remote locations, and the reach of the mass media has increased thousand fold. People
can communicate with each other on the move, and there are no limitations anymore to the benefits of information
technology. Here are some more benefits.
 The speed of talking to one another is instantaneous.
 The mode of talking has become more personalized and can be done from just about anywhere.
 The world has become a smaller place, since no one is out of reach anymore.
 The clarity of communication has also improved with improvements in audio quality and video quality.
 Information and news broadcasting has become more personalized as well. Moreover, it can reach more
people at a faster speed, and people's response can also be felt immediately.
Business
Companies have become more profitable with the help of various advanced machines and equipment, and this
has led to a rise in the standard of living of people. The national income of countries has also expanded as a result
of this.
 Costs of production have fallen dramatically thanks to automated processes.
 Research and development has become far more advanced than ever, and this leads to the invention of
ground breaking technology.
 Company accounts and customer records can be easily stored and accessed, and this increases the market
penetration of the business.
 Global collaborations and partnerships are easier to start and maintain, and this benefits everyone involved
with international business.
 It has become easier to combat competition, and this has led to more choice for the consumer.

All of these benefits of technology are there for everyone to see. Even though there are certain repercussions and
a negative impact of technology as well, nobody can say that technology has not aided society on a whole. The
world is a better place thanks to technology, and the future looks much brighter, thanks to these advancements.
2.4 Summary
The effects of the use, misuse or non-use of technology can be seen within the strands of most of society. Although,
society is affected in various ways, modifications in our lifestyles are constantly occurring. From the invention of
the simplest of human accessory, like clothing to the most complex research, such as the human genome project,
there are very few areas of human activity that is out of bounds for technological intervention or has not been
touched by technology in one form or another.
It is the way that we have used or avoided technology, that has come to define the success of failure of people,
companies and even cities and countries. It is quite understandable that it is a challenging area of management to
both be aware of the latest technological developments and to also temper this with caution and foresight in
selecting the correct technological pathways that would suit the goals of those concerned.
The topic at hand is extremely important and the impact of Information Technology on the enterprise as well as its
people, both positive as well as negative, is something the IT manager has to be intimately aware of in order to
make informed decisions when setting up an IT infrastructure. Furthermore, this knowledge will equip the IT
manager to aid senior management in putting Information Technology policies in place and help the organisation
use Information Technology to support the driving goals of the organisation and in some cases even speed up the
attainment of those goals!
Knowledge Check Questions
Attempt the following questions and research further if you could not
answer the question. Some Guidance is provided below
 How do business around the world utilise Information Technology?

How does Information Technology Impact them?.


I.T. has helped in customer service; huge corporations like Microsoft attend to customer needs through email and
chat services. Networking internal and external in organizations has improved the working of businesses. Staffs
and clients likewise can get in touch with the managers for feedback, progress reports and extensions.
Communication has bloomed; two business organizations if they need to work together can easily do so. Hotmail,
when merged with MSN was easy since the service was online. Business these days require a lot of planning, due
to high tech organization systems on computers, planning can be done on an organized pattern, with schedule
formats, grant charts etc. Huge databases can now be controlled and stored on network and back -up drives.
Together with the advancement of science and technology, technological innovations grew along with it, resulting
to the emergence of new equipment and gadgets. No matter how big or small your company is, technology brings
both intangible and tangible benefits to become cost efficient and to meet the growing demands and needs of
customers. Technological innovations affect corporate efficiency, culture and relationship among employees,
clients, suppliers and customers. The type and quality of technology used affect the security of confidential
business information.
Due to the burden brought by administrative tasks, like inventory, bookkeeping and records keeping, both big and
small companies rely on computers to do their administrative works. The birth of Internet and online social
networking sites tremendously decreased the costs of business operations. It also makes it easier for companies
to use the Six Sigma management methodologies. Some firms shifted to outsourcing instead of hiring their own
personnel due to the low costs associated with it. Because of the huge impact of technological innovations to
companies, it is impossible for them to live with it.
Commonly used high technology equipment:

 Computers
 Photocopier
 Telephone
 Computer printer
 Internet
 Paper shredder
 Multimedia projector
 Touch screen monitors
 Computer mouse
 Laptop computers

Advantages of Technology to Business:

 Customer Relations. Technology affects the way companies communicate and establish relations with their
clients. In a fast moving and business environment, it is vital for them to interact with clients regularly and
quickly to gain their trust and to obtain customer loyalty. With the use of Internet and online social networks,
firms interact with consumers and answer all their queries about the product. Establishing effective
communication with customers not only creates rapport with them, but it also creates strong public image. It
allows business enterprises to reduce and to cut carbon emissions.
A bit more about the latest trends in CRM:
"Related trends
Many CRM vendors offer Web-based tools (cloud computing) and software as a service (SaaS), which are
accessed via a secure Internet connection and displayed in a Web browser. These applications are sold as
subscriptions, with customers not needing to invest in purchasing and maintaining IT hardware, and subscription
fees are a fraction of the cost of purchasing software outright.
The trend towards cloud-based CRM has forced traditional providers to move into the “cloud” through acquisitions
of smaller providers: Oracle purchased RightNow in October 2011 and SAP acquired SuccessFactors in December
2011. Salesforce.com pioneered the concept of delivering enterprise applications through a web browser and
paved the way for future cloud companies to deliver software over the web Salesforce.com continues to be the
leader amongst providers in cloud CRM systems.
The era of the "social customer" refers to the use of social media (Twitter, Facebook, LinkedIn, Yelp, customer
reviews in Amazon, etc.) by customers in ways that allow other potential customers to glimpse real world
experience of current customers with the seller's products and services. This shift increases the power of
customers to make purchase decisions that are informed by other parties sometimes outside of the control of the
seller or seller's network. In response, CRM philosophy and strategy has shifted to encompass social networks
and user communities, podcasting, and personalization in addition to internally generated marketing, advertising
and webpage design. With the spread of self-initiated customer reviews, the user experience of a product or service
requires increased attention to design and simplicity, as customer expectations have risen. CRM as a philosophy
and strategy is growing to encompass these broader components of the customer relationship, so that businesses
may anticipate and innovate to better serve customers, referred to as "Social CRM".
Business Operations. With the use of technological innovations, business owners and entrepreneur understand
their cash flow better, how to manage their storage costs well and enables you to save time and money.
 Corporate Culture. Technology lets employees communicate and interact with other employees in other
countries. It establishes clique and prevents social tensions from arising.

 Security. Modern security equipment enables companies to protect their financial data, confidential business
information and decisions.
 Research Opportunities. It provides a venue to conduct studies to keep themselves ahead of competitors. It
allows companies to virtually travel into unknown markets.
 Corporate Reports. With technology, business enterprises communicate effectively with their branch offices
to deliver quality financial and operational reports.
 Industrial Productivity. Through the use of business software programs or software packages, it automated
traditional manufacturing process, reduces labor costs and enhances manufacturing productivity. It enables
companies to increase efficiency and production output.
 Business mobility. Technological innovations improved companies' sales, services, shorted lead time on
receiving and delivering goods and services. Enables them to penetrate multiple markets at least costs.
 Research capacity. It enables them to conduct studies on various companies to gain knowledge on the new
trends in the market and way on avoiding them.
Technology affects businesses on many levels. The more efficient an employee is, the more productive he is to
the company. In addition, the more a business stays in touch with its customer base, the better the chance of
building customer loyalty. Advances in technology make that possible, as well as allowing employees from around
the world to work via video conferencing and telecommuting to work.
Consumers
The impact of technology on a business isn't restricted to business use. A business is also affected when
consumers use technology. At one time, the only way some people had to file their tax returns was through going
to either a certified public accountant or a professional tax preparer, or doing taxes themselves. The tax code is
complex and some people might not have felt secure in preparing their taxes on their own. However, accounting
software evolved to the point where many people simply had to answer a series of questions and the computer
would do the rest, including filing the information electronically.
Crossover
The technology a business uses might not have been designed for businesses. From a marketing point of view, a
company makes more money by going after consumers than businesses. Consumers might buy the latest upgrade
to a technological device, such as an iPhone, while businesses tend to use products for longer periods of time. On
the other hand, the more consumers purchase the latest product, the better the business side of manufacturing
does. A company can reach the consumer market first, then expand into the business arena. When Apple added
enhanced security features to the iPhone, businesses began to look at adding iPhones to the list of acceptable
phones to use in the business environment, resulting in a crossover market.

Social Networking
Social networking affects the business environment. Employees are connected to social networks. This can be a
double-edged sword, however. An employee might post something about the business publicly which should not
be shared. In addition, employees need to understand what gets posted for the public to see can have an impact
on the work environment, especially if the employee is posting negative comments about the work environment or
other employees. On the flip side, businesses can use social networks to monitor customer satisfaction. For
example, if a customer is not happy with a product and he posts his feelings online, the company can contact the
customer and try to resolve any problems. Since social networks have links to friends and family, seeing the
company work hard to make things right with the customer might turn the potential loss of a customer into the
chance to gain new customers.
Telecommuting
Technology has had a large impact on the business environment in terms of telecommuting. With broadband
access and computers today, as well as smartphones, employees can work out of their homes, saving the company
money by not needing as physically large a space to operate. With video conferencing, business meetings no
longer need to be face-to-face, saving on air fare and hotel reservations.
Case Study
Look at the Company SEMAS below:
 Discuss what they are doing to combat some of the effects of modern technology such as
calculators

 Look at your local Government and consider the ways it is deploying technology in
the various areas of our society. Provide a holistic view first then provide a more
detailed summary of the effects on Society.
 What are Companies like Google and Microsoft doing that impact educational
organisations in terms of technology and cost?

Unit
3: Information Technology
Investments


3.1 Introduction  Describe different types of IT investment decisions manager

face
3.2 Types of Information Technology  Briefly describe some of the

Investment Decision making
methodologies that are used in IT investment decision-
problems
making.
3.3 Investigate The Following  Explain some of the limitations that should be considered
Methodologies when using IT investment methodologies
3.4 Strategies for Making the Right IT  Consider some strategies when facing Information
Investment Decisions and Avoiding Technology investment decisions
IT Costs
Schniederjans, M.J., 2004. Information Technology Investment: Decision-
Making Methodology. World Scientific Pub Co Inc.
See (CaseSensitive) https://docs.google.com/open?id=0B1ZF9spPlWD-
Z2VjbVM4UExtYWs
Paige Baltzan, A.P., 2009. Business Driven Information Systems. New York:
McGraw-Hill.

3.1 Introduction
"Periods of business activity are often marked by and referred to as “ages” in the historical development of the field
of business. According to most business historians we have advanced from the “age of information” into the “age
of knowledge”. In both of these periods of time, information technology has been a determining factor in the survival
and success of firms competing with one another. Those firms that know how to best invest in information
technology have been and will continue to be the successors in this and future eras of business history.
Regardless of your position in an Organization, investing in information technology may be the most important
decision you will ever face in business. Unfortunately, investing in information technology is not as easy as common
financial investment decisions. Careful consideration of financial and non-financial criteria may have to be included
in the analysis to render an optimal solution. To make good decisions on information technology today requires
the use of a variety of investment methodologies. These investment methodologies must be able to integrate the
complexity of decision criteria in such a way that a decision choice is clear and clearly supported by the analysis.
Today, just generating a decision is not enough. Information technology decisions must be supported by
comprehensive inclusion of all relevant decision-making criteria."
(Schniederjans, 2004, p. 4) Mentions the productivity paradox and the research that was undertaken to establish
the absence of a positive relationship between Information Technology spending and the resulting contribution to
productivity or profitability. The results were contradictory as several researchers had evidence that supported
each of their conflicting outcomes. Schniederjans indicates that this can be considered to be a metaphor on the
subject of Information Technology invetsment decision making.
The conclusion was: " That is, there are no single, simple methodologies that will give a consistent, reliable and
optimal solution to mangers facing an IT investment decision. One type of investment methodology can suggest
one alternative and another methodology a completely different alternative to an if investment decision choice. To
try to help in this very complex decision situation, the purpose of this book is to explore a series of methodologies
that can be used individually or in concert to help aid in IT investment decision-making."
Think Point
 How much has your organisation spent on Information Technology?
 Approximately how much of the company's annual turnover does this

spend represent?
 Do you think the cost in Information Technology is justified by the

return on investment?.

3.2 Types of Information Technology Investment Decision making problems

Information Technology investment decisions get complicated due to the variety of choices that one can make in
this area.
"Hardware asset management

Hardware asset management entails the management of the physical components of computers and computer
networks, from acquisition through disposal. Common business practices include request and approval process,
procurement management, life cycle management, redeployment and disposal management. A key component is
capturing the financial information about the hardware life cycle which aids the organization in making business
decisions based on meaningful and measurable financial objectives.
Software Asset Management is a similar process, focusing on software assets, including licenses, versions and
installed endpoints.
Role of IT asset management in an organization

The IT Asset Management function is the primary point of accountability for the life-cycle management of
information technology assets throughout the organization.
Included in this responsibility are development and maintenance of policies, standards, processes, systems and
measurements that enable the organization to manage the IT Asset Portfolio with respect to risk, cost, control, IT
Governance, compliance and business performance objectives as established by the business.
IT Asset Management uses integrated software solutions that work with all departments that are involved in the
procurement, deployment, management and expense reporting of IT assets.
Goals of ITAM
ITAM business practices have a common set of goals:
 Uncover savings through process improvement and support for strategic decision making
 Gain control of the inventory
 Increase accountability to ensure compliance
 Enhance performance of assets and the life cycle management
 Improve Availability Time of the Business/Applications/Processes.
Process
ITAM business practices are process-driven and matured through iterative and focused improvements. Most
successful ITAM programs are invasive to the organization, involving everyone at some level, such as end users

(educating on compliance), budget managers (redeployment as a choice), IT service departments (providing

information on warranties), and finance (invoice reconciliation, updates for fixed asset inventories).
IT asset management generally uses automation to manage the discovery of assets, so inventory can be compared
to ownership information. Full business management of IT assets requires a repository of multiple types of
information about the asset, as well as integration with other systems such as supply chain, help desk, procurement
and HR systems.
The problems are:
 The decision has a monetary impact on the company.
 The decision need to be based on quantitative methods and qualitative measures.
 The decision cannot always be objective as the criteria being used is often complex and has multiple
complicated dimensions of sub choices.
Let us expand on the above points:

The decision has a monetary impact on the company.
The decision to purchase any Information Technology in any form has a twofold impact on the organisation. The
first type is the actual cost of the purchase or rental of the software or hardware solution. The second not so obvious
cost is the running costs of actually using the solution. The intention of the solution was to increase productivity
and profits, but an incorrect choice can actually result in an even greater loss than if the organisation had not used
the solution at all. An example of this is recent e-tolling solution that met public outcry.
In a nutshell, there was a lot of new technology that was employed to deal with high speed road tolls. However,
the greatest issue was the public was never fully consulted. The company then made a massive investment in
rolling this out, but the system was highly debated after it had been installed and may at the time of printing this be
still unused. Read Below:
READ THE FOLLOWING:

"Even as a high court battle to stop the Gauteng e-tolling system played out in Pretoria, the government was
sticking to its guns, saying the implementation of the tolling project had reached the point of no return.
Presenting his R39-billion departmental budget for the next financial year in the National Assembly, Transport
Minister S'bu Ndebele claimed that the Gauteng freeway improvement project had won the support of the majority
of its users.
But opposition parties - the DA, COPE and the African Christian Democratic Party - slammed the looming system,
some branding it the ''most expensive in the world".
Ndebele said a "huge majority" of the estimated 800000 regular users of Gauteng's freeways had given e-tolling
the thumbs-up by buying e-tags.

"We are encouraged that 501245 e-tags have so far been sold and distributed to regular users of this road network.
It's a clear indication that people are cooperating with us," he said.
A court battle waged by various lobby groups to interdict the implementation of the Gauteng tolling regime is
scheduled to resume today after a judge ruled that the matter was urgent.
The tolling system is due to take effect at midnight on Monday.
Opposition MPs are not impressed by Ndebele's assertions.
The DA's Ian Ollis is leading the charge. "What we have been forced into with the e-tolls is the world's most
expensive toll collection system,'' said Ollis. ''It will cost over R1-billion a year just to collect the tolls. That money
will not go to upgrading highways but to the company that won the tender."
Ollis argued that it would cost only R4-million a year to administer a "small fuel levy" increase instead of the
"expensive tolls".
The ACDP's Steve Swart weighed in, saying his party was opposed to the tolling of suburban roads because of
rising fuel prices. He said the government should have thought about the high cost of collecting the tolls before it
entered into the R20-billion agreement.
"This tolling project will impose an indirect cost on the economy via the associated strikes and will impose a direct
cost by increasing transport costs," he said.
Ndebele hit back by insisting that there was "no way" the government would abandon e-tolling.
"Who is going to say which road toll should be stopped? Which project do you want stopped because you've got
R20-billion to pay. the road is there; you can't roll it away like a carpet.
"It's your problem."

He argued that the tolls had to be enforced to enable the SA National Roads Agency (Sanral) to repay its loan of
R20-billion, used to finance the improvement of highways around Pretoria and Johannesburg in the last two years.
He said failure to service the debt could cause it to skyrocket to R32-billion because of higher interest rates in the
near future, and could compromise the credit rating of the government.
The decision needs to be based on quantitative methods and qualitative measures.

Besides the cost in the entire decision making process, the complicating factor is measuring the value of the
Information Technology investment to the organization.

In a nutshell the following are reasons and benefits that one needs to look at during the Information Technology
Investments process.
 Means of achieving competitive advantage
 Poor investments can be a competitive disadvantage
 Avoid physical risks-Equipment
 Avoid managerial risks-Goals
Organisational Strategic Planning in Information Technology Investment Decision making process
Figure 19- MIS Hierarchical planning stages (Schniederjans, 2004, p. 16)
It is important to know where Information Technology investment and decision-making methodologies fits into the
general framework of an organisation

1. Strategic planning stage: Senior managers are expected to be involved in developing specific systems to
implement corporation-wide strategy, and also develop the strategies themselves. In this phase management
has to weigh the risks against the rewards for expanding on Information Technology resources within the
scope of the organisations mission or purpose. The outcomes of this stage are usually a general set of goals
and objectives with corporate governance mandates.
2. Tactical planning stage: Middle level managers are expected to
implement the goals and objectives defined in the prior Strategy stage.
This is where they will decide how to implement the stated goals and
objectives. While the prior stage may have a 5 year schedule, this stage
would break that down into smaller time chunks and what must be done in
each time period. This is where the general plans are transformed into
specific areas of work. The key outcome would be to determine the
resources that would be required to achieve the desired work. It is at this
stage the investment decisions on Information Technology are made.
3. Operational planning stage: The more detailed day to day work is
planned and scheduled. Where tactical planning takes into consideration
the total workload of a department, the operational planning stage targets individual goals and objectives.

The decision cannot always be objective as the criteria being used is often complex and has multiple
complicated dimensions of sub choices.

In the example (Schniederjans, 2004, p. 7) of choosing a personal computer we see the number of ways we
approach the problem, usually start of by looking at the cost factor and then looking at the options they can
purchase depending on their need and what they can afford to get. The table below illustrate the sequential manner
in which this is process is carried out.
Figure 20- Complicated dimensions of sub choices
What is Information Technology Investment?
Figure 21- A Management Information System - Allocating all resources to this can be considered to be
an IT investment (Schniederjans, 2004)

Activity
Attempt the following questions and research further if you could not
answer the questions.
1. Why is the “productivity paradox” important in IT investment decision

making?
2. Why is there such diversity in the types of IT investment decision making

problems?
3. What is the relationship between the components of an MIS and the use of
IT investment decision making methodologies? That is, give examples of the
MIS components that might require an investment.
4. Why is it important to consider the limitations of IT investment decision

making methodologies in an analysis?
5. Why is it important to see where IT investment decision making fits into the
overall planning of business organizations?
Read the Following Magazine Article- 7

MAGAZINE
Architecture-Based IT Valuation
Marc Lankhorst, Dick Quartel
Wednesday, 31 March 2010
Supporting portfolio management and investment decisions

This paper outlines our architecture-based approach to IT valuation and portfolio management. It sketches how
different valuation criteria can be combined and linked to architecture models, and how a first part of this approach
is implemented in an architecture modeling tool. In this manner, the value (costs & benefits) of different elements
in the architecture can be computed and attributed to the various goals of the organization, thus supporting well-
informed IT investment decisions.
Introduction
After almost half a century of IT developments, many large organizations face an unfavorable ratio between old
(existing) IT and new IT. Because old IT systems tend to be monolithic, unwieldy and inflexible, organizations
experience maintenance as difficult and modernization to meet new business demands as improbable. Some
7 http://www.via-nova-architectura.org/en/magazine/magazine/architecture-based-it-valuation.html

organizations spend up to 90% of their IT budget in 2009 on maintaining the existing IT landscape, leaving only
10% for innovation. If this trend of increasing budget requirements for existing IT is not reversed, then in the
nearby future no budget at all will be available for new IT. In the worst case, innovation is squeezed out completely
and budgets to spend on existing IT may become insufficient to perform crucial maintenance tasks.
By focusing on the value of IT instead of considering costs only, organizations can decide which IT really
contributes to their business goals and make a well balanced division into budgets for maintenance, exploration,
realization and phasing out. Traditionally, IT has often been regarded only as a cost center in business case
calculations. Its less tangible benefits have often been more or less neglected in portfolio management decisions.
Furthermore, in the past information systems tended to be relatively stand-alone, supporting a single business
silo. This made it easier to attribute its costs and benefits.
Nowadays, however, IT systems and services are more and more interwoven with the business and may support
many different activities, generate independent revenue streams, attract new business, et cetera. To create a
clear insight in these effects, we need a valuation approach that takes as a starting point the overall coherence
of the organization, its products and services, business processes, applications, and infrastructure, i.e., from the
enterprise architecture.
Enterprise architecture makes the connection between enterprise goals and the business functions, processes,
people, IT systems and infrastructure required to reach these goals. It also considers the enterprise as an
interrelated whole, instead of as a set of unrelated point solutions for problems. The valuation approach described
in this paper uses enterprise architecture models to relate business goals to the IT artifacts, such as services,
processes and applications that realize these goals. In this way, the KPIs associated with each goal can be related
to the relevant attributes of the IT artifacts. This enables the development of automated and model-based
techniques to analyze KPIs and business goals. Moreover, by performing such analyses as part of the
architectural design process, different design alternatives can be assessed with regard to their contribution to
business goals. The enterprise architecture foundation ensures that local optimization is avoided and enterprise-
wide effects of changes are taken into account.
This paper describes the ingredients for an integrated IT valuation method that uses architectural models as its
backbone. First, we explore the generic business requirements that comprise the high-level strategy of the
organization with respect to its IT, such as its value center approach and operating model. These strategic choices
determine the aspects that need to be taken into account when assessing the value of the IT portfolio. Next, we
describe in more detail how business requirements can be modeled in conjunction with the enterprise architecture
of the organization. This helps in realizing the requirements traceability that is needed to perform a well-founded
portfolio assessment.

Figure 22: Overall structure of our method.
Business requirements and enterprise architecture are the main inputs for Bedell’s method, which computes the
‘value’ of IT systems. The method takes the importance of IT systems to the business and the effectiveness of
their support and creates aggregate metrics across the entire IT landscape. Such metrics should preferably be
as concrete as possible. We describe how to decide on such criteria and indicators for various aspects of the IT
landscape that need to be evaluated. These include quality attributes such as the ‘-ilities’ well-known from
software engineering, and risk analysis criteria. Finally, we give a first outline of a method in which the above-
mentioned ingredients are integrated, the structure of which is shown in Figure 22.
Determining the IT strategy

In putting a value to IT systems, projects and investments, it is highly important to first have a clear insight in the
strategic choices the organization has made with respect to its IT operations.
Venkatraman (1997) presents one approach to differentiation in IT goals: the value center orientation for IT. The
main idea is that each center represents a different way of extracting value from IT resources. Note that the
centers are interdependent. Venkatraman considers four different value centers (see Figure 23). ‘The cost center
reflects an operational focus that minimizes risks with a predominant focus on operational excellence. Service
center, while still minimizing risk, aims to create IT-enabled business capability to support current strategies.
Investment center, on the other hand, has a longer-term focus and aims to create new IT-based business
capabilities. Finally, profit center is designed to deliver IT services to the external marketplace to realize
incremental revenue as well as gain valuable learning and experience to become a world-class IT organization’.
(Venkatraman, 1998).

So on the one hand, there are the cost center and service center approaches, focusing on current business
strategies. On the other hand, there are investment center and profit center that aim at maximizing opportunities
from IT resources and shaping future business strategies.
Figure 23: The concept of a value center (Venkatraman,1997)
For each center, specific business goals and performance indicators can be defined. This approach with different
IT strategies fits with the focus of the IT valuation method our applied research project is constructing. The
business strategy and the matching value centers provide important input for the choice of valuation and
assessment criteria for the IT portfolio.
Cost center
IT that is typically positioned in the cost center is not related to business goals. Examples are the operational
infrastructure involving most data centers, telecommunications network and routine maintenance like installing
and removing equipment, answering questions and administrative support. Specific performance metrics are used
as decision criteria, which are not related to business metrics. Cost center works well when input and output can
be clearly related, like doubling the budget results in a performance increase by factor 3. Relevant performance
metrics are quantitative in nature, for example costs per unit of something, maintenance costs per unit, or costs
per employee. Such measures need to be benchmarked against performance metrics of other organizations in
order to be able to find opportunities for improvement.
Service center
The service center aims to create IT-enabled business capabilities that drive current business strategy. IT
resources create tangible current business advantages. IT is strongly related to business goals. Investment
decisions are not solely based on costs but rather on improving service provisioning. Whether an IT system is a

cost centre or a service centre depends on the organization. In this way, an IT system can be considered as a
service centre for the one organisation and a cost centre for the other.
For example, service characteristics such as minimize downtime and improve reliability can also be considered
as performance metrics. The main question in the service centre category is whether an IT system gives the
organization a competitive edge and differentiates the organisation from its competitors. So the purpose of use
of an IT system is important and not the application and functionality in itself. From a service centre perspective
an organization should look at the degree that an IT system contributes to customer acquisition and retention.
Investment centre
The investment centre has a future orientation. It focuses on innovations, for example creating new business
capabilities by means of IT. This requires more than IT. New business capabilities are created with a unique
combination of structure, processes, systems and expertise. Investment centers should focus on more than
technology. Next to IT investments complementary investments will be needed to realise a business capability.
That is, IT investments become part of a total package. Investment center involves resource allocations based
on strategic redirection and reliance on IT for business innovations. The real options approach fits with the
investment center rather than traditional financial metrics, since the real options approach takes risks and
uncertainties into account. The investment center should be run as a venture capitalist. It requires the forward
look of a business innovator.
Profit center
The profit center has a focus on delivering IT products and services in an external marketplace. Next to financial
benefits the intangible benefits should also be taken into account in investment decisions. The profit center needs
an external, marketing orientation, instead of an internal captive monopoly. The profit center should work in value
networks and partner with other companies in combining complementary skills and resources to deliver value.
Operating model
Next to the commercial strategy that is chosen for IT operations, as outlined in the previous sections, we also
need to take into account the more operational aspects of the organization in defining an IT planning and valuation
approach. As Ross, Weill and Robertson (2006) show with numerous case studies, successful enterprises employ
an ‘operating model’ with clear choices on the levels of integration and standardization of business processes
across the enterprise (Figure 3):
1. Diversification: different business units are allowed to have their own business processes. Data is not
integrated across the enterprise. Example: diversified conglomerates that operate in different markets, with
different products.

2. Replication: business processes are standardized and replicated across the organization, but data is local
and not integrated. Example: business units in separate countries, serving different customers but using the
same centrally defined business processes. Example: a fast food chain replicating its way of working through
all its local branches.
3. Coordination: data is shared and business processes are integrated across the enterprise, but not
standardized. Example: a bank serving its clients by sharing customer and product data across the
enterprise, but with local branches and advisers having autonomy in tailoring processes to their clients.
4. Unification: global integration and standardization across the enterprise. Example: the integrated operations
and supply chain of a chemicals manufacturing company.
This operating model should fit both their area of business and their stage of development.
Ross et al. explain the role of enterprise architecture as the organizing logic for business processes and IT
infrastructure, which must reflect the integration and standardization requirements of the operating model. For
example, ERP systems are used extensively by companies that have a unification strategy, since these systems
are well-suited for both sharing data and standardizing business processes across the enterprise. In a
diversification scenario, however, investing in an ERP system might be a wrong choice, since the varied collection
of business processes and localized data do not lend themselves to the ‘one size fits all’ approach of such a
system.
Figure 24:Operating models (Ross et al., 2006).
Next to this operating model, they provide a stage model of the architectural development of organizations:
1. Business silos: every individual business unit has its own IT and does local optimization.
2. Standardized technology: a common set of infrastructure services is provided centrally and efficiently.
3. Optimized core: data and process standardization, as appropriate for the chosen operating model, are
provided through shared business applications (e.g. ERP or CRM systems).

4. Business modularity: loosely coupled IT-enabled business process components are managed and reused,
preserving global standards and enabling local differences at the same time.
5. Dynamic venturing: rapidly reconfigurable, self-contained modules are merged seamlessly and dynamically
with those of business partners.
In practice, most companies are still in stages 1–3. Investment decisions should be guided by the chosen
operating model and the current and desired stage of an organization. E.g. if an organization wants to move from
stage 1 to stage 2, the focus should be on standardizing and centralizing IT infrastructure in order to achieve
efficient operations. The contribution of IT systems and projects to achieving the desired stage, in concordance
with the chosen the operating model, should be a core criterion in valuating these systems or projects.
Another reason for using enterprise architecture in investment decisions is that it provides a coherent view of the
various dependencies between IT systems and of their contribution to business processes and services, and
hence of the broader effects of a localized IT investment decision.
Describing business requirements

Knowing what the overall IT strategy and resulting operating model is, is only a first step. Next, we have to make
these strategic choice more concrete and define the resulting business goals and requirements are. Business
requirements management denotes the early phase of the requirements management process that is concerned
with the identification, description, analysis and validation of requirements at business level and their realization
in enterprise architecture. These requirements are a reflection of the business strategy and provide a
concretization of this strategy.
A desired organizational and/or technical change requires the investigation of the stakeholders that are involved
and their concerns regarding the change. New goals and requirements are identified, or existing ones are
changed, to address these concerns. Analysis of these goals and requirements is needed to guarantee
consistency and completeness, and to propose one or more alternative architecture designs that realize the goals
and requirements. Validation of these alternative designs aims at assessing their suitability and selecting the best
alternative.
In this way, business requirements capture the motivation and rationale behind (the design of) enterprise
architectures. Furthermore, architecture artifacts, such as business services, processes and supporting software
applications, are related to the (high-level) goals and requirements they originate from. Or put in another way,
goals and requirements can be traced towards the architecture artifacts that realize them. This traceability
between goals and requirements on one side and architecture artifacts on the other side is important to valuate
these artifacts. In the context of this work, the valuation of artifacts that represent or require IT support is of
particular interest. The valuation of some artifact in terms of the allocation of costs and benefits may largely
depend on the goals and requirements to which the artifact contributes.

Problem chains
Requirements engineering (RE) is concerned with the process of finding a solution for some problem. This
concern can be approached from a problem-oriented view, which focuses on understanding the actual problem,
and a solution-oriented view, which focuses on the design and selection of solution alternatives.
Problem- and solution-oriented requirements engineering can be considered as two consecutive or
complementary phases. Iterations of these phases may be applied to address a problem progressively, i.e., in
multiple, successive steps. From this perspective we can identify so-called problem chains, where each chain
links a problem to a solution such that the solution is considered again as a problem by the next chain. For
example, a business analyst may investigate a business problem and specify a business solution for this problem.
This new solution may require IT support, therefore becoming a problem for the IT analyst. Figure 25 illustrates
the notion of problem chains.
Figure 25: Problem chains
Problem chains link requirements engineering to enterprise architecture. This is illustrated in Figure 26 The why
column represents the problem-oriented view and defines the business needs, goals, requirements and use-
cases that should be addressed. The what column represents the solution-oriented view in terms of enterprise
architecture artefacts, such as services, processes and applications. These architecture artefacts define what the
enterprise must do to address the business needs, goals, requirements and use-cases. At the same time, these
requirements engineering artefacts motivate and justify why the enterprise architecture is defined the way it is.

Figure 26: Relation between requirements engineering and enterprise architecture
Requirements management and enterprise architecture

Following the idea of problem chains enables an iterative way of working. Given some problem, the first step is
to analyze the problem and elicit goals and requirements that address the problem. These goals and requirements
are represented by a requirements model. The second step is to conceive a composition of products, services,
processes and applications that realizes the goals and requirements. This composition is represented by an
enterprise architecture model. Both steps can again be repeated for (the problem of) realizing the elements of the
architecture.
Figure 27: Relation between requirements and architecture models
Figure 27 illustrates the relationship between requirements and architecture models, and indirectly, also the
relationship between the requirements management and enterprise architecture processes. These processes are
typically divided into distinct phases, which results in a series of requirements and architecture models such that
models in succeeding phases refine models from preceding phases (as represented by the dashed arrows). For
example, Figure 27 illustrates a process of two phases: the design and realization of some enterprise architecture.
Requirements engineering cycle

The idea of problem chains distinguishes two views on an architecture model: (i) as a design artifact that
represents a solution for some design problem, and (ii) as a frame of reference that delimits the design or solution
space. These views are illustrated in the left part of Figure 28.
Figure 28: Views on an architecture model

In general, requirements engineering starts with some organizational goal that needs to be addressed. This issue
cannot be approached ‘from scratch’, but has to take the current organization into account, as represented by
architecture model A1. This means that any requirement or goal in requirements model M should be defined
‘relative’ to architecture A1 in order to address the change. In this situation, architecture A1 acts as a frame of
reference for (problem-oriented) requirements engineering. Subsequently, a new architecture A2 is designed that
realizes a solution for the requirements and goals in model M. In this situation, architecture A2 is considered a
design artifact that results from (solution-oriented) requirements engineering.
The right part of Figure 7 depicts a further decomposition of requirements engineering into three steps:
 Problem investigation, which focuses on the problem, i.e., the organizational change, by identifying and
analyzing its cause in terms of the involved stakeholders and their concerns, and by setting goals to deal
with the change.
 Investigate solution alternatives, which refines the goals in order to find possible solutions to realize them.
Analyses are performed to reveal conflicts between (refined) goals or contribution relations between goals
in which goals contribute positively or negatively to other goals. Typically, these analyses trigger the
identification and elaboration of alternative solutions.
 Solution validation, which validates alternative solutions and chooses the ‘best’ among them. This choice is
amongst others influenced by the conflict and contribution relations that have been identified.
These steps constitute a generic requirements engineering cycle that can be repeated at successive phases in
the development of some enterprise architecture, as indicated by the dashed arrows in
Figure 28. Furthermore, the identification, analysis and refinement of solution alternatives in the second step may
be repeated as well, leading to ‘sub-cycles’.

In Quartel, et al. (2009), a method and modeling language, as an adjunct to the ArchiMate language (Lankhorst
et al., 2009), have been presented that support business requirements management as outlined above. In this
paper, we will not go deeper into this topic, but merely use these ideas in an example below. The interested
reader is referred to the aforementioned publication.
Computing aggregate IT valuations

In the previous sections, we addressed the business strategy and requirements that provide the context for
determining the value of an organization’s IT portfolio. In the context of our method, the value of the IT portfolio
is related to the way in which IT projects and applications support these strategic goals and requirements. To
assess such a portfolio, the contributions of its various elements to the goals of the organization must be
determined. Note that this method does not provide a direct link with the effects of IT projects, and hence of the
organization, on the outside world; rather, it assesses the contribution of the IT portfolio to the organization’s
goals, which in turn may contribute to such external effects.
A contribution can be divided into two elements: its importance to a business goal and the quality or effectiveness
in supporting that goal. The value of an organization’s IT portfolio thus depends on the contribution that its
constituent elements provide to the business.
An interesting and useful way of computing an IT portfolio’s value based on these business contributions is
Bedell’s method (Schuurman et al., 2008). This method answers three questions:
1. Should the organization invest in information systems?
2. On which business processes should the investment focus?
3. Which information systems should be developed or improved?
The underlying idea of the method is that a balance is needed between the level of effectiveness of the information
systems and their level of strategic importance. Investments are more crucial if the ratio between the effectiveness
of an information system and its importance is worse.
In order to calculate this ratio, the following information needs to be determined:

 The importance of each business process to the organization.
 The importance of information systems to the business processes.
 The effectiveness of the information systems to the business processes.
Based upon this information, three portfolios are calculated: for the organization as a whole, its business
processes, and the information systems that support these processes. Figure 29 depicts an example of all three
portfolios and associates a general investment decision to each quadrant of the portfolios. A dashed arrow points
to the ideal position of some organization, business process or information system (IS) in the portfolio.

Figure 29: Investment portfolios
The prioritization of investment proposals is determined by the contribution of each information system, which is
defined as the product of its importance and the projected improvement of its effectiveness. In addition, the value
of the investment can be evaluated by calculating a so-called project-return index. This index relates the
contribution of the information system to the development costs.
Foundation
Bedell’s method is well-suited to be used in combination with enterprise architecture models. Figure 9 depicts the
architecture elements on which the method operates: a business actor that represents the organization as a
whole, the business processes of the organization, the activities that are performed by the business processes,
and the information systems that support these activities. The architecture elements are represented in the
ArchiMate language (Lankhorst et al., 2009).
For convenience, the ‘used by’ relation is used to relate the architecture elements, except for the aggregation
relation between an individual ‘Information system’ (represented as an application service) and the collection of
(all) ‘Information systems’. As noted before, Bedell assumes the following restrictions on the architecture model:
(i) a business process may comprise multiple business activities, but a business activity contributes to only a
single business process, and (ii) a business activity is supported by a single information system (represented as
an application service), and an information system supports only a single business activity.
Figure 30: Bedell’s method and enterprise architecture
The names that are annotated to the ‘used-by’ relations in Figure 30 represent the variables that need to be
determined as input to the calculation of the investment portfolios as depicted in Figure 29:

 IBO = the current Importance of some Business process to the Organization;

 IAB = the current Importance of some Activity to some Business process;
 IIB = the potential Importance of Information systems to some Business process;
 ESA = the current Effectiveness of some Information System to some Activity.
Plotting portfolios
The information obtained from computing these indicators can be shown graphically, as illustrated by the figure
below. This type of plot is familiar to anyone who knows the business value – technical value diagrams used by,
for example, the ASL methodology, in particular its Application Lifecycle Duration
Measurement Method (ALMM).
Figure 31: Example of an activity level portfolio
Figure 31 depicts an example of an activity-level portfolio. The importance of an activity to a business process is
represented by variable IAB at the y-axis. The effectiveness of a single information system in supporting an activity
is represented by variable ESA at the x-axis. Similar plots can be made at the business process and organizations
levels.
In Bedell’s method, an information system is considered effective when it is cost-effective, has high technical
quality and is functionally appropriate. It is considered strategically important when the activities it supports are
crucial to a business process or the organization in obtaining its strategic objectives. The prioritization of
investment proposals is determined by the contribution of each information system, which is defined as the
product of its importance and the projected improvement of its effectiveness. In addition, the value of the
investment can be evaluated by calculating a so-called project-return index. This index relates the contribution of
the information system to the development costs. However, the determination of all these variables is rather

subjective and lacks concrete guidance. Hence, we need more concrete measurements of the properties of the
IS landscape.
Tool support
The input variables IBO, IAB, IIB and ESA can be defined as attributes of the used-by relation in an ArchiMate
enterprise architecture model. This allows one to calculate the portfolios of Bedell’s method automatically. For
this purpose, the BiZZdesign Architect tool has been extended with a valuation profile for Bedell’s method and a
viewpoint for each portfolio. Figure 32 depicts part of the example from (Schuurman et al., 2008) as modelled in
ArchiMate. In addition, the figure shows the profile properties in the Architect tool that are used to represent the
Bedell variables, including the labelling of some of the architecture elements with the values of the properties.
Figure 32: Valuation profile for Bedell’s method

The portfolio viewpoints calculate the values of the variables at the axes of the portfolios as explained before.
This information can be shown in a table (Figure 33) or in graphical form (Figure 34).
Figure 33: Business process portfolio in BiZZdesign Architect
Figure 34: Business process folio in Excel
Expressing and assessing value

For assessing an IT portfolio, specific measures are needed as input for decision making. These measures or
KPIs should be derived from the business goals. Bedell’s method uses ‘importance’ and ‘effectiveness’ as major
criteria, which are both single measures related to an application or business process. The notion of ‘effectiveness’
(or rather ‘quality’) is broad and it depends on the value centre approach that the organization chooses. For a
service center approach, for example, customer satisfaction is an important criterion; the effectiveness with which
a system supports this may depend more on aspects such as usability. For a cost center, low maintenance and
efficient usage of resources is important, and for an innovation center, flexibility of a system is essential to obtain
an effective support of future capabilities.

Although the scope of the concept of effectiveness is large, the various views can all be related to concepts of IT
quality that are addressed in the ISO 9126 standard for software quality (ISO/IEC, 1991). Although this standard
was originally intended for classifying various types of requirements posed to a system before it is built, the
attributes can also be used to assess its qualities after it has been constructed.
The notion of ‘importance’ is more difficult to address. Although methods such as ASL [Van der Pols & Backer,
2006] provide questionnaires to investigate the business value of applications, much of this value is dependent
on, for example, the value of the information a system provides to the business, the value of future opportunities
opened up by IT, or the value of customer satisfaction created by a user-friendly system. A future project phase
might pay more attention to these types of value assessments.
One important category of indicators related to importance addresses risk. Risk in general is one of the criteria
on which managers base their investment decisions. ‘Risk’ is often defined as the effect of uncertainty on business
goals (e.g. in the ISO 31000 guide (ISO, 2009)). In the value center approach, ‘risk propensity’ is an important
factor in the type of value center. The cost and service centers aim for low-risk operations, whereas the profit and
investment centers allow for higher risks in order to obtain possible (but uncertain) gains from future business
opportunities. There are also risks concerned with failure of projects.
To provide the connection between the IT strategy and value center approach, we have investigated a first
mapping between the four value centers and the specific indicators that are most relevant for these centers.
Further research is needed to come up with concrete indicators that can be used within the context of the method
outlined in the previous sections. Furthermore, decision making, whether the decisions apply to IT or not, is rarely
performed under conditions of complete certainty. We will have to deal with these uncertainties and the risks
associated with these decisions. Bayesian networks (Johnson et al., 2007) are an established mathematical
technique to deal with uncertainties in networks of dependencies like enterprise architectures.
Another challenge is dealing with imprecise measures. If one asks an expert or managerial opinion on a qualitative
aspect of an IT system, his or her answer is often expressed in rather vague terms, for example: ‘this system is
rather good’, ‘this business process is very important’. But what does ‘rather good’ or ‘very important’ mean?
Techniques such as fuzzy logic (Zadeh, 1965) could be used to express and reason about such terms.
Putting it all together

If we put all the elements described in the previous sections together, we arrive at the figure below. The value of
an artifact or project is determined by its contribution to the achievement of business goals. Its contribution is
loosely defined by ‘importance x quality / effectiveness’ of the artefact. Business goals are translated into

(operational) requirements on the enterprise architecture and into the structure of its operating model, and further
refined into KPIs for the artifacts. ‘Importance’ can be determined by assessing the ‘strength’ of the relations
between the business goals and the artifacts. ‘Effectiveness’ or ‘quality’ is determined by measuring the identified
KPIs. Based on these measures of importance and effectiveness, we can then determine the value of the artifacts.
Decision making and evaluation of alternatives based on the valuation of an IT portfolio will require an assessment
of multiple aspects. An obvious case is the combination of financial aspects (e.g. direct cost, TCO, ROI, NPV) in
relation to measures of business and technical value or effectiveness and importance, as described in the
previous sections. Established financial instruments such as TCO or ROI calculations do not use the architectural
structure and dependencies but do their computations only on the individual elements present in the portfolio.
The outcomes of these techniques should of course be taken into account in making IT investment decisions.
Each of these techniques results in some assessment or valuation. These results alone are of course not enough.
Given an assessment of the cost, returns and qualities of different alternatives, for example renovating an
application, replacing it completely, or leaving it as-is, how can the organization decide upon such a multitude of
inputs?
Rather than use a separate method for each of these assessments and combining the results by hand, our
ultimate goal is to develop a flexible plug-in architecture for architecture-based valuation methods, in which
different criteria can be combined using a central framework for multi-criteria analysis. Our aim is to provide an
integral approach that can be implemented in tools for architectural design and analysis, to provide optimal
support for architects and IT managers.
Moreover, using these techniques as part of the architectural design process, the value of using enterprise
architecture as a foundation for decision making is strengthened. Different design alternatives can be assessed
on their contribution to business value and well-informed decisions can be made that take the enterprise-wide
effects of changes into account.
In summary the above article should be looked at in the light of Information Technology investment, however as
an Information Technology manager, it’s very simple! Know what you want and need before you invest, therefore
one must have a proper design that will feed and service the goals of the organisation, and then make Information
Technology investments based on this planned design.

3.3 Investigate The Following Methodologies.

Use this https://docs.google.com/open?id=0B1ZF9spPlWD-Z2VjbVM4UExtYWs
Attempt explaining the following methodologies after reading (Schniederjans,
2004) - This is an important reading to understand the following and cannot be
all explained here without making this section of the book far too long. Here is
the summary of what you will find in that book.
Description Type of
criteria
Application Benchmark Construct a computer program to be run by vendors so as to Tangible
Technique determine the run time of individual computer system configurations
Application Transfer Conduct a study to determine exact requirements of the IT and to Tangible and
Team support the business case intangible
Automatic Value Calculate the degree of automation based on a set of criteria Tangible and
Points concerning the contribution of IT to the overall business performance intangible
Bedell’s Method Calculate contribution of an IT system by multiplying an importance Tangible and

score by the level of quality improvement made by the system intangible
Information Economics Calculate the overall value of an investment based on enhanced Tangible and
ROI, business domain, and technology domain criteria intangible
Information Systems Make a financial comparison between the organization and its Tangible and
Investment Strategies competitors, examine the portfolio of existing applications and intangible
prepare the business case for areas with expected high returns
Investment Mapping Calculate evaluation criteria scores and plot investment alternatives Tangible and
on a grid intangible
Investment Portfolio Calculate contribution of IT system to business and technology Tangible and
domain and calculate financial consequences (NPV) of the system intangible
Information Economics Calculate the overall value of an investment based on enhanced Tangible and
ROI, business domain, and technology domain criteria intangible
Information Systems Make a financial comparison between the organization and its Tangible and
Investment Strategies competitors, examine the portfolio of existing applications and intangible
prepare the business case for areas with expected high returns

Investment Mapping Calculate evaluation criteria scores and plot investment alternatives Tangible and
on a grid intangible
Knowledge Based Obtain an overall quantitative rank based on traditional capital Tangible and
System for IS budgeting techniques and an overall qualitative rank of projects intangible
Evaluation based on rules established by MIS planning groups and MCDM
models
MIS Utilization Calculate the overall success of an IT investment based on 48 Tangible and
Technique performance criteria intangible
Process Quality Analyze mission, critical success factors and key business processes Tangible and
Management to identify areas for IT investment intangible
Description Type of
criteria
Requirements-Costing Calculate total cost of an investment as cost of the mandatory Tangible
Technique features plus additional costs for desirable but not included features
Return on Calculate the return of an investment that can be attributed to Tangible

Management management productivity
SESAME Compare the cost of a computer system with the cost of performance Tangible
without a computer system
SIESTA Assess benefits and risks of the fit between IT technology Mostly
strategy/infrastructure and business strategy/infrastructure intangible
Strategic Application Analyze the extent of existing systems and identify the most Intangible
Search and Systems productive areas for future investment
Invest. Meth.
Value Analysis Establish value of a system (and/or prototype) by asking Tangible and
management simple value-related questions and compare that value intangible
to investment cost

Ward’s Portfolio Assess risk of investment and risk of the portfolio of investments after Tangible and
Approach undertaking investment intangible
Zero-based budgeting Partition projects into smaller projects, assess each smaller project Tangible and
based on the same evaluation framework, and select the most intangible
important smaller projects assuming limited funding
Balanced Scorecard Evaluate an investment from the user’s, business value, efficiency, Tangible and
and innovation/ learning perspectives intangible
Boundary Calculate the ratio of IT cost to a known aggregate value (total sales, Tangible
Values/Spending total assets, etc.)
Ratios
Cost Displacement/ Compare the cost of IT investment to the current costs displaced by Tangible
Avoidance the IT system plus the projected costs avoided by the system
Cost Effectiveness Compare the effectiveness of a system with its cost and select the Tangible and
Analysis system with the lowest cost, best effectiveness, or the optimal intangible
combination of both
Description Type of
criteria
Critical Success Obtain, compare, and rank factors critical to business success, and Intangible
Factors based on these rankings, deduce investment priorities
Hedonic Wage Based on employee activity time allocation, calculate the marginal Tangible
value of each employee and use these values to estimate the value
of IT investment benefits
Real Options Calculate additional value of investment that exists because it Tangible and
Valuation provides the option for a second investment intangible
Quality Engineering Translate perceived value and risk into a quality score Intangible
Satisfaction/ Priority Survey and compare user and IS professionals’ opinions on the Intangible
Surveys effectiveness and importance of installed systems
Structural Models Create a model to analyze how an information system affects the Tangible and
costs and revenues of the particular business function or line of intangible
business it is intended to serve

Time Savings Times Calculate the value added of an IT investment by estimating the Tangible
Salary percentage of time the system will save workers and multiply by the
cost of the workers
Value Chain Analysis Assess how an IT investment can provide competitive advantage in Tangible and
each phase of the chain intangible
(Schniederjans, 2004)
In a macro economic sense, a firm operates within an industry and within

REMEMBER:
global markets. The integration of IT creates linkages between all
possible stakeholders that are connected to or do business with any firm. If a firm in a particular
Stakeholders in a macro economic sense include the external partnering industry does not make
the right IT investment
companies that help the firm perform their business functions, their
decision, then all
supply-chains that link firms together in their industry and with other stakeholders can be
supply-chains, the government, and society as whole. negatively impacted and
If a firm in a particular industry does not make the right IT investment incur costs
decision, then all stakeholders can be negatively impacted and incur
costs.
IMPACT OF STAKE HOLDER AND COSTS

Stakeholder Examples of macro economic costs
Industry Poor IT decisions could cause the firm to go out of business. That reduces
customers competition and increases the likelihood of higher prices to customers. It
also diminishes the quality of selection of products within the industry to all
customers.
Industry members Poor IT decisions could cause the firm to go out of business, which could
diminish the industry’s demand for supplies, and in turn possibly diminish
the supply-chain network that support other companies in the same industry.
Industry partners Poor decisions on IT can burden suppliers, vendors, and consultants forcing
and supply-chain them to incur needless costs to maintain equally poor IT that may not serve
members their internal needs. Poor IT and the interfaces across supply-chains can
slow down communications, making them less efficient and more costly for
all members. Since in economic theory all supply-chains are linked together,
diminishing one supply-chain will have a negative impact on all those other
supply-chains that are linked to it.

Government Poor IT can inhibit information between the firm and the government
agencies in monitoring problems. Earlier detection of problems and
notification by the government might save the firm unnecessary rework
costs. Poor IT can also burden the government in their efforts to do a better
service for all society and increases the government’s costs.
Society Poor IT can delay, delete, and cancel customer orders causing frustration
and costs of all kind. Poor IT investments will eventually be passed on to the
consumer, which means needless higher costs to them. Some bad decisions
can cause an entire company to go out of business, resulting in the loss of
jobs to the employees and revenue to their local economies.
MICRO ECONOMIC VIEW

IT asset risks to
IT design and IT
hardware,
IT staff risks development implementation
software, and
risks risks
data
Vulnerability due Employee training exceeds estimates Failure to obtain Costs that
to access can requiring additional expenses anticipated exceed estimates
cause law suits benefits adds to
due to revealing cost of
sensitive operations
customer
information
Vulnerability due Changes in salary to match new IT unable to Time exceeding
to piracy or theft technology skills increases expenses support current estimates can
requires business cause lost
replacement operations customers and
costs requires penalty costs
ongoing and
additional future
expenditures to
fix

Vulnerability due Management time exceeds IT unable to Unexpected user

to purposeful or expectations support future resistance to
accidental business using IT can
deletion operations cause lost
requires productivity
ongoing and adding to
additional future operating
expenditures to expenses
fix
Vulnerability due Employee motivation drops as time Incompatibility Changes cause
to natural increases, requiring overtime or integration temporary loss of
disasters can expense system failures productivity
cause a loss of requires adding to
customers ongoing and operating
additional future expenses
expenditures to
fix
(Schniederjans, 2004)

Please research the following methodologies for Information Technology Investment: It is
required to do this reading and research to understand strategies for making the right IT
investment decisions and avoiding IT costs.
Method:
 Accounting rate of return: Analytic hierarchy process: Application benchmark
technique: Application transfer team: Automatic value points:
 Balanced scorecard: Bayesian analysis:
 Bedell's method
 Buss's method:
 Benefits-risk portfolio: Benefit assessment grid: Breakeven analysis: Boundary value:
 Cost benefit analysis: Cost benefit ratio:
 Cost displacement/avoidance:
 Cost effectiveness analysis: Cost-value technique:
 Cost revenue analysis: Critical success factors: Customer resource life cycle: Decision
analysis:
 Delphi evidence:

 Executive Planning for Data Processing: Functional Analysis of Office Requirements:

Gameplaying:
 Hedonic wage model: Information Economics: Investment mapping: Investment
portfolio:
 Information systems investment strategies: Knowledge based system for IS evaluation:
MIS utilisation technique:
 Multi-objective, multi-criteria methods: Option theory:
 Potential problem analysis: Profitability index:
 Process quality management: Quality engineering:
 Return on investment: Return on management:
 Requirements-costing technique: Schumann's method:
 SESAME:
 Seven milestone approach: Strategic application search: Strategic option generator:
SEE: REQUIRED READING AT START OF CHAPTER..
3.4 Strategies for Making the Right IT Investment Decisions and Avoiding IT Costs
Schniederjans says "IT value and implementation must be discussed in the context of the organization’s goals,
strategies, tactics, operational plans, and culture. In order to determine a payback, you must determine the benefits
as they help an organization achieve their goals
Executive managers, not IT managers, should determine strategic allocation decisions. The total amount of funds
to invest in IT, which business processes should receive funding and which IT capabilities are needed organization-
wide are decisions that executive managers or vice presidents (VPs) should make, not IT managers
In order to measure IT value and its performance over time, utilize many measures of contribution and
performance. The fastest way to fail in IT value measurement is to limit an analysis of cost or benefits to just a few
points in an information system or just a few measures of performance
General guidelines on issues of security and privacy risks, project failure risks, and the quality of IT services should
be determined by executive managers and not IT managers. Security, privacy and project failure risks can be very
large risks, involving the potential destruction of the entire organization. They are, therefore, serious enough for
executive managers, CIOs or VPs to have a hand in establishing their willingness to access these risks.
IT evaluation methods must evolve with the organization. Organizations change over time, IT adapts to those
changes, and the measurement methods and systems used to monitor and assess the value of IT must also
change

Recognize the limitations of the IT investment methodologies at each phase of the IT investment decision process.
These limitations may in some cases disqualify methodologies from being applied, and rightfully so
Recognize in all the selection processes mentioned above that the IT manager has potential biases that can
preclude the right IT decision choice from the analysis. Making the right decision on both the criteria to include in
the IT investment decision analysis and the methodology to use requires decision making skills that make us aware
of factors that may bias our decision process.
3.5 Summary
If you make the right IT decisions, you will end up with an investment that
helps your organization to introduce, create or enhance a competitive REMEMBER:
advantage Invest in Information
Technology to:
Improving organization agility: One of the most important competitive Improve agility,
marketing efforts must
advantages in today’s markets is the ability to be agile or develop the
match consumer
capacity to react quickly and successfully to change so as to compete
expectations
effectively in many developed and emerging global markets. Strategic intelligence is a
pre-requisite for change
Helps organizations adjust marketing mix factors to better compete: As Information Technology
investments should be
markets for products change, so do what customers look for in a product
made only after proper
change. Successful firms must change their marketing efforts to match the
investigation
consumer expectations in the mix features offered with a product. Sometimes you should
not invest at all at that
A means of identifying strategic external competitive intelligence: Implicitly moment!
or explicitly an organization’s strategic intelligence is a pre-requisite for
change, and that effective investments in IT represent a critical requirement for implementing the changes that will
take place as a results of that intelligence
Reducing IT investment costs: The right decision on IT investment sometimes means not making an investment at
all

1.Differentiate between hardware and software assets.
Hardware asset management entails the management of the physical components of computers and computer
networks, from acquisition through disposal. Common business practices include request and approval process,
procurement management, life cycle management, redeployment and disposal management. A key component is

capturing the financial information about the hardware life cycle which aids the organization in making business
decisions based on meaningful and measurable financial objectives.
Software Asset Management is a similar process, focusing on software assets, including licenses, versions and
installed endpoints

Unit
4: Business Intelligence


4.1 Introduction  Understand that smart business decisions are based on
4.2 What Is Bi? factual information that is constantly being analysed
4.3 Reasons for Business Intelligence  Understand what Business Intelligence is?
4.4 Benefits of Business Intelligence  Understand why we would want to use Business Intelligence
4.5 Factors Influencing Business  Understand how to use various tools in the Business
Intelligence Intelligence process
4.6 Future of Business Intelligence  Understand the different areas of future business intelligence
 Reynolds, George W. (2010) Information Technology for Managers,
International Edition. United States of America: Cengage Learning

Chapter 1: Managers: Key to Information Technology Results.
Chapter 2: Strategic Planning.
Chapter 8: Enterprise Resource Planning.
Chapter 9: Business Intelligence.
Chapter 10: Knowledge Management.
 Williams, B and Sawyer,S. (2010) Using Information Technology, 8th
Edition. USA, New York: Mcgraw-Hill
 Paige Baltzan, A.P., 2009. Business Driven Information Systems. New
York: McGraw-Hill.

Chapter 1: Information Systems in Business
Chapter 2: Strategic Decision Making
Chapter 3: E-Business
Chapter 5: IT Architectures
Chapter 6: Databases and Data Warehouses

Chapter 8: Supply Chain Management

Chapter 9: Customer Relationship Management
Chapter 10: Enterprise Resources Planning and Collaboration Systems
Web Links
Please view as many of these presentations as you wish:
BTI Presentations. 2012. BTI Presentations. [ONLINE] Available at:
http://www.bolder.com/presentations.htm. [Accessed 17 May 2012].
Think Point
 One of the critical areas for success within an organisation is doing their
homework. What must the organisation do to in terms of the decisions it
makes in order increase profits and its success?
 Who said to succeed in war, one should have full knowledge of one's own
strength and weaknesses and full knowledge of the enemies’ strength and
weaknesses?
 How can we turn the tide on being data rich but information poor?

4.1 Introduction
Gartners 2008 CIO survey highlights that Business Intelligence (BI) is of extreme importance to all CIO's. The
Business performance of an enterprise can dramatically improve when decisions are no longer just decisions, but
smart decisions based factual relevant information.
If you are just learning about BI or trying to build BI into your own businesses and you are not sure where to start
or how to proceed, then you are not alone. It is a challenge to design a successful BI. Some key contributing factors
will be the selection of people, processes and technology and how they "gel" together to create a cohesive working
system.
BI helps you to get all the facts needed to make critical and well-timed decisions that will achieve the objectives of
advancing business. By making the very best use of the information available, smart decisions can be made which
are geared towards the objectives of the company, however this needs to be tempered by a conscious approach
of the dynamics of staff and resources within the organisation. In a nutshell you must establish a strategy before
you bring technology or techniques into play.
It is extremely important to understand the factors which influence BI and
learn how to design an effective BI strategy. Prior to starting work on a BI REMEMBER:
strategy, you must document your overall business objectives to help
To help formulate BI
formulate BI vision for the growth of business. After documenting the initial vision, you must
list of key objectives, you should work with the key stakeholders to confirm document your overall
the validity of items on the list and their prioritization. This will ensure that business objectives
you start building your BI strategy with a proper foundation aligned with your Then you should work
business and with the buy-in from stakeholders. with the key stakeholders
to confirm the validity of
Scope of BI should include making the best use of information for strategic, items on the list and their
prioritization
tactical, and operational needs. Your purpose in building BI strategy is to
help business with long-term planning, help middle management with
tactical reporting, and help operations with day-to-day decision making to
run the business efficiently. BI is all about providing people with the
information they need to do their jobs more effectively. A wide range of BI services needs to be provided to meet
a wide range of requirements. Scope of BI Strategy should be determined by the business drivers and business
goals. Scope should always account for the changing business requirements to keep the BI strategy aligned with
business. You should not limit your ability to apply the principles with a restrictive BI strategy. BI strategy should
include a broad set of processes, technologies, and stakeholders for collecting, integrating, accessing, and
analyzing information for the purpose of helping enterprise make better business decisions. BI solutions should
enable users to be able to quickly adapt to new business requirements and evolving sources of information. Overall,
BI vision should be planned in advance of any iteration being implemented. It is vital to establish a BI vision to

ensure that implementation of specific components fits in the overall BI strategy. BI strategy should state and
document the needs as identified by the stakeholders, highlighting how BI fits into the broader enterprise vision.
BI strategy should take into consideration appropriate framework, methodology, processes, governance, systems,
and technology to deliver value that aligns with the business objectives and priorities.
4.2 What Is Bi?

According to Baltzan and Philips, Business intelligence (BI) refers to applications and technologies that are used
to gather, provide access to, and analyze data and information to support decision making efforts.
"Business intelligence (BI), relates to the intelligence as information valued for its currency and relevance. It is
expert information, knowledge and technologies efficient in the management of organizational and individual
business. Therefore, in this sense, business intelligence is a broad category of applications and technologies for
gathering, providing access to, and analyzing data for the purpose of helping enterprise users make better business
decisions. The term implies having a comprehensive knowledge of all of the factors that affect your business. It is
imperative that you have an in depth knowledge about factors such as your customers, competitors, business
partners, economic environment, and internal operations to make effective and good quality business decisions.
Business intelligence enables you to make these kinds of decisions.
A specialized field of business intelligence known as competitive intelligence focuses solely on the external
competitive environment. Information is gathered on the actions of competitors and decisions are made based on
this information. Little if any attention is paid to gathering internal information.
4.3 Reasons for Business Intelligence

Business Intelligence enables organizations to make well informed business decisions and thus can be the source
of competitive advantages. This is especially true when you are able to extrapolate information from indicators in
the external environment and make accurate forecasts about future trends or economic conditions. Once business
intelligence is gathered effectively and used proactively you can make decisions that benefit your organization
before the competition does.
The ultimate objective of business intelligence is to improve the timeliness and quality of information. Timely and
good quality information is like having a crystal ball that can give you an indication of what's the best course to
take. Business intelligence reveals to you:
 The position of your firm as in comparison to its competitors
 Changes in customer behaviour and spending patterns
 The capabilities of your firm
 Market conditions, future trends, demographic and economic information
 The social, regulatory, and political environment

 What the other firms in the market are doing

You can then deduce from the information gathered what adjustments need to be made.
4.4 Benefits of Business Intelligence

Business Intelligence provides many benefits to companies utilizing it. It can
eliminate a lot of the guesswork within an organization, enhance REMEMBER:
communication among departments while coordinating activities, and
The use of BI
enable companies to respond quickly to changes in financial conditions,
customer preferences, and supply chain operations. Business Intelligence
Businesses realize that
in this very competitive,
improves the overall performance of the company using it.
fast paced, and ever-
changing business
Information is often regarded as the second most important resource a environment, a key
company has (a company's most valuable assets are its people). So when competitive quality is
a company can make decisions based on timely and accurate information,
how quickly they respond
and adapt to change.
the company can improve its performance. Business Intelligence also
Business intelligence
expedites decision-making, as acting quickly and correctly on information enables them to use
before competing businesses do can often result in competitively superior information gathered, so
performance. It can also improve customer experience, allowing for the they can quickly and
timely and appropriate response to customer problems and priorities. constantly respond to
changes as they happen.
4.5 Factors Influencing Business Intelligence

Customers are the most critical aspect to a company's success. Without them a company cannot exist. So it is
very important that you have information on their preferences. You must quickly adapt to their changing demands.
Business Intelligence enables you to gather information on the trends in the marketplace and come up with
innovative products or services in anticipation of customer's changing demands.
Competitors can be a huge hurdle on your way to success. Their objectives are the same as yours and that is to
maximize profits and customer satisfaction. In order to be successful you must stay one step ahead of your
competitors. In business you don't want to play the catch up game because you would have lost valuable market
share. Business Intelligence tells you what actions your competitors are taking, so you can make better informed
decisions.
Business Partners must possess the same strategic information you have so that there is no miscommunication
that can lead to inefficiencies. For example, it is common now for businesses to allow their suppliers to see their
inventory levels, performance metrics, and other supply chain data in order to collaborate to improve supply chain
management. With Business Intelligence you and your business partners can share the same information.

Economic Environment such as the state of the economy and other key economic indicators are important
considerations when making business decisions. You don't want to roll out a new line of products during an
economic recession. BI gives you information on the state of the economy so that you can make prudent decisions
as to when is the right time to maybe expand or scale back your business operations.
Internal Operations are the day to day activities that go on in your business. You need in-depth knowledge about
the internal workings of your business from top to bottom. If you make an arbitrary decision without knowing how
your entire organization works it could have negative effects on your business. BI gives you information on how
your entire organization works.
Technology
Business intelligence provides organizational data in such a way that the organizational knowledge filters can
easily associate with this data and turn it into information for the organization. Persons involved in business
intelligence processes may use application software and other technologies to gather, store, analyze, and provide
access to data, and present that data in a simple, useful manner. The software aids in business performance
management, and aims to help people make "better" business decisions by making accurate, current, and relevant
information available to them when they need it. Some businesses use data warehouses because they are a logical
collection of information gathered from various operational databases for the purpose of creating business
intelligence.
Technology Requirements
For the Business Intelligence system to work effectively, enterprises must address the following technical issues:
 Security and specified user access to the warehouse
 Data volume (capacity)
 How long data will be stored (data retention)
 Benchmark and performance targets
Software Types
People working in business intelligence have developed tools that ease the work, especially when the intelligence
task involves gathering and analyzing large quantities of unstructured data. Each vendor typically defines Business
Intelligence their own way, and markets tools to do Business Intelligence the way that they see it.
Business intelligence includes tools in various categories, but the ones that we are able to help you with include
the following:
 Data Mining, Data Marts
 Decision Support Systems
 Enterprise Integration and Reporting
 Enterprise Reporting for Mainframes

 Web Based Reporting

 Web Enabling
 Web Services
History
An early reference to non-business intelligence occurs in Sun Tzu's The Art of War. Sun Tzu claims that to succeed
in war, one should have full knowledge of one's own strengths and weaknesses and full knowledge of one's
enemy's strengths and weaknesses. Lack of either one might result in defeat. A certain school of thought draws
parallels between the challenges in business and those of war, specifically:
 Collecting data
 Discerning patterns and meaning in the data (generating information)
 Responding to the resultant information
Prior to the start of the Information Age in the late 20th century, businesses sometimes struggled to collect data
from non-automated sources. Businesses then lacked the computing resources to properly analyse the data, and
often made business decisions primarily on the basis of intuition.
As businesses started automating more and more systems, more and more data became available. However,
collection remained a challenge due to a lack of infrastructure for data exchange or to incompatibilities between
systems. Analysis of the data that was gathered and reports on the data sometimes took months to generate. Such
reports allowed informed long-term strategic decision-making. However, short-term tactical decision-making
continued to rely on intuition.
In modern businesses, increasing standards, automation, and technologies have led to vast amounts of data
becoming available. Data warehouse technologies have set up repositories to store this data. Improved Extract,
transform, load (ETL) and even recently Enterprise Application Integration tools have increased the speedy
collecting of data. OLAP reporting technologies have allowed faster generation of new reports which analyse the
data. Business intelligence has now become the art of sifting through large amounts of data, extracting pertinent
information, and turning that information into knowledge upon which actions can be taken.
Business intelligence software incorporates the ability to mine data, analyse, and report. Some modern BI software
allow users to cross-analyse and perform deep data research rapidly for better analysis of sales or performance
on an individual, department, or company level. In modern applications of business intelligence software, managers
are able to quickly compile reports from data for forecasting, analysis, and business decision making.
In 1989 Howard Dresner, a Research Fellow at Gartner Group popularized "BI" as an umbrella term to describe a
set of concepts and methods to improve business decision-making by using fact-based support systems.

4.6 Future of Business Intelligence

In this rapidly changing world consumers are now demanding quicker more efficient service from businesses. To
stay competitive, companies must meet or exceed the expectations of consumers. Companies will have to rely
more heavily on their business intelligence systems to stay ahead of trends and future events. Business intelligence
users are beginning to demand Real Time Business Intelligence or near real time analysis relating to their business,
particularly in frontline operations. They will come to expect up to date and fresh information in the same fashion
as they monitor stock quotes online. Monthly and even weekly analysis will not suffice.
In the not too distant future companies will become dependent on real time business information in much the same
fashion as people come to expect to get information on the internet in just one or two clicks.
Also in the near future business information will become more democratized where end users from throughout the
organization will be able to view information on their particular segment to see how it's performing.
So, in the future, the capability requirements of business intelligence will increase in the same way that consumer
expectations increase. It is therefore imperative that companies increase at the same pace or even faster to stay
competitive.
"BI 2.0" is the recently-coined term which is part of the continually developing Business Intelligence industry and
heralds the next step for BI. "BI 2.0" is used to describe the acquisition, provision and analysis of "real time" data,
the implication being that earlier Business Intelligence and Data Mining products (BI 1.0?) have not been capable
of providing the kind of timely, current data end-users are now clamouring to have. Realizing that hype has
historically outpaced reality as Business Intelligence software companies compete for market share as long as
Business Intelligence relies upon some kind of data warehouse structure (including web-based virtual data
"warehouses"), data will have to be converted into what Hayler calls "a lowest common denominator consistent
set." When it comes to dealing with multiple, disparate data sources and the constantly changing, often volatile,
business environment which requires tweaking and restructuring of IT systems, getting BI data in a genuinely true,
"real time" format remains, again according to Hayler, "a pipe dream...As long as people design data models and
databases the traditional way, you can forget about true 'real-time' business intelligence across an enterprise: the
real world gets in the way”. In the near future business information will become more democratized where end
users from throughout the organization will be able to view information on their particular segment to see how it's
performing.
In the future, the capability requirements of business intelligence will increase in the same way that consumer
expectations increase. It is therefore imperative that companies increase at the same pace or even faster to stay
competitive.

Business intelligence (BI) has two basic different meanings related to the use of the term intelligence. The primary,
less frequently, is the human intelligence capacity applied in business affairs/activities. Intelligence of Business is
a new field of the investigation of the application of human cognitive faculties and artificial intelligence technologies
to the management and decision support in different business problems. The second relates to the intelligence as
information valued for its currency and relevance. It is expert information, knowledge and technologies efficient in
the management of organizational and individual business. The paper explores the concepts of BI, its components,
emergence of BI, benefits of BI, factors influencing BI, technology requirements, designing and implementing
business intelligence, and various BI techniques. Powerful transaction-oriented information systems are now
commonplace in every major industry, effectively levelling the playing field for corporations around the world. To
remain competitive, however, now requires analytically oriented systems that can revolutionize a company's ability
to rediscover and utilize information they already own. The Business Intelligence (BI) has evolved over the past
decade to rely increasingly on real time data. The Business Intelligence (BI) has evolved to rely increasingly on
real time data. Business analysis is becoming essential. It involves actions in response to analysis of results and
instantaneously changes parameters of business processes making BI beneficial for several reasons.
Key performance indicators

Business Intelligence often uses Key Performance Indicators (KPIs) to assess the present state of business and
to prescribe a course of action. More and more organizations have started to make more data available more
promptly. In the past, data only became available after a month or two, which did not help managers to adjust
activities in time to hit Wall Street targets. Recently, banks have tried to make data available at shorter intervals
and have reduced delays.
The KPI methodology was further expanded with the Chief Performance Officer methodology which incorporated
KPIs and root cause analysis into a single methodology."
Let's look at BI in more detail.

Business intelligence (BI) software is applied at three different levels in the enterprise: strategic, tactical and
operational. At the strategic level, BI provides performance metrics to management and executives, often in
conjunction with a formal management methodology such as Balanced Scorecard or Six Sigma. Strategic business
intelligence, one of the latest crazes, is generally called performance management (PM). Depending upon which
analyst firm you subscribe to, PM might be preceded by a C for corporate performance management, an E for
enterprise performance management or a B for business performance management (not to be confused with BPM,
the acronym for business process management).
Tactical business intelligence, called traditional and/or analytical in various industry articles, is the application of
business intelligence tools to analyse business trends, frequently comparing a specific metric (such as sales or
expenses) to the same metric from a previous month or year. In most companies, there are usually a few analysts
in each department who use online analytical processing (OLAP) and ad hoc query to perform this task. To date,
BI tools are mostly used to analyse historical business data to discover trends or anomalies that need attention.
Finally, operational business intelligence delivers information to the point of business - the front lines of a business
where information is used as part of an operational process. For example, when a person calls a toll-free number
to speak to a customer service representative about his or her telephone bill, that representative will most likely be
looking at a report about the caller's previous billing history and payment record on a computer monitor. The most
interesting thing about this example, as in many examples of operational BI, is that the person using the BI tool
has probably never even heard of the term business intelligence. Customer service reps do not consciously use a
business intelligence tool. The information is simply put in front of them when they're doing their operational jobs -
in this case, customer support.

Figure 35- BI Strategic, Tactical and Operational
Strategic, tactical and operational business intelligence are like the navigation system, the dashboard, and the gas
pedal, brake pedal and steering wheel in an automobile. The navigation system constantly shows you whether or
not you are on course to reach your destination. This works exactly like a strategic BI scorecard or performance
management system that tells management whether or not the company is on target to meet its goals. In both
cases, the driver and management will take corrective action if they see that they are off course.
The dashboard, with its fuel gauge, odometer, speedometer and engine lights, mimics tactical business
intelligence. The gauges tell the driver how far he or she has travelled, if the car's systems are functioning correctly
and whether or not more fuel is needed. Similarly, tactical BI looks at historical data to see if enough has been sold
compared to last month and whether or not there is inventory to meet expected demands.
Finally, operational BI is very much like the steering wheel and the gas and brake pedals, which are used for all
immediate front-line reactions in driving. There is a detour in the road; you must turn right here to avoid it. A car in
front of you has stopped, so you need to slow down and stop as well. The customer support call is handled in the
same way. It is an immediate reactive business process.

Figure 36 - Operational Tactical and Strategic BI
Figure 37- The three forms of BI must work according towards a common goal.
Figure 38 - The Latency between a business event and an action Taken from Richard Hackathorn, Bolder
Technologies.

4.7 Summary
We can see that time and analysed data is key to decision making in an organisation. Let’s conclude this with an
analogy of an automotive system to the car and driver and of the three levels of BI to the company. Of the three
levels of automobile components - navigation system, dashboard, and steering, brake and gas - which can you not
live without, even for one second? The steering, brake and gas. Without them, you would either crash or potentially
make no progress. The same is true for operational BI. While strategic and tactical BI look at historical data to tell
management and analysts where the business has been and how it is performing, it is the company's operational
processes that keep it running. Ask the corporate executive whether the company could live without its performance
scorecard report or without the customer support system for a day or two. Customer support cannot stop. It is part
and parcel of how a business operates.
Many people can drive a car with just a steering wheel, gas pedal and brake, and even get to their final destination.
Sooner or later, however, they will either run out of gas or get lost. It is the same for business. To truly get the most
out of business intelligence, you need to have all three levels - strategic, tactical and operational - working in
conjunction with one another. However, a business executive cannot forget the importance of operational delivery
of information to front-line workers - without it the company might crash.

Look at the following example of business intelligence software in a live context and
answer the following questions:
"How does a user maintain the gaming floor?
vizMapEditor allows users to make changes and updates to the casino floor map image
within the floorVizPLUS software to reflect actual changes on the gaming floor (Figure 1). This
ensures that the analysis is correctly represented against the correct casino floor map.
vizMapEditor is fully integrated into floorVizPLUS and allows a user to change an existing map
or create multiple designs for analysis purposes and for future use.
vizMapEditor is web based and not only does it manage the casino floor maps, it also
manages the slowly changing dimensions that are associated with the casino floor map. The
management of the slowly changing dimensions is very important for analysis of changes
on the gaming floor. The software makes the management of this data very straight forward.
Furthermore, when the updates
to the floor maps are made, they are automatically made in the database, so the normal
data management such as backups and restores can be managed by the data team"
1. If Company ABC wanted to implement this, what would the reason be for implementing
this?
2. Why would a live analysis of information be crucial in a casino?
3. What other software is out there geared for BI. Find at least 3 and compare them and the
value especially in terms of dashboards and live information, IE: BI 2


1. Define Business Intelligence (BI).
"Business intelligence (BI), relates to the intelligence as information valued for its currency and relevance. It is
expert information, knowledge and technologies efficient in the management of organizational and individual
business. Therefore, in this sense, business intelligence is a broad category of applications and technologies for
gathering, providing access to, and analysing data for the purpose of helping enterprise users make better business
decisions. The term implies having a comprehensive knowledge of all of the factors that affect your business.
2.What are the reasons for using BI?

• The position of your firm as in comparison to its competitors
• Changes in customer behaviour and spending patterns
• The capabilities of your firm
• Market conditions, future trends, demographic and economic information
• The social, regulatory, and political environment
• What the other firms in the market are doing
3 Explain the technology requirements for BI to work effectively

• Security and specified user access to the warehouse
• Data volume (capacity)
• How long data will be stored (data retention)
• Benchmark and performance targets
4 Provide examples of BI tools.

• Data Mining, Data Marts
• Decision Support Systems
• Enterprise Integration and Reporting
• Enterprise Reporting for Mainframes
• Web Based Reporting
• Web Enabling
• Web Services

Unit
5: Data Warehousing and Data
Mining


5.1 Introduction  To understand where the organisation stores data
5.2 You need a Data Warehouse to do

any Data Mining
5.3 Definition of Data Mining  How does one mine data?
5.4 Purpose of Data Mining (DM)
5.5 Process of Data Mining
5.6 What is data mining and predictive  How is data mining useful?
analytics used for?
 Paige Baltzan, A.P., 2009. Business Driven Information Systems.
New York: McGraw-Hill.
Chapter 6: Databases and Data Warehouses

5.1 Introduction
Rapid developments in information technology have resulted in the construction of many business application
systems in numerous areas. Within these systems, databases often play an essential role. Data has become a
critical resource in many organisations, and therefore, efficient access to the data, sharing the data, extracting
information from the data, and making use of the information stored, has become an urgent need. As a result,
there have been many efforts on firstly integrating the various data sources (e.g. databases) scattered across
different sites to build a corporate data warehouse, and then extracting information from the warehouse in the form
of patterns and trends.
Think Point
 What underlying infrastructure is required to make BI function?
 What is the difference between raw data and analyzed data?
 What are some of the data mining tools that are used?
 What are some of the data mining activities?.
5.2 You need a Data Warehouse to do any Data Mining

"The data warehouse (DW or DWH) is a database used for reporting and analysis. The data stored in the
warehouse are uploaded from the operational systems (such as marketing, sales etc., shown in the figure at
bottom). The data may pass through an operational data store for additional operations before they are used in the
DW for reporting.
The typical data warehouse uses staging, integration, and access layers to house its key functions. The staging
layer or staging database stores raw data extracted from each of the disparate source data systems. The
integration layer integrates the disparate data sets by transforming the data from the staging layer often storing
this transformed data in an operational data store (ODS) database. The integrated data is then moved to yet
another database, often called the data warehouse database, where the data is arranged into hierarchal groups
often called dimensions and into facts and aggregate facts. The combination of facts and dimensions is sometimes
called a star schema. The access layer helps users retrieve data.
A data warehouse constructed from integrated data source systems does not require ETL, staging databases, or
operational data store databases. The integrated data source systems may be considered to be a part of a
distributed operational data store layer. Data federation methods or data virtualization methods may be used to
access the distributed integrated source data systems to consolidate and aggregate data directly into the data
warehouse database tables. Unlike the ETL-based data warehouse, the integrated source data systems and the
data warehouse are all integrated since there is no transformation of dimensional or reference data. This integrated
data warehouse architecture supports the drill down from the aggregate data of the data warehouse to the
transactional data of the integrated source data systems.

Data warehouses can be subdivided into data marts. Data marts store subsets of data from a warehouse.
This definition of the data warehouse focuses on data storage. The main source of the data is cleaned, transformed,
cataloged and made available for use by managers and other business professionals for data mining, online
analytical processing, market research and decision support."
Figure 39- Data Warehouse (Wikimedia Commons)
Information about data mining is widely available. No matter what your level of expertise, you will be able to find
helpful books and articles on data mining. Here are two web sites to help you get started:
 http://www.kdnuggets.com/ — this site is an excellent source of information about data mining. It includes a
bibliography of publications.
 http://www.twocrows.com/ — on this site, you will find the free tutorial, Introduction to Data Mining and
Knowledge Discovery, and other useful information about data mining.
5.3 Definition of Data Mining (DM)

(Williams & Sawyer, 2010, p. 418) Define Data Mining as “The computer-assisted process of sifting through and
analysing vast amounts of data in order to extract hidden patterns and meanings and to discover new knowledge."
5.4 Purpose of Data Mining (DM)

(Williams & Sawyer, 2010, p. 418) "The purpose is to simply describe past trends and to predict future
trends." This is so simple to understand, however the impact and implication of using data mining is profound in
the results that can be achieved.

In a nutshell, a company can analyse all the large data it has on its clients to then draw conclusions or emerging
opportunities which it can then use to create new avenues of income.
5.5 Process of Data Mining

In DM, data is acquired and prepared for data warehousing. In simple terms the data is sorted into information sets
that can be used for later queries in the process of DM.
The following steps by Williams & Sawyer indicate the DM process.

1. Data sources: Where is the data coming from?
This can range from:
 Point of Sale Transactions
 databases of all kinds,
 other data warehouses
 News feeds
 Other online internet sources.
2. Data fusion & Cleaning: Is the data in the correct format and is it consistent and free of errors?
This is where the data, regardless of the sources is mashed or fused together and put through a process known
as "data cleaning" or data scrubbing". During this process, the information is made into a standard format and
checked for errors in consistency. Poor quality data is removed and Meta data is created.
Meta data is additional information about the properties of the information is recorded. In a nutshell it is data about
the data!
3. Data and Meta Data.

The data and the Meta data go hand in hand. The meta data is used to create a picture of the information that has
been acquired. It is a crucial part of the data warehouse in understanding the information stored in a data
warehouse. It contains the origin of the data. the transformations it has undergone, and summary information about
it which makes it particularly more useful than the cleansed but unintegrated, summarised data.
Data mining is a set of automated techniques used to extract buried or previously unknown pieces of information
from large databases. Successful data mining makes it possible to unearth patterns and relationships, and then
use this “new” information to make proactive knowledge-driven business decisions. Data mining then, “centers on
the automated discovery of new facts and relationships in data. The raw material is the business data, and the
data-mining algorithm is the excavator, sifting through the vast quantities of raw data looking for the valuable
nuggets of business information.

5.6 What is data mining and predictive analytics used for?

"Direct marketing
You probably have heard the marketing manager phrase “I know that half of my marketing budget is wasted, the
only question is what half?”
The challenge of marketing is that while there are constantly more and more competing offers, the number of
channels (ways of communication) available to communicate with the buyer also increases. In addition to traditional
direct marketing means such as direct mailing, advertising in newspapers, TV and other media, new means of
communication such as the Internet, not only has introduced a large number of new channels for direct marketing,
it has also brought measurability of the response to a whole new level. Today, there is a large amount of data
being generated not only in internal customer data bases, but also related to the response of the audience to
marketing campaigns. This is where predictive data mining comes in. By applying predictive data mining to
historical data, such as customer response for the various channels, demographic, geographic, sales history etc,
it is possible to significantly improve the odds of directing a campaign towards the right audience. By successfully
applying predictive data mining, you not only will be able to target the right audience, thereby increasing return on
invested marketing money. In addition to this, you will also get to know them better, and by adapting the message
to the preferences of your audience you will be able to communicate more effectively.
Collection
All companies with a large customer base have a number of customers who do not pay their dues on time.
Collecting these payments from the debtors requires a great deal of resources, and a large proportion of this work
is wasted on customers that are difficult or impossible to recover. By applying predictive data mining to historical
customer debt data, the collection procedure can be optimized by identifying the debtors most likely to pay and
finding the most effective contact methods or legal actions for each debtor.
By successfully applying predictive data mining within collection, you will recover more money while reducing
collection costs.
Scientific applications
In pharmaceutical companies, chemistry is one of the most resource intensive areas within the research and
development (R&D) activities. The whole purpose of the pharmaceutical company’s R&D is to produce new
chemical entities (NCE) that will make it all the way through clinical trials to the market as new drugs. The search
for new chemical compounds is in essence a trial-and-error process. The job of the R&D chemist is to synthesise
(produce) new compounds for testing in the laboratory. One such chemist may spend up to three weeks for making
just one such compound.
Despite the expensive production of new compounds, pharmaceutical companies test very many compounds in
their R&D activities and stores all the results in large databases (there is also a fairly large industry selling chemical
compounds of great diversity). By applying predictive data mining to such historical laboratory test data, it is

possible to reasonably predict the outcome of the laboratory tests without having to synthesise the compounds.
This means that the chemist can find out the most likely properties of the alternative compounds and choose to
work on the most promising ones, before spending the next three weeks in the laboratory, thereby increasing the
quality of the resulting compounds.
Recommendation systems
All companies want to sell more to existing customers. This is often the most effective way of increasing the
profitability. For companies that sell many different products to large customer bases and that keep records of
sales transactions for their customers, it is possible to apply predictive data mining to identify sales opportunities
as products likely to appeal to a particular customer who has not yet bought them. This type of application is also
commonly referred to as cross-selling, and some of the most notable examples of companies using it are
Amazon.com where you will get relevant books recommended, and the DVD rental site Netflix, who now even has
arranged a $1Million prize money competition for the best improvement of their recommendation system.
Other applications
Other applications of predictive data mining include fraud detection (e.g. within credit card transactions, taxation,
telephony, and insurance industry) and risk management (e.g. for determining insurance policy rates or managing
credit applications).
Williams and Sawyer summarise data mining being used:

 To improve customer acquisition and retention;
 To reduce fraud;
 To identify internal inefficiencies and then revamp operations;
 To map the unexplored terrain of the Internet.
5.7 Summary
Data Warehousing is the strategy of ensuring that the data used in an organization is available in a consistent and
accurate form wherever it is needed. Often this involves the replication of the contents of departmental computers
in a centralized site, where it can be ensured that common data definitions are in the departmental computers in a
centralized site, where it can be ensured that the common data definitions are in use… The reason Data
Warehousing is closely connected with Data Mining is that when data about the organization’s processes becomes
readily available, it becomes easy and therefore economical to mine it for new and profitable relationships.

Thus, data warehousing introduces greater efficiencies to the data mining exercise. “Without the pool of validated
and scrubbed data that a data warehouse provides, the data mining process requires considerable additional effort
to pre-process the data. Notwithstanding, it is also possible for companies to obtain data from other sources via
the Internet, mine the data, and then convey the findings and new relationships internally within the company via
an Intranet. There are four stages in the data warehousing process:
1. The first stage is the acquisition of data from multiple internal and external sources and platforms.
2. The second stage is the management of the acquired data in a central, integrated repository.
3. Stage three is the provision of flexible access, reporting and analysis tools to interpret selected data.
4. Stage four is the production of timely and accurate corporate reports to support managerial and decision-
making processes.
Though the term data mining is relatively new, the technology is not. Many of the techniques used in data mining
originated in the artificial intelligence research of the 80s and 90s. It is only more recently that these tools have
been applied to large databases. Why then are data mining and data warehousing mushrooming now? IBM has
identified six factors that have brought data mining to the attention of the business world:
 A general recognition that there is untapped value in large databases;
 A consolidation of database records tending toward a single customer view;
 A consolidation of databases, including the concept of an information warehouse;
 A reduction in the cost of data storage and processing, providing for the ability to collect and accumulate data;
 Intense competition for a customer’s attention in an increasingly saturated marketplace;
 The movement toward the de-massification of business practices.
With reference to point six above, “de-massification” is a term originated by Alvin Toffler. It refers to the shift from
mass manufacturing, mass advertising and mass marketing that began during the industrial revolution, to
customized manufacturing, advertising and marketing targeted to small segments of the population.
Data mining usually yields five types of information: associations, sequences, classifications, clusters, and
forecasting:
Associations happen when occurrences are linked in a single event. For example, a study of supermarket baskets
might reveal that when corn chips are purchased, 65% of the time cola is also purchased, unless there is a
promotion, in which case cola is purchased 85% of the time.
In sequences, events are linked over time. [For example] [ I] f a house is bought, then 45% of the time a new oven
will be bought within one month and 60% of the time a new refrigerator will be bought within two weeks.

Classification is probably the most common data mining activity today… Classification can help you discover the
characteristics of customers who are likely to leave and provide[s] a model that can be used to predict who they
are. It can also help you determine which kinds of promotions have been effective in keeping which types of
customers, so that you spend only as much money as necessary to retain a customer.
Using clustering, the data mining tool discovers different groupings with the data. This can be applied to problems
as diverse as detecting defects in manufacturing or finding affinity groups for bank cards.
All of these applications may involve predictions, such as whether a customer will renew a subscription …
forecasting, is a different form of prediction. It estimates the future value of continuous variables — like sales
figures — based on patterns within the data.
Generally, then, applications of data mining can generate outputs such as:
 Buying patterns of customers; associations among customer demographic characteristics; predictions on
which customers will respond to which mailings;
 Patterns of fraudulent credit card usage; identities of “loyal” customers; credit card spending by customer
groups; predictions of customers who are likely to change their credit card affiliation;
 Predictions on which customers will buy new insurance policies; behaviour patterns of risky customers;
expectations of fraudulent behaviour;

Analyse the following and comment on questions that follow:
"Stilgherrian: there’s no way I’m handing over data to Google+
by Stilgherrian
The sheer stupidity of technology’s early adopters never ceases to amaze me. Facebook
continues to be slammed for its dodgy privacy practices. But Google launches Google+,
essentially the same thing, and the shiny-chasers are clamouring to pour in their most
intimate information.
“This is basically a giant data mining operation,” freelance journalist and blogger Neerav
Bhatt told today’s Patch Monday podcast. “People voluntarily link themselves in and feed
even more data into Google than they did before.”
No secret there. That’s the business model for the entire web these days. You pay for
services with your personal information, which in turn enables advertisers to target you more
accurately.
Social networking services (SNS) are the ultimate expression of this imbalanced exchange.
Who you communicate with, when and how, reveals far more than you may realise.

Research on Facebook, for example, has shown that you can predict when people will
develop a romantic relationship before they know it themselves. Gays can be outed by
algorithm. Semantic analysis of the words you use reveals your mood.
Yet you can’t make meaningful use of an SNS without revealing this personal data. It’s kind
of the point. Just as you can’t make use of accounting software without first revealing how
you spend your money, you can’t use the SNS until you reveal and categorise your family,
friends and acquaintances — your social graph, it’s called.
Facebook has been copping flak over two ongoing privacy outrages. One, continually
changing how its insanely complicated privacy controls work and trying to trick people into
accepting a wide-open setting by default. Two, a legalistic privacy policy that’s longer than
the US Constitution.
Google seems to have addressed the first problem. The Circles feature in Google+ allows
you to categorise your contacts into circles of friends — family, workmates, your hockey
team, payday drinking buddies — and you post information only to specific circles. Things
are private by default. Mostly.
But when it comes to the terms and conditions, Google is no better than the rest. As Paul
Ducklin from information security vendor Sophos points out, there’s Google’s general
privacy policy, a separateprivacy policy for Google+, the user content and conduct policy,
the+1 button privacy policy for Google’s equivalent of the “Like” button, the mobile privacy
policy if you use your smartphone, the Picasa privacy notice if you upload a photo …
When I started writing this article, I’d intended to have a go at people who were foolish
enough to reveal which of their contacts were “prayer group” and which “rough trade” — and
which were both — without reading and understanding the rules. But I think they can be
forgiven. In Google’s privacy centre you’ll find 37 written policies. And of course any of those
policies can be changed upon Google’s whim. After they’ve got your data.
Talk to any privacy analyst and they’ll tell you that “informed consent” is the key. By all
means let people exchange privacy for services, as long as they understand the trade-off.
But how can anyone possibly comprehend 37 policies?"
QUESTIONS:
1. Facebook's use of data mining. How far do you think that is true? Does the article below
have any truth about SNS?

2. Is Google a data Mining Giant?

3. Compare Facebook and Google's strategies in terms of data mining.
4, Who do you think is winning? See if you can find out about their revenues and where it
comes from.

1. Explain the concepts of a Data warehouse and Data Mining.
"The data warehouse (DW or DWH) is a database used for reporting and analysis. The data stored in the
warehouse are uploaded from the operational systems (such as marketing, sales etc., shown in the figure at
bottom). The data may pass through an operational data store for additional operations before they are used in the
DW for reporting.
“The computer-assisted process of sifting through and analysing vast amounts of data in order to extract hidden
patterns and meanings and to discover new knowledge."
2. List the stages of the data warehousing process

 The first stage is the acquisition of data from multiple internal and external sources and platforms.
 The second stage is the management of the acquired data in a central, integrated repository.
 Stage three is the provision of flexible access, reporting and analysis tools to interpret selected data.
 Stage four is the production of timely and accurate corporate reports to support managerial and decision-
making processes.
3. What are the six factors of Data Mining?

 A general recognition that there is untapped value in large databases;
 A consolidation of database records tending toward a single customer view;
 A consolidation of databases, including the concept of an information warehouse;
 A reduction in the cost of data storage and processing, providing for the ability to collect and accumulate data;
 Intense competition for a customer’s attention in an increasingly saturated marketplace;
 The movement toward the de-massification of business practices.

Unit
6: Principles of Information
Security


6.1 Introduction  Understand and apply the basic principles of information
6.2 What Is Information Security security
6.3 Is It Just the Information Technology  Be able to define information security

Department Who Should Be Involved
in Security?
6.4 Key Information Security Terms and  Define key terms and critical concepts of information security
Concepts
6.5 Data  Understand concepts of , data, people, procedures, networks
6.6 People and how it applies to information security
6.7 Procedures
6.8 Networks
6.9 Balancing Information Security and  Understand and apply the basic principles of information
Access security
6.10 Information Security Project Team  Identify and understand the role played by project teams
6.11 Data Responsibilities  Understand data responsibilities

 Whitman, M.E. & Mattford, H.J., 2012. Principles of Information
Security. 4th ed. China: China Translation and Printing Services
Limited.
1. Introduction to Information Security.
2. The Need for Security.
3. Legal, Ethical, and Professional Issues in Information Security.
4. Risk Management.
5. Planning for Security.
6. Security Technology: Firewalls, VPNs, and Wireless
7. Security Technology: Intrusion Detection and Prevention Systems
8. Cryptography.
9. Physical Security.
10. Implementing Information Security.
11. Security and Personnel.
12. Information Security Maintenance and eDiscovery.

6.1 Introduction
Information is one of the most important organisation assets. For an organisation, information is valuable and
should be appropriately protected. Security is to combine systems, operations and internal controls to ensure
integrity and confidentiality of data and operation procedures in an organization. Information security history begins
with the history of computer security. It started around year 1980. In 1980, the use of computers has concentrated
on computer centres, where the implementation of a computer security focuses on securing physical computing
infrastructure that is highly effective organization. Although the openness of the Internet enabled businesses to
quickly adopt its technology ecosystem, it also proved to be a great weakness from an information security
perspective.
Think Point
Why does information security make an impact on our lives and organisations?
 What is the weakest link in an organisation?
 What are the reasons for an attack?
 Should we keep our data disconnected from the net? - Pros and Cons
6.2 What Is Information Security

“The term information security relates to the protection of information, as well as the systems and equipment that
contain and process that information.
One possible definition is:

Information security refers to all the strategies, policies, procedures, mechanisms and technical tools used for
safeguarding information and information systems from unauthorized access, alteration, theft and physical
damage.
While the above definition gives a nice insight in all the different aspects of information security, the enumeration
of "what is protected", "how it is protected" and "what it is protected from", will always leave something out.
Another much broader definition (but not necessarily better) is:

Information security is keeping anyone from doing things you do not want them to do to, with, or from your
information, computers or peripherals.
Unfortunately, this last definition gives a lot less insight in what is involved with information security. It is so broad
that it also includes the even more complex issue of privacy, which I would prefer to keep separate from information
security.

6.3 Is It Just the Information Technology Department Who Should Be Involved in Security?
Clearly it is the perception amongst many people and organisations that information security is only the domain of
the Information Technology department. It is imperative that when and organisation is tackling information security
that there are members from every department that are present to contribute to the process and success of tackling
information security.
What are the areas and organization should tackle in security operations?
A successful organization should have the following multiple layers of security in place to protect its operations:
 Physical security, to protect physical items, objects, or areas from unauthorized access and misuse
 Personnel security, to protect the individual or group of individuals who are authorized to access the
organization and its operations
 Operations security, to protect the details of a particular operation or series of activities
 Communications security, to protect communications media, technology, and content
 Network security, to protect networking components, connections, and contents
Figure 40 - Components of Information Security (Whitman & Mattford, 2012)
 Information security, to protect the confidentiality, integrity and availability of achieved via the application of
policy, education, training and awareness, and technology.
6.4 Key Information Security Terms and Concepts

 "Access: A subject or object’s ability to use, manipulate, modify, or affect another subject or object. Authorized
users have legal access to a system, whereas hackers have illegal access to a system. Access controls
regulate this ability.
 Asset: The organizational resource that is being protected. An asset can be logical, such as a Web site,
information, or data; or an asset can be physical, such as a person, computer system, or other tangible object.
Assets, and particularly information assets, are the focus of security efforts; they are what those efforts are
attempting to protect.

 Attack: An intentional or unintentional act that can cause damage to or otherwise compromise information
and/or the systems that support it. Attacks can be active or passive, intentional or unintentional, and direct or
indirect. Someone casually reading sensitive information not intended for his or her use is a passive attack. A
hacker attempting to break into an information system is an intentional attack. A lightning strike that causes a
fire in a building is an unintentional attack. A direct attack is a hacker using a personal computer to break into
a system. An indirect attack is a hacker compromising a system and using it to attack other systems, for
example, as part of a botnet (slang for robot network). This group of compromised computers, running software
of the attacker’s choosing, can operate autonomously or under the attacker’s direct control to attack systems
and steal user information or conduct distributed denial-of-service attacks. Direct attacks originate from the
threat itself. Indirect attacks originate from a compromised system or resource that is malfunctioning or working
under the control of a threat.
 Control, safeguard, or countermeasure: Security mechanisms, policies, or procedures that can successfully
counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization.
The various levels and types of controls are discussed more fully in the following chapters.
 Exploit: A technique used to compromise a system. This term can be a verb or a noun. Threat agents may
attempt to exploit a system or other information asset by using it illegally for their personal gain. Or, an exploit
can be a documented process to take advantage of a vulnerability or exposure, usually in software, that is
either inherent in the software or is created by the attacker. Exploits make use of existing software tools or
custom-made software components.
 Exposure: A condition or state of being exposed. In information security, exposure exists when a vulnerability
known to an attacker is present.
 Loss: A single instance of an information asset suffering damage or unintended or unauthorized modification
or disclosure. When an organization’s information is stolen, it has suffered a loss.
 Protection profile or security posture: The entire set of controls and safeguards, including policy, education,
training and awareness, and technology, that the organization implements (or fails to implement) to protect
the asset. The terms are sometimes used interchangeably with the term security program, although the
security program often comprises managerial aspects of security, including planning, personnel, and
subordinate programs.
 Risk: The probability that something unwanted will happen. Organizations must minimize risk to match their
risk appetite—the quantity and nature of risk the organization is willing to accept.

 Subjects and objects: A computer can be either the subject of an attack—an agent entity used to conduct the
attack—or the object of an attack—the target entity, as shown in Figure 1-5. A computer can be both the
subject and object of an attack, when, for example, it is compromised by an attack (object), and is then used
to attack other systems (subject).
 Threat: A category of objects, persons, or other entities that presents a danger to an asset. Threats are always
present and can be purposeful or undirected. For example, hackers purposefully threaten unprotected
information systems, while severe storms incidentally threaten buildings and their contents.
 Threat agent: The specific instance or a component of a threat. For

example, all hackers in the world present a collective threat, while Kevin
REMEMBER:
Mitnick, who was convicted for hacking into phone systems, is a Consider every bit of
information in the following
specific threat agent. Likewise, a lightning strike, hailstorm, or tornado
context:
is a threat agent that is part of the threat of severe storms.
 Threat
 Threat agent
 Vulnerability: A weaknesses or fault in a system or protection
 Vulnerability
mechanism that opens it to attack or damage. Some examples of
 Exposure
vulnerabilities are a flaw in a software package, an unprotected system  Risk
port, and an unlocked door. Some well-known vulnerabilities have been  Attack
examined, documented, and published; others remain latent (or  Exploit
undiscovered).

Components of Information systems within an organization.
Figure 41- Components of an Information System (Whitman & Mattford, 2012)
"An information system (IS) is much more than computer hardware; it is the entire set of software, hardware, data,
people, procedures, and networks that make possible the use of information resources in the organization. These
six critical components enable information to be input, processed, output, and stored. Each of these IS components
has its own strengths and weaknesses, as well as its own characteristics and uses. Each component of the
information system also has its own security requirements.
Software
The software component of the IS comprises applications, operating systems, and assorted command utilities.
Software is perhaps the most difficult IS component to secure. The exploitation of errors in software programming
accounts for a substantial portion of the attacks on information. The information technology industry is rife with
reports warning of holes, bugs, weaknesses, or other fundamental problems in software. In fact, many facets of
daily life are affected by buggy software, from smart phones that crash to flawed automotive control computers
that lead to recalls.
Software carries the lifeblood of information through an organization. Unfortunately, software programs are often
created under the constraints of project management, which limit time, cost, and manpower. Information security
is all too often implemented as an afterthought, rather than developed as an integral component from the beginning.
In this way, software programs become an easy target of accidental or intentional attacks.

Hardware
Hardware is the physical technology that houses and executes the software, stores and transports the data, and
provides interfaces for the entry and removal of information from the system. Physical security policies deal with
hardware as a physical asset and with the protection of physical assets from harm or theft. Applying the traditional
tools of physical security, such as locks and keys, restricts access to and interaction with the hardware components
of an information system. Securing the physical location of computers and
the computers themselves is important because a breach of physical REMEMBER:
security can result in a loss of information. Unfortunately, most information
Information
systems are built on hardware platforms that cannot guarantee any level of
systems are made
information security if unrestricted access to the hardware is possible.
up of six major
Before September 11, 2001, laptop thefts in airports were common. A two-
components:
person team worked to steal a computer as its owner passed it through the
hardware, software,
conveyor scanning devices. The first perpetrator entered the security area
data, people,
ahead of an unsuspecting target and quickly went through. Then, the
procedures, and
second perpetrator waited behind the target until the target placed his/her
networks
computer on the baggage scanner. As the computer was whisked through,
the second agent slipped ahead of the victim and entered the metal detector with a substantial collection of keys,
coins, and the like, thereby slowing the detection process and allowing the first perpetrator to grab the computer
and disappear in a crowded walkway.
While the security response to September 11, 2001 did tighten the security process at airports, hardware can still
be stolen in airports and other public places. Although laptops and notebook computers are worth a few thousand
dollars, the information contained in them can be worth a great deal more to organizations and individuals.
6.5 Data
Data stored, processed, and transmitted by a computer system must be protected. Data is often the most valuable
asset possessed by an organization and it is the main target of intentional attacks. Systems developed in recent
years are likely to make use of database management systems. When done properly, this should improve the
security of the data and the application. Unfortunately, many system development projects do not make full use of
the database management system’s security capabilities, and in some cases the database is implemented in ways
that are less secure than traditional file systems.

6.6 People
Though often overlooked in computer security considerations, people have always been a threat to information
security. Legend has it that around 200 B.C. a great army threatened the security and stability of the Chinese
empire. So ferocious were the invaders that the Chinese emperor commanded the construction of a great wall that
would defend against the Hun invaders. Around 1275 A.D., Kublai Khan finally achieved what the Huns had been
trying for thousands of years. Initially, the Khan’s army tried to climb over, dig under, and break through the wall.
In the end, the Khan simply bribed the gatekeeper—and the rest is history. Whether this event actually occurred
or not, the moral of the story is that people can be the weakest link in an organization’s information security
program. And unless policy, education and training, awareness, and technology are properly employed to prevent
people from accidentally or intentionally damaging or losing information, they will remain the weakest link. Social
engineering can prey on the tendency to cut corners and the commonplace nature of human error. It can be used
to manipulate the actions of people to obtain access information about a system.
6.7 Procedures
Another frequently overlooked component of an IS is procedures. Procedures are written instructions for
accomplishing a specific task. When an unauthorized user obtains an organization's procedures, this poses a
threat to the integrity of the information. For example, a consultant to a bank learned how to wire funds by using
the computer center’s procedures, which were readily available. By taking advantage of a security weakness (lack
of authentication), this bank consultant ordered millions of dollars to be transferred by wire to his own account. Lax
security procedures caused the loss of over ten million dollars before the situation was corrected. Most
organizations distribute procedures to their legitimate employees so they can access the information system, but
many of these companies often fail to provide proper education on the protection of the procedures. Educating
employees about safeguarding procedures is as important as physically securing the information system. After all,
procedures are information in their own right. Therefore, knowledge of procedures, as with all critical information,
should be disseminated among members of the organization only on a need-to-know basis.
6.8 Networks
The IS component that created much of the need for increased computer and information security is networking.
When information systems are connected to each other to form local area networks (LANs), and these LANs are
connected to other networks such as the Internet, new security challenges rapidly emerge. The physical technology
that enables network functions is becoming more and more accessible to organizations of every size. Applying the
traditional tools of physical security, such as locks and keys, to restrict access to and interaction with the hardware
components of an information system are still important; but when computer systems are networked, this approach
is no longer enough. Steps to provide network security are essential, as is the implementation of alarm and intrusion
systems to make system owners aware of ongoing compromises.

6.9 Balancing Information Security and Access

Even with the best planning and implementation, it is impossible to obtain perfect information security. We need to
balance security and access. Information security cannot be absolute: it is a process, not a goal. It is possible to
make a system available to anyone, anywhere, anytime, through any means. However, such unrestricted access
poses a danger to the security of the information. On the other hand, a completely secure information system would
not allow anyone access. For instance, when challenged to achieve a TCSEC C-2 level security certification for its
Windows operating system, Microsoft had to remove all networking components and operate the computer from
only the console in a secured room. To achieve balance—that is, to operate an information system that satisfies
the user and the security professional—the security level must allow reasonable access, yet protect against threats.
Figure 42- Balancing Security and Access to information (Whitman & Mattford, 2012, p. 19)

Because of today’s security concerns and issues, an information system or

data-processing department can get too entrenched in the management REMEMBER:
and protection of systems. An imbalance can occur when the needs of the Security should
end user are undermined by too heavy a focus on protecting and not impede the
administering the information systems. Both information security operations within
technologists and end users must recognize that both groups share the an organisation,
same overall goals of the organization—to ensure the data is available but create a
when, where, and how it is needed, with minimal delays or obstacles. In an balance between
ideal world, this level of availability can be met even after concerns about Information
loss, damage, interception, or destruction have been addressed. security and
Access
6.10 Information Security Project Team

The information security project team should consist of a number of individuals who are experienced in one or
multiple facets of the required technical and nontechnical areas. Many of the same skills needed to manage and
implement security are also needed to design it. Members of the security project team fill the following roles:
 Champion: A senior executive who promotes the project and ensures its support, both financially and
administratively, at the highest levels of the organization.
 Team leader: A project manager, who may be a departmental line manager or staff unit manager, who
understands project management, personnel management, and information security technical
requirements.
 Security policy developers: People who understand the organizational culture, existing policies, and
requirements for developing and implementing successful policies.
 Risk assessment specialists: People who understand financial risk assessment techniques, the value
of organizational assets, and the security methods to be used.
 Security professionals: Dedicated, trained, and well-educated specialists in all aspects of information
security from both a technical and nontechnical standpoint.
 Systems administrators: People with the primary responsibility for administering the systems that house
the information used by the organization.
 End users: Those whom the new system will most directly affect. Ideally, a selection of users from
various departments, levels, and degrees of technical knowledge assist the team in focusing on the
application of realistic controls applied in ways that do not disrupt the essential business activities they
seek to safeguard.

6.11 Data Responsibilities

The three types of data ownership and their respective responsibilities are outlined below:
 Data owners: Those responsible for the security and use of a particular set of information. They are
usually members of senior management and could be CIOs. The data owners usually determine the
level of data classification (discussed later), as well as the changes to that classification required by
organizational change. The data owners work with subordinate managers to oversee the day-to-day
administration of the data.
 Data custodians: Working directly with data owners, data custodians are responsible for the storage,
maintenance, and protection of the information. Depending on the size of the organization, this may
be a dedicated position, such as the CISO, or it may be an additional responsibility of a systems
administrator or other technology manager. The duties of a data custodian often include overseeing
data storage and backups, implementing the specific procedures and policies laid out in the security
policies and plans, and reporting to the data owner.
 Data users: End users who work with the information to perform their assigned roles supporting the
mission of the organization. Everyone in the organization is responsible for the security of data, so
data users are included here as individuals with an information security role.
Communities of Interest
Each organization develops and maintains its own unique culture and values. Within each organizational culture,
there are communities of interest that develop and evolve. As defined here, a community of interest is a group of
individuals who are united by similar interests or values within an organization and who share a common goal of
helping the organization to meet its objectives. While there can be many different communities of interest in an
organization, this book identifies the three that are most common and that have roles and responsibilities in
information security. In theory, each role must complement the other; in practice, this is often not the case.
Information Security Management and Professionals

The roles of information security professionals are aligned with the goals and mission of the information security
community of interest. These job functions and organizational roles focus on protecting the organization’s
information systems and stored information from attacks.
Information Technology Management and Professionals

The community of interest made up of IT managers and skilled professionals in systems design, programming,
networks, and other related disciplines has many of the same objectives as the information security community.
However, its members focus more on costs of system creation and operation, ease of use for system users, and
timeliness of system creation, as well as transaction response time. The goals of the IT community and the

information security community are not always in complete alignment, and depending on the organizational
structure, this may cause conflict.
Organizational Management and Professionals

The organization’s general management team and the rest of the resources in the organization make up the other
major community of interest. This large group is almost always made up of subsets of other interests as well,
including executive management, production management, human resources, accounting, and legal, to name just
a few. The IT community often categorizes these groups as users of information technology systems, while the
information security community categorizes them as security subjects. In fact, this community serves as the
greatest reminder that all IT systems and information security objectives exist to further the objectives of the broad
organizational community. The most efficient IT systems operated in the most secure fashion ever devised have
no value if they are not useful to the organization as a whole.
6.12 Summary
Security is needed in an organisation, especially information security. This responsibility however does not just
rest with a single person or department. There are many areas that need attention, such as physical security,
personal security, operations security, communications security, national security, and network security, to name
a few. We can only protect the information from risk by the application of policy, education and technology.
Knowledge Check Questions
Summary Questions:
1. What is the difference between a threat agent and a threat?
2. What is the difference between vulnerability and exposure?
3. Identify the six components of an information system.
4. Who should lead a security team?
5. Should the approach to security be more managerial or technical?
6.13 Answers to revision questions and activities

Solution to Knowledge Check Questions
1. The Main difference between threat and threat agent are
Threat is a category of object, person, or other entity that represents a constant danger to an asset. Whereas a
threat agent is the facilitator of an attack. Threats are always present. Some threats manifest themselves in
accidental occurrences, while others are purposeful.
A threat agent is the specific instance or component of a threat.
Answer from (Whitman & Mattford, 2012)

2. What is the difference between vulnerability and exposure?

The difference is that vulnerability is the POSSIBILITY or POTENTIAL of the information being compromised,
however it may never actually happen.
Exposure is the knowledge that this exploit exists and has a definite result when exploited.
In a nutshell one is the potential problem that MAY exists, and the latter is the CERTAINTY that will lead to
information being compromised.
3. Identify the six components of an information system.

Hardware, software, data, people, procedures, and networks
4. Who should lead a security team? Should the approach to security be more managerial or technical?
Ideally, the lead of a security team should have some technical background, but it isn't essential. A good manager
is one who listens to what other team members are saying and is able to make decisions based on the evidence.
The manager must rely on the technical expertise of the members, even if they themselves are also technical in
nature. For a security team it is usually the case where a senior technical lead becomes the manager after a period
of time. That would be the best case scenario, but as mentioned, you have to have a person with good management
skills overall, whether they are technical in the area or not. A balanced approach is the goal from this team. The
end results are technical, but the decisions and how the team operates come from management, and how they
interface with the rest of the corporation is very important.
Group Work
Exercises:
Consider the information stored on your personal computer. For each of the terms listed,
find an example and document it: threat, threat agent, vulnerability, exposure, risk, attack,
and exploit.
Using the Web, identify the chief information officer, chief information security officer, and
systems administrator for Apple the makers of the IPAD. Which of these individuals
represents the data owner? Data custodian?
Using the Web, find out more about Kevin Mitnick. What did he do? Who caught him? Write
a short summary of his activities and explain why he is infamous.

Case Study and Group Work 1

Introduction
"The Sequential Label and Supply Company (often referred to as SLS) is a national supplier of stock labels as well
as a manufacturer of custom labels and distributor of supplies often used in conjunction with labels, such as
envelopes, adhesive tape, mailing cartons, and related office supplies. The company was founded by Fred Chin
in 1992 and has grown steadily in the intervening years. As the case study begins, the company has recognized
its growing dependence on information technology and has organized its information technology group as shown
below:
Figure 43- SLS Organisation

Trouble
It started out like any other day for Amy Windahl at Sequential Label and Supply Company. She liked her technical
support job at the help desk.
Taking calls and helping the office workers with PC problems was not glamorous, but it was challenging and paid
pretty well. Some of her friends worked at bigger companies, some at higher-tech companies, but everyone kept
up with each other, and they all agreed that technology jobs were a good way to pay the bills. The phone rang.
This was not a big deal for Amy. She answered her phone about 35 times an hour, 315 times a day, and nine days
every two weeks. The first call of the day started out the same as usual, with a worried user hoping Amy could help
him out of a jam. The call display on her screen gave her all the facts: the user's name, his phone number, the
department in which he worked, where his office was on the company campus, and a list of all the calls he'd made
in the past. "Hi, Bob," she said. "Did you get that document formatting problem squared away after our last call?"

"Sure did, Amy. Hope we can figure out what's going on today." "We'll try, Bob. Tell me about it."
"Well, my PC is acting weird," Bob said. "When I go to the screen that has my e-mail program running, it doesn't
respond to the mouse or the keyboard." "Did you try a reboot yet, Bob?" "Sure did. But the window wouldn't close,
and I had to turn it off. Once it finished the reboot, and I opened the e-mail program. Tt's just like it was before-no
response at all. The other stuff is working OK, but really, really slowly. Even my Internet browser is sluggish." "OK,
Bob. We've tried the usual stuff we can do over the phone. Let me open a case, and I'll dispatch a tech over as
soon as possible."
Amy looked up at the LED tally board on the wall at the end of the room. She saw that there were only two
technicians dispatched to desks ide support at the moment, and since it was the day shift, there were four available.
"Shouldn't be long at all, Bob."
She clicked off the line from Bob and typed her notes into ISIS, the company's Information Status and Issues
System. She assigned the newly generated case to the desk side dispatch queue, knowing the roving desk side
team would be paged with the details and would attend to Bob's problem
in just a few minutes.
A moment later, Amy looked up to see Charles Moody walking briskly down the hall. Charlie was the senior
manager of the server administration team. He was being trailed by three of his senior technicians as he made a
beeline from his office to the door of the server room where the company servers were kept in a controlled
environment. They all looked worried. Just then, Amy's screen beeped to alert her of a new e-mail. She glanced
down. It beeped again-and again. It started beeping constantly. She clicked on the envelope icon, and after a short
delay, the mail window opened. She had 47 new e-mails in her inbox. She opened one from Davey Martinez, an
acquaintance from the Accounting Department. The subject line said, "Wait till you see this." The message body
read, "Look what this has to say about our managers' salaries" There was an icon for a file attachment that Amy
did not recognize. But, she knew Davey, he often sent her interesting and funny e-mails. She clicked on the icon.
Her PC showed the hourglass pointer icon for a second and then resumed showing its normal pointer. Nothing
happened. She clicked on the icon for the next e-mail message. Nothing happened. Her phone rang again. She
clicked on the ISIS icon on her computer desktop to activate the call management software, and activated her
headset. "Hello, Tech Support, how can I help you?" She couldn't greet the caller by name because ISIS had not
yet opened the screen on her Pc.
"Hello, this is Erin Williams in Receiving." Amy glanced down at her screen. Still no ISIS. She glanced up to the
tally board and was surprised to see the inbound call counter tallying up waiting calls like digits on a stopwatch.
Amy had never seen so many calls come in at one time. "Hi, Erin," Amy said. "What's up?" "Nothing," Erin
answered. "That's the problem." The rest of the call was an exact replay of Bob's earlier call, except Amy couldn't
type the notes into ISIS and had to jot them down on a legal pad. She also couldn't dispatch the desk side support

team either. She looked at the tally board. It had gone dark. No numbers at all. Then she saw Charlie running down
the hall from the server room. He didn't look worried anymore. He looked frantic. Amy picked up the phone. She
wanted to check with her supervisor about what to do now. There was no dial tone. The next day at SLS found
everyone in technical support busy restoring computer systems to their former state and installing new virus and
worm control software. Amy found herself learning how to install desktop computer operating systems and
applications as SLS made a heroic effort to recover from the previous day's attack.
1. Do you think this event was caused by an insider or outsider? Why do you think this?
2. Other than installing virus and worm control software, what can SLS do to be ready for the next incident?
3. Do you think this attack was the result of a virus, or a worm? Why do you think this?
Starting Out
Fred Chin, CEO of Sequential Label and Supply, leaned back in his leather chair. He propped his feet up on the
long mahogany table in the conference room where the SLS Board of Directors had just adjourned their quarterly
meeting.
"What do you think about our computer security problem?" he asked Gladys Williams, the company's chief
information officer, or CIa. He was referring to last month's outbreak of a malicious worm on the company's
computer network. Gladys replied, "I think we have a real problem this time, and we need to put together a real
solution, not just a quick patch like the last time." Eighteen months ago someone had brought an infected floppy
disk in from home and infected the network. To prevent this from happening again, all the floppy drives were
removed from the company computers. Fred wasn't convinced. "Let's just add another thousand dollars in the next
budget to fix it up." Gladys shook her head. "You've known for some time now that this business runs on computers.
That's why you hired me as CIa. I've been researching information security, and my staff and I have some ideas
to discuss with you. I've asked Charlie Moody to come in today to talk about it. He's waiting to speak with us."
Charlie joined the meeting, and Fred said, "Hello, Charlie. As you know the Board of Directors met today. They
received a report on the expenses and lost production from the virus outbreak last month, and they directed us to
improve the security of our computers. Gladys says you can help me understand what we need to do about it."
"To start with," Charlie said, "instead of setting up a computer security solution, we need to develop an information
security program. We need a thorough review of our policies and practices, and we need to establish an ongoing
risk management program. There are some other things that are part of the process as well, but these would be a
good start." "Sounds expensive," said Fred. Charlie looked at Gladys, and then answered, "Well, there will be some
extra expenses for specific controls and software tools, and we may have to slow down our product development
projects a bit, but the program will be more of a change in our attitude about security than a spending spreeI don't
have accurate estimates yet, but you can be sure we will put cost- benefit worksheets in front of you before we
spend any money. “Fred thought about this for a few seconds. "OK. What is our next step?" Gladys answered, "To
start with, we need to initiate a project plan to develop our new information security program. We'll use our usual

systems development and project management approach. There are a few differences, but we can adapt our
current models easily. We will need to appoint or hire a person to be responsible for information security."
"Information security? What about computer security?" asked Fred. Charlie responded, "Information security
includes all the things we use to do business: software, procedures, data, networks, our staff, and computers. "I
see," Fred said. "Bring me the draft project plan and budget in two weeks. The audit committee of the board meets
in four weeks, and we'll need to report our progress."
Soon after the board of directors meeting, Charlie was promoted to chief information security officer, a new position
that reports to the CIa Gladys Williams, and that was created to provide leadership for SLS's efforts to improve its
security profile.
1. How do Fred, Gladys, and Charlie perceive the scope and scale of thenew information security effort?
2. How will Fred measure success when he evaluates Gladys' performance for this project? How about Charlie's
performance?
3. Which of the threats discussed in this chapter should receive Charlie's attention early in his planning process?
Industrial Espionage
Henry Magruder made a mistake: he left a CD at the coffee station. Later, Iris Majwabu was at the coffee station,
topping off her coffee cup, hoping to wrap up her work on the current SQL code module before it was time to go
home. As she turned to leave, she saw the unlabelled CD on the counter.
Being the helpful sort, she picked it up, intending to return it to the person who'd left it behind.
Expecting to find perhaps the latest device drivers, or someone's work from the development team's office, Iris
slipped the disk into the drive of her computer and ran a virus scan against its contents. She then opened the file
explorer program. She had been correct in assuming the CD contained data files, lots of them. She opened a file
at random, and names, addresses, and Social Security numbers scrolled down her screen. These were not the
test records she expected; instead they looked more like critical payroll data. Concerned, she found a readme.txt
file and opened it. It read: Jill, see files on this disc. Hope they meet your expectations. Wire money to my
account as arranged. Rest of data sent on payment. Iris realized that someone was selling sensitive company
data to an outside information broker. She looked back at the directory listing and saw that the files spanned
the range of every department at Sequential Label and Supply-everything from customer lists to shipping
invoices. She saw one file that she knew contained the credit card numbers for every Web customer the
company supplied. She opened another file and saw that it stopped about halfway through the data. Whoever did
this had split the data into two parts. That made sense: payment on delivery of the first half.
Now, who did this belong to? She opened up the file properties option on the readme.txt file. The file owner was
listed as "hmagruder." That must be Henry Magruder, the developer two cubes over in the next aisle. Iris
pondered her next action. Iris called the company security hotline. The hotline was an anonymous way to report
any suspicious activity or abuse of company policy, although Iris chose to identify herself. The next morning, she

was called to a meeting with an investigator from corporate security, which led to more meetings with others in
corporate security, and then finally a meeting with the
Director of Human Resources and Gladys Williams, the CIO of SLS.
1. Was Iris justified in determining who the owner of the CD was?
2. Should Iris have approached Henry directly, or was the hotline the most effective way to take action?
3. Should Iris have placed the CD back at the coffee station and forgotten the whole thing? Would that response
have been ethical on her part?
Deciding What to Protect

Charlie Moody called the meeting to order. The conference room was full of developers, systems analysts, IT
managers, business users, and business managers. "All right everyone, let's get started. Welcome to the kick-off
meeting of the Sequential Label and Supply Information Security Task Force. That's the name of our new project
team, and we're here today to talk about our objectives and to review the initial work plan." "Why are all of the
users here?" asked the manager of sales. "Isn't security a problem for the IT Department?" Charlie explained,
"Well, that used to be the case, but we've come to realize that information security is about managing the risk of
using automated systems, which involves almost everyone in the company. In order to make our systems more
secure, we will need the participation of people from all departments." Charlie continued, "1 hope everyone has
read the packets we sent out last week with the legal requirements we face in our industry and the background
articles on threats and attacks. Today we'll begin the process of identifying and classifying all of the information
technology risks that face our organization. This includes everything from fires and floods that could disrupt our
business to criminal hackers who might try to steal or destroy our data. Once we identify and classify the risks
facing our assets, we can discuss how to reduce or eliminate these risks by establishing controls. Which controls
we actually apply will depend on the costs and benefits of each control." "Wow, Charlie!" said Amy Windahl from
the back of the room. "I'm sure we need to do It-I was hit by the last attack, just as everyone here was but we have
hundreds of systems. “It’s more like thousands," said Charlie. He went on, "That's why we have so many people
on this team and why the team includes members of every department." Charlie continued, "Okay, everyone,
please open your packets and take out the project plan with the work list showing teams, tasks, and schedules.
Any questions before we start reviewing the work plan?" As Charlie wrapped up the meeting, he ticked off a few
key reminders for everyone involved in the asset identification project. "Okay, everyone, before we finish, please
remember that you should try to make your asset lists complete, but be sure to focus your attention on the more
valuable assets first. Also, remember that we evaluate our assets based on business impact to profitability first,
and then economic cost of replacement. Make sure you check with me about any questions that come up. We will
schedule our next meeting in two weeks, so please have your draft inventories ready."
1. Did Charlie effectively organize the work before the meeting? Why or why not? Make a list of the important
issues you think should be covered by the work plan. For each issue, provide a short explanation. 2. Will the
company get useful information from the team it has assembled? Why or why not?

3. Why might some attendees resist the goals of the meeting? Does it seem that each person invited was briefed
on the importance of the event and the issues behind it?

Case Study and Group Work 2
"Government executives expressed widespread concern about data leakage, whether caused by malicious actions
or accidental missteps, according to an online survey of 209 executives, conducted by 1105 Government
Information Group Content Solutions. In total, the survey conducted online in February, garnered 209 responses
from public sector executives from organizations ranging from the Department of Defense to civilian federal
agencies, to executives from state and local governments. Roughly a fifth of government agencies responding to
the survey reported that external IT security incidents have increased in the past year.
The seemingly constant stream of viruses, worms, rootkits, denial-of-service (DoS) attacks and other security
threats underscore how the government’s network perimeter has expanded and blurred, as the proliferation of
mobile and remote users has grown. A whopping 92% of those surveyed said they expect to spend at least as
much, if not more for information security threat prevention in the coming year. The average annual agency budget
for IT security threat prevention, across all levels of government was reported at $2.75 million

Progressive or leading edge agencies expressed concern about the proliferation of mobile devices and the impact
of cloud computing on security, and are most likely to be investigating single-sign on authentication alternatives,
in their ongoing efforts to improve agency IT threat prevention infrastructures. The proliferation of mobile devices
with confidential information and access to internal systems was viewed as an increasing security concern, by 78%
of respondents.
IT security audits are conducted to test and ensure an agency’s IT assets are, in fact, protected. Not surprisingly,
those respondents who reported failing an IT security audit were also more apt to increase their budgets for IT
security protections. Since agencies undergo both external security audits as well as internal audits, the survey
results indicated that nearly 20% of respondents had failed at least one external audit and 22% had failed at least
one recent internal security audit.
Although a lack of adequate protection against data loss or leaks is considered a serious problem, survey
respondents to the 1105 Government Information Group Content Solutions Information Security Survey, said
investments in content security and data loss prevention were not as high on the priority list, as were investments
in intrusion detection, firewalls, VPNs, IP security and continuous monitoring. Data loss prevention (DLP) helps
ensure that sensitive personal information and classified information housed on government networks remains
safe and secure.

Tools for Protection

In the 1105 Government Information Group’s survey, respondents were asked to select the tools they turn to most
to help reduce risks associated with a broad array of information security threats. Firewalls and virtual private
network services, along with anti-malware, anti-spam, encryption, authentication, content filtering, intrusion
detection and continuous monitoring topped the list of tools to protect government resources."
Read the above and research further and then the questions below:
1. Discuss in detail some of the greatest Information Technology threats that governments and organisations
face?
2. Why do these threats to Information Technology exist? What would be some of the reasons for these
Information Technology incursions?
3. Discuss how Mobile access and cloud storage have added the risk areas facing organisations.
4. How much should a company spend on investing in securing their information?
5. Do Information Technology audits assist in driving security awareness?
6. Could some organisation's data be compromised without their knowledge?
7. How well prepared is your government against threats facing organisations?
8. What are the ways in which threats to organisations are examined and the most common threat preventions
systems around the world that are in practice or being used today?

Conclusion
In conclusion I would like to thank you for taking the time to go through this module. The journey ahead is bright
and positive. The foundations laid in this and the previous module will put you on a very rewarding track in terms
of gearing towards taking an organisation to new modes of acquiring success simply by understanding this module
and applying relevant methods or methodologies.
I hope this study guide has helped in contextualizing this information. It should have firmed up your understanding
of Business Intelligence and at the processes, policies and principles of protecting your data and using your data
with business intelligence.
This diagram should help you recap what we have already covered. Thank you

Bibliography
 Paige Baltzan, A. P. (2009). Business Driven Information Systems. New York: McGraw-Hill.
 Schniederjans, M. J. (2004). Information Technology Investment: Decision-Making Methodology. World
Scientific Pub Co Inc.
 Whitman, M. E., & Mattford, H. J. (2012). Principles of Information Security (4th Edition ed.). China: China
Translation and Printing Services Limited.
 Williams, B. K., & Sawyer, S. C. (2010). Using Information Technology (International Edition ed.). New York:
Mcgraw & Hill.


BCOM ITM - Information Technology Management 2B

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BCOM ITM - Information Technology Management 2B

Uploaded by

Copyright:

Available Formats

Bachelor of Commerce

in Information and Technology

Unit 1: Introduction To Information Technology .................................................................................................... 13

i MANCOSA – BCOM ITM Yeari 2

Figure 1 - IT covered in Module 2A..................................................................................................................... 5

Figure 2 - IT Covered in this Module 2B ............................................................................................................. 6

Figure 5 - The Pascaline : The Pascaline. Invented by Blaise Pascal (1623-62).............................................. 19

Figure 8 - The Analytical Engine. ...................................................................................................................... 20

Figure 10- Census Machine, used punch cards. .............................................................................................. 22

Figure 13 - Electronic Numerical Integrator and Computer (ENIAC) - 1946 ..................................................... 23

Figure 16- The First Generation (1951-1958). .................................................................................................. 24

Figure 17 - The Second Generation (1959-1963). ............................................................................................ 24

Figure 18- The Third Generation ...................................................................................................................... 25

Figure 20- Complicated dimensions of sub choices.......................................................................................... 63

Figure 22: Overall structure of our method. ...................................................................................................... 66

1 MANCOSA – Bachelor of Commerce Information and Technology Management Year 2

Figure 23: The concept of a value center (Venkatraman,1997) ........................................................................ 67

Figure 24:Operating models (Ross et al., 2006). .............................................................................................. 69

Figure 25: Problem chains ................................................................................................................................ 71

Figure 27: Relation between requirements and architecture models ................................................................ 72

Figure 28: Views on an architecture model ....................................................................................................... 73

Figure 29: Investment portfolios........................................................................................................................ 75

Figure 30: Bedell’s method and enterprise architecture.................................................................................... 75

Figure 31: Example of an activity level portfolio ................................................................................................ 76

Figure 32: Valuation profile for Bedell’s method .............................................................................................. 77

Figure 33: Business process portfolio in BiZZdesign Architect ......................................................................... 78

Figure 34: Business process folio in Excel ....................................................................................................... 78

Figure 35- BI Strategic, Tactical and Operational ........................................................................................... 101

Figure 36 - Operational Tactical and Strategic BI ........................................................................................... 102

Figure 39- Data Warehouse (Wikimedia Commons) ...................................................................................... 109

Figure 43- SLS Organisation .......................................................................................................................... 132

MANCOSA – Bachelor of Commerce in Information and Technology Management Year 2 2

We hope you enjoy the module.

3 MANCOSA – Bachelor of Commerce in Information and Technology Management Year 2

Contents and Structure

Unit 2: Impact of Information Technology

Unit 3: Information Technology Investments

Unit 4: Business Intelligence

MANCOSA – Bachelor of Commerce in Information and Technology Management Year 2 4

Unit 5: Data Warehousing and Data Mining

Unit 6: Principles of Information Security

What have we learnt about Information Technology in the previous module?

Figure 1 - IT covered in Module 2A

5 MANCOSA – Bachelor of Commerce in Information and Technology Management Year 2

Let us look closer at the way this module is set out?

Figure 2 - IT Covered in this Module 2B

MANCOSA – Bachelor of Commerce in Information and Technology Management Year 2 6

C. Exit Level Outcomes and Associated Assessment Criteria of the Programme

 The application of information and knowledge  Information and knowledge management

 The application of information and knowledge  Information and knowledge management

 The architecture, platforms and configuration of  Architecture, platforms and configuration of

 Utilisation of information and knowledge  Information and knowledge management is

 Analysis, evaluation and representation of  Financial, quantitative and functional information

 Proposal of business solutions through  Business solutions are proposed utilising

7 MANCOSA – Bachelor of Commerce in Information and Technology Management Year 2

D. Learning Outcomes and Associated Assessment Criteria of the Module

 Understand the impact of information  Impact of information technology on the organisation,

E. Unit Learning Outcomes

MANCOSA – Bachelor of Commerce in Information and Technology Management Year 2 8

F. Notional Learning Hours

Notional Learning Hour Table for the Programme

Lectures/Workshops (face to face, limited or technologically mediated) 15

Tutorials: individual groups of 30 or less 0

Independent self-study of specially prepared materials (case studies, multi-media, etc.) 40