Diploma in Information Technology

Module: Information System 1B

Module Code: INS120

STUDY GUIDE
TABLE OF CONTENTS

A WORD OF WELCOME ...................................................................................... 1

PURPOSE OF THE MODULE .............................................................................. 1
MODULE OUTCOMES ......................................................................................... 1
PRESCRIBED TEXTBOOK .................................................................................. 1
STUDY UNIT 1: BUSINESS ACROSS THE ENTERPRISE .................................. 2
STUDY UNIT 2: E-COMMERCE ......................................................................... 16
STUDY UNIT 3: SUPPORTING DECISION MAKING ......................................... 29
STUDY UNIT 4: BUSINESS I.T STRATEGIES FOR DEVELOPMENT ............... 51
STUDY UNIT 5: IMPLEMENTING BUSINESS/IT SOLUTIONS .......................... 66
STUDY UNIT 6: SECURITY AND ETHICAL CHALLENGES .............................. 86

Study Guide 2017 Page 2 of 112 Damelin

A WORD OF WELCOME
Welcome to Welcome to the Information Systems 1B Module. This subject will be presented
on NQF level 5 and will bear 10 credits in terms of the new HEQSF.

PURPOSE OF THE MODULE

On completion of this course the student would have acquired basic knowledge of information
systems that are used especially in the business environment. Students are introduced to basic
computer and system concepts, which are elaborated on throughout the course. The focus is
placed on the internal operations of a computer as is on the role of information systems in
general. More important aspects include that of hardware as well as application, system and
development software. The module further builds on Information Systems 1A.

MODULE OUTCOMES
At the end of this module learners should be able to know:
Business across the enterprise
E-commerce
Supporting decision making
Business/IT strategies for development
Implementing business/it solutions
Security and ethical challenges

PRESCRIBED TEXTBOOK
Textbook Author Year Publisher ISBN

Introduction to
O Brian, J. 2012 McGraw-Hill 9780071318044
Information system

Study Guide 2017 Page 1 of 112 Damelin

 STUDY UNIT 1: BUSINESS ACROSS THE ENTERPRISE

INTRODUCTION
Getting All the Geese Lined Up: Managing at the Enterprise Business Level

Heres a question you probably never expected to find in your information systems text: Have
you ever noticed how geese fly? They start out as a seemingly chaotic flock of birds, but very
quickly end up flying in a V-shape or echelon pattern like that shown in Figure 8.1. As you might
imagine, this consistency in flying formation is not an accident. By flying in this manner, each
bird receives a slight, but measurable, benefit in reduced drag from the bird in front. This makes
it easier for all of the birds to fly long distances than if they just took up whatever portion of the
sky they happened to find. Of course, the lead bird has the toughest job, but geese have figured
out a way to help there, as well. Systematically, one of the birds from the formation will fly up to
relieve the current lead bird. In this way, the entire flock shares the load as they all head in the
same direction.

Learning outcomes:

After having worked through this study unit you will be able to:

1. Identify and give examples to illustrate the following aspects of customer relationship
management, enterprise resource management systems:

A. business process supported

b. Customer and business value provided

c. potential challenges and trends

2. Understand the importance of managing at the enterprise level to achieve maximum

efficiencies and benefits.

Customer Relationship Management: The Business Focus

A customer centric focus - Customer relationships have become a companys most valued
asset. Every companys strategy should be to find and retain the most profitable
customers possible
What is CRM?
Managing the full range of the customer relationship involves:

Study Guide 2017 Page 2 of 112 Damelin

Providing customer-facing employees with a single, complete view of every customer at
every touch point and across all channels
Providing the customer with a single, complete view of the company and its extended channels
CRM uses IT to create a cross-functional enterprise system that integrates and automates many
of the customer-serving processes

Application Clusters in CRM

Contact and Account Management

CRM helps sales, marketing, and service professionals capture and track relevant
data about
Every past and planned contact with prospects and customers
Other business and life cycle events of customers
Data are captured through customer touch points
Telephone, fax, e-mail
Websites, retail stores, kiosks
Personal contact

Sales
A CRM system provides sales reps with the tools and data resources they need to
Support and manage their sales activities
Optimize cross- and up-selling
CRM also provides the means to check on a customers account status and history before
scheduling a sales call.

Study Guide 2017 Page 3 of 112 Damelin

Marketing and Fulfilment
CRM systems help with direct marketing campaigns by automatic such tasks as
Qualifying leads for targeted marketing
Scheduling and tracking mailings
Capturing and managing responses
Analyzing the business value of the campaign
Fulfilling responses and requests

Customer Service and Support

A CRM system gives service reps real-time access to the same database used by sales and
marketing.
Requests for service are created, assigned, and managed
Call center software routes calls to agents
Help desk software provides service data and suggestions for solving problems
Web-based self-service enables customers to access personalized support information.

Retention and Loyalty Programs

It costs 6 times more to sell to a new customer
An unhappy customer will tell 8-10 others
Boosting customer retention by 5 percent can boost profits by 85 percent
The odds of selling to an existing customer are 50 percent; a new one 15 percent
About 70 percent of customers will do business with the company again if a problem is quickly
taken care of
Enhancing and optimizing customer retention and loyalty is a primary objective of CRM
Identify, reward, and market to the most loyal
and profitable customers
Evaluate targeted marketing and relationship programs

Study Guide 2017 Page 4 of 112 Damelin

The Three Phases of CRM

Benefits of CRM
Identify and target the best customers
Real-time customization and personalization
of products and services
Track when and how a customer contacts
the company
Provide a consistent customer experience
Provide superior service and support across
all customer contact points

CRM Failures
Business benefits of CRM are not guaranteed
50 percent of CRM projects did not produce promised results
20 percent damaged customer relationships
Reasons for failure
Lack of understanding and preparation

Study Guide 2017 Page 5 of 112 Damelin

Not solving business process problems first
No participation on part of business stakeholders involved

Trends in CRM
Operational CRM
Supports customer interaction with greater convenience through a variety of channels
Synchronizes customer interactions consistently across all channels
Makes the company easier to do business with
Analytical CRM
Extracts in-depth customer history, preferences, and profitability from databases
Allows prediction of customer value and behavior
Allows forecast of demand
Helps tailor information and offers to customer needs
Collaborative CRM
Easy collaboration with customers, suppliers, and partners
Improves efficiency and integration throughout supply chain
Greater responsiveness to customer needs through outside sourcing of products
and services
Portal-based CRM
Provides users with tools and information that fit their needs
Empowers employees to respond to customer demands more quickly
Helps reps become truly customer-faced
Provides instant access to all internal and external customer information

ERP: The Business Backbone

What is ERP?
Enterprise resource planning is a cross-functional enterprise system
An integrated suite of software modules
Supports basic internal business processes
Facilitates business, supplier, and customer information flows

Study Guide 2017 Page 6 of 112 Damelin

ERP Application Components

ERP Process and Information Flows

Study Guide 2017 Page 7 of 112 Damelin

Benefits and Challenges of ERP
ERP Business Benefits
Quality and efficiency
Decreased costs
Decision support
Enterprise agility
ERP Costs
Risks and costs are considerable
Hardware and software are a small part
of total costs
Failure can cripple or kill a business
Costs of Implementing a New ERP

Causes of ERP Failures

Most common causes of ERP failure
Under-estimating the complexity of planning, development, training

Study Guide 2017 Page 8 of 112 Damelin

Failure to involve affected employees in
planning and development
Trying to do too much too fast
Insufficient training
Insufficient data conversion and testing
Over-reliance on ERP vendor or consultants
Trends in ERP

SUPPLY CHAIN MANAGEMENT (SCM)

Fundamentally, supply chain management helps a company
Get the right products
To the right place
At the right time
In the proper quantity
At an acceptable cost

Goals of SCM
The goal of SCM is to efficiently
Forecast demand
Control inventory
Enhance relationships with customers, suppliers, distributors, and others
Receive feedback on the status of every link in the supply chain

Study Guide 2017 Page 9 of 112 Damelin

What is a Supply Chain?
What exactly is a companys supply chain? Lets suppose a company wants to build and sell a
product to other businesses. Then it must buy raw materials and a variety of contracted services
from other companies. The interrelationships with suppliers, customers, distributors, and other
businesses that are needed to design, build, and sell a product make up the network of
business entities, relationships, and processes that is called a supply chain. Because each
supply chain process should add value to the products or services a company produces, a
supply chain is frequently called a value chain, a different but related concept that we discussed
in Chapter 2. In any event, many companies today are using Internet technologies to create
inter enterprise business systems for supply chain management that help a company streamline
its traditional supply chain processes.
According to the Council of Supply Chain Management Professionals (CSCMP), supply
chain management encompasses the planning and management of all activities involved in
sourcing, procurement, conversion, and logistics management. It also includes the crucial
components of coordination and collaboration with channel partners, which can be suppliers,
intermediaries, third-party service providers, and customers. In essence, supply chain
management integrates supply and demand management within and across companies. More
recently, the loosely coupled, self-organizing network of business that cooperates to provide
product and service offerings has been called the Extended Enterprise.
The interrelationships
With suppliers, customers, distributors, and
other businesses
Needed to design, build, and sell a product
Each supply chain process should add value to the products or services a company produces
Frequently called a value chain

Supply Chain Life Cycle

Study Guide 2017 Page 10 of 112 Damelin

Electronic Data Interchange
Electronic data interchange (EDI) is a document standard which when implemented acts as
common interface between two or more computer applications in terms of understanding the
document transmitted. It is commonly used by big companies for e-commerce purposes, such
as sending orders to warehouses or tracking their order. It is more than mere e-mail; for
instance, organizations might replace bills of lading and even cheques with appropriate EDI
messages. It also refers specifically to a family of standards.
In 1996, the National Institute of Standards and Technology defined electronic data interchange
as "the computer-to-computer interchange of strictly formatted messages that represent
documents other than monetary instruments. EDI implies a sequence of messages between two
parties, either of whom may serve as originator or recipient. The formatted data representing the
documents may be transmitted from originator to recipient via telecommunications or physically
transported on electronic storage media." It distinguishes mere electronic communication or
data exchange, specifying that "in EDI, the usual processing of received messages is by
computer only. Human intervention in the processing of a received message is typically
intended only for error conditions, for quality review, and for special situations. For example, the
transmission of binary or textual data is not EDI as defined here unless the data are treated as
one or more data elements of an EDI message and are not normally intended for human
interpretation as part of online data processing."
EDI can be formally defined as the transfer of structured data, by agreed message standards,
from one computer system to another without human intervention.
One of the earliest uses of information technology for supply chain management
The electronic exchange of business transaction documents between supply chain trading
partners
The almost complete automation of an e-commerce supply chain process
Many transactions occur over the Internet, using secure virtual private networks
Typical EDI Activities

Study Guide 2017 Page 11 of 112 Damelin

Roles and Activities of SCM in Business

Planning & Execution Functions of SCM

Planning
Supply chain design
Collaborative demand and supply planning
Execution
Materials management
Collaborative manufacturing
Collaborative fulfillment
Supply chain event management
Supply chain performance management

Benefits and Challenges of SCM

Key Benefits
Faster, more accurate order processing
Reductions in inventory levels
Quicker times to market
Lower transaction and materials costs
Strategic relationships with supplier

Study Guide 2017 Page 12 of 112 Damelin

Goals and Objectives of SCM

Benefits and Challenges of SCM

Key Challenges
Lack of demand planning knowledge, tools, and guidelines
Inaccurate data provided by other information systems
Lack of collaboration among marketing, production, and inventory management
SCM tools are immature, incomplete, and hard to implement

Trends in SCM

Study Guide 2017 Page 13 of 112 Damelin

Summary of the study unit
In this chapter you got an opportunity to understand e-business applications, namely customer
relationship management, enterprise resource planning and supply chain management.
Enterprise resource planning (ERP) is a cross-functional enterprise system that serves as a
framework to integrate and automate many of the business processes such as:
Manufacturing
Logistics
Distribution
Accounting
Finance
Human resource
Customer relationship management (CRM): A cross-functional e-business application that
integrates and automates many customers serving processes in
sales
direct marketing
account
order management,
Customer service and support.

Supply Chain Management

Supply Chain Management: Integrating management practices and information technology to

optimize information and product flows among the processes and business partners within a
supply chain.
SCM is a top strategic objective for many companies. It is an absolute requirement if they want
to meet their e-commerce customer value imperative: what the customer wants, when and
where its wanted, at the lowest possible cost.
Procurement
Logistics
Distribution
Production

Study Guide 2017 Page 14 of 112 Damelin

Self-assessment and reflection

Answer the following questions to check whether you have achieved all the set
outcomes:

What does ERP stands for? And then name ix business processes that are associated with ERP.

Should companies continue to use EDI systems? Why or why not?

How can you avoid the problem of overly enthusiastic demand forecasts in supply chain planning?

What challenges do you see for a company that wants to implement collaborative CM systems? How
would you meet such challenges?

Study Guide 2017 Page 15 of 112 Damelin

 STUDY UNIT 2: E-COMMERCE
INTRODUCTION
Introduction to e-Commerce
Electronic commerce encompasses the entire online process of, Developing, Marketing, Selling,
Delivering, and Servicing, paying for products and services. It relies on the Internet and
other information technologies to support every step of the process
E-commerce, whether indirect or direct, is a layer (or several) above the actual Infrastructure. It
can consist of any range of activities unique to the needs or demands of specific consumer or
user groups.

E.g., On-line business activities

E.g., On-line information sources

Learning outcomes:

After having worked through this study unit you will learn:

- Identify the major categories and trends of e-commerce applications

- Identify the essential processes of an e-commerce system, and give examples of how they are
implemented in e-commerce applications

- Identify and give examples of several key factors and Web store requirements need to
succeed in e-commerce

- Identify and explain the business value of several types of e-commerce marketplaces

-Discuss the benefits and trade-offs of several e-commerce clicks and bricks alternatives

DEFINITION

Electronic commerce, commonly known as e-commerce or e-comm, is the buying and selling of
products or services over electronic systems such as the Internet and other computer networks

Study Guide 2017 Page 16 of 112 Damelin

THE SCOPE OF E-COMMERCE

E-Commerce Technologies

Categories of e-Commerce
Business-to-Consumer
Virtual storefronts, multimedia catalogs, interactive order processing, electronic
payment, online customer support
Business-to-Business
Electronic business marketplaces, direct links between businesses, auctions and
exchanges

Study Guide 2017 Page 17 of 112 Damelin

 Consumer-to-Consumer
Online auctions, posting to newspaper sites, personal websites, e-commerce
portals

Essential e-Commerce Architecture

Access Control and Security

E-commerce processes must establish mutual trust and secure access between parties
User names and passwords
Encryption key
Digital certificates and signatures

Restricted access areas
Other peoples accounts
Restricted company data
Webmaster administration areas

Profiling and Personalizing

Profiling gathers data on you and your website behavior and choices
User registration
Cookie files and tracking software

Study Guide 2017 Page 18 of 112 Damelin

 User feedback

Profiling is used for

Personalized (one-to-one) marketing
Authenticating identity
Customer relationship management
Marketing planning
Website management

Search Management
Search processes help customers find the specific product or service they want
E-commerce software packages often include
a website search engine
A customized search engine may be acquired from companies like Google or
Requisite Technology
Searches are often on content or by parameters

Content and Catalogue Management

Content Management Software

Helps develop, generate, deliver, update, and archive text and multimedia
information at e-commerce websites
Catalog Management Software
Helps generate and manage catalog content
Catalog and content management software works with profiling tools to personalize
content
Includes product configuration and mass customization

Workflow Management

E-business and e-commerce workflow management depends on a workflow software

engine.
Contains software model of business processes
Workflow models express predefined
Sets of business rules
Roles of stakeholders
Authorization requirements
Routing alternative
Databases used
Task sequences

Study Guide 2017 Page 19 of 112 Damelin

Example of Workflow Management

Event Notification
Most e-commerce applications are event driven
Responds to such things as customers first website visit and payments
Monitors all e-commerce processes
Records all relevant events, including problem situations
Notifies all involved stakeholders
Works in conjunction with user-profiling software

Collaboration and Trading

Processes that support vital collaboration arrangements and trading services

Needed by customers, suppliers, and other stakeholders
Online communities of interest
E-mail, chat, discussion groups
Enhances customer service
Builds loyalty

Electronic Payment Processes

Complex processes
Near-anonymous and electronic nature of transactions
Many security issues
Wide variety of debit and credit alternatives
Financial institutions may be part of the process
Web Payment Processes

Study Guide 2017 Page 20 of 112 Damelin

 Shopping cart process
Credit card payment process
Debit and other more complex processes
Electronic Funds Transfer (EFT)
Major payment system in banking, retail
Variety of information technologies capture and process money and credit card
transfers
Most point-of-sale terminals in retail stores are networked to bank EFT systems

Electronic Payment Example

Securing Electronic Payments

Network sniffers easily recognize credit card formats

Encrypt data between customer and merchant

Study Guide 2017 Page 21 of 112 Damelin

 Encrypt data between customer and financial institution
Take sensitive information off-line

E-Commerce Application Trends

E-Commerce Applications and Issues

E-commerce is here to stay. The Web and e-commerce are key industry drivers. Its changed
how many companies do business. Its created new channels for our customers. Companies are
at the e-commerce crossroads, and there are many ways to go. Thus, e-commerce is now
defining how companies do business both internally and externally with their customers,
suppliers, and other business partners. As managers confront a variety of e-commerce
alternatives, the way companies apply e-commerce to their businesses is also subject to
change. The applications of e-commerce by many companies have gone through several major
stages as e-commerce matures in the world of business. For example, e-commerce between
businesses and consumers (B2C) moved from merely offering multimedia company information
at corporate Web sites (brochure ware) to offering products and services at Web storefront sites
via electronic catalogues and online sales transactions. B2B e-commerce, in contrast, started
with Web site support to help business customers serve themselves, and then moved toward
automating intranet and extranet procurement systems

Study Guide 2017 Page 22 of 112 Damelin

E-Commerce Success Factors

Some of the success factors in e-commerce

Selection and value
Performance and service
Look and feel
Advertising and incentives
Personal attention (one-to-one marketing)
Community relationships
Security and reliability

Differences in Marketing

Study Guide 2017 Page 23 of 112 Damelin

Web Store Requirements

Developing a Web Store

Build a website
Choose or set up web hosting
Use simple design tools and templates
Include a shopping cart and payment support
Market the website
Include Web page and e-mail advertising and promotions
Exchange advertising with other Web stores
Register with search engines and directories
Sign up for affiliate programs

Serving Your Customers

Convert visitors into loyal customers

Develop one-to-one relationship with customers
Create incentives to encourage registration
Use Web cookies to identify visitors
Use tracking services to record and analyze website behavior and customer
preferences
Create an attractive, friendly, efficient store
Offer fast order processing and payment
Notify when orders are processed and shipped
Provide links to related websites

Study Guide 2017 Page 24 of 112 Damelin

Managing a Web Store

Manage both the business and the website

Record and analyze traffic, inventory, sales
Use CRM features to help retain customers
Link sales, inventory data to accounting systems
Operate 24 hours a day, seven day a week
Protect transactions and customer records
Use security monitors and firewalls
Use redundant systems and power sources
Employ passwords and encryption
Offer 24-hour tech support

B2B E-Commerce

B2B is the wholesale and supply side of

the commercial process
Businesses buy, sell, or trade with other businesses
Relies on multiple electronic information technologies
Catalog systems
Trading systems
Data interchange
Electronic funds transfers

E-Commerce Marketplaces

One to Many
Sell-side marketplaces
One supplier dictates product offerings and prices
Many to One
Buy-side marketplaces
Many suppliers bid for the business of a buyer
Some to Many
Distribution marketplaces
Unites suppliers who combine their product catalogs to attract a larger audience
Many to Some
Procurement marketplaces
Unites major buyers who combine purchasing catalogs
Attracts more competition and thus lower prices
Many to Many
Auction marketplaces
Dynamically optimizes prices

Study Guide 2017 Page 25 of 112 Damelin

E-Commerce Portals
B2B e-commerce portals offer multiple marketplaces
Catalogs
Exchanges
Auctions
Often developed and hosted by third-party market-maker companies
Infomediaries serve as intermediaries in e-business and e-commerce
transactions

B2B E-Commerce Web Portal

Clicks and Bricks

Success will go to those who can integrate Internet initiatives with traditional operations
Merging operations has trade-offs
See Figure 9.18

E-Commerce Integration
The business case for merging e-commerce with traditional business operations
Move strategic capabilities in traditional operations to the e-commerce business
Integrate e-commerce into the traditional business
Sharing of established brands
Sharing of key business information
Joint buying power and distribution efficiencies

Study Guide 2017 Page 26 of 112 Damelin

Other Clicks and Bricks Strategies

Partial e-commerce integration

Joint ventures and strategic partnerships
Complete separation
Spin-off of an independent e-commerce company
Barnes and Nobles experience
Spun off independent e-commerce company
Gained venture capital, entrepreneurial culture, and flexibility
Attracted quality management
Accelerated decision making
Failed to gain market share

E-Commerce Channel Choices

An e-commerce channel is the marketing or sales channel created by a company for its
e-commerce activities
There is no universal strategy or e-commerce channel choice
Both e-commerce integration and separation
have major business benefits and shortcoming
Most businesses are implementing some
measure of clicks and bricks integration

E-Commerce Strategy Checklist

Questions to ask and answer
What audiences are we attempting to reach?
What action do we want those audiences to take?
Who owns the e-commerce channel within the organization?
Is the e-commerce channel planned alongside other channels?
Is there a process for generating, approving, releasing, and withdrawing content?
Will our brand translate to the new channel?
How will we market the channel itself?

Study Guide 2017 Page 27 of 112 Damelin

Summary of the study unit

Commerce - Negotiated exchange of goods or services

Electronic commerce - Application of new technologies to conduct business more
effectively
Using electronic commerce, businesses have: 1.Created new products and services. 2.
Improved promotion, marketing, and delivery of existing offerings
The global nature of electronic commerce leads to many opportunities and few
challengesTo conduct electronic commerce across international borders, you must
understand the trust, cultural, language, and legal issues

Self-assessment and reflection

Answer the following questions to check whether you have achieved all the set
outcomes:

1. Define the term e-commerce and distinguish it from e-business.

2. What is the SWOT analysis used for in ecommerce businesses?
3. Describe the advantages and disadvantages of ecommerce.
4. What are the critical success factors for retail e-business start-ups

Study Guide 2017 Page 28 of 112 Damelin

 STUDY UNIT 3: SUPPORTING DECISION MAKING

INTRODUCTION
As companies migrate toward responsive e-business models, they are investing in new data-
driven decision support application frameworks that help them respond rapidly to changing
market conditions and customer needs.

One way to look at an organization is to view it as an intertwining nexus of decisions. The length
and breadth of an organization is held together by the relationship between a decision made in
one area and a decision made in another. To succeed in business today, companies need
information systems that can support the diverse information and decision-making needs of their
managers and business professionals.
In this chapter, we will explore how this is accomplished by several types of management
information, decision support, and other information systems. We concentrate our attention on
how the Internet, intranets, and other Web-enabled information technologies have significantly
strengthened the role that information systems play in supporting the decision-making activities
of every manager and knowledge worker in business.

Learning outcomes:
After having worked through this study unit you will learn:
-Identify the changes taking place in the form and use of decision support in business
- Identify the role and reporting alternatives of MIS
- Describe how online analytical processing can meet key information needs of managers
- Explain the decision support system concept and how it differs from traditional MIS
- Explain how the following IS can support the information needs of executives, managers, and
business professionals:
A. Executive information systems, -
B. Enterprise information portals, and
C. knowledge management systems
- Identify how neural networks, fuzzy logic, genetic algorithms, virtual reality, and intelligent
agents can be used in business
- Give examples of several ways expert systems can be used in business decision-making
situations

Decision Support in Business

Companies are investing in data-driven decision support application frameworks to help

them respond to
Changing market conditions
Customer needs
This is accomplished by several types of
Management information

Study Guide 2017 Page 29 of 112 Damelin

 Decision support
Other information systems

Case 1 Dashboard for Executives

Web-based dashboards
Displays critical information in graphic form
Assembled from data pulled in real time from corporate software and databases
Managers see changes almost instantaneously
Now available to smaller companies
Potential problems
Pressure on employees
Divisions in the office
Tendency to hoard information

Levels of Managerial Decision Making

Information Quality
Information products made more valuable by their attributes, characteristics, or qualities
Information that is outdated, inaccurate, or hard to understand has much less
value
Information has three dimensions
Time
Content

Study Guide 2017 Page 30 of 112 Damelin

 Form

Attributes of Information Quality

Decision Structure

Structured (operational)
The procedures to follow when decision is needed can be specified in advance.
Unstructured (strategic)
It is not possible to specify in advance most of the decision procedures to follow.
Semi-structured (tactical)
Decision procedures can be pre-specified, but not enough to lead to the correct
decision.

Study Guide 2017 Page 31 of 112 Damelin

Decision Support Systems

Management Information Decision Support Systems

Systems

Decision support Provide information about the Provide information and

provided performance of the organization techniques to analyze
specific problems

Information form and Periodic, exception, demand, Interactive inquiries and

frequency and push reports and responses responses

Information format Pre-specified, fixed format Ad hoc, flexible, and

adaptable format

Information Information produced by Information produced by

processing extraction and manipulation of analytical modeling of
methodology business data business data

Decision Support Trends

The emerging class of applications focuses on

Personalized decision support
Modeling
Information retrieval
Data warehousing
What-if scenarios
Reporting

Business Intelligence Applications

Business intelligence (BI) is a set of theories, methodologies, processes, architectures, and
technologies that transform raw data into meaningful and useful information for business
purposes. BI can handle large amounts of information to help identify and develop new
opportunities. Making use of new opportunities and implementing an effective strategy can
provide a competitive market advantage and long-term stability.
BI technologies provide historical, current and predictive views of business operations. Common
functions of business intelligence technologies are reporting, online analytical
processing, analytics, data mining, process mining, complex event processing, business

Study Guide 2017 Page 32 of 112 Damelin

performance management, benchmarking, text mining, predictive analytics and prescriptive
analytics.
Though the term business intelligence is sometimes a synonym for competitive
intelligence (because they both support decision making), BI uses technologies, processes, and
applications to analyze mostly internal, structured data and business processes while
competitive intelligence gathers, analyzes and disseminates information with a topical focus on
company competitors. If understood broadly, business intelligence can include the subset of
competitive intelligence.

Decision Support Systems

Decision Support System (DSS) are computer-based information system that supports business
or organizational decision-making activities. DSSs serve the management, operations, and
planning levels of an organization (usually mid and higher management) and help to make
decisions, which may be rapidly changing and not easily specified in advance (Unstructured and
Semi-Structured decision problems). Decision support systems can be either fully computerized,
human or a combination of both.
While academics have perceived DSS as a tool to support decision making process, DSS users
see DSS as a tool to facilitate organizational processes. Some authors have extended the
definition of DSS to include any system that might support decision making.[2] Sprague (1980)
defines DSS by its characteristics:

1. DSS tends to be aimed at the less well structured, underspecified problem that upper
level managers typically face;
2. DSS attempts to combine the use of models or analytic techniques with traditional data
access and retrieval functions;
3. DSS specifically focuses on features which make them easy to use by non-computer
people in an interactive mode; and

Study Guide 2017 Page 33 of 112 Damelin

 4. DSS emphasizes flexibility and adaptability to accommodate changes in
the environment and the decision making approach of the user.
DSSs include knowledge-based systems. A properly designed DSS is an interactive software-
based system intended to help decision makers compile useful information from a combination
of raw data, documents, and personal knowledge, or business models to identify and solve
problems and make decisions.
Typical information that a decision support application might gather and present includes:

inventories of information assets (including legacy and relational data sources, cubes, data
warehouses, and data marts),
comparative sales figures between one period and the next,
Projected revenue figures based on product sales assumptions.
Decision support systems use the following to support the making of semi-structured business
decisions
Analytical models
Specialized databases
A decision-makers own insights and judgments
An interactive, computer-based modeling process
DSS systems are designed to be ad hoc, quick-response systems that are initiated and
controlled by decision makers.

What is Decision Support System?

A decision support system (DSS) is an interactive computer-based information system that, like
MIS also serves at the management level of an organization. However, in contrast to MIS (that
processes data), it processes information to support the decision making process of managers.
It provides middle managers with the information that enables them to make intelligent
decisions. A DSS in bank, for example, can enable a manger to analyze the changing trends in
deposits and loans in order to ascertain the yearly targets.
DSSs are designed for every manager to execute a specific managerial task or problem.
Generally, they help managers to make semi-structured decisions, the solution to which can be
arrived at logically. However, sometimes, they can also help in taking complex decisions.

Components of Decision Support Systems (DSS)

Decision support systems consist of three main components, namely database, software
system and user interface.

1. DSS Database: It contains data from various sources, including internal data from the
organization, the data generated by different applications, and the external data mined form the
Internet, etc. The decision support systems database can be a small database or a standalone
system or a huge data warehouse supporting the information needs of an organization. To avoid

Study Guide 2017 Page 34 of 112 Damelin

the interference of decision support system with the working of operational systems, the DSS
database usually contains a copy of the production database.

2. DSS Software System: It consists of various mathematical and analytical models that are
used to analyze the complex data, thereby producing the required information. A model predicts
the output in the basis of different inputs or different conditions, or finds out the combination of
conditions and input that is required to produce the desired output.
A decision support system may compromise different models where each model performs a
specific function. The selection of models that must be included in a decision support system
family depends on user requirements and the purposes of DSS. Note that the DSS software
contains the predefined models (or routines) using which new models can be built to support
specific type of decisions.

DSS Model Base

Model Base
A software component that consists of models used in computational and
analytical routines that mathematically express relations among variables
Spreadsheet Examples
Linear programming
Multiple regression forecasting
Capital budgeting present value

Applications of Statistics and Modelling

Supply Chain: simulate and optimize supply chain flows, reduce inventory,
reduce stock-outs
Pricing: identify the price that maximizes yield or profit

Study Guide 2017 Page 35 of 112 Damelin

 Product and Service Quality: detect quality problems early in order to minimize
them
Research and Development: improve quality, efficacy, and safety of products and
services

Management Information Systems

The original type of information system that supported managerial decision making
Produces information products that support many day-to-day decision-making
needs
Produces reports, display, and responses
Satisfies needs of operational and tactical decision makers who face structured
decisions

Management Reporting Alternatives

Periodic Scheduled Reports

Pre-specified format on a regular basis
Exception Reports
Reports about exceptional conditions
May be produced regularly or when an exception occurs
Demand Reports and Responses
Information is available on demand
Push Reporting
Information is pushed to a networked computer

Online Analytical Processing

OLAP
Enables managers and analysts to examine and manipulate large amounts of
detailed and consolidated data from many perspectives
Done interactively, in real time, with rapid response to queries
Consolidation
Aggregation of data
Example: data about sales offices rolled up to the district level
Drill-Down
Display underlying detail data
Example: sales figures by individual product
Slicing and Dicing
Viewing database from different viewpoints
Often performed along a time axis

Study Guide 2017 Page 36 of 112 Damelin

Geographic Information Systems
DSS uses geographic databases to construct and display maps and other
graphic displays
Supports decisions affecting the geographic distribution of people and other
resources
Often used with Global Positioning Systems (GPS) devices

Data Visualization Systems

Represents complex data using interactive, three-dimensional graphical forms
(charts, graphs, maps)
Helps users interactively sort, subdivide, combine, and organize data while it is in
its graphical form

Using Decision Support Systems

Using a decision support system involves an interactive analytical modeling process
Decision makers are not demanding pre-specified information
They are exploring possible alternatives
What-If Analysis
Observing how changes to selected variables affect other variables
Sensitivity Analysis
Observing how repeated changes to a single variable affect other variables
Goal-seeking Analysis
Making repeated changes to selected variables until a chosen variable reaches a
target value
Optimization Analysis
Finding an optimum value for selected variables, given certain constraints

Data Mining

Provides decision support through knowledge discovery

Analyzes vast stores of historical business data
Looks for patterns, trends, and correlations
Goal is to improve business performance

Types of analysis
Regression
Decision tree
Neural network
Cluster detection
Market basket analysis

Study Guide 2017 Page 37 of 112 Damelin

Analysis of Customer Demographics

Market Basket Analysis

One of the most common uses for data mining
Determines what products customers purchase together with other products
Results affect how companies
Market products
Place merchandise in the store
Lay out catalogs and order forms
Determine what new products to offer
Customize solicitation phone calls

Executive Information Systems

Combines many features of MIS and DSS
Provide top executives with immediate and easy access to information
Identify factors that are critical to accomplishing strategic objectives (critical
success factors)
So popular that it has been expanded to managers, analysis, and other
knowledge workers

Study Guide 2017 Page 38 of 112 Damelin

Features of an EIS
Information presented in forms tailored to the preferences of the executives using the
system
Customizable graphical user interfaces
Exception reports
Trend analysis
Drill down capability

Enterprise Information Portals

An EIP is a Web-based interface and integration of MIS, DSS, EIS, and other
technologies
Available to all intranet users and select extranet users
Provides access to a variety of internal and external business applications and
services
Typically tailored or personalized to the user or groups of users
Often has a digital dashboard
Also called enterprise knowledge portals

Dashboard Example

Study Guide 2017 Page 39 of 112 Damelin

Enterprise Information Portal Components

Study Guide 2017 Page 40 of 112 Damelin

Enterprise Knowledge Portal

Artificial Intelligence (AI)

AI is a field of science and technology based on
Computer science
Biology
Psychology
Linguistics
Mathematics
Engineering
The goal is to develop computers than can simulate the ability to think
And see, hear, walk, talk, and feel as well

Attributes of Intelligent Behaviour

Some of the attributes of intelligent behavior

Think and reason
Use reason to solve problems
Learn or understand from experience
Acquire and apply knowledge
Exhibit creativity and imagination
Deal with complex or perplexing situations
Respond quickly and successfully to new situations
Recognize the relative importance of elements in a situation
Handle ambiguous, incomplete, or erroneous information

Study Guide 2017 Page 41 of 112 Damelin

Domains of Artificial Intelligence

Cognitive Science
Applications in the cognitive science of AI
Expert systems
Knowledge-based systems
Adaptive learning systems
Fuzzy logic systems
Neural networks
Genetic algorithm software
Intelligent agents
Focuses on how the human brain works and how humans think and learn

Robotics

AI, engineering, and physiology are the basic disciplines of robotics

Produces robot machines with computer intelligence and humanlike physical
capabilities
This area include applications designed to
give robots the powers of
Sight or visual perception
Touch
Dexterity
Locomotion
Navigation

Study Guide 2017 Page 42 of 112 Damelin

Natural Interfaces

Major thrusts in the area of AI and the development of natural interfaces

Natural languages
Speech recognition
Virtual reality
Involves research and development in
Linguistics
Psychology
Computer science
Other disciplines

Latest Commercial Applications of AI

Decision Support
Helps capture the why as well as the what of engineered design and decision
making
Information Retrieval
Distills tidal waves of information into simple presentations
Natural language technology
Database mining

Virtual Reality
X-ray-like vision enabled by enhanced-reality visualization helps surgeons
Automated animation and haptic interfaces
allow users to interact with virtual objects
Robotics
Machine-vision inspections systems
Cutting-edge robotics systems
From micro robots and hands and legs, to cognitive and trainable modular
vision systems

EXPERT SYSTEMS
An expert system (ES) is a knowledge-based information system that uses its knowledge about
a specific, complex application area to act as an expert consultant to end users. Expert systems
provide answers to questions in a very specific problem area by making humanlike inferences
about knowledge contained in a specialized knowledge base. They must also be able to explain
their reasoning process and conclusions to a user, so expert systems can provide decision
support to end users in the form of advice from an expert consultant in a specific problem area.

Study Guide 2017 Page 43 of 112 Damelin

Components of an Expert System
Knowledge Base
Facts about a specific subject area
Heuristics that express the reasoning procedures of an expert (rules of thumb)
Software Resources
An inference engine processes the knowledge and recommends a course of
action
User interface programs communicate with the end user
Explanation programs explain the reasoning process to the end user

Components of an Expert System

Methods of Knowledge Representation

Case-Based
Knowledge organized in the form of cases
Cases are examples of past performance, occurrences, and experiences
Frame-Based
Knowledge organized in a hierarchy or network of frames
A frame is a collection of knowledge about an entity, consisting of a complex
package of data values describing its attributes
Object-Based
Knowledge represented as a network of objects
An object is a data element that includes both data and the methods or
processes that act on those data
Rule-Based
Knowledge represented in the form of rules and statements of fact
Rules are statements that typically take the form of a premise and a conclusion
(If, Then)

Study Guide 2017 Page 44 of 112 Damelin

Expert System Application Categories
Decision Management
Loan portfolio analysis
Employee performance evaluation
Insurance underwriting
Diagnostic/Troubleshooting
Equipment calibration
Help desk operations
Medical diagnosis
Software debugging
Design/Configuration
Computer option installation
Manufacturability studies
Communications networks
Selection/Classification
Material selection
Delinquent account identification
Information classification
Suspect identification
Process Monitoring/Control
Process Monitoring/Control
Machine control (including robotics)
Inventory control
Production monitoring
Chemical testing

Benefits of Expert Systems

Captures the expertise of an expert or group of experts in a computer-based information

system
Faster and more consistent than an expert
Can contain knowledge of multiple experts
Does not get tired or distracted
Cannot be overworked or stressed
Helps preserve and reproduce the knowledge of human experts

Limitations of Expert Systems

The major limitations of expert systems
Limited focus
Inability to learn
Maintenance problems
Development cost
Can only solve specific types of problems in a limited domain of knowledge

Study Guide 2017 Page 45 of 112 Damelin

DEVELOPING EXPERT SYSTEMS

Suitability Criteria for Expert Systems

Domain: the domain or subject area of the problem is small and well-defined
Expertise: a body of knowledge, techniques, and intuition is needed that only a
few people possess
Complexity: solving the problem is a complex task that requires logical inference
processing
Structure: the solution process must be able to cope with ill-structured, uncertain,
missing, and conflicting data and a changing problem situation
Availability: an expert exists who is articulate, cooperative, and supported by the
management and end users involved in the development process

Development Tool
Expert System Shell
The easiest way to develop an expert system
A software package consisting of an expert system without its knowledge base
Has an inference engine and user interface programs

Knowledge Engineering
A knowledge engineer
Works with experts to capture the knowledge (facts and rules of thumb) they
possess
Builds the knowledge base, and if necessary, the rest of the expert system
Performs a role similar to that of systems analysts in conventional information
systems development

NEURAL NETWORKS

Computing systems modeled after the brains mesh-like network of interconnected

processing elements (neurons)
Interconnected processors operate in parallel and interact with each other
Allows the network to learn from the data it processes

FUZZY LOGIC SYSTEMS

Fuzzy logic
Resembles human reasoning
Allows for approximate values and inferences and incomplete or ambiguous data
Uses terms such as very high instead of precise measures
Used more often in Japan than in the U.S.
Used in fuzzy process controllers used in subway trains, elevators, and cars

Study Guide 2017 Page 46 of 112 Damelin

Example of Fuzzy Logic Rules and Query

GENETIC ALGORITHMS

The use of genetic algorithms is a growing application of artificial intelligence. Genetic algorithm
software uses Darwinian (survival of the fittest), randomizing, and other mathematical functions
to simulate an evolutionary process that can yield increasingly better solutions to a problem.
Genetic algorithms were first used to simulate millions of years in biological, geological, and
ecosystem evolution in just a few minutes on a computer. Genetic software is being used to
model a variety of scientific, technical, and business processes.

Genetic algorithm software

Uses Darwinian, randomizing, and other mathematical functions

Simulates an evolutionary process, yielding increasingly better solutions to a
problem
Being uses to model a variety of scientific, technical, and business processes
Especially useful for situations in which thousands of solutions are possible

Virtual Reality (VR)

Virtual reality is a computer-simulated reality

Fast-growing area of artificial intelligence
Originated from efforts to build natural, realistic, multi-sensory human-computer
interfaces
Relies on multi-sensory input/output devices
Creates a three-dimensional world through sight, sound, and touch
Also called Telepresence

Study Guide 2017 Page 47 of 112 Damelin

Typical VR Applications

Current applications of virtual reality are wide-ranging and include computer-aided design
(CAD), medical diagnostics and treatment, scientific experimentation in many physical and
biological sciences, flight simulation for training pilots and astronauts, product demonstrations,
employee training, and entertainmentespecially 3-D video arcade games. CAD is the most
widely used industrial VR application. It enables architects and other designers to design and
test electronic 3-D models of products and structures by entering the models themselves and
examining, touching, and manipulating sections and parts from all angles. This scientific
visualization capability is also used by pharmaceutical and biotechnology firms to develop and
observe the behaviour of computerised models of new drugs and materials, as well as by
medical researchers to develop ways for physicians to enter and examine a virtual reality of a
patients body.
Current applications of virtual reality
Computer-aided design
Medical diagnostics and treatment
Scientific experimentation
Flight simulation
Product demonstrations
Employee training
Entertainment

Intelligent Agents
A software surrogate for an end user or a process that fulfills a stated need or activity
Uses built-in and learned knowledge base to make decisions and accomplish tasks in a
way that fulfills the intentions of a user
Also call software robots or bots

User Interface Agents

Interface Tutors observe user computer operations, correct user mistakes, provide
hints/advice on efficient software use
Presentation Agents show information in a variety of forms/media based on user
preferences
Network Navigation Agents discover paths to information, provide ways to view it
based on user preferences
Role-Playing play what-if games and other roles to help users understand information
and make better decisions

Information Management Agents

Search Agents help users find files and databases, search for information, and suggest
and find new types of information products, media, resources
Information Brokers provide commercial services to discover and develop information
resources that fit business or personal needs

Study Guide 2017 Page 48 of 112 Damelin

 Information Filters Receive, find, filter, discard, save, forward, and notify users about
products received or desired, including e-mail, voice mail, and other information media

Summary of the study unit

Information, Decisions, and Management.

Information systems can support a variety of management decision-making levels and
decisions. These include the three levels of management activity (strategic, tactical, and
operational decision making) and three types of decision structures (structured, semi structured,
and unstructured). Information systems provide a wide range of information products to support
these types of decisions at all levels of the organization.

Decision Support Trends.

Major changes are taking place in traditional MIS, DSS, and EIS tools for providing the
information, and modelling managers need to support their decision making. Decision support in
business is changing, driven by rapid developments in end-user computing and networking;
Internet and Web technologies; and Web-enabled business applications.

Enterprise Information and Knowledge Portals.

Enterprise information portals provide a customized and personalized Web-based interface for
corporate intranets to give their users easy access to a variety of internal and external business
applications, databases, and information services that are tailored to their individual preferences
and information needs. Thus, an EIP can supply personalized Web-enabled information,
knowledge, and decision support to executives, managers, and business professionals, as well
as to customers, suppliers, and other business partners.

Self-assessment and reflection

Answer the following questions to check whether you have achieved all the set
outcomes:

Case 3 Centralized Business Intelligence

A reinventing-the-wheel approach to business intelligence implementations can result in

High development costs

High support costs
Incompatible business intelligence systems
A more strategic approach

Standardize on fewer business intelligence tools

Make them available throughout the organization, even before projects are
planned
About 10 percent of the 2,000 largest companies have a business intelligence
competency center

Study Guide 2017 Page 49 of 112 Damelin

 Centralized or virtual
Part of the IT department or independent
Cost reduction is often the driving force behind creating competency centers and
consolidating business intelligence systems

Despite the potential savings, funding for creating and running a BI center can be
an issue
Case Study Questions

What is business intelligence?

Why are business intelligence systems such a popular business application of

IT?
What is the business value of the various
BI applications discussed in the case?

Is the business intelligence system an MIS

or a DSS?

Case 4 Robots, the Common Denominator

In early 2004, 22 patients underwent complex laparoscopic operations

The operations included colon cancer procedures and hernia repairs

The primary surgeon was 250 miles away
A three-armed robot was used to perform the procedures
Left arm, right arm, camera arm

Automakers heavily use robotics

Ford has a completely wireless assembly factory

It also have a completely automated body shop
BMW has two wireless plants in Europe and is setting one up in the U.S.
Vehicle tracking and material replenishment are automated as well
Case Study Questions

What is the current and future business value of robotics?

Would you be comfortable with a robot performing surgery on you?

The robotics being used by Ford Motor Co. are contributing to a streamlining of its
supply chain

Study Guide 2017 Page 50 of 112 Damelin

 STUDY UNIT 4: BUSINESS I.T STRATEGIES FOR DEVELOPMENT

INTRODUCTION
Planning Fundamentals

Information technology has created a seismic shift in the way companies do business. Just
knowing the importance and structure of e-business is not enough. You must create and
implement an action plan that allows you to make the transition from an old business design to a
new e-business design.

Learning outcomes:
After having worked through this study unit you will learn:
- Discuss the role of planning in the business use of information technology, using the
scenario approach and planning for competitive advantage as examples.
- Discuss the role of planning and business models in the development of business/IT
strategies, architectures, and applications.
- Identify several change management solutions for end user resistance to the
implementation of new IT-based business strategies and applications.

Components of Organizational Planning

Study Guide 2017 Page 51 of 112 Damelin

ORGANIZATIONAL PLANNING

Strategic Planning

Deals with the development of an organizations mission, goals, strategies,

and policies
Begins with strategic visioning questions
Tactical Planning

The setting of objectives and the development of procedures, rules,
schedules, and budgets
Operational Planning

Done on a short-term basis to implement and control day-to-day operations

Strategic Visioning Questions

The Scenario Approach

Gaining in popularity as a less formal, but more realistic, strategic planning methodology

Teams of managers and planners participate in micro world or virtual world

exercises
Business scenarios are created and evaluated
Alternative scenarios are then created

Study Guide 2017 Page 52 of 112 Damelin

Trends that Affect Strategic Planning

Planning for Competitive Advantage

Strategic business/IT planning

Involves evaluating the potential benefits and risks of using IT-based

strategies and technologies for competitive advantage
The following models can help generate ideas for the strategic use of IT to support
initiatives

Competitive forces
Competitive strategies
Value chain

Strategic Opportunities Matrix

Study Guide 2017 Page 53 of 112 Damelin

SWOT ANALYSIS

SWOT analysis (strengths, weaknesses, opportunities, and threats) is used to evaluate the
impact that each possible strategic opportunity can have on a company and its use of
information technology. A companys strengths are its core competencies and re-sources in
which it is one of the market or industry leaders. Weaknesses are areas of substandard
business performance compared to others in the industry or market segments. Opportunities
are the potential for new business markets or innovative breakthroughs that might greatly
expand present markets. Threats are the potential for business and market losses posed by the
actions of competitors and other competitive forces, changes in government policies, disruptive
new technologies, and so on.

SWOT stands for

Strengths: a companys core competencies and resources

Weaknesses: areas of substandard business performance compared to
others
Opportunities: potential for new business markets or innovative
breakthroughs that might expand current markets
Threats: anything that has the potential for business and market losses

Business Models and Planning

Business model answers vital questions about the fundamental components of a

business

Who are our customers?

What do our customers value?
How much will it cost to deliver that value?
How do we make money in this business?
QUESTIONS FOR ALL BUSINESS MODELS

Customer value Are we offering something distinctive or at a lower cost than our
competitors?

Scope To which customers is this value being offered?

What ranges of products/services offered embody this value?

Pricing How do we price the value?

Revenue source Where do the dollars come from? Who pays for what value and when?
What are the margins in each market, and what drives them?
What drives value in each source?

Study Guide 2017 Page 54 of 112 Damelin

Connected What do we have to do to offer this value and when?
activities How connected are these activities?

BUSINESS/IT ARCHITECTURE PLANNING

BUSINESS MODELS AS PLANNING TOOLS

A business model forces rigorously and systematic thinking about the value and
viability of business initiatives

The strategic planning process is then used to develop unique business

strategies that capitalize on a business model
The goal is to gain a competitive advantage in an industry or marketplace
Figure 11.8 illustrates the business/IT planning process, which focuses on discovering
innovative approaches to satisfying a companys customer value and business value goals. This
planning process leads to development of strategies and business models for new e-business
and e-commerce platforms, processes, products, and services. Then a company can develop IT
strategies and an IT architecture that supports building and implementing its newly planned
business applications.

Both the CEO and the chief information officer (CIO) of a company must manage the
development of complementary business and IT strategies to meet its customer value and
business value vision. This coadaptation process is necessary because, as we have seen so
often in this text, information technologies are a fast-changing but vital component in many
strategic business initiatives. The business/IT planning process has three major components

The Business/IT Planning Process

The business/IT planning process has three major components

Strategic development
Resource management
Technology architecture

Study Guide 2017 Page 55 of 112 Damelin

Information Technology Architecture

The IT architecture is a conceptual design

that includes these major components

Technology platform
Data resources
Application architecture
IT organization
Identifying Business/IT Strategies

The most valuable Internet applications allow companies to

Transcend communication barriers

Establish connections that enhance productivity
Stimulate innovative development
Improve customer relations
Strategic Positioning Matrix

Strategic Matrix

Cost and Efficiency Improvements

Use the Internet as a fast, low-cost way to communicate and interact with
others
Use of e-mail, chat systems, discussion groups, and company websites
Performance Improvement in Effectiveness

Major improvements in business effectiveness recommended

Increase use of Internet-based technologies, such as intranets and extranets

Study Guide 2017 Page 56 of 112 Damelin

Strategic Strategies

Global Market Penetration

Capitalize on a high degree of customer and competitor connectivity and use
of IT
Use e-commerce websites with value-added information services and
extensive online customer support
Product and Service Transformation

Develop and deploy new Internet-based products and services that

strategically reposition it in the marketplace
E-Business Strategy Examples

Market Creator: be among the first to market and remain ahead of the competition by
continuously innovating

Channel Reconfiguration: use the Internet as a new channel to directly access

customers, make sales, and fulfill orders

Transaction Intermediary: Use the Internet to process purchases

Infomediaries: use the Internet to reduce the search cost; offer a unified process for
collecting the information needed to make a large purchase

Self-Service Innovator: provide a comprehensive suite of services that the customers

employees can use directly

Supply Chain Innovator: use the Internet to streamline supply chain interactions

Channel Mastery: use the Internet as a sales and service channel

Study Guide 2017 Page 57 of 112 Damelin

Business Application Planning Process

Comparing Planning Approaches

Study Guide 2017 Page 58 of 112 Damelin

E-Business Architecture Planning

Implementation

Many companies plan changes very well

Few manage to convert a plan into action

This is true even if senior management consistently identifies e-business as
an area of great opportunity

Study Guide 2017 Page 59 of 112 Damelin

IMPLEMENTING INFORMATION TECHNOLOGY

Many businesses have undergone multiple

major reorganization since the early 1980s

Business process reengineering

Installation and upgrades of an ERP system
Upgrading legacy systems to be Y2K compliant
Creating shared service centers
Just-in-time manufacturing
Sales force automation
Contract manufacturing
The introduction of euro currency
E-business is the latest organizational change

Impact and Scope of Implementing IT

INTRANET ENTERPRISE PORTAL CHALLENGES

Security, security, security

Defining the scope and purpose of the portal
Finding the time and the money
Ensuring consistent data quality
Getting employees to use it
Organizing the data
Finding technical expertise
Integrating the pieces

Study Guide 2017 Page 60 of 112 Damelin

 Making it easy to use
Providing all users with access
Enterprise Resource Planning Challenges

Getting end user buy-in

Scheduling/planning
Integrating legacy systems/data
Getting management buy-in
Multiple/international sites and partners
Changing culture and mind-sets
IT training
Getting, keeping IT staff
Moving to a new platform
Performance/system upgrades
End User Resistance and Involvement

Any way of doing things generates some resistance from the people affected

CRM projects have a history of failure

Up to 75 percent of CRM projects fail to meet their objectives

This is often due to sales force automation problems and unaddressed
cultural issues
Sales staffs are often resistant to, or fearful of, using CRM systems
Keys to Solving End User Resistance

Keys to solving end user resistance problems

Education and training

End-user involvement in organizational changes and system development
Requiring involvement and commitment of top management and all
stakeholders
Systems that inconvenience or frustrate users cannot be effective, no matter how
technically elegant or efficient

Study Guide 2017 Page 61 of 112 Damelin

Obstacles to KM Systems

Change Management

People factors have the highest level of difficulty and the longest time to resolve
of any dimension of change management.

Study Guide 2017 Page 62 of 112 Damelin

Key Dimensions of Change Management

Change Management

Implementing a new e-business application may involve

Developing an action plan

Assigning managers as change sponsors
Developing employee change teams
Encouraging open communications and feedback about organizational
changes
Key tactics recommended by change experts
Involve as many people as possible in e-business planning and application
development
Make constant change an expected part of the culture
Tell everyone as much as possible about everything, as often as possible, in
person
Make liberal use of financial incentives and recognition
Work within the company culture, not around it

Study Guide 2017 Page 63 of 112 Damelin

A Change Management Process

Summary of unit

Organizational Planning. Managing information technology requires planning for changes in

business goals, processes, structures, and technologies. Planning is a vital organizational
process that uses methods like the scenario approach and planning for competitive advantage
to evaluate an organizations internal and external environments; forecast new developments;
establish an organizations vision, mission, goals, and objectives; develop strategies, tactics,
and policies to implement its goals; and articulate plans for the organization to act upon. A good
planning process helps organizations learn about themselves and promotes organizational
change and renewal.

Business/IT Planning. Strategic business/IT planning involves aligning investment in

information technology with a companys business vision and strategic goals such as
reengineering business processes or gaining competitive advantages.

Study Guide 2017 Page 64 of 112 Damelin

 Implementing Business Change. Implementation activities include managing the
introduction and implementation of changes in business processes, organizational structures,
job assignments, and work relationships resulting from business/IT strategies and applications
such as e-business initiatives, reengineering projects, supply chain alliances, and the
introduction of new technologies. Companies use change management tactics such as user
involvement in business/IT planning and development to reduce end-user resistance and
maximize acceptance of business changes by all stakeholders.

Self-assessment and reflection

Answer the following questions to check whether you have achieved all the set
outcomes:

Real world activities

How do companies benefit from having their chief information officer meet customers and
generally be-come more involved with product development? What the company, to the
extent that the IT function will cease to exist as a separate entity. Do you agree with this
statement? Why or why not? Break into small groups with your classmates to see if you
can reach a consensus on the issue. Can companies do now that was not possible
before?
Provide a few examples.

The Scrum approach to project management has become quite popular in recent years.
Go online and research other companies that are using it to organize their projects. Have
those experiences been positive as well? What can you tell about how the approach
works from your research? Prepare a report to summarize your findings.

Using examples from the case and your own under-standing of how those worked, can
you distil a set of recommendations that companies should follow when managing
technology-based projects? Would these be universal, or would you add any limitations to
their applicability?

Would the issues discussed in the case be solved by making a business executive the
head of any projects involving IT? Why or why not? Break into small groups with your
classmates and develop a justification for both alternatives.

Study Guide 2017 Page 65 of 112 Damelin

 STUDY UNIT 5: IMPLEMENTING BUSINESS/IT SOLUTIONS

INTRODUCTION

Suppose the chief executive of the company where you work asks you to find a Web-enabled
way to get information to and from the salespeople in your company. How would you start?
What would you do? Would you just plunge ahead and hope you could come up with a
reasonable solution? How would you know whether your solution was a good one for your
company? Do you think there might be a systematic way to help you develop a good solution to
the CEOs request? There is a way, and its a problem-solving process called the systems
approach.

Learning outcomes:
After having worked through this study unit you will learn:
-Use the systems development process outlined in this chapter and the model of IS
components from Chapter 1 as problem-solving frameworks to help you propose IS solutions
to simple business problems

-Describe and give examples to illustrate how you might use each of the steps of the IS
development cycle to develop and implement a business IS
-Explain how prototyping can be used as an effective technique to improve the process of
systems development for end users and IS specialists
- Understand the basics of project management and their importance to a successful system
development effort
- Identify the activities involved in the implementation of new IS
- Compare and contrast the four basic system conversation strategies
- Describe several evaluation factors that should be considered in evaluating the acquisition of
hardware, software, and IS services

IS Development

When the systems approach is applied to the development of an information systems solution to
business problems, it is called information systems development or application development.

THE SYSTEMS APPROACH

A problem solving technique that uses a systems orientation to define problems and
opportunities and develop appropriate and feasible solutions

Analyzing a problem and formulating a solution involves these interrelated activities:

Recognize and define a problem or opportunity using systems thinking

Study Guide 2017 Page 66 of 112 Damelin

 Develop and evaluate alternative system solutions
Select the solution that best meets your requirements
Design the selected system solution
Implement and evaluate the success of the system
What is Systems Thinking?

Seeing the forest and the trees in any situation

Seeing interrelationships among systems rather than linear cause-and-effect
chains
Seeing processes of change among systems rather than discrete snapshots
of change
See the system in any situation

Find the input, processing, output, feedback and control components

Systems Thinking Example

Systems Analysis and Design

SA&D is the overall process by which IS are designed and implemented

Includes identification of business problems

Two most common approaches

Object-oriented analysis and design

Life cycle

Study Guide 2017 Page 67 of 112 Damelin

Systems Development Lifecycle (SDLC)

SYSTEMS DEVELOPMENT PROCESS

Systems Investigation

The first step in the systems development process

May involve consideration of proposals generated by a business/IT planning
process
Also includes the preliminary feasibility study of proposed information system
solutions
Feasibility Studies: a preliminary study to determine the

Information needs of prospective users

Resource requirements
Costs
Benefits
Feasibility
In some cases, a feasibility study is unnecessary

Study Guide 2017 Page 68 of 112 Damelin

Operational Feasibility

How well the proposed system will

Support the business priorities of the organization

Solve the identified problem
Fit with the existing organizational structure
Economic Feasibility

An assessment of

Cost savings
Increased revenue
Decreased investment requirements
Increased profits
Cost/benefit analysis
Technical Feasibility

Determine the following can meet the needs of a proposed system and can be
acquired or developed in the required time

Hardware
Software
Network
Human Factors Feasibility

Assess the acceptance level of

Employees
Customers
Suppliers
Management support
Determine the right people for the various new or revised roles

Legal/Political Feasibility

Assess

Possible patent or copyright violations

Software licensing for developer side only
Governmental restrictions
Changes to existing reporting structure

Study Guide 2017 Page 69 of 112 Damelin

SYSTEMS ANALYSIS

What is systems analysis? Whether you want to develop a new application quickly or are
involved in a long-term project, you will need to perform several basic activities of systems
analysis. Many of these activities are an extension of those used in conducting a feasibility
study. Systems analysis is not a preliminary study; however, it is an in-depth study of end-user
information needs that produces functional requirements that are used as the basis for the
design of a new information system. Systems analysis traditionally involves a detailed study of:

The information needs of a company and end users like yourself.

The activities, resources, and products of one or more of the present
information systems being used.
The information system capabilities required to meet your information needs,
and those of other business stakeholders that may use the system.
An in-depth study of end user information needs

It produces the functional requirements used as the basis for the design of an
IS
It typically involves a detailed study of the

Information needs of a company and end users

Activities, resources, and products of one or more of the information systems
currently being used
Information system capabilities required to meet the information needs of
business stakeholders
Organizational Analysis

Study of the organization, including

Management structure
People
Business activities
Environmental systems
Current information systems
Input, processing, output, storage, and control

Analysis of the Present System

Before designing a new system, it is important to study the system to be improved

or replaced

Hardware and software

Network
People resources used to convert data resources into information products
System activities of input, processing, output, storage, and control

Study Guide 2017 Page 70 of 112 Damelin

Logical Analysis

A logical model is a blueprint of the current system

It displays what the current system does, without regard to how it does it
It allows an analyst to understand the processes, functions, and data
associated with a system without getting bogged down with hardware and
software
Functional Requirements

This step of systems analysis is one of the most difficult

Determine what type of information each business activity requires

Try to determine the information processing capabilities required for each
system activity
The goal is to identify what should be done, not how to do it
Examples of Functional Requirements

User Interface: automatic entry of product

data and easy-to-use data entry screens for Web customers

Processing: fast, automatic calculation of sales totals and shipping costs

Storage: fast retrieval and update of data from product, pricing, and customer databases

Control: signals for data entry errors and quick e-mail confirmation for customers

Systems Design

Systems design focuses on three areas

Prototyping

Prototyping is the rapid development and

testing of working models

An interactive, iterative process used during the design phase

Makes development faster and easier, especially when end user
requirements are hard to define

Study Guide 2017 Page 71 of 112 Damelin

 Has enlarged the role of business stakeholders
Prototyping Life Cycle

User Interface Design

Focuses on supporting the interactions between end users and their computer-based
applications

Designers concentrate on the design of attractive and efficient forms of user

input and output
Frequently a prototyping process
Produces detailed design specifications for information products, such as
display screens

Checklist for Corporate Website

Remember the customer

Aesthetics
Broadband content
Easy to navigate
Searchability
Incompatibilities
Registration forms
Dead links

Study Guide 2017 Page 72 of 112 Damelin

System Specifications

Formalizing the design of

User interface methods and products

Database structures
Processing procedures
Control procedures

Examples of System Specifications

User interface Use personalized screens that welcome repeat Web customers and
specifications that make product recommendations

Database Develop databases that use object/relational database management

specifications software to organize access to all customer and inventory data and to
multimedia product information

Software Acquire an e-commerce software engine to process all

specifications e-commerce transactions with fast responses, i.e., retrieve necessary
product data and compute all sales amounts in less than one second

Hardware Install redundant networked Web servers and sufficient high-bandwidth

and network telecommunications lines to host the company e-commerce website
specifications

Personnel Hire an e-commerce manager and specialists and a webmaster and

specifications Web designer to plan, develop, and manage e-commerce operations

End User Development

IS professionals play a consulting role, while uses do their own application

development

A staff of user consultants may be available to help with analysis, design, and
installation
Other support

Application package training

Hardware and software advice
Help gaining access to organization databases

Study Guide 2017 Page 73 of 112 Damelin

Focus on IS Activities

End user development should focus on the fundamental activities of an IS

Input
Processing
Output
Storage
Control
Focus of End User Development

Doing End User Development

Study Guide 2017 Page 74 of 112 Damelin

Application development capabilities built into software packages make it easier for end users to
develop their own solutions.

Encouraging End User Web Development

Look for tools that make sense

Some are more powerful or costly than needed

Spur creativity

Consider a competition among departments

Set some limits

Limit what parts of a web page or site can be changed and who can do it
Give managers responsibility

Make them personally responsible for content

Make users comfortable

Training will make users more confident

It can save the IT department the trouble of fixing problems later on
It can limit the need for continuous support

IMPLEMENTING NEW SYSTEMS

Once a new information system has been designed, it must be implemented as a working
system and maintained to keep it operating properly. The implementation process that we cover
here follows the investigation, analysis, and design stages of the systems development life cycle
we discussed earlier in this chapter. Implementation is a vital step in the deployment of
information technology to support the employees, customers, and other business stakeholders
of a company. See Figure 12.17.

The systems implementation stage involves

Hardware and software acquisition

Software development
Testing of programs and procedures
Conversion of data resources
Conversion alternatives
Education/training of end users and specialists who will operate the new
system

Study Guide 2017 Page 75 of 112 Damelin

Implementation Process

See Figure 12.17.

PROJECT MANAGEMENT

The skills and knowledge necessary to be a good project manager will translate into
virtually any project environment.

The people who have acquired them are sought after by most organizations.

What is a Project?

Every project has

A set of activities with a clear beginning and end

Goals
Objectives
Tasks
Limitations or constraints
A series of steps or phases
Managing a project effectively requires

Process
Tools
Techniques

Study Guide 2017 Page 76 of 112 Damelin

Sample Implementation Process

Phases of Project Management

There are five phases in most projects

Initiating/Defining
Planning
Executing
Controlling
Closing
Initiating/Defining Phase

Example activities

State the problem(s) and/or goal(s)

Identify the objectives
Secure resources
Explore the costs/benefits in the feasibility study
Planning Phase

Example activities

Identify and sequence activities

Identify the critical path

Study Guide 2017 Page 77 of 112 Damelin

 Estimate the time and resources needed for project completion
Write a detailed project plan

Execution Phase

Example activities

Commit resources to specific tasks

Add additional resources and/or personnel if necessary
Initiate work on the project

Controlling Phase

Example activities

Establish reporting obligations

Create reporting tools
Compare actual progress with baseline
Initiate control interventions, if necessary

Closing Phase

Example activities

Install all deliverables

Finalize all obligations and commitments
Meet with stakeholders
Release project resources
Document the project
Issue a final report

Evaluating Hardware, Software, Services

Establish minimum physical and performance characteristics for all hardware and
software

Formalize these requirements in an RFP/RFP

Send RFQ to appropriate vendors

Evaluate bids when received

All claims must be demonstrated

Obtain recommendations from other users
Search independent sources for evaluations
Benchmark test programs and test data

Study Guide 2017 Page 78 of 112 Damelin

Hardware Evaluation Factors

Major evaluation factors

Performance
Cost
Reliability
Compatibility
Technology
Ergonomics
Connectivity
Scalability
Software
Support
Software Evaluation Factors

Hardware evaluation factors apply to software, as do these

Quality
Efficiency
Flexibility
Security
Connectivity
Maintenance
Documentation
Hardware

Evaluating IS Services

Examples of IS services

Developing a company website

Installation or conversion of hardware/software
Employee training
Hardware maintenance
System design and/or integration
Contract programming
Consulting services

IS Service Evaluation Factors

IS evaluation factors include

Performance
Systems development
Maintenance

Study Guide 2017 Page 79 of 112 Damelin

 Conversion
Training
Backup facilities and services
Accessibility to sales and support
Business position and financial strength
Hardware selection and compatibility
Software packages offered

Other Implementation Activities

The keys to successful implementation of

a new business system

Testing
Data conversion
Documentation
Training

System Testing

System testing may involve

Testing and debugging software

Testing website performance
Testing new hardware
Review of prototypes

Data Conversion

Data conversion includes

Converting data elements from the old database to the new database
Correcting data errors
Filtering out unwanted data
Consolidating data from several databases
Organizing data into new data subsets
Improperly organized and formatted data is a major cause of implementation failures

Documentation

User Documentation

Sample data entry screens, forms, reports

System operating instructions
Systems Documentation

Study Guide 2017 Page 80 of 112 Damelin

 Method of communication among those developing, implementing, and
maintaining
a computer-based system
Detailed record of the system design
Extremely important when diagnosing problems and making system changes

TRAINING

End users must be trained to operate a new business system or its

implementation will fail

May involve only activities, such as data entry, or all aspects of system use

Managers and end users must understand how the new technology impacts
business operations
System training should be supplemented with training related to

Hardware devices
Software packages

Major System Conversion Strategies

Direct Conversion

Direct conversion

The simplest conversion strategy

The most disruptive to the organization

Study Guide 2017 Page 81 of 112 Damelin

 Sometimes referred to as the slam dunk or cold-turkey strategy
May be the only viable solution in cases of emergency implementation or if
the old and new system cannot coexist
Has the highest risk of failure
Involves turning off the old system and turning on the new one

Parallel Conversion

Old and new systems are run simultaneously until everyone is satisfied that

The new system functions correctly

The old system is no longer needed
Conversion to new system can be single
cutover or phased cutover

Has the lowest risk, but the highest cost

Can cost 4 times more than using the old system

Best choice where an automated system is replacing a manual one

Pilot Conversion

Scenarios best suited to a pilot conversion

Multiple business locations

Geographically diverse locations
Advantages of single location conversion

Can select a location that best represents the conditions across the
organization
Less risky in terms of loss of time or delays in processing
Can be evaluated and changed before further installations

Phased Conversion

A phased or gradual conversion

Takes advantage of both the direct and parallel approaches

Minimizes the risks involved
Allows the new system to be brought online as logically ordered functional
components.

Study Guide 2017 Page 82 of 112 Damelin

 Disadvantages

Takes the most time

Created the most disruption to the organization over time

Post-Implementation Activities

The single most costly activity

Correcting errors or faults in the system

Improving system performance
Adapting the system to changes in the operating or business environment
Requires more programmers than does application development
May exist for years

Systems Maintenance

There are four basic categories of system maintenance

Corrective: fix bugs and logical errors

Adaptive: add new functionality
Perfective: improve performance
Preventive: reduce chances of failure

Post-Implementation Review

Ensures that the newly implemented system meets the established business
objectives

Errors must be corrected by the maintenance process

Includes a periodic review/audit of the system as well as continuous
monitoring

Summary of unit

The Systems Development Life Cycle. Business end users and IS specialists may use
a systems approach to help them develop information system solutions to meet business
opportunities. This frequently involves a systems development life cycle where IS
specialists and end users conceive, design, and implement business systems. The
stages, activities, and products of the information systems development life cycle are
summarized in Figure 12.3 .

Prototyping. Prototyping is a major alternative methodology to the traditional

information systems development life cycle. It includes the use of prototyping tools and
methodologies, which promote an iterative, interactive process that develops prototypes
of user interfaces and other information system components. See Figure12.9.

Study Guide 2017 Page 83 of 112 Damelin

 Implementing IS. The implementation process for information system projects is
summarized in Figure 12.27. Implementation involves acquisition, testing,
documentation, training, installation, and conversion activities that transform a newly
designed business system into an operational system for end users.
Evaluating Hardware, Software, and Services. Business professionals should know
how to evaluate the acquisition of information system resources. IT vendors proposals
should be based on specifications developed during the design stage of systems
development. A formal evaluation process reduces the possibility of incorrect or
unnecessary purchases of hardware or software. Several major evaluation factors,
summarized in Figures 12.22, 12.23, and 12.24, can be used to evaluate hardware,
software, and IS services

Self-assessment and reflection

Answer the following questions to check whether you have achieved all the set
outcomes:

Case 1 Customer-Driven Development

At Intuit, development of new product ideas are driven by a psychologist

Playing nice
Free-association sessions
Focus is always on the customer

Making pain points less painful

Capturing pencil-and-paper users
Follow-me-homes
Simplifying language
Case Study Questions

Should Intuits far-out thinking and acceptance of failure as part of the application
software development process be duplicated at large software development companies
like Microsoft?

Should it be duplicated at the thousands of small independent software
companies that exist?
Which do you prefer?

Intuits customer-driven development process where hundreds of employees

and managers are sent to consult with customer in their homes or places of
business, or
Microsofts process of using professional anthropologists to do such research

Study Guide 2017 Page 84 of 112 Damelin

 Intuit developed the wildly successful QuickBooks: Simple Start Edition, which
eliminated all accounting jargon

Could this idea be the foundation of a new version of Intuits top-selling

TurboTax software, which removed all tax accounting jargon from that
product to reach the 20 million Americans who do not use tax preparation
software or a professional tax preparer?
Would such a product be possible or successful?

Study Guide 2017 Page 85 of 112 Damelin

 STUDY UNIT 6: SECURITY AND ETHICAL CHALLENGES

INTRODUCTION

This chapter discusses the threats against, and defences needed for the performance and
security of business information systems, as well as the ethical implications and societal
impacts of information technology.

Learning outcomes:
After having worked through this study unit you will learn:

-Identify several ethical issues in how the use of information technologies in business affects
employment, individuality, working conditions, privacy, crime, health, and solutions to
societal problems.
-Identify several types of security management strategies and defences, and explain how they
can be used to ensure the security of business applications of information technology.
- Propose several ways that business managers and professionals can help to lessen the
harmful effects and increase the beneficial effects of the use of information technology.

The necessity of controls for information systems should be emphasized. The goal of security
management is the accuracy, integrity, and safety of all e-business processes and resources.
Stress to students that conducting security management is a complex task in all organizations.
News accounts of computer errors and computer related crimes could be used to convince
students of the importance of this topic. Examples of procedural and physical facility controls
should also be discussed with your students, especially the importance of disaster recovery
planning. Figure 13.21 can serve to provide an example of e-business system controls and
audits. Note that they are designed to monitor and maintain the quality and security of the input,
processing, output, and storage activities of an information system. Finally, Figure 13.22 is a
good slide to use to discuss information systems controls as methods and devices that attempt
to ensure the accuracy, validity, and propriety of information system activities. Figure 13.23
outlines important ways to protect yourself from cybercrime and other computer security threats.

Business/IT Security, Ethics, and Society [Figure 13.2]

The use of information technology in e-business has major impacts on society, and thus
raises serious ethical issues in the areas such as:
Crime
Privacy
Individuality
Employment
Health
Working Conditions

Study Guide 2017 Page 86 of 112 Damelin

Ethical Responsibility of Business Professionals
As a business end user, you have a responsibility to promote ethical uses of information
technology in the workplace. These responsibilities include properly performing your role as a
vital human resource in the e-business systems you help develop and use in your organizations.

The AITP code provides guidelines for ethical conduct in the development and use of
information technology. End-users and IS professionals would live up to their ethical
responsibilities by voluntarily following such guidelines.
For example, you can be a responsible end user by:
Acting with integrity
Increasing your professional competence
Setting high standards of personal performance
Accepting responsibility for your work
Advancing the health, privacy, and general welfare of the public

Business Ethics:
Ethics questions that managers confront as part of their daily business decision making include:

Equity
Rights
Honesty
Exercise of corporate power

Study Guide 2017 Page 87 of 112 Damelin

Corporate Social Responsibility Theories

Business ethics also concerned with the numerous ethical questions that managers must
confront as part of their daily business decision-making. Managers use several important
alternatives when confronted with making ethical decisions on business issues. These include:

Stockholder Theory Holds that managers are agents of the stockholders, and their only
ethical responsibility is to increase the profits of the business, without violating the law or
engaging in fraudulent practices.
Social Contract Theory - States that companies have ethical responsibility to all
members of society, which allow corporations to exist based on a social contract.
Stakeholder Theory - Maintains that managers have an ethical responsibility to manage
a firm for the benefit of all of its stakeholders, which are all individuals and groups that
have a stake in or claim on a company.

Categories of Ethical Business Issues

Principles of Technology Ethics

Proportionality The good achieved by the technology must outweigh the harm or risk.
Moreover, there must be no alternative that achieves the same or comparable benefits with less
harm or risk.

Informed Consent Those affected by the technology should understand and accept the risks.

Justice The benefits and burdens of the technology should be distributed fairly. Those who
benefit should bear their fair share of the risks, and those who do not benefit should not suffer a
significant increase in risk.
Minimized Risk Even it judged acceptable by the other three guidelines, the technology must
be implemented so as to avoid all unnecessary risk.
Technology Ethics [See Figure 13.4]

Study Guide 2017 Page 88 of 112 Damelin

Responsible Professional Ethical Guidelines:

The Association of Information Technology Professionals (AITP) is an organization of

professionals in the computing field. Its code of conduct outlines the ethical considerations
inherent in the major responsibilities of an IS professional.
Business and end users and IS professionals would live up to their ethical responsibilities by
voluntarily following such guidelines as those outlined in the AITP standard. You can be a
responsible end user by:

Acting with integrity

Increasing your professional competence
Setting high standards of personal performance
Accepting responsibility for your work
Advancing the health, privacy, and general welfare of the public

AITP Standards of Professional Conduct

Study Guide 2017 Page 89 of 112 Damelin

Computer Crime

Computer crime is a growing threat to society by the criminal or irresponsible actions of

computer individuals who are taking advantage of the widespread use and vulnerability of
computers and the Internet and other networks. It thus presents a major challenge to the ethical
use of information technologies. E-computer crime poses serious threats to the integrity, safety,
and survival of most e-business systems, and thus makes the development of effective security
methods a top priority.
The Association of Information Technology professional (ATIP) defines computer crime as
including:

The unauthorized use, access, modification, and destruction of hardware, software,

data, or network resources.
The unauthorized release of information
The unauthorized copying of software
Denying an end user access to his or her own hardware, software, data, or network
resources
Using or conspiring to use computer or network resources to illegally obtain information
or tangible property.

Penalties for violation of the U.S. Computer Fraud and Abuse Act include:
1 to 5 years in prison for a first offence
10 years for a second offence
20 years for three or more offences
Fines ranging up to $250,000 or twice the value of stolen data

Cybercrime Protection Measures

Study Guide 2017 Page 90 of 112 Damelin

HACKING

Hacking is the obsessive use of computers, or the unauthorized access and use of networked
computer systems.
Illegal hackers (also called crackers) frequently assault the Internet and other networks to steal
or damage data and programs.
Hackers can:

Monitor e-mail, Web server access, or file transfers to extract passwords or steal
network files, or to plant data that will cause a system to welcome intruders.
Use remote services that allow one computer on a network to execute programs on
another computer to gain privileged access within a network.
Use Telnet, an Internet tool for interactive use of remote computers, to discover
information to plan other attacks.

Common Hacking Tactics

Denial of Service
Hammering a websites equipment with too many requests for information
Clogging the system, slowing performance, or crashing the site
Scans
Widespread probes of the Internet to determine types of computers,
services, and connections

Study Guide 2017 Page 91 of 112 Damelin

 Looking for weaknesses
Sniffer
Programs that search individual packets of data as they pass through the
Internet
Capturing passwords or entire contents
Spoofing
Faking an e-mail address or Web page to trick users into passing along critical
information like passwords or credit card numbers
Trojan House
A program that, unknown to the user, contains instructions that exploit a known
vulnerability in some software
Back Doors
A hidden point of entry to be used in case the original entry point is
detected or blocked
Malicious Applets
Tiny Java programs that misuse your computers resources, modify files on the
hard disk, send fake email, or steal passwords
War Dialing
Programs that automatically dial thousands of telephone numbers in search
of a way in through a modem connection
Logic Bombs
An instruction in a computer program that triggers a malicious act
Buffer Overflow
Crashing or gaining control of a computer by sending too much data to buffer
memory
Password Crackers
Software that can guess passwords
Social Engineering
Gaining access to computer systems by talking unsuspecting company
employees out of valuable information, such as passwords
Dumpster Diving
Sifting through a companys garbage to find information to help break into
their computers

Cyber-Theft

Many computer crimes involve the theft of money. In the majority of cases, they are inside jobs
that involve unauthorized network entry and fraudulent alternation of computer databases to
cover the tracks of the employees involved.

Unauthorized Use at Work:

The unauthorized use of a computer system is called time and resource theft. A common
example is unauthorized use of company-owned computer networks by employees. This may

Study Guide 2017 Page 92 of 112 Damelin

range from doing private consulting or personal finances, or playing video games to
unauthorized use of the Internet on company networks. Network monitoring software called
sniffers is frequently used to monitor network traffic to evaluate network capacity, as well as
reveal evidence of improper use.

Software Piracy:

Computer programs are valuable property and thus are the subject of theft from computer
systems. Unauthorized copying of software or software piracy is a major form of software theft
because software is intellectual property, which is protected by copyright law and user licensing
agreements.

Piracy of Intellectual Property:

Software is not the only intellectual property subject to computer-based piracy. Other forms of
copyrighted material, such as music, videos, images, articles, books, and other written works
are especially vulnerable to copyright infringement, which most courts have deemed illegal.
Digitised versions can easily be captured by computer systems and made available for people
to access or download at Internet websites, or can be readily disseminated by e-mail as file
attachments. The development of peer-to-peer (P2P) networking has made digital versions of
copyrighted material even more vulnerable to unauthorized use.

Computer Viruses and worms:

One of the most destructive examples of computer crime involves the creation of computer
viruses or worms. They typically enter a computer system through illegal or borrowed copies of
software, or through network links to other computer systems. A virus usually copies itself into
the operating systems programs, and from there to the hard disk and any inserted floppy disks.
Vaccine programs and virus prevention and detection programs are available, but may not work
for new types of viruses.

Virus - is a program code that cannot work without being inserted into another program.
Worm - is a distinct program that can run unaided.

Privacy Issues
The power of information technology to store and retrieve information can have a negative effect
on the right to privacy of every individual.
For example:
Confidential e-mail messages by employees are monitored by many companies
Personal information is being collected about individuals every time they visit a
site on the World Wide Web
Confidential information on individuals contained in centralized computer
databases by credit bureaus, government agencies, and private business firms

Study Guide 2017 Page 93 of 112 Damelin

 has been stolen or misused, resulting in the invasion of privacy, fraud, and other
injustices.
Unauthorized use of information can seriously damage the privacy of individuals.
Errors in databases can seriously hurt the credit standing or reputation of
individuals.

Some important privacy issues being debated in business and government include the
following:
Accessing individuals private e-mail conversations and computer records, and
collecting and sharing information about individuals gained from their visits to
Internet websites and newsgroups (violation of privacy).
Always knowing where a person is, especially as mobile and paging services
become more closely associated with people rather than places (computer
monitoring)
Using customer information to market additional business services (computer
matching).
Collecting telephone numbers and other personal information to build individual
customer profiles (unauthorized personal files).

Privacy on the Internet:

The Internet is notorious for giving its users a feeling of anonymity, when in actuality; they are
highly visible and open to violations of their privacy. Most of the Internet and its World Wide
Web and newsgroups are still a wide open, unsecured, electronic frontier, with no tough rules
on what information is personal and private. You can protect your privacy in several ways:
Use encryption to send e-mail (both sender and receiver must have encryption
software).
Anonymous remailers to protect your identify when you add comments in
newsgroup postings.
Ask Internet service provider not to sell your name and personal information to
mailing list providers, and other marketers.
Decline to reveal personal data and interest on online service and websites user
profiles.

Computer Matching:

Computer matching is the use of computers to screen and match data about individual
characteristics provided by a variety of computer-based information systems and databases in
order to identify individuals for business, government, or other purposes. Unauthorized use or
mistakes in the computer matching of personal data can be a threat to privacy. For example, an
individuals personal profile may be incorrectly matched with someone else.

Study Guide 2017 Page 94 of 112 Damelin

Privacy Laws:

In the US, the Federal Privacy Act strictly regulates the collection and use of personal data by
governmental agencies. The law specifies that individuals have the right to inspect their
personal records, make copies, and correct or remove erroneous or misleading information.
Federal Privacy Act specifies that federal agencies:
Must annually disclose the types of personal data files they maintain.
Cannot disclose personal information on an individual to any other individual or
agency except under certain strict conditions.
Must inform individuals of the reasons for requesting personal information from
them.
Must retain personal data records only if it is relevant and necessary to
accomplish an agencys legal purpose.
Must establish appropriate administrative, technical, and physical safeguards to
ensure the security and confidentiality of records.

The U.S. Congress enacted the Electronic Communications Privacy Act and the Computer
Fraud and Abuse Act in 1986. These federal privacy laws are a major attempt to enforce the
privacy of computer-based files and communications. These laws prohibit intercepting data
communications messages, stealing or destroying data, or trespassing in federal-related
computer systems.

Computer Libel and Censorship

The opposite side of the privacy debate is:

The right of people to know about matters others may want to keep private
(freedom of information)
The right of people to express their opinions about such matters (freedom of
speech)
The right of people to publish those opinions (freedom of the press).

Some of the biggest battlegrounds in the debate are the bulletin boards, e-mail boxes, and
online files of the Internet and public information networks, such as America Online and the
Microsoft Network. The weapons being used in this battle include spamming, flame mail, libel
laws, and censorship.
Spamming - is the indiscriminate sending of unsolicited e-mail messages (spam) to many
Internet users. Spamming is the favourite tactic of mass-mailers of unsolicited advertisements,
or junk e-mail. Cyber criminals to spread computer viruses or infiltrate many computer systems
have also used Spamming.
Flaming - is the practice of sending extremely critical, derogatory, and often vulgar e-mail
messages (flame mail), or newsgroup postings to other users on the Internet or online services.
Flaming is especially prevalent on some of the Internets special interest newsgroups. The
Internet is very vulnerable to abuse, as it currently lacks formal policing, and lack of security.

Study Guide 2017 Page 95 of 112 Damelin

Other Challenges:
The uses of information technologies in e-business systems include ethical and societal impacts
of e-business in the areas of employment, individuality, working conditions, and health.

Employment Challenges:

The impact of IT on employment is a major ethical concern and is directly related to the use of
computers to achieve automation of work activities. The use of e-business technologies has
created new jobs and increased productivity. However, it has also caused a significant reduction
in some types of job opportunities.

Computer Monitoring:

One of the most explosive ethical issues concerning the quality of working conditions in e-
business is computer monitoring. Computers are being used to monitor the productivity and
behaviour of employees while they work. Supposedly, computer monitoring is done so
employers can collect productivity data about their employees to increase the efficiency and
quality of service.
Computer monitoring has been criticized as unethical because:
It is used to monitor individuals, not just work, and is done continually, thus
violating workers privacy and personal freedom.
Is considered an invasion of the privacy of employees, because in many cases,
they do not know that they are being monitored, or dont know how the
information is being used.
Employees right of due process may be harmed by the improper use of collected
data to make personnel decisions.
It increases the stress on employees who must work under constant electronic
surveillance.
It has been blamed for causing health problems among monitored workers.
Blamed for robbing workers of the dignity of their work.

Challenges in Working Conditions:

Information technology has eliminated some monotonous or obnoxious tasks in the office and
the factory that formerly had to be performed by people. Thus, IT can be said to upgrade the
quality of work. Though, many automated operations are also criticized for relegating people to
a do-nothing standby role.

Challenges to Individuality:

A frequent criticism of e-business systems concerns their negative effect on the individuality of
people. Computer-based systems are criticized as:

Study Guide 2017 Page 96 of 112 Damelin

 Being impersonal systems that dehumanize and depersonalize activities, since
they eliminate the human relationships present in no computer systems. Humans
feel a loss of identity.
Humans feel a loss of individuality as some systems require a regimentation of
the individual, and demanding strict adherence to detailed procedures.

Computer-based systems can be ergonomically engineered to accommodate human factors

that:
Minimize depersonalization and regimentation.
Design software that is people-oriented and user-friendly.

Health Issues:

The use of IT in the workplace raises a variety of health issues. Heavy use of computers is
reportedly causing health problems such as:
Job stress
Damaged arm and neck muscles
Eye strain
Radiation exposure
Death by computer-caused accidents

Ergonomics:

Solutions to some health problems are based on the science of ergonomics, sometimes called
human factors engineering. The goal of ergonomics is to design healthy work environments that
are safe, comfortable, and pleasant for people to work in, thus increasing employee morale and
productivity.
Ergonomics stresses the healthy design of the workplace, workstations, computers and other
machines, and even software packages. Other health issues may require ergonomic solutions
emphasizing job design, rather than workplace design.
[See Figure 13.12]

Study Guide 2017 Page 97 of 112 Damelin

Societal Solutions
Computers and networks like the Internet, and other information technology can have many
beneficial effects on society. Information technology can be used to solve human and societal
problems through societal solutions such as:

Using information technologies to solve human and social problems

Medical diagnosis
Computer-assisted instruction
Governmental program planning
Environmental quality control
Law enforcement
Job placement

The detrimental effects of IT

Often caused by individuals or organizations not accepting ethical responsibility
for their actions

SECURITY MANAGEMENT OF INFORMATION TECHNOLOGY

There are many significant threats to the security of information systems in business. Business
managers and professionals alike are responsible for the security, quality, and performance of
the e-business systems in their business units.

Security Management
The goal of security management is the accuracy, integrity, and safety of all
information system processes and resources.

Study Guide 2017 Page 98 of 112 Damelin

Tools of Security Management

The goal of security management is the accuracy, integrity, and safety of all e-business
processes and resources. Effective security management can minimize errors, fraud, and
losses in the internetworked computer-based systems that interconnect todays e-business
enterprises.

INTERNETWORKED SECURITY DEFENSE

Security of todays internetworked e-business enterprises is a major management challenge.

Vital network links and business flows need to be protected from external attack by cyber
criminals or subversion by the criminal or irresponsible acts of insiders. This requires a variety of
security tools and defensive measures and a coordinated security management program.

Encryption

Encryption of data has become an important way to protect data and other computer network
resources especially on the Internet, intranets, and extranets.

Study Guide 2017 Page 99 of 112 Damelin

Encryption characteristics include:
Passwords, messages, files, and other data can be transmitted in scrambled
form and unscrambled by computer systems for authorized users only.
Encryption involves using special mathematical algorithms, or keys, to transform
digital data into a scrambled code before they are transmitted, and to decode the
data when they are received.
The most widely used encryption method uses a pair of public and private keys
unique to each individual. For example: e-mail could be scrambled and encoded
using a unique public key for the recipient that is known to the sender. After the
e-mail is transmitted, only the recipients secret private key could unscramble the
message.
Encryption programs are sold as separate products or built into other software
used for the encryption process.
There are several competing software encryption standards, but the top two are
RSA and PGP.

Public/Private Key Encryption

Study Guide 2017 Page 100 of 112 Damelin

Firewalls

Another important method for control and security on the Internet and other networks is the use
of firewall computers and software. A network fire wall can be a communications processor,
typically a router, or a dedicated server, along with fire wall software. Fire wall computers and
software characteristics include:
A fire wall serves as a gatekeeper computer system that protects a companys
intranets and other computer networks from intrusion by serving as a filter and
safe transfer point for access to and from the Internet and other networks.
A fire wall computer screens all network traffic for proper passwords and other
security codes, and only allows authorized transmissions in and out of the
network.
Fire walls have become an essential component of organizations connecting to
the Internet, because of its vulnerability and lack of security.
Fire walls can deter, but not completely prevent, unauthorized access (hacking)
into computer networks. In some cases, a fire wall may allow access only from
trusted locations on the Internet to particular computers inside the fire wall. Or it
may allow only safe information to pass.
In some cases, it is impossible to distinguish safe use of a particular network
service from unsafe use and so all requests must be blocked. The fire wall may
then provide substitutes for some network services that perform most of the
same functions but are not as vulnerable to penetration.

INTERNET AND INTRANET FIREWALLS

Study Guide 2017 Page 101 of 112 Damelin

Denial of Service Defences

The Internet is extremely vulnerable to a variety of assaults by criminal hackers, especially

denial of service (DOS) attacks. Denial of service assaults via the Internet depend on three
layers of networked computer systems, and these are the basic steps e-business companies
and other organizations can take to protect their websites form denial of service and other
hacking attacks.
The victims website
The victims Internet service provider (ISP)
The sites of zombie or slave computers that were commandeered by the cyber
criminals.

E-Mail Monitoring

Internet and other online e-mail systems are one of the favourite avenues of attack by hackers
for spreading computer viruses or breaking into networked computers. E-mail is also the
battleground for attempts by companies to enforce policies against illegal, personal, or
damaging messages by employees, and the demands of some employees and others, who see
such policies as violations of privacy rights.

Virus Defences

Many companies are building defences against the spread of viruses by centralizing the
distribution and updating of antivirus software, as a responsibility of there IS departments. Other
companies are outsourcing the virus protection responsibility to their Internet service providers
or to telecommunications or security management companies.

Other Security Measures:

A variety of security measures are commonly used to protect e-business systems and networks.
These include both hardware and software tools like fault-tolerant computers and security
monitors, and security policies and procedures like passwords and backup files.

Security Codes:

Typically, a multilevel password system is used for security management.

First, an end user logs on to the computer system by entering his or her unique
identification code, or user ID. The end user is then asked to enter a password in
order to gain access into the system.
Next, to access an individual file, a unique file name must be entered.

Study Guide 2017 Page 102 of 112 Damelin

Backup Files
Backup files, which are duplicate files of data or programs, are another important security
measure.
Files can be protected by file retention measures that involve storing copies of
files from previous periods.
Several generations of files can be kept for control purposes.

Security Monitors

System security monitors are programs that monitor the use of computer systems and networks
and protect them from unauthorized use, fraud, and destruction.
Security monitor programs provide the security measures needed to allow only
authorized users to access the networks.
Security monitors also control the use of the hardware, software, and data
resources of a computer system.
Security monitors can be used to monitor the use of computer networks and
collect statistics on any attempts at improper use.

BIOMETRIC SECURITY

These are security measures provided by computer devices, which measure physical traits that
make each individual unique. This includes:
Voice verification
Fingerprints
Hand geometry
Signature dynamics
Keystroke analysis
Retina scanning
Face recognition
Genetic pattern analysis

Computer Failure Controls:

A variety of controls are needed to prevent computer failure or to minimize its effects. Computer
systems may fail due to:
Power failure
Electronic circuitry malfunctions
Telecommunications network problems
Hidden programming errors
Computer operator errors
Electronic vandalism

The information services department typically takes steps to prevent equipment failure and to
minimize its detrimental effects.

Study Guide 2017 Page 103 of 112 Damelin

For example:
Programs of preventative maintenance of hardware and management of
software updates are commonplace
Using computers equipped with automatic and remote maintenance capabilities
Establishing standards for electrical supply, air conditioning, humidity control, and
fire prevention standards
Arrange for a backup computer system capability with disaster recovery
organizations.
Scheduling and implementing major hardware or software changes to avoid
problems.
Training and supervision of computer operators.
Using fault tolerant computer systems (fail-safe and fail-soft capabilities)

Fault Tolerant Systems:

Many firms use fault tolerant computer systems that have redundant processors, peripherals,
and software that provide a fail-over capability to back up components in the event of system
failure.
Fail-Safe - Fail-Safe refers to computer systems that continue to operate at the
same level of performance after a major failure.
Fail-Soft - Fail-soft refers to computer systems that continue to operate at a
reduced but acceptable level after a system failure.

See [Figure 13.21] Methods and devices that attempt to ensure the accuracy, validity, and
propriety of information system activities.

Study Guide 2017 Page 104 of 112 Damelin

Disaster Recovery

Hurricanes, earthquakes, fires, floods, criminal and terrorist acts, and human error can all
severely damage an organization's computing resources, and thus the health of the
organization itself. Many companies, especially online e-commerce retailers and wholesalers,
airlines, banks, and Internet service providers, for example, are crippled by losing even a few
hours of computing power. That is why it is important for organizations to develop disaster
recovery procedures and formalize them in a disaster recovery plan. It specifies which
employees will participate in disaster recovery, and what their duties will be; what hardware,
software, and facilities will be used; and the priority of applications that will be processed.
Arrangements with other companies for use of alternative facilities as a disaster recovery site
and off-site storage of an organization's databases are also part of an effective recovery effort.

SYSTEM CONTROLS AND AUDITS

The development of information system controls and the accomplishment of e-business

systems audits are two other types of security management.

Information Systems Controls:

Information systems controls are methods and devices that attempt to ensure the accuracy,
validity, and propriety of information system activities. Information System (IS) controls must be
developed to ensure proper data entry, processing techniques, storage methods, and
information output. IS controls are designed to monitor and maintain the quality and security of
the input, processing, output, and storage activities of any information system.
[See Figure 13.22]:

Auditing IT Systems

E-business systems should be periodically examined, or audited, by a companys internal

auditing staff or external auditors from professional accounting firms. Such audits should review
and evaluate whether proper and adequate security measures and management policies have
been developed and implemented.

An important objective of e-business system audits is testing the integrity of an application audit
trail. An audit trail can be defined as the presence of documentation that allows a transaction to
be traced through all stages of its information processing. The audit trail of manual information
systems was quite visible and easy to trace; however, computer-based information systems
have changed the form of the audit trail.

Study Guide 2017 Page 105 of 112 Damelin

Summary of unit

Ethical and Societal Dimensions. The vital role of information technologies and
systems in society raises serious ethical and societal issues in terms of their impact on
employment, individuality, working conditions, privacy, health, and computer crime as
illustrated in Figure 13.2. Employment issues include the loss of jobs due to
computerization and automation of work versus the jobs created to supply and support
new information technologies and the business applications they make possible. The
impact on working condition involves the issues of computer monitoring of employees
and the quality of the working conditions of jobs that make heavy use of information
technologies. The effect of IT of individuality addresses the issues of the
depersonalization, regimentation, and inflexibility of some computerized business
systems. Health issues are raised by heavy use of computer workstations for long
periods of time by employees which may cause work-related health disorders. Serious
privacy issues are raised by the use of IT to access or collect private information without
authorization, as well as for computer profiling, computer matching, computer
monitoring, and computer libel and censorship. Computer crime issues surround
activities such as hacking, computer viruses and worms, cyber theft, unauthorized use at
work, software piracy, and piracy of intellectual property. Manager, business
professionals, and IS specialists can help solve the problems of improper use of IT by
assuring their ethical responsibilities for the ergonomic design, beneficial use, and
enlightened management of information technologies in our society.

Ethical Responsibility in Business. Business and IT activities involve many ethical

considerations. Basic principles of technology and business ethics can serve as
guidelines for business professionals when dealing with ethical business issues that may
arise in the widespread use of information technology in business and society. Examples
include theories of corporate social responsibility, which outline the ethical responsibility
of management and employees to a companys stockholders, stakeholders, and society,
and the four principles of technology ethics summarized in Figure 13.4. Security and
quality of its IT-enables business activities. Security management tools and policies can
ensure the accuracy, integrity, and safety of the information systems and resources of a
company, and thus minimize errors, fraud, and security losses in their business
activities. Examples mentioned in the chapter include the use of encryption of
confidential business data, firewalls, e-mail monitoring, antivirus software, security
codes, backup files, security monitors, biometric security measures, computer failure
controls, fault tolerant systems, disaster recovery measures, information systems
controls, and security audits of business systems.

Study Guide 2017 Page 106 of 112 Damelin

Self-assessment and reflection

Answer the following questions to check whether you have achieved all the set
outcomes:

1. What can be done to improve the security of business uses of the Internet? Give several
examples of security measures, and technologies you would use.
Examples would include:

Encryption of data passwords, messages, files and other data transmitted in

scrambled form for authorized users only.
Firewall computers and software such as a router or dedicated service along with firewall
software to serve as a gatekeeper system that protects a companys intranets and other
computer networks from intrusion by providing a filter and safe transfer point for access
to and from the Internet and other networks.
Denial of services defences such as setting and enforcing security policies at the zombie
machines to scan regularly for Trojan Horse programs and vulnerabilities, closing
unused portals, and reminding users not to open .exe mail attachments; monitor and
block traffic spikes; and create backup servers and network connections with limited
connections to each, installing multiple intrusion-detection systems and multiple routers
for incoming traffic to reduce choke points.
Monitoring of e-mail using content-monitoring software that scans for troublesome words
that might compromise corporate security.
Centralizing the distribution and updating of antivirus software as a responsibility of there
is departments.
Adopt other security measures such as security codes (a multilevel password system),
backup files, security monitors, biometric security features, computer failure control
procedures and policies, using fault tolerant systems, establishing disaster recovery
policies and procedures.

2. What potential security problems do you see in the increasing use of intranets and extranets
in business? What might be done to solve such problems? Give several examples.
Students answers will vary. However, with the increased business use of intranets and
extranets there is no doubt that the number of potential security problems will also increase.
Issues such as hacking, data alteration, unauthorized data access, etc. will become prime
security problems. As companies forge ahead in e-commerce and e-business activities, the
stakes get progressively higher, and the potential threat will also increase.
In order to solve such problems, businesses must continue to exercise caution in areas such as
encryption, fire walls, secure Internet sites, security monitoring, disaster recovery plans, security
awareness programs and policies must be implemented and monitored.

3. What are your major concerns about computer crime and privacy on the Internet? What can
you do about it? Explain.

Study Guide 2017 Page 107 of 112 Damelin

Students answers will vary, however many people are concerned about computer crime and
privacy on the Internet. Individuals must express their concern to governments so that proper
action can be taken in this regard. The Internet offers very little privacy to an individual. Without
your knowing it, cookies are being placed on your machine when you visit websites. Information
is continually being gathered about your activities and site visits, and this information is sold to
other parties. Individuals can take care when giving out information, they can ask their ISP
providers to not give out information about them, they should exercise caution in giving out
sensitive information such as charge card numbers, e-mail addresses, addresses, etc. Personal
data should be carefully guarded, and given out as little as possible if you have a concern about
privacy and crime.

4. What is disaster recovery? How could it be implemented at your school or work?

Disaster recoveries are methods for ensuring that an organization recovers from natural and
human caused disasters that affect its computer-based operations.

Students answers will vary. However, a disaster recovery plan should be developed that
specifies which employees will participate in disaster recovery, what their duties will be, what
hardware, software, and facilities will be used, and the priority of applications that will be
processed. Arrangements with other companies for use of alternative facilities as a disaster
recovery site and off site storage of an organization's databases are also part of an effective
recovery effort.

5. Is there an ethical crisis in e-business today? What role does information technology play in
unethical business practices?

Information technology has made it easier to communicate, work cooperatively, share

resources, and make decisions, all electronically. However, IT has also made it possible to
engage in ethical as well as unethical practices electronically anywhere in the world. This
possibility has resulted in a massive increase in unethical business practices. Ethical crisis in e-
business is certainly real in todays e-business, and companies are scrambling to ensure that
they are doing all they can to curb on this problem.

6. What are several business decisions that you will have to make as a manager that have both
an ethical and IT dimension? Give several examples to illustrate your answer.
Managers will be required to face making decisions that will have both ethical and an IT
dimension. For example, they will make decisions to implement technology to modernize a
manufacturing process will knowing at the same time that they will put hundreds of workers out
of work. They may also implement systems to monitor their employees while at the same time
causing high levels of employee stress, or invade their privacy.

7. What would be examples of one positive and one negative effect of the use of e-business
technologies in each of the ethical and societal dimensions in Figure 11.2? Explain several of
your choices.

Study Guide 2017 Page 108 of 112 Damelin

Employment: IT has created many new jobs and increased productivity. IT has caused a
significant reduction in some types of job opportunities.

Individuality: Computer-based systems can be ergonomically engineered to accommodate

human factors.
Computer-based systems eliminate the human relationships present in manual systems.

Working Conditions: IT has eliminated some monotonous and obnoxious tasks in the office and
the factory that formerly had to be performed by people. Many automated operations relegate
people to a do-nothing standby role.

Privacy: Caller identification may allow users to identify sales people or prank callers. IT allows
supervisors to monitor employees private conversations and records.
Computer Crime: IT may be used in law enforcement. IT can be used as a tool in committing
crimes.
Health Issues: IT can be used in medical diagnosis. Heavy use of computers may cause health
problems like job stress, damaged arm and neck muscles, and eye strain and radiation
exposure.

Societal Solutions: IT can be used to solve human and social problems through societal
applications such as medical diagnosis, computer-assisted instruction, governmental program
planning, environmental quality control, and law enforcement. Computer-based information
systems can violate antitrust or international laws and regulations.

Study Guide 2017 Page 109 of 112 Damelin

Conclusion:

Students must submit all assignments and meet assessment requirements in order to pass
this subject. Class attendance is mandatory; at least 80% of all lectures per programme
have to be attended.

Bibliography

-Introduction to Information Systems. 15th edition; James O Brian; McGraw-Hill

-Internal Data Representation, Shimon Schocken, IDC Herzliya,
-James A. O'Brien; George M. Marakas.Management Information Systems: Managing
Information Technology in the Business Enterprise 6th Ed., Boston: McGraw-Hill/ Irwin,
2004.

Study Guide 2017 Page 110 of 108 Damelin