View
215
Download
1
Category
Preview:
Citation preview
Final Review Synopsis
This document is a synopsis of information presented during class lecture and in the powerpoint slides developed by the author of the text book.
This information, by itself, will not allow you to take the exam and obtain a passing score. It is prepared simply to offer you an organized way of sorting through the information in the textbook. Each topic presented below may have several pages of the text book devoted to completely covering the topic.
Chapters 6 – 10 are derived from the class text book, Using MIS by David KroenkeThe security chapter is derived, in part, from the Fundamentals of Information Systems, Third Edition, by Ralph Stair and George Reynolds.
Chapter 6
Development Fundamentals Information Systems Are Never Off-the-Shelf
o Three sources for software are:o Off-the-selfo Off-the shelf-with adaptationo Tailor-madeo Information systems are never off-the-shelf due to the involvement of
company’s people and resources. You must construct or adapt procedures to fit your business and people. It does not matter how you obtain the computer programs.
Information Systems Maintenanceo For information systems, maintenance means:
Either fixing a system to make it do what is expected Or adapting the system to a changing requirement.
Systems Development Challengeso Systems development is difficult and risky.o Many projects are never finished.o Some projects finish 200 or 300 percent over budget.o Some projects finish on schedule and within budget but do not meet their
goals.o Difficulties in determining requirementso Changes in requirementso Scheduling and budgeting difficultieso Changing technologyo Diseconomies of scale
The Systems Development Life Cycle Development Processo There are however many systems development processes we are
concerned with: Rapid application development (RAD) Object-oriented systems development (OOD) Extreme programming (XP) Information systems differ, no single process works for all
situations.o Systems development life cycle (SDLC)
The System Definition Phase Define project Goals and objectives Scope–statement of work Assess feasibility Cost (budget) Schedule Technical Organizational feasibility Form a project team Project manager In-house IT staff Outside consultants and staff (as needed) User representatives (management and staff)
Requirements Analysis Phase The most important phase in the system development
process is determining system requirements. If the requirements are wrong, the system will be wrong. If the requirements are determined completely and
correctly, then the design and implementation will be easier and more likely to result in success.
Seasoned and experienced system analysts know how to conduct interviews to bring such requirements to light.
Component Design Phase Each of the five components is designed in this stage. The team designs each of the five components by
developing alternatives. Each alternative is evaluated against the requirements. Typically the best alternative that meets the requirements is
selected. Hardware Design Hardware Networking Alternatives Program Design Database Design Procedure Design Design of Job Descriptions
Implementation Phase Implementation System Phase Testing Implementation Phase System Conversion
o There are four ways to implement system conversion:
Pilot–Implement the entire system on a limited portion of the business
Phase–New system is installed in pieces across the organization
Parallel–New system runs in parallel with the old system for a while
Plunge–The old system is turned off and the new system is turned on immediately
Maintenance Phase Record requests for change System failures Enhancement requests Prioritize requests Failure fixing Patches Service packs Enhancements New releases
o Problems with the SDLC Systems development seldom works so smooth. There is sometimes a need to crawl back up the waterfall. Difficulty of documenting requirements in a usable way. Scheduling and budgeting is difficult especially for large projects
with large SDLC phases. Rapid Application Development
RAD Characteristics Object-Oriented Systems Development
The Unified Process UP Principles
Extreme Programming Customer-Centric Nature JIT Design Paired Programming
Comparison of the Four Development Methodologieso See Figure 6-18 Comparison of Development
Chapter 7
Three Categories of Information Systems
Calculation Systemso The first information system was the calculation system.o Its purpose was to relieve workers of tedious, repetitive calculations.o The first systems computed payroll; applied debits and credits to
general ledger, balanced accounting records, and kept track of inventory quantities.
o These systems produced very little information.
Functional Systemso These systems grew as a natural expansion of the capabilities of
systems of the first era.o Payroll expanded to become human resources.o General ledger became financial reporting.o Inventory was merged into operations or manufacturing.o These new functional areas added features and functions to encompass
more activities and to provide more value and assistance.o The problem with functional applications is their isolation.o Functional applications are sometimes called islands of automation
Integrated, Cross-Functional Systemso In this era, systems are designed not to facilitate the work of a single
department or function.o The objective is to integrate the activities in an entire business process.o Since these business activities cross department boundaries, they are
referred to as cross-departmental or cross-functional systems.
Survey of Functional Systems Human Resources Systems
o Human resources systems support recruitment, compensation, evaluation, and development of the organization’s employees and affiliated personnel.
Accounting and Finance Systemso Financial reporting applications use the general ledger data to produce
financial statements and other reports for management, investors, and federal reporting agencies.
o Cost accounting applications determine the marginal cost and relative profitability of products and product families.
o Budgeting applications allocate and schedule revenues and expenses and compares actual financial results to the plan.
Sales and Marketing Systemso Sales and marketing systems store data about potential customers, their
product interests and contact with them by sales personnel.
o Sales management uses sales forecasting systems to predict future sales.
o Customer management systems maintain customer contact data, credit status, past orders, and other data.
Operations Systemso Operations activities concern the management of finished-goods
inventory and the movement of goods from that inventory to the customer.
o Operations systems are especially prominent for non manufacturers, such as distributors, wholesalers, and retailers.
o Order entry systems record customer purchases.
Manufacturing Systemso Manufacturing systems facilitate the production of goods.o Manufacturing systems include inventory, planning, scheduling, and
manufacturing operations.
The Problems of Functional Systemso Functional systems provide tremendous benefits to the departments that
use them; however, they are limited due to operating in isolation.o With isolated systems:o Data are duplicated because each application has its own databaseo Business processes are disjointedo Lack of integrated enterprise datao Inefficiency
Competitive Strategy and Value Chaino When Michael Porter wrote the now-classic Competitive Advantage in
the mid-1980’s his ideas laid the groundwork for solving the problems of isolated information systems.
o Porter defined and described value chains, which are networks of business activity that exist within an organization.
o Porter also developed a model of competitive strategies that helps organizations choose which information systems to develop.
Competitive Strategieso See Figure 7-12 Porter’s Four Competitive Strategies
The Value Chaino Value in the Porter model is the total revenue that a customer is willing
to spend for a product or service. o Value is stressed rather than cost because an organization that has a
differentiation strategy may intentionally raise costs in order to create value.
o Margin is the difference between cost and value. Business Process Design
o The idea of the value chain as a network of value-creating activities became the foundation of a movement called business process design, or sometimes business process redesign.
o The central idea is that organizations should not automate or improve existing functional systems.
o Rather they should create new, more efficient, business processes that integrate the activities of all departments involved in a value chain.
o The goal was to take advantage of as many activities of all departments involved in a value chain.
Challenges of Business Process Designo Process design projects are expensive and difficult.
o Highly trained systems analysts interview key personnel from many departments and document the existing system as well as one or more systems alternatives.
o Managers review the results of the analysts’ activity, usually many times, and attempt to develop new, improved processes.
o The new information systems are developed to implement those new business processes.
Benefits of Inherent Processeso When an organization acquires, say, a business application from Siebel
Systems, the processes for using the software are built-in or inherent processes.
o In most cases, the organization must conform its activities to those processes.
o If the software is designed well, the inherent processes will save the organization the substantial, sometimes staggering, cost of designing new processes itself.
Three Examples of Integrated, Cross-Functional Information Systems Customer Relationship Management Systems
o Customer relationship management (CRM) is the set of business processes for attracting, selling, managing, and supporting customers.
o The difference between CRM systems and traditional functional applications is that CRM addresses all activities and events that touch the customer and provides a single repository for data about all customer interactions
o CRM systems store all customer data in one place and thus make it possible to access all data about the customer.
o Some CRM systems include activities that occur at the customer’s site.o See Figure 7-16 The Customer Life Cycleso See Figure 7-17 CRM Components
Enterprise Resource Planningo Enterprise resource planning (ERP) integrates all of the organization’s
principal processes.o ERP is an outgrowth of MRP II manufacturing systems, and the
primary ERP users are manufacturing companies.o The first and most successful vendor of ERP software is SAP (SAP AG
Corp., headquartered in Germany). ERP Characteristics
ERP takes a cross-functional, process view of the entire organization.
With ERP, the entire organization is considered a collection of interrelated activities.
ERP is a formal approach that is based on documented, tested business models.
ERP applications include a comprehensive set of inherent processes for all organizational activities.
SAP defines this set as the process blueprint and documents each process with diagrams that use a set of standardized symbols.
Enterprise Application Integrationo ERP Benefits
The processes in the business blueprint have been tried and tested over hundreds of organizations.
The processes are always effective and often very efficient. Organizations that convert to ERP do not need to reinvent
business processes. By taking an organization-wide view, many organizations find
they can reduce their inventory dramatically. With better planning, it is not necessary to maintain large buffer
stocks. Items remain in inventory for shorter periods of time,
sometimes no longer than a few hours or a day. ERP helps organizations reduce lead times. Data inconsistency problems are not an issue because all ERP
data are stored in an integrated database. ERP-based organizations often find that they can produce and
sell the same products at lower costs due to: Smaller inventories Reduced lead times Cheaper customer support
Chapter 8
Porter’s Five Competitive Forces Modelo Porter developed a third model that helps to introduce the notion of
interorganizational systems called the Porter’s five competitive forces model.
o According to this model, five competitive forces determine profitability: Bargaining power of suppliers Bargaining power of customers New entrants to the market Rivalry among firms Threats of substitutions for an organization’s products or services
o E-Commerce
o E-commerce is the buying and selling of goods and services over public and private computer networks.
o The U.S. Census Bureau, which publishes statistics on e-commerce activity, defines merchant companies as those that take title to the goods they sell.
o They buy goods and resell them. E-Commerce Merchant Companies
o There are two types of merchant companies: those that sell directly to consumers and those that sell to companies.
o Each uses slightly different information systems in the course of doing business.
o B2C, or business-to-consumer, e-commerce concerns sales between a supplier and a retail customer (the consumer).
Nonmerchant E-Commerceo The U.S. Census Bureau defines nonmerchant companies as those that
arrange for the purchase and sale of goods without ever owning or taking title to those goods.
o The most common nonmerchant e-commerce companies are auctions and clearing houses.
o E-commerce auctions match buyers and sellers by using an e-commerce version of a standard auction.
o This e-commerce application enables the auction company to offer goods for sale and to support a competitive bidding process.
o The best-known auction company is eBay, but many other auction companies exist; many serve particular industries.
E-Commerce Improves Market Efficiencyo E-commerce leads to disintermediation, which is the elimination of
middle layers in the supply chain.o You can buy a flat-screen LCD HDTV from a typical electronic store or
you can use e-commerce to buy it from the manufacturer.o If you take the later route, you eliminate at least one distributor, the
retailer, and possibly more.o E-commerce also improves the flow of price information.o As a consumer, you can go to any number of Web sites that offer product
price comparisons.o E-commerce also improves the flow of price information (continued)o The improved distribution of information about price and terms enables
you to pay the lowest possible cost and serves ultimately to remove inefficient vendors.
o The market as a whole becomes more efficient. o From the seller’s side, e-commerce produces information about price
elasticity that has not been available before.o Price elasticity measures the amount that demand rises or falls with
changes in price.
E-Commerce Economicso Companies need to consider the following economic factors:o Channel conflicto Price conflicto Logistics expenseo Customer service expense
E-Commerce and the World Wide Web Web Technology
o Most B2C commerce conducted over the World Wide Web (WWW) uses Web storefronts supported by commerce servers.
o A commerce server is a computer that operates Web-based programs that display products, support online ordering, record and process payments, and interface with inventory-management applications.
o Web servers also process application programs. To ensure acceptable performance, commercial Web sites usually
are supported by several or even many Web server computers. A facility that runs multiple Web servers is sometimes called a
Web farm. Work is distributed among computers in a Web farm so as to
minimize customer delays. The coordination among multiple Web server computers is a
fantastic dance
Supply Chain Managemento A supply chain is a network of organizations and facilities that transforms
raw materials into products delivered to customers.o Customers order from retailers, who in turn order from distributors, who
in turn order from manufacturers, who in turn order from suppliers.o The supply chain also includes transportation companies, warehouses, and
inventories and some means for transmitting messages and information among the organizations involved.
Drivers of Supply Chain Performanceo Four major factors, or drivers, affect supply chain performance:
Facilities concern the location, size and operations methodology of the places where products are fabricated, assembled or stored.
Inventory includes all of the materials in the supply chain, including raw materials, in-process work, and finished goods.
Transportation concerns the movement of materials in the supply chain.
Information influences supply chain performance by affecting the ways that organizations in the supply chain request, respond, and inform one another.
Supply Chain Profitability Versus Organizational Profitability
o Supply chain profitability is the difference between the sum of the revenue generated by the supply chain and the sum of the costs that all organizations in the supply chain incur and the sum of the costs that all organizations in the supply chain incur to obtain that revenue.
o In general, the maximum profit to the supply chain will not occur if each organization in the supply chain maximizes its own profits in isolation.
The Bullwhip Effecto The bullwhip effect is a phenomenon in which the variability in the size
and timing of orders increase at each stage up the supply chain, from customer to supplier.
o The bullwhip effect is a natural dynamic that occurs because of the multistage nature of the supply chain.
o It is not related to erratic consumer demand.
Interorganizational Information Systems Supplier Relationship Management
o Supplier relationship management (SRM) is a business process for managing all contracts between an organizational and its suppliers.
o Supplier in SRM is used generically: It refers to any organization that sells something to the organization that has the SRM application.
o A manufacturer is a supplier to a distributor SRM applications support three basic processes: source, purchase, and settle. Integrating SRM with CRM
o Supplier’s CRM application interfaces with the purchaser’s SRM application.
o Both the supplier and the customer want to perform the ordering process as cheaply and efficiently as possible.
o SRM examines inventory, determines that items are required, and automatically creates the order via its connection to the supplier’s CRM.
Information Technology for Data Exchange Electronic Data Interchange
o Electronic Data Interchange (EDI) is a standard of formats for common business documents.
o Because the transmissions are electronic, the distributors and manufacturers must agree on a format for the orders.
o This format includes: How many data fields will be sent. In what order they will be sent. How many characters will be sent in each data field, and so forth.
o In the United States, the X12 Committee of the American National Standards Institute (ANSI) manages EDI standards.
o Today, the EDI X12 standard includes hundreds of documents.o Other EDI Standards
EDIFACT standard is used internationally. HIPAA standard is used for medical records. Because of the existence of multiple standards, when two
organizations today wish to exchange documents electronically, they must first agree on which standard they will use.
eXtensible Markup Languageo Organizations have used HTML to share documents.o There are three problems with HTML:
HTML tags have no consistent meaning. HTML has a fixed number of tags. HTML mixes format, content, and structure
Application Interaction in the Supply Chaino The process of a program on one computer accessing programs on a
second computer is called remote computing or distributed computing.o Several different techniques are used:o Two important ones are the use of proprietary designs and Web services
Chapter 9
The Need for Business Intelligence Systems Business Intelligence Tools
o Tools for searching business data in an attempt to find patterns is called business intelligence (BI) tools.
o Reporting tools are programs that read data from a variety of sources, process that data, produce formatted reports, and deliver those reports to the users who need them.
Business Intelligence Systemso An information system is a collection of hardware, software, data, procedures,
and people.o The purpose of a business intelligence (BI) system is to provide the right
information, to the right user, at the right time.o BI systems help users accomplish their goals and objectives by producing
insights that lead to actions.o The processing of data is simple:
Data are sorted and grouped. Simple totals and averages are calculated.
o Reporting tools are used primarily for assessment They are used to address questions like: What has happened in the past? What is the current situation? Data-mining tools process data using statistical techniques, many of
which are sophisticated and mathematically complex.
Data mining involves searching for patterns and relationships among data.
In most cases, data-mining tools are used to make predictions. For example, we can use one form of analysis to compute the
probability that a customer will default on a loan.
Reporting Systemso The purpose of a reporting system is to create meaningful information from
disparate data sources and to deliver that information to the proper user on a timely basis.
o Reporting systems generate information from data as a result of four operations:
Filtering data Sorting data Grouping data Making simple calculations on the data
Creating Information Using Reporting Operations Components of Reporting Systems
o A reporting system maintains a database of reporting metadata.o The metadata describes the reports, users, groups, roles, events, and other
entities involved in the reporting activity.o The reporting system uses the metadata to prepare and deliver reports to the
proper users on a timely basis. In terms of a report type, reports can be static or dynamic. Static reports are prepared once from the underlying data, and they do
not change. Example, a report of past year’s sales Dynamic reports: the reporting system reads the most current data
and generates the report using that fresh data. Query reports are prepared in response to data entered by users. Online analytical processing (OLAP) reports allow the user to
dynamically change the report grouping structures.o The report mode can be either push report or pull report.o Organizations send a push report to users according to a preset schedule.o Users receive the report without any activity on their part.o Users must request a pull report.o To obtain a pull report, a user goes to a Web portal or digital dashboard and
clicks a link or button to cause the reporting system to produce and deliver the report
Functions of Reporting Systemso Three functions of reporting systems are:
Authoring Management Delivery
o Report authoring involves connecting to data sources, creating the reporting structure, and formatting the report.
o Report Management The purpose of report management is to define who receives what
reports, when, and by what means. Most report-management systems allow the report administrator to
define user accounts and user groups and to assign particular users to particular groups.
Reports that have been created using the report-authoring system are assigned groups and users.
o Report Delivery The report-delivery function of a reporting system pushes reports or
allows them to be pulled according to report-management metadata. Reports can be delivered via an email server, Web site, XML Web
services, or by other program-specific means. The report-delivery system uses the operating system and other
program security components to ensure that only authorized users receive authorized reports.
o Online Analytical Processing Online analytical processing (OLAP) provides the ability to sum,
count, average, and perform other simple arithmetic operations on groups of data.
The remarkable characteristics of OLAP reports is that they are dynamic.
The viewer of the report can change the report’s format, hence, the term online.
Data Warehouses and Data Martso Basic reports and simple OLAP analyses can be made directly from
operational data.o For the most part, such reports display the current state of the business; and if
there are a few missing values or small inconsistencies with the data, no one is too concerned.
o Operational data are unsuited to more sophisticated analyses, particularly, data-mining analyses that require high-quality input for accurate and useful results.
o Many organizations choose to extract operational data into facilities called data warehouses and data marts, both of which are facilities that prepare, store, and manage data specifically for data mining and other analyses.
Problems with Operational Datao Most operational and purchased data have problems that inhibit their
usefulness for business intelligence.o Problematic data are termed dirty data.o Purchased data often contain missing elements.
o Inconsistent data are particularly common for data that have been gathered over time
o Data can be too fine or too coarse.o If data is in the wrong format, that condition is sometimes expressed by saying
the data have the wrong granularity.o Because of a phenomenon called the curse of dimensionally, the more
attributes there are, the easier it is to build a model that fits the sample data but that is worthless as a predictor.
Data Warehouses Versus Data Martso The data warehouse takes data from the data manufacturers (operational
systems and purchased data), cleans and processes the data, and locates the data on the shelves, so to speak, of the data warehouse.
o A data mart is a data collection, smaller than the data warehouse, that addresses a particular component or functional area of the business.
o The data warehouse is like the distributor in the supply chain and the data mart is like the retail store in the supply chain.
o Users in the data mart obtain data that pertain to a particular business function from the data warehouse.
o It is expensive to create, staff, and operate data warehouses and data marts.
Data Miningo Data mining is the application of statistical techniques to find patterns and
relationships among data and to classify and predict.o Data mining represents a convergence of disciplines.o Data-mining techniques emerged from statistics and mathematics and from
artificial intelligence and machine-learning fields in computer science.
Unsupervised Data Miningo With unsupervised data mining, analysts do not create a model or hypothesis
before running the analysis.o Instead, they apply the data-mining technique to the data and observe the
results.o Analysts create hypotheses after the analysis to explain the patterns found.
Supervised Data Miningo With supervised data mining, data miners develop a model prior to the
analysis and apply statistical techniques to data to estimate parameters of the model.
o One such analysis, which measures the impact of a set of variables on another variable, is called a regression analysis.
o Neural networks are another popular supervised data-mining technique used to predict values and make classifications such as “good prospect” or “poor prospect” customers.
Market-Basket Analysiso A market-basket analysis is a data-mining technique for determining sales
patterns.o A market-basket analysis shows the products that customers tend to buy
together
Decision Treeso A decision tree is a hierarchical arrangement of criteria that predict a
classification or a value.o Decision tree analyses are an unsupervised data-mining technique.
Knowledge Management Content Management Systems
o Knowledge management systems concern the sharing of knowledge that is already known to exist, either in libraries of documents, in the heads of employees, or in other known sources.
o Knowledge management (KM) is the process of creating value from intellectual capital and sharing that knowledge with employees, managers, suppliers, customers, and others who need that capital.
KM Systems to Facilitate the Sharing of Human Knowledgeo Nothing is more frustrating for a manager to contemplate than the situation in
which one employee struggles with a problem that another employee knows how to solve easily.
o KM systems are concerned with the sharing not only of content, but also with the sharing of knowledge among humans.
How can one person share her knowledge with another? How can one person learn of another person’s great idea?
Chapter 10
The Information Systems Departmento The main functions of the information systems department are as follows:
Plan the use of IT to accomplish organizational goals and strategy. Develop, operate, and maintain the organization’s computing
infrastructure. Develop, operate, and maintain enterprise applications. Protect information assets. Manage outsourcing relationships.
o The title of the principal manager of the IS department varies from organization to organization.
A common title is chief information officer, or CIO.o The CIO, like other senior executives, reports to the chief executive officer
(CEO), though sometimes these executives report to the chief operation officer (COO), who in turn reports to the CEO.
In some companies, the CIO reports to the chief financial officer (CFO).
o Most IS departments include a technology office that investigates new information systems technologies and determines how the organization can benefit from them.
o The group operations, manages the computing infrastructure, including individual computers, computer centers, networks, and communications media.
This group includes system and network administrators. An important function of this group is to monitor the user experience
and respond to user problems.o Another group in the IS department is development
This group manages the process of creating new information systems as well as maintaining existing information systems
The size and structure of the development group depends on whether programs are developed in-house.
If not, this department will be staffed primarily by systems analysis who work with users, operations, and vendors to acquire and install licensed software and to set up the system components around that software.
If the organization develops programs in-house, then this department will include programmers, test engineers, technical writers, and other development personnel
o The last IS department is outsourcing relations. This group exists in organizations that have negotiated outsourcing
agreements with other companies to provide equipment, applications, or other services.
o There is also a data administration staff function. The purpose of this group is to protect data and information assets by
establishing data standards and data management practices and polices.
o Keep the distinction between IS and IT. Information systems (IS) exist to help the organization achieve its
goals and objectives. Information technology (IT) is just technology. It concerns the products, techniques, procedures, and designs of
computer-based technology. IT must be placed into the structure of an IS before an organization
can use it.
Planning the Use of ITo Align Information Systems with Organizational Strategy
Information systems must be aligned with organizational strategy. The purpose of an information system is to help the organization
accomplish its goals and objectives.
o Communicate IS Issues to the Executive Group The CIO is the representative for IS and IT issues within the executive
staff. Provides the IS perspective during discussions of problems solutions,
proposals, and new initiatives.
o Develop Priorities and Enforce Within the IS Department The CIO must evaluate every proposal, at the earliest stage possible, as
to whether it is consistent with the goals of the organization and aligned with its strategy.
No organization can afford to implement every good idea.
o Sponsor the Steering Committee A steering committee is a group of senior managers from the major
business functions that works with the CIO to set the IS priorities and decide among major IS projects and alternatives.
The steering committee serves an important communication function between IS and the users.
The steering committee provides a forum for users to express their needs, frustrations, and other issues they have with the IS department
o Managing the Computing Infrastructure Managing the computing infrastructure is the most visible of all of the
IS department’s functions. To many employees, the IS department is the “computer department”.
o Align Infrastructure Design with Organizational Structure The structure of the IS infrastructure must mirror the structure of the
organization. A highly controlled and centralized organization needs highly
controlled and centralized information systems. A decentralized organization with autonomous operating units requires
decentralized information systems that facilitate autonomous activity.
o Create, Operate, and Maintain Computing Infrastructure Three more tasks in managing the computing infrastructure are to:
Create and maintain infrastructure for end-user computing. Create, operate, and maintain networks. Create, operate, and maintain data centers, data warehouses,
and data marts.
o Establish Technology and Product Standards Failure of the network software upgrade points out the need for
technology and product standards. If no standards exist it could mean difficulties for upgrading computers
and programs. Some users’ computers become incompatible with others.
o Track Problems and Monitor Resolutions The IS department provides the computing infrastructure as a service
to users. The system is used to record user problems and monitor their
resolution.
o Manage Computing Infrastructure Staff The IS department must manage the computing infrastructure staff. The organization of an operation department has subdepartments for
the network, computer center, data warehouse and user support.
o Managing Enterprise Applications In addition to managing the computing infrastructure, the IS
department manages enterprise applications as well.
o Develop New Applications The IS department manages the development of new applications. The process of creating a new application begins when the IS
department aligns its priorities with the organization's strategy.
o Maintain Systems The IS department has the responsibility for system maintenance. Maintenance means either to fix the system to do what it is supposed
to do in the first place or to adapt the system to changed requirements.
o Integrate Enterprise Applications A third element concerns enterprise application integration. EIA requires developers to create intermediary layers of software, and
possibly intermediary databases, to enable the integration of disparate systems.
o Manage Development Staff The last management function is to manage the development staff. A computer programmer or developer is both a software designer as
well as a programmer. Sustaining-application developers work on existing applications. Sustaining developers have fewer years of experience or less
knowledge than new-application developers.
o Administer Data Data administration describes a function that pertains to all of an
organization’s data assets. Database administration describes a function that pertains to a
particular databaseo Outsourcing
Outsourcing is the process of hiring another organization to perform a service.
o Alternatives to Outsourcing Some organizations outsource the acquisition and operation of
computer hardware. Acquiring licensed software Outsource entire system Web storefront Entire business function See Figure 10-12 IS/IT Outsourcing Alternatives
o The Risks of Outsourcing See Figure 10-13 Outsourcing Risks
o User Rights and Responsibilities See Figure 10-14 User Information Systems Rights and
Responsibilities
Security Section
o Computer Waste and Mistakes Computer waste The inappropriate use of computer technology and resources Computer-related mistakes Errors, failures, and other computer problems that make computer
output incorrect or not usefulo Computer Waste
Discarding of technology Unused systems Personal use of corporate time and technology Spam
o Computer-Related Mistakes Mistakes can be caused by unclear expectations and a lack of feedback A programmer might develop a program that contains errors A data-entry clerk might enter the wrong data
o Preventing Computer-Related Waste and Mistakes Establishing policies and procedures Implementing policies and procedures Monitoring policies and procedures Reviewing policies and procedures
o Computer Crime Often defies detection The amount stolen or diverted can be substantial
The crime is “clean” and nonviolent The number of IT-related security incidents is increasing dramatically Computer crime is now global
o The Computer as a Tool to Commit Crime Criminals need two capabilities to commit most computer crimes: Knowing how to gain access to the computer system Knowing how to manipulate the system to produce the desired result Social engineering Dumpster diving
o Cyberterrorism Cyberterrorist: intimidates or coerces a government or organization
to advance his or her political or social objectives by launching computer-based attacks against computers, networks, and the information stored on them
Homeland Security Department’s Information Analysis and Infrastructure Protection Directorate
o The Computer as the Object of Crime Illegal access and use Data alteration and destruction Information and equipment theft
o Illegal Access and Use Hackers Criminal hackers (also called crackers) Script bunnies Insiders
o Data Alteration and Destruction Virus: a computer program capable of attaching to disks or other files
and replicating itself repeatedly, typically without the user’s knowledge or permission
Worm: an independent program that replicates its own program files until it interrupts the operation of networks and computer systems
o Information and Equipment Theft To obtain illegal access, criminal hackers require identification
numbers and passwords Password sniffer Theft of data and software Theft of computer systems and equipment
o Preventing Computer-Related Crime Crime prevention by state and federal agencies Crime prevention by corporations Public key infrastructure (PKI): a means to enable users of an
unsecured public network such as the Internet to securely and privately exchange data through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority
Biometrics: the measurement of one of a person’s traits, whether physical or behavioral
o Preventing Crime on the Internet Develop effective Internet usage and security policies Use a stand-alone firewall with network monitoring capabilities Deploy intrusion detection systems, monitor them, and follow up on
their alarms Monitor managers and employees Use Internet security specialists to perform audits
o Privacy Issues With information systems, privacy deals with the collection and use or
misuse of data Privacy and the federal government Privacy at work E-mail privacy Privacy and the Internet
o Federal Privacy Laws and Regulations The Privacy Act of 1974 Gramm-Leach-Bliley Act USA Patriot Act Other federal privacy laws
o Corporate Privacy Policies Should address a customer’s knowledge, control, notice, and consent
over the storage and use of information May cover who has access to private data and when it may be used A good database design practice is to assign a single unique identifier
to each customero Ethical Issues in Information Systems
“Old contract” of business: the only responsibility of business is to its stockholders and owners
“Social contract” of business: businesses are responsible to society
Recommended