Week 11: Ethical and Social Issues in Information Systems

Understanding Ethical and Social issues related to systems:

Ethics are principles of right and wrong and guide behaviour. New IT has a ripple
effect, raising new ethical, social and political concerns which must be dealt by
individual, social and political levels. There are five dimensions to IT issues:
1. Information rights and obligation:
2. Property rights and obligations:
3. System Quality:
4. Quality of Life:
5. Accountability and Control:
The reduction in storage costs enables firms to store large information in regards
to its customers and employees and poses ethical dilemmas. Other ethical issues
include Data analysis, profiling (gathering detailed information on individuals)
and NORA: (Nonobvious relationship awareness) advanced profiling tool to find
obscure hidden connections to identify criminals.
Ethics in an Information Society:
First, information technologies are filtered through organisations and individuals.
The responsibility for consequences of technology falls on the users of the
technology. In an ethical, political society, individuals can recover damages done
to them (liabilities) through a set of laws characterized by due process.
Ethical Analysis:
1. Identify and describe the facts clearly: who, when, where, how
2. Define the conflict or dilemma and rank the values involved
3. Identify the stakeholders and what they want
4. Identify options that can be taken
5. Identify the potential consequences of these options
Candidate Ethical Principles:
1. The Golden rule: do unto others, as you would have them do unto you
2. Immanuel Kants Categorical imperative: if the action is not right for
everyone, its not right for anyone.
3. Descartes rule of change: If an action cannot be taken repeatedly, its
not right to take.
4. Utilitarian principle: Take the action that achieves the highest value
5. Risk Aversion principle: Take the action that produces the least harm or
least costs
6. Ethical no free lunch rule: Assume that all objects are owned by
someone else unless otherwise. If the object is useful, ensure that the
creator is compensated for the object.
The Moral Dimensions of Information Systems (related to five
dimensions of IT above)
1. Information Rights: Privacy and Freedom in the Internet Age
Privacy is the claim of individuals to be left alone and free from surveillance and
other interferences. IS have resulted in the electronic invasion of privacy of
employees and customers. Internet challenges to privacy have included:
Website tracking of pages visited to display more relevant ads
Cookies: text files deposited on a computer when a website is visited. It
tracks the users visits to the website, analyse their past activities, cannot
obtain names and addresses of the user.
Web beacons: software program that records users online clickstream

Spyware: installed on computers via a larger application. It signals

websites to deliver ads.
Opt in model: business is prohibited from collecting personal information
unless approved
Opt out model: business collects information until the user opts out or
requests to stop.
2. Property Rights: Intellectual Property:
Intellectual property is intangible property created by individuals/firms. They are
difficult to protect because IS makes it easy for these properties to be copied and
redistributed. Property rights include:
Trade secrets, which are the ideas and formulas driving a business
purpose. The limitation is that it is difficult to prevent trade secrets from
falling in the public domain
Copyrights which protect the creators intellectual property from being
copied by others during the life of the creator and 70 years after the
creators death. The limitation is that the intellectual property can be
recreated without infringing the copyright
Patents: grants the owner an exclusive monopoly on an idea for 20 years.
The limitation is that it involves stringent criteria and requires a large
amount of time to receive.
3. Accountability, Liability and Control:
Computer software are a part of the hardware/machine. If the machine physically
injures someone then the producer of that software and the machine operator are
liable for damages.
4. System Quality: Data Quality and Systems Error:
Three principle sources of poor system performance include software bugs and
errors, hardware or facility failures and poor input data quality.
5. Quality of Life: Equity, Access and Boundaries:
Early stages of IS/IT development brought fears huge centralized computers
would centralize power in an economy. These fears have been reduced due to
decentralization and the inclusion of lower levels in decision-making activities.
IS/IT have increased the response time of firms to competition. However there are
fears in terms of maintaining boundaries such as family, work and leisure. The
danger of mobile computing and the digital firm have enabled individuals to
conduct business anywhere, anytime.
IS/IT have introduced large increases in computer crime and abuse. Computer
crimes are the commission of illegal acts through the use of computer systems
whilst computer abuse involves unethical acts such as spam (virtual junk mail)
through the use of the computer.
Information, knowledge and computers are inequitably distributed along ethnic
and social class lines. There is a digital divide that exists in US schools where
schools in high poverty areas are less likely to have computers, high quality
educational software and Internet access.
Health risks:
Repetitive Stress Injury: occurs when muscle groups are forced through
repetitive actions. The most common computer related repetitive stress

injury is carpal tunnel syndrome. Repetitive stress injury is avoidable by

promoting proper structure and posture.
Computer vision syndrome: refers to an eyestrain condition related to
display screens. Symptoms include headaches, blurred vision and dry and
irritated eyes
Technostress: stress induced by computer use. Symptoms will include
aggravation, hostility towards humans, fatigue and impatience.

Week 10: Managing Projects:

The Importance of Project Management:
Without proper management, systems development will suffers excess costs,
time inefficiencies and failure to obtain expected objectives. For example,
Systems may be designed with poor user interface (end user interaction) and
poor websites which could discourage visitors from visiting the website. A project
is a planned series of related activities to achieve specific business objectives. In
information systems this will involve developing new information systems,
enhancing existing systems or to upgrade the firms IT infrastructure. Project
management, refers to the application of knowledge, tools and techniques to
achieve specific targets within budget and time constraints.
Project management in Information Systems deal with the following variables:
1. Scope: defines what work is included in the project and ensuring that the
project does not expand beyond the projects original intention.
2. Time: the amount of time required to complete the project
3. Cost: creating a budget and monitoring the projects expenses. Measured by
Time x Wage.
4. Quality: Indicator of how well the end result of the project meets the intended
objective. Quality indicators include improved performance and decision-making,
ease of use and accuracy.
5. Risk: the potential problems that would threaten the success of a project.
Selecting Projects:
Management structure for IS projects:
Corporate strategic planning group: develops the firms strategic
plans and KPIs
IS steering committee: senior management group that develops,
coordinate and integrate systems and operations. They also review
and approve plans for systems in all divisions.
Project team: Responsible for individual systems project and are
supervised by the project management group composed of IS managers
and end user managers.
Linking Systems Projects to business Plans:
Information systems plans support the overall business plan and in which
strategic systems are incorporated into top level planning. They are used to
identify IS projects with the most potential value, to develop budgets and
roadmaps to its implementation and demonstrates the general goals that the
systems project aims to achieve.

Information Requirements for Project Selection and KPIs

An effective information systems plan is only developed if a firm recognizes
clearly its long term and short-term informational needs. These needs are often
determined through the use of KPIs, which are shaped and developed, by the
industry, firm and management.
Portfolio Analysis:
In exam preparation worksheet:
Scoring Model:
The scoring model is used to select projects where many criteria may be
required. It involves assigning weights to various features of a system and then
calculating the weighted totals. It is important to change the criteria and weights
for sensitivity analysis and to ensure an accurate decision is made. Scoring
models are used to confirm, rationalize and support decisions.
Establishing the business value of information systems:
Information systems: Costs and benefits:
Tangible benefits: quantified and has a
monetary value
Increased productivity, lower operational costs,
reduced workforce, reduced facility costs, lower
computer expenses,

Intangible benefit: cannot be quantified

but can lead to gains in the future
increased flexibility, improved decision making,
improved job and customer satisfaction, better
corporate image

The costs of information systems include the cost of hardware,

telecommunications, software, services and personnel.
Capital Budgeting for Information Systems:
Capital budgeting is used to measure the value of investing in long-term capital
investment projects. It relies on measuring the cash flows in and out of the firm.
Investment costs is an immediate cash outflow whilst cash inflows result from
earnings that can be achieved from the information system investment. A project
with costs exceeding benefits should be rejected. Models for capital budgeting
include return on investment, net present value and internal rate or return.
Real options pricing model (ROPM)
ROPM value IS projects similar to stock options where the initial expenditure on
technology creates the right but not the obligation to obtain the benefits
associated with its further development. This model offers management flexibility
to stage their IT investment and to test the environment with prototypes to gain
more insight on the risks of the particular investment. The disadvantage of this
model is the need to estimate all key variables, anticipating cash flows and
implementation costs.
The limitations of this financial models such as and capital budgeting are that it
overlooks the social and organisational dimensions of information systems
affecting the true costs and benefits of the investment.
Managing project risks:
The dimensions of project risks include:
1. Project size the larger the project (costs, physical size, time) the
greater the risks
2. Project structure high structure projects (clear requirements/process)
have lower risks.
3. Experience with technology Low technological expertise increases risk
and time wastage
Change Management and Concept of implementation:
Successful system building requires careful change management.
In the implementation process, the system analysts are referred to as a change
agent who redefines the configurations, job activities and power relationships of

organisations. They communicate with users, mediate between competing

interest groups and ensure a complete adjustment to change.
If end users are heavily involved, they have more opportunities to shape
the system for themselves and react more positively to the completed system.
However there is often a user-designer communication gap that exists (due to
different backgrounds, interests and priorities) which may result in greater risks
in the system implementation.
There are often high failure rates in process redesigning projects, as they
often require extensive organisational change, which requires replacing old
technology and legacy systems. Most projects are not completed and fail to meet
their intended objectives. The threats of resistance and, fear and anxiety and
recruitment practices impose a greater risk to the firm than designing IS projects.
Controlling Risk factors:
Projects often fail due technical complexity. Therefore projects should be
delivered and managed by individuals with strong technical backgrounds.
Formal planning tools and control tools can also be used to manage risk. Gantt
charts are a visual, sequencing tool whilst Perkt Charts are a program evaluation
and review technique. They overcome the limitations of Gantt charts by showing
how tasks are affected if another is behind schedule and portrays a project as a
network diagram consisting of numbered nodes and its duration.
An organisation that is able to increase user involvement and overcome user
resistance, through training and education and management policies, is likely to
reduce the risk of undertaking the project. This is because resistance often
results in increased error rates and turnover.
Designing for the organisation:
Ergonomics refers to the interaction of people and machines in the work
environment. It considers the design of jobs, health issues and the end user
interface of information systems. Organisational impact analysis explains how a
proposed system will affect organisational structure and operations.
Socio technical design aims to address human and organisational issues. It aims
to produce IS that blends technical efficiency with sensitivity to human needs;
increasing productivity.

Week 9: System Vulnerability and Abuse

Systems Vulnerability and Abuse:
Security involves policies, procedures and technical measures used to prevent
unauthorised access, theft or physical damage to information systems.
Systems are becoming more vulnerable with the growth of IS. IS contains many
communication networks, increasing the access points for fraud, abuse and
unauthorised access whilst hardware systems can be broken down due criminal
acts and physical damage. Information systems are also being outsourced which
reduces confidentiality and the increasing portability of mobiles and tablets for
business use make them easy to lose and steal.
The Internet is accessible and open to everyone. The increased use of emails and
IM systems make it easier for the transfer of malicious software and can be stolen
and revealed to others. Hackers often try to identify unprotected networks such
as the Internet and corporate networks to gain access to them.
Malicious software:
Malware: malicious software program
Virus: rogue software that attaches unwillingly to other software programs
displaying messages, images or to destroy the users programs and data
Worms: independent computer programs that copy themselves from one
computer to the next destroying data and computer networks.

Trojan horses: appears benign but then introduces viruses or worms to

hardware.
Spyware: install themselves on computers to monitor the users activities
Hackers and Computer Crime:
A hacker is an individual who intends to gain unauthorised access to a computer
system by finding weaknesses in its security. A cracker is a hacker with criminal
intent.
Spoofing: redirecting a web link to an address different from the intended
one
Sniffer: eavesdropping program that monitors information travelling over a
network.
DOS attacks: hackers flood a network server with thousands of false
communications or requests for services to crash the network. It results in
customer dissatisfaction as it denies them access to the website or server.
Computer crime: violation of criminal law using computer technology
Identity theft: crime in which an imposter obtains key pieces of personal
information to impersonate someone else.
o Phishing: creation of fake and seemingly legitimate websites and
emails requesting for confidential personal data
o Pharming: redirects users to bogus web pages
Click fraud
Global threats: cyberterrorism and cyberwarfare.
o Cyberwarfare is state sponsored activity designed to damage the
networks of others
Internal threats: employees
Employees often forget their passwords or share their passwords with others,
which compromises the firms securities. Employees also have access to
important proprietary information, which they can damage, copy or interfere
with.
Software vulnerability:
The growing complexity and increased demands for timely delivery has increased
software flaws and vulnerabilities. IS complexity give rise to program defects
known as bugs. To mend software flaws without disrupting its operations, patches
are created. Currently, malicious software is being created at a rate faster than a
firms responsiveness imposing risks to even the most secure firms.

Business Value of security and control:

Firms are often reluctant to spend on security, as it does not contribute to the
firms revenues, thus there is a trade-off between expense and potential security
threats. There are currently several legal requirements such as the Health
Insurance Portability and Accountability Act (HIPAA), which requires members of
the health care industry to retain confidential patient information for six years,
and the Gramm Leach Bliley Act, which requires financial institutions to ensure
the security and confidentiality of customer data.
Another importance of security is that firms are now obligated by law to provide
access to information that may prove useful as evidence. It this information is not
available for computer forensics, than firms are liable to large fines. Thus it is
important to invest in security measures.
Establishing a framework for security and control:

IS controls:
IS controls are composed of general and application controls. General controls
govern the design, security and use of computer programs and the security of
data files in general throughout the organisations information technology
infrastructure. Software controls monitor the use of software, whilst hardware
controls ensure that the hardware is secured and almost flawless.
Application controls are specific controls unique to each computerised
application, both automated and manual. For instance: input controls check data
for accuracy and completeness, processing controls establish that data are
accurate and completed when updated and output controls ensure that the
results of computer processing is accurate and complete.
Risk assessment and Security policy:
Risk assessment is the level of risk to the firm if a specific activity is not properly
controlled and not all risks can be anticipated and measured. Security policies
consist of statements ranking information risks, identifying acceptable security
goals and mechanisms for achieving these goals. The acceptance use policy
defines acceptable uses of the firms information resources and computing
equipment, whilst identity management identify valid users of a system and
controls their access to resources.
Disaster recovery and business continuity planning and auditing:
Disaster recovery: plans for the restoration of computing and communications
after they have been disrupted. It involves back up systems and recovery
services.
Business continuity planning: focuses on how the company can restore business
operations after a disaster strikes.
MIS auditing examines the firms overall security environment as well as controls
governing individual information systems. Security audits review technologies,
procedures, training and personnel.
Technologies and tools for protecting information resources:
Identity management and authentication:
Identity management keeps track of its sets of users and their system privileges
whilst authentication is the ability to know that a person is who he or she claims
to be. Authentication can be in the form of passwords, tokens, smartcards and
biometric authentication (eye scans, finger prints, voice).
Firewalls, intrusion detection systems and antivirus software:
Firewalls prevent unauthorised users from accessing private networks. They act
as a gatekeeper who examines each users credentials before access into a
network.
Intrusion detection systems are full time monitoring tools placed at the most
vulnerable points of corporate networks to detect and deter intruders continually.
They comprise of scanning software, which looks for patterns of computer attacks
(bad passwords) and monitoring software, which examines events as they are
happening.
Antivirus software: prevents, detects and removes malware. Effective only to
already known malware and must be updated continually to be effective.
Encryption and Public Key Infrastructure:
Encryption is the process of transforming plain text or data into cipher text that
cannot be read by anyone other than the sender and intended receiver.
There are two methods of encryption:

Secure Stockets Layer (SSL) enables the client and server computers to
manage encryption and decryption activities as they communicate with
each other
Secure hypertext transfer protocol (S-HTTP) limited to individual
messages
2 alternative methods of encryption:
Symmetric key encryption: the sender and receiver establish a secure
Internet session by creating a single encryption key and sending it to the
receiver so both share the same key.
Public encryption: uses 2 keys: one shared and one private. Data
encrypted with one key can only be decrypted using the other key.
Digital certificates are data files used to establish the identity of users and
electronic assets for protection of online transactions.
Security issues for cloud computing and the mobile digital platform:
Cloud computing is highly distributed as they reside in large remote data centres
and server farms that supply business services and data management for
multiple corporate clients. They are often used due to their low costs and all
cloud providers use encryption to secure the data they handle whilst the data is
being transmitted.
Mobile device management tools will be needed to authorise all devices in use so
that it maintains accurate inventory records on all mobile devices, users and
applications, to control updates to applications and to erase lost or stolen devices
so they cannot be compromised. All mobile device users should be required to
use the password feature found in every smartphone or strictly have employees
use company issued smartphones.

Week 8: Building information systems

Systems as planned organisational change:
There are 4 types of structural changes that are enabled by information
technology:
1. Automation: assists employees with performing task more efficiently and
effectively. It is able to reveal bottlenecks in production and to rationalise them to
form simple procedures.
2. Rationalisation of procedures: Involves streamlining standard operating
procedures where few manual steps are needed to increase efficiency and
effectiveness. Total quality management is the responsibility of the organisation
to continually improve the firms operations whilst six sigma is a specific measure
of quality that states that there are 3.4 defects per million opportunities.
3. Business process redesign: involves reorganising workflows, combining steps
to cut waste and eliminating repetitive, paper intensive tasks.
4. Paradigm shift: It involves a more radical change involving the redesign or the
entire organisation, unlike the previous 3 changes that target specific parts of the
business. It is the most risky to implement, however if successful will be the most
rewarding.
Business process redesign:
Business process management provides a variety of tools to analyse and
optimise existing processes:
Its steps include:
1. Identify processes for change: understanding what processes need
improvement
2. Analysing existing processes: identifying redundant steps, paper intensive
tasks and bottlenecks
3. Designing the new process: modelling the process in comparison to the old
process and the new process needs to be justified by showing how much it
reduces time and cost or enhances value
4. Implement the new process: translated into a new set of procedures and
problems identified
5. Continuous measurement: processes may deteriorate over time as employees
fall back on old methods or lose their effectiveness due to other changes.
The challenges of business process management are organisational resistance
and culture.
BPM software tools provide analytics for verifying that process performance has
been improved and for measuring the impact of the process changes on some
KPIs.
Overview of Systems Development:
Systems developments are the activities that go into producing an information
system solution to an organisational problem or opportunity.
1. System analysis: analysis of a problem that a firm tries to solve with an
information system. It consists of defining the problem, identifying its cause,
specifying the solution and identifying the information requirements that must be
met by a system solution determining feasibility.
2. System design: model of how the system will fulfil the objectives set out in
system analysis. The system design can include the participation of end users.
Completing the system:
3. Programming: system specifications from step 2 are translated into software
program code.
4. Testing: To determine whether the system will produce the right results. It is a
time consuming process that requires reviewing and correcting the system. There

are three types of testing that can be conducted: unit testing (testing each
program separately in the system), system testing (tests the functioning of the
system as a whole) and acceptance testing (certification for final use).
5. Conversion: This is the process of converting the old system into the new
system. (exam prep..)
6. Production and Maintenance: Production describes the installation and
complete conversion of the new system. Both users and specialists evaluate if
the system is meeting its intended objectives. This is followed by maintenance to
improve its efficiency and operations.

Modelling and Designing Systems: structured and object-oriented

methodologies:
1. Structured methodology:
The techniques in structured methodology are step-by-step and top down,
meaning that the tasks progress from the highest, most abstract level to the
lowest level of detail. The data flow diagram partitions a system into logical
modules and show manageable levels of detail.
A data dictionary contains information about individual pieces of data and data
groupings within a system. Process specifications describe the transformation
occurring within the lowest level of the data flow diagrams and Structure charts
are top-down charts showing each level of the overall design structure.
2. Object oriented development:
This utilises the object as the basic unit of systems analysis and design. An object
combines data and the specific processes that operate on those data. Programs
are responsible for transmitting messages for an object to perform an operation
that is already embedded in it. Objects belong to certain classes and have
features of that class. Objects are reusable and thus object-oriented development
could potentially reduce the time and cost of writing software because
organisations can reuse software objects that have already been created as
building blocks for other applications.
Computer Aided Software engineering (CASE TOOLS)
They provide software tools to automate methodologies to reduce the amount of
routine activities. They try to increase productivity and quality by enforcing a
standard development methodology, improving communication between users
and specialists, organising and correlating design components and automating
routine activities such as code generation, testing and control. The best CASE
tools enforce common methods and standards.
Alternative systems-building approaches:
Traditional Life Cycle:
This is an approach involves dividing systems development into formal stages. It
is costly, time consuming and inflexible. The waterfall approach strictly forces
firms to complete one stage before they can begin the next stage.
Prototyping:
Prototyping consists of building an experimental system rapidly and
inexpensively for end users to evaluate. It is a working version of an information
system and a preliminary design. The process of building a preliminary design,
trying it out and refining it is called the iterative process (agile process) because
the steps required to build a system can be repeated over and over again.
Steps in prototyping:

1. Identify the users basic need

2. Develop an initial prototype quickly using rapid generating software
3. Allow the end users to use and evaluate the prototype is it meeting the
users needs?
4. Revise and enhance the prototype: the system builder accommodates
recommended user changes
Advantages and Disadvantages of prototyping:
Most useful for designing end user
Speed of prototyping can cut corners
interface
End user development:
Refers to the information systems that are developed by end users with little
assistance from technical experts. Fourth generation language tools facilitate this
development as they enable end users to develop software applications with
minimal technical assistance. They are non-procedural in that they provide the
specifics on what has to be accomplished instead of detailed procedures.
An example of a fourth generation language tool is query language. They are
software tools that provide immediate online answers to requests for information.

Application software packages and outsourcing:

Application software packages can fulfil most of an organisations requirement
and save a firm time in having to develop and write their own. However, its
drawback is that it may not cater to the specific or specialised needs of the
business. Through customisation tools, firms can modify packaged software to
meet certain criteria without destroying the integrity of the packaged software.
Customisation is expensive and time consuming, thus a trade off between
purchasing timely packaged software and customising packaged software exists.
Firms can also outsource tasks to an external organisation that specialises in
providing that service. The benefits of this are that it is inexpensive and allows
the firm to focus on its core activities. The drawbacks are that it may be time
consuming to establish or transfer work to an offshore or domestic partner, and
the difficulty in ensuring that the external vendor understands the firm.
Application development for the digital firm:
1. Rapid Application Development (RAD)
RAD describes the process of creating workable systems in a short period of time.
It includes tools such as Joint Application Design (JAD), which are techniques
that bring together end users and technical specialists - used to accelerate the
generation of information requirements and develop the initial systems design.
Agile development, on the other hand, focuses on rapid delivery of working
software by breaking a large project into a series of small subprojects that are
completed in short periods of time using iteration and continuous feedback. It
emphasises face-to-face communications over written documents, and
encourage people to collaborate and make quick and effective choices.
2. Component based development and web services:
Component based developments are groups of objects that have been assembled
to provide software components for common functions such as graphical user
interface and online ordering capabilities. Whilst web services and service
oriented computing enable one application to communicate with another with no
customer programming required to share data and services. It is used as a tool
for building new information system applications or to enhance existing systems.

3. Mobile application development:

Mobile apps are mainly designed for usability. Responsive web designs enable
web sites to automatically change layouts according to the visitors screen
resolution. It eliminates the need for separate design and development work for
each new device. With a responsive design, users across a broad range of
devices and browsers will have access to a single source of content.