Académique Documents
Professionnel Documents
Culture Documents
Strategic Competition:
1. Unique value proposition (client appreciated functionality)
2. Tailored activities
3. Clear tradeoffs
4. Activities fit together in an integrated system
5. Continuity of position but consistent improvement
Over the past decades, the advent of powerful relatively inexpensive, easy-to-use computers
has had a major impact on business. Increasing global competitiveness has forced companies
to find ways to be better and to do things less expensively à use information systems.
Digital world à information and related technologies and systems have become very
important to us and knowledge workers are vital.
Downside to being a knowledge worker and to living in the digital world:
Digital divide = where those with access to information technology have great advantages
over those without access to information technology. This is one of the major ethical
challenges facing society today.
Digital divide in America is rapidly shrinking, but there are still major challenges to
overcome: rural communities, elderly, people with disabilities and minorities. Also
developing countries have more difficulties where infrastructure and financial resources are
lacking.
Opportunities of operating in the Digital World:
· Falling Transportation Costs
· Falling Telecommunication Costs
· Reaching Global Markets
· Accessing a Global Labour Pool
Alvin Toffler describes the three distinct phases or waves of change that have taken place or
are presently taking place within the world’s civilizations.
First wave of change = a civilization based on agriculture and handwork, that replaced
hunter-gatherer cultures and lasted for thousands of years.
Second wave of change = the industrial revolution, overlapped with the first wave.
Third wave of change = information age. Information became the currency of the realm. The
printing press gave birth to the information age. The information age is the biggest wave of
change.
Computer literacy = knowing how to use a computer. Very important today, because there
are few occupations where computers are not somehow in use.
Computer fluency = the ability to independently learn new technologies as they emerge and
assess their impact on one’s work and life – is what will set you apart in the future. (Many
argue that computer literacy is not sufficient today, need of fluency)
Information systems = use information technology to connect, create and distribute useful
data.
Information technology = hardware, software and telecommunications networks.
Hardware = the physical computer equipment (computer, tablet, etc.)
Software = program or set of programs that tell the computer to perform certain tasks.
Telecommunications networks = group of two or more computer systems linked together
with communications equipment.
Many using the terms IS and IT synonymously, consequently the difference is shrinking.
Information systems use information technology to collect, create and distribute useful data.
Data = unformatted data, raw symbols such as words and numbers. This data does not have
a meaning and are of little value until processed. A key consideration of assessing whether
data are reliable for making decisions is data quality, consisting of completeness, accuracy,
timeliness, validity and consistency.
Information = data can be formatted, organized or processed to be useful; it is transformed
into information, which can be defined as a representation of reality and can help to answer
questions about who, what, where and when. Without information systems, it would be
difficult to transform raw data into useful information.
Knowledge = ability to understand information, form opinions and make decisions or
prediction based on the information. In order to actually use information, knowledge is
needed.
Good IS personnel possess valuable, integrated knowledge and skills in three areas:
1. Technical competency: knowledge and skills in hardware, software, networking and
security. Is the most difficult to maintain because of the rapid pace of technological
innovation in the digital world.
2. Business competency: the nature of the business. IS professionals must also be able
to understand and manage people and projects, not just technology.
3. Systems competency: Those who understand how to build and integrate systems and
how to solve problems will ultimately manage large, complex systems projects as
well as manage those in the firm who have only technical knowledge and skills.
Finding qualified personnel à difficult. Consequently, many technology-focused
organizations tend to cluster in areas where talented workers are available. With increasing
globalization, other regions throughout the world are boasting about their highly skilled
personnel. Other human resource policies, such as telecommuting, flex-time and creative
benefit packages, can also help to attract and retain the best employees.
Information systems do not exist in a vacuum; they are built and or used within a certain
context. Organization use IS to become more productive and profitable, to gain competitive
advantage, to reach more customers or to improve customer service.
Today, many organizations have replaced standalone systems with enterprise systems that
span the entire organization:
Internetworking = connecting host computers and their networks together to form even
larger networks like the internet
System integration = connecting separate information systems and data to improve
business processes and decision making.
Personnel within many IS units have taken on more of a consulting relationship with their
users, helping the users solve problems, implement ides and be more productive. These
service-oriented IS units structure the IS function so that it can better serve the customer.
Technology use can enable efficiency and while IS must provide a return on investment,
technology use can also be strategic and powerful enabler of competitive advantage.
Firms of all types and sizes can use information systems to gain or sustain a competitive
advantage over their rivals.
Some argue that as IS have become standardized and ubiquitous, they are now more of a
commodity that is absolutely necessary for every company and companies should focus
information technology strictly on cost reduction and risk mitigation and that investing in IT
for differentiation or for competitive advantage is futile.
IS are necessary part of doing business and that they can be used to create efficiencies, but
they can also be used as an enabler of competitive advantage. Competitive advantage from
the use of IS can be fleeting, as competitors can eventually do the same thing.
A broad range of ethical issues have emerged through the use and proliferation of
computers. Computer ethics = moral issues and standards of conduct as they pertain to the
use of information systems.
With the societal changes brought about by IS, the issues surrounding privacy have moved
to the forefront of public concern; in addition, the ease of digitally duplicating and sharing
information has raised not only privacy concerns, but also issues related to intellectual
property.
Information privacy = what information an individual should have to reveal to others in the
workplace or through other transactions, such as online shopping.
There are limits to what a company can do with data. A problematic case is the combination
of survey data with transaction data from your credit card purchases. Just because people
provide data at different points does not mean that they agree for the data to be combined
to create a holistic picture. Companies are often walking a fine line, as information about
customers is becoming increasingly valuable.
In today’s interconnected world, there are even more dangers to information privacy. There
are things that you may not be able to control.
Companies operating in the online world are not required by law to respect your privacy.
Another set of ethical issues centers around intellectual property and the easily download,
copy and share or distribute digital information.
Digital media allows for lossless duplication.
Many businesses have devised guidelines for the ethical use of information technology and
computer systems.
Business processes = the activities organizations perform in order to reach their business
goals, including core activities that transform inputs and produce outputs and supporting
activities that enable the core activities to take place.
Organizational Decision-Making levels:
1. Executive/Strategic Level: Upper management
2. Managerial/Tactical level: Middle management
3. Operational level: Operational employees, foremen, supervisors.
Executive/strategic level = managers focus on long-term strategic questions facing the
organization, such as which products to produce, which countries to compete in and what
organizational strategy to follow.
Unstructured decisions = the decisions at executive level which are with complex problems
with broad and long-term ramifications for the organization. Problems are relatively
complex and non-routine. For unstructured decisions a few or no procedures to follow for a
given situation can be specified in advance.
Operational level = the routine, day-to-day business processes and interactions with
customers occur. à IS at this level are designed to automate repetitive activities, such as
sales transaction processing, and to improve the efficiency of business processes at the
customer interface.
· Who? Foremen and supervisors
· What? Automate routine and repetitive activities and events
· Why? Improve organizational efficiency
Transaction = anything that occurs as part of a firm’s daily business of which it must keep a
record.
Structured decisions = those in which the procedures to follow for a given situation can be
specified in advance. Structured decisions are relatively straightforward, they can be
programmed directly into operational information systems so that they can be made with
little or no human intervention.
IS are typically used to increase efficiency at operational level.
Functional area information systems = the organizational functions and examples of the
types of information systems that are commonly used. These are designed to support the
unique business processes of specific functional areas.
There are three general ways the information system can provide value:
1. To automate – doing things faster (least business value added)
technology as a way to help complete a task within an organization faster, more cheaply and
perhaps with greater accuracy and/or consistency.
2. To learn – doing things better
the ability of an organization to use past behaviour and information to improve its business
processes.
- Information systems can track and identify trends and seasonality
- Managers can use this to plan staffing levels and cross-training
3. To execute organizational strategy – doing things smarter (most value added)
a firm’s plan to accomplish its mission and goals as well as to gain or sustain competitive
advantage over rivals.
- Firms have competitive strategy
- Information systems should be implemented that support that strategy
à low cost strategy implies IS to minimize expenses
à high-quality strategy implies IS to support ensuring excellent quality and minimal
defects.
These three ways are not necessarily mutually exclusive, but we believe that each is
progressively more useful to the firm and thus adds more value to the business.
Low-cost leadership strategy = offering the best prices in its industry on its goods/services.
Differentiation strategy = provide better products or services than its competitors.
Five general types of organizational strategy:
Resources = the organization’s specific assets that are utilized to create cost or product
differentiation from their competitors.
Capabilities = the organization’s ability to leverage these resources in the market place.
Distinctive competencies = provided by the resources and capability, which help t pursue
the organizational strategy and make the organization’s product valuable to its customers
relative to its competitors. (innovation, agility, quality, low cost)
Value creation = occurs when an organization can provide products at a lower cost or with
superior (differentiated) benefits to the customer. This is how organizations gain a
competitive advantage.
Companies can gain or sustain each of these sources of competitive advantage by effectively
using information systems.
Successful managers now think of IS as competitive asset to be nurtured and invested in and
think of them as an enabler of opportunities and mechanism for supporting or executing
their business model.
10
11
Revenue model = how the firm will earn revenue, generate profits and produce a superior
return on invested capital.
Typical revenue models for E-businesses (table 2.5):
· Affiliate marketing = paying businesses that bring or refer customers to another
business. Revenue sharing is typically used. (Amazon.com)
· Subscription = users pay a monthly/yearly recurring fee for the use of
product/service (Netflix.com)
· Licensing = users pay a fee for using protected intellectual property
· Transaction fees/brokerage = a commission is paid to the business for aiding in the
transaction (Norton)
· Traditional sales = a consumer buys a product/service from the web site (eBay.com)
· Web advertising = a free service/product is supported by advertising displayed on
the website (Facebook.com)
Freeconomics = the leveraging of digital technologies to provide free goods and services to
customers as a business strategy for gaining a competitive advantage. Free products are the
future.
Yahoo! Makes millions from its free web based e-mail service – as the cost of storage has
dropped, revenue per user has increased.
Consumer uses Google’s free service to search for flowers à consumer clicks on sponsored
link à consumer is redirected to advertiser’s web page à advertiser fulfils order +
advertiser pays Google.
· Free does not mean no profit:
à Google gives away search
à Users give Google search results their attention:
This can include attention to sponsored links, Google sells space for sponsored links
à Advertisers pay Google for the attention to sponsored links:
Some users convert into customers; customers pay advertising firms for their products.
General approaches for applying Freeconomics to various industries:
· Advertising = free services are provided to customers and paid for by a third party
· Freemium = basic services are offered for free, but a premium is charged for special
features
· Cross subsidies = sale price of one item is reduced in order to sell something else of
value
· Zero marginal cost = products are distributed to customers without an appreciable
cost to anyone
· Labour exchange = services are provided to customers; the act of using the services
creates value for the company
· Gift economy = people participate and collaborate to create value for everyone
12
13
Successful innovation is difficult: Innovation is often fleeting, risky and innovation choices
are often difficult.
Disruptive innovations =
technologies, products or
services that eventually
surpass the existing
dominant technology or
product in the market.
Disruptive innovation
cycle à key to success for
modern organizations is
the extent to which they
use information
technologies and systems
in timely, innovative ways.
14
System software = the collection of programs that control the basic operations of computer
hardware. à Operating systems = coordinate the interaction between users, application
software, hardware and peripherals. Example: Windows, OS X.
The operating system provides a common layer for different underlying devices, so that
applications only have to be developed for different operating systems, rather than for each
different model.
15
Networking:
- Human communication = the sharing of information and messages between senders and
receivers. (1. Sender develops and codes message 2. Sends message 3. Receiver receives and
decodes message)
- Computer networking = the sharing of date or services. (1. Coding message 2. Sending
message 3. Receiving and decoding message)
Network requires:
1. Sender (source) and receiver (destination) that have something to share (message)
2. A pathway or transmission medium to send the message
3. Rules or protocols dictating communication between
senders and receivers.
Servers
- Host (serve up) data, databases, files, applications, web
sites, video and other content for access over the network
Clients
- Consume hosted resources
Peers
- Serve and consume resources, both a server and a client
interacting with similar computers
16
Vicious circle: New hardware enables more powerful software; more powerful software
often requires new hardware.
17
Demand fluctuations
· Many companies face demand fluctuations
- seasonal fluctuations (e.g. December holidays)
- monthly fluctuations (month-end spikes)
· Demand fluctuations create inefficiencies
- some estimate up to 70% of IS capacity only used 20% of the time
- IS infrastructure is typically not readily scalable
à changing internal capacity takes time
à cloud computing may be the answer
Cloud computing = a way to allocate resources much like a utility sells power.
· Resources are used ‘on-demand’, as needed
· Customers only pay for what they consume (measured service)
· Resources can be rapidly allocated and reallocated
· Consumption becomes an operating expense
· % utilization and efficiency increase dramatically
18
Public clouds = can be used by any interested party on a pay-per-use basis. Often used for
applications that need rapid scalability (ability to adapt to increases/decreases in demand
for processing/data storage) or in cases where there is insufficient capital or other resources
to build or expand an IT infrastructure.
Private clouds = internal to an organization and can help the organization to balance
demand and supply of computing resources within the organization. High degree of
customizability, flexibility and control over data and application.
Organizations have to consider various issues when managing their cloud infrastructure:
Openness, viability, scalability, privacy, costs, compliance, diversity of offerings, security,
reliability, availability.
Service-oriented architecture (SOA) = business processes are broken down into individual
components (or services) that are designed to achieve the desired results for the service
consumer. Organizations can more swiftly react to changing business needs. Using SOA,
multiple applications can invoke multiple services.
Content delivery networks = store copies of content closer to the end user.
IP convergence = use of internet protocol for transporting voice, video, fax and data traffic
has allowed enterprises to make use of new forms of communication and collaboration.
Voice over IP (VoIP) = use of internet technologies for placing telephone calls.
Videoconferencing over IP.
Green computing = helping to use computers more efficiently, doing the same (or more)
with less.
19
EC business models:
· Business-to-consumer (B2C) = transactions between business and their customers
· Business-to-business (B2B) = transactions among business
· Consumer-to-business (C2B) = transactions between customers and businesses
· Consumer-to-consumer (C2C) = transactions between people not necessarily working
together.
All of the above types of EC are in the private sector.
EC Business strategies
20
Benefits of e-tailing:
· Product benefits: with no store size and shelf space restrictions, companies can sell a
far wider variety of goods
· Place benefits: internet storefronts are available on almost every computer
connected to the internet
· Price benefits: online retailers are efficient, with high volumes and low overhead
allow for very competitive pricing
· The long tail: catering to niche markets in addition to (or instead of) purely selling
mainstream products.
Drawbacks of e-tailing:
· Trust
This is especially a concern for new online businesses without a proven track record
· Direct product experience
E-tailing doesn’t provide sensory information
· Product delivery and returns
Except for direct downloads, e-tailing requires additional delivery time for product
Returns may also be a hassle, compared to just going to the store
21
EC web sites: attracting and retaining online customers – four key recommendations:
1. The web site should offer something unique
2. the web site must motivate people to visit, to stay and to return
3. You must advertise your presence on the web
4. You should learn from your web site
Internet marketing à if you build it, they won’t come unless you market it. Search engine
optimization (SEO) can be critical to a website’s success.
22
Search Engine Optimization (SEO) = SEO attempts to improve a page’s ranking in search
engines like google. Techniques include having other pages link to the page, keeping content
updated, and including key words.
Mobile EC
· Location based m-commerce
Services can be offered tailored to a person’s needs based on their current location
· Information on the Go
Customers can get further information about a product wherever they are, including
in the store, but this can lead to “showrooming”= shoppers coming into a store to
evaluate the look and feel the product, just to then purchase it online or at a
competitor’s store.
· Product and content sales
Consumers use mobile apps to make purchases while on the go
C2C EC
· E-Auctions
- Individual sellers can sell or barter items at online auctions
- Consumers place bids
- examples: ebay.com and swap.com
- revenue model based on small transaction fees, highly profitable
· Online classifieds
- just advertising, no online transactions
- free cycling = giving away goods for free to anyone who is willing to pick them up
- example: craigslist.com
C2C opportunities:
· Consumers can buy and sell to broader markets
· Elimates the middleman that increases the final price of products and services
· Always available for consumers, 24/7/365
· Market demand is an efficient mechanism for setting prices in the electronic
environment
· Increases the numbers of buyers and sellers who can find each other
C2C threats:
· No quality control
· Higher possibility of fraud
· Harder to use traditional payment methods (checks, cash, ATM cards)
23
C2B EC
· Relatively new phenomenon, consumers can sell small pieces of work (e.g. photos) or
services to businesses
· It might be argued that anyone who made a living doing this is actually in business for
themselves, so may be a B2B.
E-banking
· Online banking and electronic bill services
- convenience
- security concerns
- mobile banking
· Online investing
- increased access to financial information and analytical tools
- online investing
- mobile investing
24
Electronic meeting system (EMS) = sophisticated software tool used to help group members
solve problems and make decisions through interactive structured processes such as
electronic idea generation, idea evaluation and voting.
Web 2.0 application = allow people to collaborate and share information online, shifting a
web user’s role from a passive consumer of content to its creator.
Mashup = new application that uses data from one or more service providers.
Enterprise 2.0 = the use of social media within a company’s boundaries or between a
company and its customers or stakeholders.
Blogging = process of creating an online text diary
Instant messaging = enables real-time written conversations.
Virtual world = people communicate by the use of avatars.
Social bookmarking = allowing users to share internet bookmarks and to create
categorization systems.
Social cataloguing = creation of a categorization system by users
Tagging = manually adding metadata to media or other content.
Metadata = data about data.
Geotagging = adding geospatial metadata to media.
25
The ability to create, edit or delete content, view prior versions, revert any changes and
discuss article content and suggested changes are key to the creation of high quality content
by a community à Wiki.
Social online communities = individuals with a broad and diverse set of interests meet,
communicate and collaborate here.
26
Various factors have to be taken into account for successful enterprise 2.0 applications:
· Enterprise is not web
· Culture
· Organizational context (i.e. purpose, goals)
· Organizational hierarchies (i.e. organizational structures, top management support)
· Network effects and critical mass
· Generation gap
· Technological inertia (both individual as well as organizational)
· Technological integration (portfolio and architecture management)
· Security
· Time and resources
27
Enterprise resource planning (ERP) = the most enterprise-wide information systems. Make
accessing information easier by providing a central information repository, giving personnel
access to accurate, up-to-date information throughout the organization.
ERP control = locus of control over the computing systems and data contained in those
systems, as well as decision making authority.
ERP core components = support the important internal activities of the organization for
producing its products and services. These components support internal operations such as
financial, operations and human resource management.
ERP extended components =support the primary external activities of the organization for
dealing with suppliers and customers. Focus primarily on supply chain management and
customer relationship management.
28
29
30
2. Understanding Big Data, Business are dealing with the challenge of Big Data:
· High volume
Unprecedented amounts of data
· High Variety
Structured and unstructured data
· High velocity
Rapid processing to maximize value
3. Effective planning is continuous
Continuous planning process = organizations continuously monitor and analyse data
and business processes; the results lead to ongoing adjustments to how the
organization is managed, but these results are also reflected in ongoing updates to
the organizational plans. It is only through timely and accurate business intelligence
that continuous planning can be executed.
31
32
33
Data mining = complements OLAp in that it provides capabilities for discovering ‘hidden’
predictive relationships in the data. Computer algorithms running on large data warehouses.
Algorithm = step-by-step procedures used in a computer program to make a calculation or
perform some type of computer-based process.
- Computer algorithms running on large data warehouses
- Types of data mining algorithms:
· Association discovery = technique used to find associations or correlations among
sets of items.
· Clustering = process of grouping related records together on the basis of having
similar values for attributes, thus finding structure in the data
· Classification = used when the groups are known beforehand, and records are
segmented into these classes.
· Text mining = use of analytical techniques for extracting information from textual
documents
· Web content mining = extracting textual information from web documents
· Web usage mining = used by organizations to determine patterns in customers’
usage data.
34
· Intelligent systems
- Machine learning (e.g. neural networks) = branch of artificial intelligence that
allows systems to learn by identifying meaningful patterns when processing massive
amounts of data.
- Neural networks = approximate the functioning of the brain by creating common
patterns in the data and then comparing new data to learned patterns to make a
recommendation
35
- Expert systems (ES) = type of intelligent system that uses reasoning methods based
on knowledge about a specific problem domain in order to provide advice, much like
a human expert.
Architecture of an Expert System:
- Intelligent agents = program that works in the background to provide some service
when specific events occurs. There are several types of agents for use in a broad
range of contexts, including the following:
1. User agents = agents that automatically perform a task for a user.
2. Buyer agents (shopping bots) = agents that search to find the best price for a
particular product you wish to purchase
3. monitoring and sensing agents = agents that keep track of key data, notifying the
user when conditions change
4. data mining agents = agents that continuously analyse large data warehouses to
detect changes deemed important by a user, sending a notification when such
changes occur
5. Web crawlers = agents that continuously browse the web for specific information
– web spiders.
6. Destructive agents = malicious agents designed by spammers and other internet
attackers to farm e-mail addresses off websites or deposit spyware on machines.
· Knowledge management systems = the processes an organization uses to gain the
greatest value from its knowledge assets.
knowledge assets = the underlying skills, routines, practices, principles, formulas,
methods, heuristics and intuitions whether explicit or tacit.
Explicit knowledge = easily codified and documented
Tacit knowledge = embossed in people’s minds, hard to get at, important for the
best practices.
Goal: gain the greatest value from knowledge assets.
Social network analysis = technique that maps people’s contacts to discover connections or
missing links within the organization. Can help to analyse collaboration patterns.
36
Information Visualization
· Dashboards
- Comprised of key performance indicators (KPIs)
- Visual display of summary information
- Aid in situational awareness and decision making
· Visual analytics
- interactive graphics for complex analysis
· Geographic information systems = system for creating, storing, analysing and
managing geographically referenced information.
- Visualizing geographic information
- various industries: agriculture, banking, disaster response, environment and
conservation, insurance, government, law enforcement, marine biology, media, etc.
· 3D – virtual reality
Functional structure:
STRENGHTS WEAKNESSES
Allows economies of scale within functional Slow response time to environmental
departments changes
Enables localized knowledge and skill May cause decisions to escalate
development unnecessarily
Enables organization to accomplish Leads to poor horizontal coordination
functional goals among departments
Works best with limited product lines Less innovative (in terms of cross-dept idea
generation)
Restricted view of organizational goals
37
For pursuing chosen strategy, what will differentiate successful companies from
unsuccessful ones? à Difference is made by thinking in business processes.
Consequence: chosen competitive advantage strategy determines the business process
38
2. Procure-to-pay = the process of ordering goods or services and paying for them.
Functional areas in Pocure-to-Pay:
- Supply chain management
- Accounting and Finance
- Manufacturing and operations
39
Value system = information flows from one company’s value chain to another company’s
value chain
40
41
42
43
Getaways:
· Exclusive Decision / Merge
- Indicates locations within a business process where the sequence flow can
take two or more alternative paths
- Only one of the paths can be taken
- Depicted by a diamond shape that may contain a marker that is shaped like
an X
· Parallel Fork / Join
- Provide a mechanism to synchronize parallel flow and to create parallel
flow
- Depicted by a diamond shape that must contain a marker that is shaped
like a plus sign, +.
44
HEURISTIC DESCRIPTION
Activity elimination Eliminate unnecessary activities from a business process: is
activity X adding value?
Activity composition Combine small activities into composite activities and divide
large activities in workable small activities
Contact Reduction Reduce the number of contacts with customers and third parties
Activity Automation Consider automating activities
Re-sequencing Move activities to more appropriate places
Parallelism Consider whether activities may be executed in parallel
Outsourcing Consider outsourcing a business process completely or parts of it
Interfacing Consider a standardized interface with customers and partners
As- Is and To-Be as illustrated in the Ford Case Study. The illustrated model is not a BPMN
process model!
Ideally:
- Time decreases
- Cost lowers
- Quality improves
- Flexibility increases
45
Supply chain = A collection of companies and processes involved in moving a product from
the suppliers of raw materials to the suppliers of intermediate components, then to the final
production and ultimately to the customer.
à Referred to as a ‘chain’ as one supplier feeds into the next, then the next, then the next.
à A ‘network’ more accurate because businesses have multiple suppliers, who have
multiple suppliers.
A typical supply network:
46
Business-to-business market places = operated by third-party vendors, they are built and
maintained by a separate entity rather than being associated with a particular buyer or
supplier.
Vertical markets = markets comprised of firms operating within a certain industry sector.
Supply chain planning (SCP) = the development of various resource plans to support the
efficient and effective production of goods and services. Four key processes are generally
supported by SCP modules:
1. Demand planning and forecasting
2. Distribution planning
3. Production scheduling
4. Inventory and safety stock planning
47
Supply chain execution = the execution of SCP. SCE puts the SCM planning into motion and
reflects the processes involved in improving the collaboration of all members of the supply
chain.
SCE focuses on the efficient and effective flow of products, information and finances along
the supply chain.
Supply chain visibility = the ability not only to track products as they move through the
supply chain but also to foresee external events.
Supply chain analytics = use of key performance indicators to monitor performance of the
entire supply chain.
Today’s empowered customers have many ways to obtain and spread information and
opinions about companies.
Customer relationships:
· Widen = attract new customers
· Lengthen = keep current customers satisfied
· Deepen = transform minor customers into profitable customers
Companies have to realize that a successful CRM strategy must include enterprise-wide
changes, including changes to:
· Policies and business processes
· Customer service
· Employee training
· Data collection, analysis and sharing
Developing a CRM strategy:
48
49
Technology in itself does not improve productivity, but the way it is applied in an enterprise
does.
Keep in mind: a series of problems that limit the paradox’s applicability in practice.
Factors leading to IS productivity paradox:
· Measurement
· Time lags
· Redistribution
· Mismanagement
50
51
Open source software = the program’s source code is freely available for use and/or
modification. It owes its success to the inputs from a large user base, helping to fix problems
or improve the software.
· Products whose source code is open (i.e. public) often maintained by community of
volunteers
· While so called distributions often come with licenses, the base product is free to use
and change
· Cost effective and customizable alternative to proprietary, commercial products
while still based on tested ‘best practice’
System development life cycle (SDLC) = describes the life of an information system from
conception to retirement. The System Development Life Cycle has 4 phases:
1. System planning and selection
2. System analysis
3. System design
4. System implementation and operation
52
2. Systems analysis
· Requirements
- Requirements determination
- Requirements management
· Modelling
- Data
- Processes and logic
- UML: most useful à use case. Advanced à states, classes, sequences, activities
Key system requirements:
· Functional requirements:
- Define the provided services
- Describe the system functionalities
- Describe the system behaviour
- Describe the system reactions
· Non-functional requirements
- Specification of quality of services
- Constraints on the services (e.g. timing constraints, fault tolerance, exception
handling)
3. Systems design
· Translation of the analyses’ results into a blueprint for the system
· Layers of the system
- Human-computer-interaction
- Processing and logic
- Data (and files) and databases
Design artefacts:
· HCI: wireframes, interface mock-ups
· Process and logic: flow charts, click-troughs
· Database: master data, object relations
53
5. Systems maintenance
· Types of maintenance:
- Corrective (e.g. bug fixes)
- Adaptive (e.g. updating UI to enhance processing flow)
- Preventive (e.g. security issues)
- Perfective (e.g. bells and whistles)
· Documentation as important as with development
· Traceability and ability to roll-back
· Distribution / patch management
· Can be seen as an SDLC-cycle in itself
6. Systems retiring
· Picks up portfolio perspective from (1) again
· Identifies applications not / no longer required
· Important to keep portfolio clean and remove complexity
· Plan retirement carefully
- Diligent work in steps (1-4) essential for effective retiring
54
55
ERP control & ERP business requirements VS ERP Core Components & Extended
Components
ERP installation
· The implementation and operation equivalent
of the buy decision
· Be advised of limitations!
- The plain vanilla fallacy
· Interested?
- Managing technological change
Five recommendations:
· Secure executive sponsorship
· Get help from (outside) experts
· Thoroughly train users
· Multidisciplinary implementation
· Evolve the implementation
56
Professionalize password use: (1) Longer than 8 characters (2) multiple passwords (3)
exclude dictionary words / repeating letters/symbols.
Unauthorized access = whenever people who are not authorized to see, manipulate or
otherwise handle information look through electronically stored information for interesting
or useful data, peek at monitors displaying proprietary or confidential information or
intercept electronic information on the way to its destination.
Insider threats = trusted adversaries who operate within an organization’s boundaries and
are a significant danger to both private and public sectors.
Backdoors = hidden access points allowing for unauthorized access.
57
With the popularity of mobile devices like smartphones and tablets, many additional security
threats have emerged. Mobile threats:
· Individuals lose their mobile devices and don’t have capabilities to remotely wipe
data from the device
· Individuals keep sensitive data on mobile devices and do not use passcodes
· Individuals ‘jailbreaking’ their mobile phones. Jailbreaking = modify the operating
system to remove manufacturer or carrier restrictions
· Individuals use poorly designed mobile applications that can have security
vulnerabilities
· Individuals use unsecure wireless networks, leaving their devices vulnerable to
different types of attacks
58
· Internet hoax = a false message circulated online about new viruses. In most cases,
the consequences of passing on a hoax will be small and your friends will just ridicule
you; in other cases, spammers use such hoaxes to harvest e-mail addresses to
identify future targets.
· Cookies = small text file passed to a web browser on a user’s computer by a web
server. The browser then stores the message in a text file and the message is sent
back to the server each time the user’s browser requests a page from that server.
· Rise of botnets = destructive software robots called bots, working together on a
collection of zombie computers via the internet (called botnets) have become the
standard method of operation for professional cybercriminals. Attacks using are
emerging into a global supply chain of highly specialized criminals.
· Identity theft = stealing of another’s person’s Social Security number, credit card
number and other personal information for the purpose of using the victim’s credit
rating to borrow money, buy merchandise and otherwise run up debts that are never
repaid.
Cyber harassment = a crime in many states and countries, broadly refers to the use of
computer to communicate obscene, vulgar or threatening content that causes a reasonable
person to endure distress.
Cyberstalking = repeated contacts with a victim. Cyberstalking can take many forms.
Cyberbullying = deliberately cause emotional distress in the victim.
Online predators = target vulnerable people, usually the young or old, for sexual or financial
purposes
Software piracy
Patents = process, machine or material inventions.
Copyrights = creations of the mind such as music, literature and software.
Reverse engineering = when computer criminals disassemble the software
Key generators = can be used to generate fake license keys to circumvent the protection
mechanism.
In many parts of the world, using pirated software is a common practice.
Cybersquatting = the dubious practice of registering a domain name and then trying to sell
the name for big bucks to the person, company r organization most likely to want it.
59
Cyberwar Vulnerabilities
Cyberwar = an organized attempt by a country’s military to disrupt or destroy the
information and communication systems of another country. Cyberwar is often executed
simultaneously with traditional methods to quickly dissipate the capabilities of an enemy
and intelligence agencies from countries around the world are secretly testing networks and
looking for weaknesses in their potential enemies’ computer systems.
Goal cyberwar: turn the balance of information and knowledge in one’s favour in order to
enhance one’s capabilities while diminishing those of an opponent.
Cyberwar à uses technologies to intrude into an enemy’s IS infrastructure in order to
diminish various capabilities, including the following:
· Command-and-control systems
· Intelligence collection, processing and distribution systems
· Tactical communication systems and methods
· Troop and weapon positioning systems
· Friend-or-foe identification systems
· Smart weapons systems
Web vandalism = can occur by simply defacing web sites.
Patriot hackers = independent citizens or supporters of a country that perpetrate attacks on
perceived or real enemies.
Stuxnet = computer worm designed to find and infect a particular piece of industrial
hardware inside Iranian nuclear plants.
Cyberterrorism = use of computer and networking technologies against persons or property
to intimidate or coerce governments, civilians or any segment of society in order to attain
political, religious or ideological goals.
Threats to IS security
The primary threats to the security of information systems include:
· Natural disasters: power outrage, hurricanes, floods
· Accidents: inexperienced or careless computer operators
· Employees and consultants: people within an organization who have access to
electronic files
· Links to outside business contacts: electronic information that can be at risk when it
travels between or among business affiliates as part of doing business
· Outsiders: hackers and crackers who penetrate networks and computer systems to
snoop or to cause damage.
60
Information system security = precautions taken to keep all aspects of information systems
safe from destruction, manipulation or unauthorized use or access, while providing the
intended functionality to legitimate users.
Securing against these threats must consider these primary goals:
· Availability
Ensuring that legitimate users can access the system
· Integrity
Preventing unauthorized manipulations of data and systems
· Confidentiality
Protecting data from unauthorized access
· Accountability
Ensuring that actions can be traced
à AIC
The process of Information Security
Assessing IS risks
Information systems risk assessment à to obtain an understanding of the risks to the
availability, integrity and confidentiality of data and systems.
Threats = undesirable events that can cause
harm and can arise from actions performed
by agents internal or external to the
organization.
Vulnerabilities = weaknesses in an
organization’s systems or security policies
that can be exploited to cause damage and
can encompass both known vulnerabilities
and expected vulnerabilities.
61
62
63
64
Filter traffic:
- Incoming and/or outgoing traffic
- Filter based on traffic type
- Filter based on traffic source
- Filter based on traffic destination
- Filter based on combination of parameters
65
Monitoring security
Organizations should monitor internal and external threats and vulnerabilities to ensure the
effectiveness of there is controls.
· Monitoring external events
- Information sharing and analysis centers, unites states computer emergency
readiness team
· IS auditing
- External entity reviews the controls to uncover any potential problems
· Sarbanes-Oxley act
- Best practices: Control Objectives for Information and related Technology (COBIT)
- COBIT = set of best practices that helps organization both maximize the benefits
from there is infrastructure and establish appropriate controls.
· Responding to security incidents
- Ability to rapidly respond
· Computer forensics
- use of formal investigative techniques to evaluate digital information for judicial
review.
- honeypot = a computer, data or network site that is designed to be enticing to
crackers so as to detect, deflect or counteract illegal activity.
- Examining the computers of crime victims for evidence
- Auditing computer activity logs
Sarbanes-Oxley Act
The Sarbanes-Oxley (S-OX) Act addresses financial controls
· Companies must demonstrate that controls are in place
· Companies must preserve evidence documenting compliance
· Information systems typically used to meet compliance requirements
· Growing need for IS auditors
Course Closure:
· Technological progress improves economy of scale; productivity frontier
· Technological innovations initiate change
· The winner takes all (Facebook, Zalando, top 10 tech billionaires)
66