Vous êtes sur la page 1sur 67


Summary Information System Management

Information Systems Management (Rijksuniversiteit Groningen)

StuDocu is not sponsored or endorsed by any college or university

Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)

Summary Information System

Week 1 – Chapter 1 Managing in the Digital World

Strategic Competition:
1. Unique value proposition (client appreciated functionality)
2. Tailored activities
3. Clear tradeoffs
4. Activities fit together in an integrated system
5. Continuity of position but consistent improvement

Over the past decades, the advent of powerful relatively inexpensive, easy-to-use computers
has had a major impact on business. Increasing global competitiveness has forced companies
to find ways to be better and to do things less expensively à use information systems.

Now we are living in a digital world.

Post-PC era = we are living in the era where wireless, mobile devices allow for novel ways of
interacting with information systems.
Changes in technology have enabled new ways of working and socializing. Virtuous cycle:
where changes in technology enable social changes, and social changes shape technological
Technology helps to optimize both work and personal life.

Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Peter Drucker predicted:

Knowledge worker = typically professionals who are relatively well educated and who
create, modify and or synthesize knowledge as a fundamental part of their jobs.
Knowledge society = a society in which the number, importance, leadership of knowledge
workers rise. Education would become the cornerstone of the knowledge society. Possessing
knowledge would be as important as possessing land, labour or capital.
The lines between knowledge workers and manual workers are blurring, to the point that
some argue that every worker is a knowledge worker.

Digital world à information and related technologies and systems have become very
important to us and knowledge workers are vital.
Downside to being a knowledge worker and to living in the digital world:
Digital divide = where those with access to information technology have great advantages
over those without access to information technology. This is one of the major ethical
challenges facing society today.
Digital divide in America is rapidly shrinking, but there are still major challenges to
overcome: rural communities, elderly, people with disabilities and minorities. Also
developing countries have more difficulties where infrastructure and financial resources are
Opportunities of operating in the Digital World:
· Falling Transportation Costs
· Falling Telecommunication Costs
· Reaching Global Markets
· Accessing a Global Labour Pool

Challenges of operating in the Digital World:

· Government: political instability, regulatory (taxes/tariffs, import/export restrictions)
· Geo-economic: time zones, infrastructure, workforce: welfare, demographics,
· Cultural: working with, providing services to

Alvin Toffler describes the three distinct phases or waves of change that have taken place or
are presently taking place within the world’s civilizations.
First wave of change = a civilization based on agriculture and handwork, that replaced
hunter-gatherer cultures and lasted for thousands of years.
Second wave of change = the industrial revolution, overlapped with the first wave.
Third wave of change = information age. Information became the currency of the realm. The
printing press gave birth to the information age. The information age is the biggest wave of

Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Five IT Megatrends in the information age:

1. Mobile
Post-PC era. Mobile devices important. For organizations, this increase in mobility
has a wide range of implications, from increased collaboration to the ability to
manage a business in real time – at any time, from anywhere. They have to create
mobile-device-friendly versions and or apps.
Consumerization of IT = Today’s employees are increasingly using their own devices
for work-related purposes, or are using software they are used to in the workplace.
For organizations this trend can be worrying, but can also provide a host of
opportunities. Trend of Bring your own device(BYOD).
2. Social Media
3. The internet of things
Internet of things = a broad range of physical objects that are interconnected and
automatically share data over the internet.
Anything that can generate data or uses data can be connected, accessed or
controlled via the internet. The potential for gathering useful data is almost limitless.
The internet of things will evolve to become the internet of everything.
4. Cloud computing
Applications and data stored in the cloud can be accessed from different devices.
Many regard cloud computing as the beginning of the fourth wave of change, where
not only the applications but also the data reside in the cloud, to be accessed at
anytime from anywhere.
5. Big data
Fifth trend, information is power. Organizations are continuously seeking to get the
right information to make the best business decisions. Analysing tremendous
amounts of (often unstructured) data (i.e. big data) poses tremendous challenges for
The success of these megatrends is largely based on the network effect = the notion that the
value of a network increases with the number of other users. A network has few users, it has
limited or no value. Companies in the information age economy are creating value not from
people, but from data.
Being able to use information systems, to assess the impacts of technologies on one’s work
or private life, and to learn new technologies as they come along will be increasingly
important skills.

Computer literacy = knowing how to use a computer. Very important today, because there
are few occupations where computers are not somehow in use.
Computer fluency = the ability to independently learn new technologies as they emerge and
assess their impact on one’s work and life – is what will set you apart in the future. (Many
argue that computer literacy is not sufficient today, need of fluency)

Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


A more global and competitive world spurs the following changes:

· Economic changes:
increases in international trade, in the development of global financial systems and
currency and in the outsourcing of labour.
· Cultural changes:
increases in the availability of multiculturalism through TV and movies; frequency of
international travel, tourism and immigration; the availability of ethnic foods and
restaurants; worldwide fads and phenomena such as Facebook.
· Technological changes:
low cost computing platforms and communication technologies; low-cost
communication systems; internet; copyright laws
The world has forever changed.

Globalization = the integration of economies throughout the world enabled by innovation

and technological progress. à A world where people and companies can enjoy worldwide
communication and collaboration with increasingly fewer barriers. The key drivers of
globalization are (1) evolution of technology (2) falling of telecommunications costs (3)
opening up of China.

Outsourcing = moving of business processes or tasks to another company, either onshore

(domestically) and offshore. The tremendous decrease in communication costs has added
another dimension to outsourcing, as now companies can outsource business processes on a
global scale.
Companies are choosing to outsource business activities for a variety of reasons:
· To reduce or control costs
· To free up international resources
· To gain access to world-class capabilities
· To increase the revenue potential of the organization
· To reduce time to market
· To increase process efficiencies
· To be able to focus on core activities
· To compensate for a lack of specific capabilities or skills
Companies started to introduce offshore outsourcing of services. However, companies
operating in the digital world have to carefully choose offshore outsourcing locations.

Information systems = use information technology to connect, create and distribute useful
Information technology = hardware, software and telecommunications networks.
Hardware = the physical computer equipment (computer, tablet, etc.)
Software = program or set of programs that tell the computer to perform certain tasks.
Telecommunications networks = group of two or more computer systems linked together
with communications equipment.
Many using the terms IS and IT synonymously, consequently the difference is shrinking.
Information systems use information technology to collect, create and distribute useful data.

Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Data = unformatted data, raw symbols such as words and numbers. This data does not have
a meaning and are of little value until processed. A key consideration of assessing whether
data are reliable for making decisions is data quality, consisting of completeness, accuracy,
timeliness, validity and consistency.
Information = data can be formatted, organized or processed to be useful; it is transformed
into information, which can be defined as a representation of reality and can help to answer
questions about who, what, where and when. Without information systems, it would be
difficult to transform raw data into useful information.
Knowledge = ability to understand information, form opinions and make decisions or
prediction based on the information. In order to actually use information, knowledge is

Careers in Information Systems:

· Develop: Systems analyst, software developer, systems consultant
· Maintain: IS auditor, database administrator, Webmaster
· Manage: IS manager, IS security manager, chief information officer (CIO)
· Study: University professor, government scientist
The career opportunities for a person with IS training continue to be strong. Earnings for IS
professionals will remain strong. There is a very strong need for people with IS knowledge,
skills and abilities. IS staffs and department will likely continue to exist and play an important
role in the foreseeable future.

Good IS personnel possess valuable, integrated knowledge and skills in three areas:
1. Technical competency: knowledge and skills in hardware, software, networking and
security. Is the most difficult to maintain because of the rapid pace of technological
innovation in the digital world.
2. Business competency: the nature of the business. IS professionals must also be able
to understand and manage people and projects, not just technology.
3. Systems competency: Those who understand how to build and integrate systems and
how to solve problems will ultimately manage large, complex systems projects as
well as manage those in the firm who have only technical knowledge and skills.
Finding qualified personnel à difficult. Consequently, many technology-focused
organizations tend to cluster in areas where talented workers are available. With increasing
globalization, other regions throughout the world are boasting about their highly skilled
personnel. Other human resource policies, such as telecommuting, flex-time and creative
benefit packages, can also help to attract and retain the best employees.

IS-related decisions also in your private life.

Information systems do not exist in a vacuum; they are built and or used within a certain
context. Organization use IS to become more productive and profitable, to gain competitive
advantage, to reach more customers or to improve customer service.

Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Types of information systems:

1. Transaction processing systems (TPS) = Process day-to-day business event data at the
operational level of the organization. Used to not only more efficiently process customer
transactions, but also generate a tremendous amount of data that can be used by the
organization to learn about customers or ever-changing product trends. These data are
sorted and organized to support a broad range of managerial decision making using a variety
of systems à 2. Management information system = produce detailed information to help
manage a firm or part of a firm.
3. Decision support system = provide analysis tools and access to databases in order to
support quantitative decision making
4. Intelligent system = emulate or enhance human capabilities
5. Business intelligence system = methods and systems for analysing data warehouses to
better understand various aspects of a business.
6. Office automation systems (personal productivity software) = enabling knowledge
workers to accomplish their tasks, e.g. Microsoft office. Collaboration systems. Support a
wide range of predefined day-to-day work activities of individuals and small groups.
7. Collaboration system = enable people to communicate, collaborate and coordinate with
each other.
8. Knowledge management system = collection of technology-based tools to enable the
generation, storage, sharing and management of knowledge assets.
9. Social software = facilitates collaboration and knowledge sharing.
10. Geographic information system = create, store, analyse and manage spatial data
11. Functional area information system = support the activities within a specific functional
area of the firm
12. Customer relationship management system = support interaction between the firm and
its customers.
13. Enterprise resource planning system = support and integrate all facets of the business
including planning, manufacturing, sales, marketing and so on.
14. Supply chain management system = support the coordination of suppliers, product or
service production and distribution
15. Electronic commerce system = enable customers to buy goods and services from a firm’s
web site. These are also popular and important because they enable (1) consumers to find
information about and to purchase goods and services from each other and from business
firms and (2) business firms to electronically exchange products, services and information.

Today, many organizations have replaced standalone systems with enterprise systems that
span the entire organization:
Internetworking = connecting host computers and their networks together to form even
larger networks like the internet
System integration = connecting separate information systems and data to improve
business processes and decision making.

Personnel within many IS units have taken on more of a consulting relationship with their
users, helping the users solve problems, implement ides and be more productive. These
service-oriented IS units structure the IS function so that it can better serve the customer.

Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


The spread of technology in organizations

In many organizations today, you will find that the builders and managers of particular
information system or subsystem spend most of their time out in the business unit, along
with the users of the particular system.
It is becoming increasingly more difficult to separate the technology from the business or
the systems staff from the other people in the organization.
Given how important and expensive information systems have become, information
technology is like a sword – you can use it effectively as a competitive weapon, but who live
by the sword sometimes die by the sword.

Technology use can enable efficiency and while IS must provide a return on investment,
technology use can also be strategic and powerful enabler of competitive advantage.
Firms of all types and sizes can use information systems to gain or sustain a competitive
advantage over their rivals.
Some argue that as IS have become standardized and ubiquitous, they are now more of a
commodity that is absolutely necessary for every company and companies should focus
information technology strictly on cost reduction and risk mitigation and that investing in IT
for differentiation or for competitive advantage is futile.

IS are necessary part of doing business and that they can be used to create efficiencies, but
they can also be used as an enabler of competitive advantage. Competitive advantage from
the use of IS can be fleeting, as competitors can eventually do the same thing.

A broad range of ethical issues have emerged through the use and proliferation of
computers. Computer ethics = moral issues and standards of conduct as they pertain to the
use of information systems.
With the societal changes brought about by IS, the issues surrounding privacy have moved
to the forefront of public concern; in addition, the ease of digitally duplicating and sharing
information has raised not only privacy concerns, but also issues related to intellectual
Information privacy = what information an individual should have to reveal to others in the
workplace or through other transactions, such as online shopping.

There are limits to what a company can do with data. A problematic case is the combination
of survey data with transaction data from your credit card purchases. Just because people
provide data at different points does not mean that they agree for the data to be combined
to create a holistic picture. Companies are often walking a fine line, as information about
customers is becoming increasingly valuable.
In today’s interconnected world, there are even more dangers to information privacy. There
are things that you may not be able to control.
Companies operating in the online world are not required by law to respect your privacy.

Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Fair information practice principles:

· Notice/awareness
Providing information about what data are gather, what used for, who will access the
data, such information is typically contained in data privacy statements.
· Choice/consent
Providing options about what will be done with the data. Opt-in and opt-out.
· Access/participation
Providing customers with means to access data collected about them, check
accuracy, and request correction of inaccuracies.
· Integrity/security
Ensuring integrity of the data as well as implementing controls against unauthorized
access, disclosure, or destruction of data.
· Enforcement/redress
providing means to enforce these practices and/or for customers to receive
remedies, for example, through self-regulation or appropriate laws and regulations.

Another set of ethical issues centers around intellectual property and the easily download,
copy and share or distribute digital information.
Digital media allows for lossless duplication.

Many businesses have devised guidelines for the ethical use of information technology and
computer systems.

Week 1 – Chapter 2 Gaining Competitive advantage through information systems

Business processes = the activities organizations perform in order to reach their business
goals, including core activities that transform inputs and produce outputs and supporting
activities that enable the core activities to take place.
Organizational Decision-Making levels:
1. Executive/Strategic Level: Upper management
2. Managerial/Tactical level: Middle management
3. Operational level: Operational employees, foremen, supervisors.
Executive/strategic level = managers focus on long-term strategic questions facing the
organization, such as which products to produce, which countries to compete in and what
organizational strategy to follow.
Unstructured decisions = the decisions at executive level which are with complex problems
with broad and long-term ramifications for the organization. Problems are relatively
complex and non-routine. For unstructured decisions a few or no procedures to follow for a
given situation can be specified in advance.

Managerial level = functional managers focus on monitoring and controlling operational-

level activities and providing information to higher levels of the organization. This are
midlevel managers, focus on effectively utilizing and deploying organizational resources to
increase effectiveness.
· Who? Midlevel managers and functional managers
· What? Automate the monitoring and controlling of operational activities
· Why? Improve organizational effectiveness.

Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Effectiveness = the extent to which goals or tasks are accomplished well.

Semi structured decisions = managerial-level decision making; solutions and problems are
not clear-cut and often require judgment and expertise.
Key performance indicators (KPIs) = the metrics deemed most critical to assessing progress
toward a certain goal, which are displayed on performance dashboards.

Operational level = the routine, day-to-day business processes and interactions with
customers occur. à IS at this level are designed to automate repetitive activities, such as
sales transaction processing, and to improve the efficiency of business processes at the
customer interface.
· Who? Foremen and supervisors
· What? Automate routine and repetitive activities and events
· Why? Improve organizational efficiency
Transaction = anything that occurs as part of a firm’s daily business of which it must keep a
Structured decisions = those in which the procedures to follow for a given situation can be
specified in advance. Structured decisions are relatively straightforward, they can be
programmed directly into operational information systems so that they can be made with
little or no human intervention.
IS are typically used to increase efficiency at operational level.

It is common that each decision-making level is supported by different types of information


Functional area information systems = the organizational functions and examples of the
types of information systems that are commonly used. These are designed to support the
unique business processes of specific functional areas.
There are three general ways the information system can provide value:
1. To automate – doing things faster (least business value added)
technology as a way to help complete a task within an organization faster, more cheaply and
perhaps with greater accuracy and/or consistency.
2. To learn – doing things better
the ability of an organization to use past behaviour and information to improve its business
- Information systems can track and identify trends and seasonality
- Managers can use this to plan staffing levels and cross-training
3. To execute organizational strategy – doing things smarter (most value added)
a firm’s plan to accomplish its mission and goals as well as to gain or sustain competitive
advantage over rivals.
- Firms have competitive strategy
- Information systems should be implemented that support that strategy
à low cost strategy implies IS to minimize expenses
à high-quality strategy implies IS to support ensuring excellent quality and minimal

These three ways are not necessarily mutually exclusive, but we believe that each is
progressively more useful to the firm and thus adds more value to the business.

Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Low-cost leadership strategy = offering the best prices in its industry on its goods/services.
Differentiation strategy = provide better products or services than its competitors.
Five general types of organizational strategy:

Sources of competitive advantage:

· Quality (Toyota)
· Service (IBM)
· Low cost (Walmart
· Proprietary (Coca-Cola)
· Innovation (Apple)
· Brand (Nike)
· Value (Nintendo)
· First to enter a market (first mover advantage)

Resources = the organization’s specific assets that are utilized to create cost or product
differentiation from their competitors.
Capabilities = the organization’s ability to leverage these resources in the market place.
Distinctive competencies = provided by the resources and capability, which help t pursue
the organizational strategy and make the organization’s product valuable to its customers
relative to its competitors. (innovation, agility, quality, low cost)
Value creation = occurs when an organization can provide products at a lower cost or with
superior (differentiated) benefits to the customer. This is how organizations gain a
competitive advantage.
Companies can gain or sustain each of these sources of competitive advantage by effectively
using information systems.

Successful managers now think of IS as competitive asset to be nurtured and invested in and
think of them as an enabler of opportunities and mechanism for supporting or executing
their business model.


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


The technology/strategy fit

· There are never enough resources to implement every possible IS improvement
· Therefore, organizations try to maximize business/IT alignment = matching the IT
investment to company’s strategy.
· Companies that focus on the improvements and business process management that
help their value creation strategy the most will see the greatest competitive benefit.
Strategic necessity = something the organization must do in order to survive.
IS infrastructure = a complex collection of technologies and capabilities that helps an
organization execute its competitive strategy.
Assessing value for the IS infrastructure has four possible approaches:
1. Economic value = Direct financial impact. The contribution an investment makes
toward improving the infrastructure’s ability to enhance the profitability of the
business. To calculate such enhancements, you need to choose important business
metrics in order to gauge the economic value of a given investment.
2. Architectural value = Extending business capabilities today and in the future. Can be
derived from an investment’s ability to extend the infrastructure’s abilities to meet
business need today and in the future. To measure architectural value, “before-and-
after” assessments of infrastructure characteristics such as interoperability,
scalability, recoverability and compatibility can be taken.
3. Operational value = Enhancing ability to meet business requirements. Derived from
assessing an investment’s impact on enabling the infrastructure to better meet
business processing requirements. To assess this, you could measure the impact of
not investing in a particular project.
4. Regulatory and compliance value = Complying with regulatory requirements.
Derived from assessing the extent to which an investment helps to meet
requirements for control, security and integrity as required by a governing body or a
key customer.
Business model = a summary of a business’s strategic direction that outlines how the
objectives will be achieved. A business model reflects the following:
· What does a company do?
· How does a company uniquely do it?
· In what way does the company get paid for doing it?
· What are the key resources and activities needed?
· What are the costs involved?
How a company answers these questions dictates how and where IS investments can be
utilized to execute a competitive strategy and sustain an advantage over competitors.
Components of a business model (table 2.4):
· Customer segments
· Value proposition
· Channels
· Customer relationships
· Revenue streams
· Key resources
· Key activities
· Key partners
· Cost structure


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Revenue model = how the firm will earn revenue, generate profits and produce a superior
return on invested capital.
Typical revenue models for E-businesses (table 2.5):
· Affiliate marketing = paying businesses that bring or refer customers to another
business. Revenue sharing is typically used. (Amazon.com)
· Subscription = users pay a monthly/yearly recurring fee for the use of
product/service (Netflix.com)
· Licensing = users pay a fee for using protected intellectual property
· Transaction fees/brokerage = a commission is paid to the business for aiding in the
transaction (Norton)
· Traditional sales = a consumer buys a product/service from the web site (eBay.com)
· Web advertising = a free service/product is supported by advertising displayed on
the website (Facebook.com)
Freeconomics = the leveraging of digital technologies to provide free goods and services to
customers as a business strategy for gaining a competitive advantage. Free products are the
Yahoo! Makes millions from its free web based e-mail service – as the cost of storage has
dropped, revenue per user has increased.
Consumer uses Google’s free service to search for flowers à consumer clicks on sponsored
link à consumer is redirected to advertiser’s web page à advertiser fulfils order +
advertiser pays Google.
· Free does not mean no profit:
à Google gives away search
à Users give Google search results their attention:
This can include attention to sponsored links, Google sells space for sponsored links
à Advertisers pay Google for the attention to sponsored links:
Some users convert into customers; customers pay advertising firms for their products.
General approaches for applying Freeconomics to various industries:
· Advertising = free services are provided to customers and paid for by a third party
· Freemium = basic services are offered for free, but a premium is charged for special
· Cross subsidies = sale price of one item is reduced in order to sell something else of
· Zero marginal cost = products are distributed to customers without an appreciable
cost to anyone
· Labour exchange = services are provided to customers; the act of using the services
creates value for the company
· Gift economy = people participate and collaborate to create value for everyone


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


International business strategies:

Each has pros and cons in terms of

complexity, cost benefits, local
responsiveness and control.

Local responsiveness = willingness of

firms to make adjustments to their
products, services and ways of
conducting business at a local level,
taking into consideration local culture
and needs.

1. Home Replication Strategy:

· Focused domestically, homogenous markets
· International business an extension of home business
· Focus on core home market competencies
· Inability to react to local market conditions
· Domestic systems, limited communication, local databases.
2. Global Business Strategy:
· Central organization, standardized offerings across markets, homogenous markets
· Standardized products, economies of scale
· Inability to react to local market conditions
· Centralized systems, multiple networks and data sharing between home office and
3. Multidomestic Business Strategy:
· Decentralized federation, heterogeneous markets
· Quick reaction to changing local market conditions
· Differing products, lack of economies of scale, limited communication and knowledge
· Decentralized systems, bidirectional communications, local databases.
4. Transnational Strategy:
· Both centralized and decentralized components, integrated network and global
· Benefits of both multi-domestic and global strategies
· Highly complex, difficult to manage
· Distributed/shared systems, enterprise-wide linkages, common global data


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Valuing innovations - Predicting the next new thing:

· Many innovations can be copied
- limited time span of any advantage (fleeting)
- may become a requirement for staying competitive
· Some innovations deliver longer advantages
- unique customer service based on customer data
- high levels of customer investment in proprietary systems; high switching costs
- technologies that are very difficult to copy

Successful innovation is difficult: Innovation is often fleeting, risky and innovation choices
are often difficult.

Disruptive innovations =
technologies, products or
services that eventually
surpass the existing
dominant technology or
product in the market.

Disruptive innovation
cycle à key to success for
modern organizations is
the extent to which they
use information
technologies and systems
in timely, innovative ways.


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Week 2 – Chapter 3 Managing the Information Systems Infrastructure and Services

Information systems infrastructure = consisting of
hardware, system software, storage, networking
and data centers. Business rely on this IS
infrastructure to support their decision making,
business processes and competitive strategy.
IS infrastructure enables processing, storing and
transmitting of data.

Application software = helps to automate

business processes and enables processes that
would otherwise not even be possible.
Databases = collections of related data organized
in a way that facilitates data searches are vital to
an organization’s operations and often are vital to
competitive advantage and success. On the most fundamental level, databases are used to
store data and to make the data accessible where and when needed.
Database management systems = type of software that allows organizations to more easily
store, retrieve and analyse date.
Hardware = the computers that run the applications and databases necessary for processing
transactions or analysing business data.
Supercomputer = most expensive and most powerful kind of computer.
Mainframe = computers used primarily as the main, central computing system for major
Server = any computer on a network that makes access to files, printing, communications
and other services available to users of the network.
Personal computers (PCs) = used for personal computing and small business computing
Embedded systems = optimized to perform a well-defined set of tasks.

System software = the collection of programs that control the basic operations of computer
hardware. à Operating systems = coordinate the interaction between users, application
software, hardware and peripherals. Example: Windows, OS X.
The operating system provides a common layer for different underlying devices, so that
applications only have to be developed for different operating systems, rather than for each
different model.

Different types of storage:

· Operational à purpose: process transactions or data analysis.
· Backup à purpose: short-term copies of organizational data, used to recover from
system related disaster. Backup data are frequently overwritten with newer backups.
· Archival à purpose: long-term copies of organizational data, often used for
compliance and reporting purposes
These different uses of organizational data call for different physical storage technologies.


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


- Human communication = the sharing of information and messages between senders and
receivers. (1. Sender develops and codes message 2. Sends message 3. Receiver receives and
decodes message)
- Computer networking = the sharing of date or services. (1. Coding message 2. Sending
message 3. Receiving and decoding message)
Network requires:
1. Sender (source) and receiver (destination) that have something to share (message)
2. A pathway or transmission medium to send the message
3. Rules or protocols dictating communication between
senders and receivers.

- Host (serve up) data, databases, files, applications, web
sites, video and other content for access over the network
- Consume hosted resources
- Serve and consume resources, both a server and a client
interacting with similar computers

Types of computer networks:

· Personal area network (PAN) = wireless
communication between devices (e.g. bluetooth), under 10 meters.
· Local area network (LAN) = sharing of data, software applications, and other
resources between several users. Size is typically a building.
· Wide area network (WAN) = connect multiple LANs, distributed ownership and
management. Size is large physical distance, up to worldwide.
Wireless local area networks (WLANs) = using high-frequency radio-wave technology: Wi-Fi
networks (wireless fidelity)
Internet and World Wide Web (WWW)
· Internet is one of several global networks
- internet has standard protocols
- Internet is based on internetworking, or combining networks to form larger
· The world wide web uses the internet
- the world wide web is not the internet
- the world wide web is:
à web protocols (e.g. HTML and HTTP)
à web pages (documents containing HTML)
à web servers (store and provide access to web pages via a website)
à web browsers (provide users with an interface to web pages)
· The internet uses IP addresses = serve to identify all computer or devices on the
· The WWW translates domain names into IP addresses
· A URL could be expressed directly as an IP address, although it’s more common to
use a domain name.


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


World Wide Web Architecture components:

· Interconnected Web servers
· Utilize Transmission Control protocol/Internet protocol (TCP/IP)
· Communicate over the internet
Intranet = looks and acts just like a publicly accessible web site and uses the same software,
hardware and networking technologies to communicate information. All intranet pages are
behind the company’s firewall. Internal communications, specific, corporate, proprietary
information, authorized employees, private and restricted.
Extranet = private part of the internet that is cordoned off from ordinary users, enables two
or more firms to use the internet to do business together. Only authorized users can access
it after logging on to the company’s extranet web site. External communications,
communications between business partners, authorized business partners, private and
Internet à external communications, general public and advertorial information, any user
with an internet connection, public and not restricted.

Information systems infrastructure challenges for modern organizations:

· Diminishing space
· Fluctuating demand
· Increasing obsolescence
· Expanding storage
· Expanding consumption

Rapid obsolescence and shorter IT cycles:

Moore’s Law
· Co-founder of Intel
· Hypothesized that the number of transistors on a chip would double every two year
· Transistors predicted computing power
- Computing power would double every two years
- Has been relatively accurate to this date
- First CPU had 2200 transistor, current CPU have over 5 billion.

Vicious circle: New hardware enables more powerful software; more powerful software
often requires new hardware.

Big Data and Rapidly increasing storage needs

· Firms collect unprecedented levels of data
- business intelligence
- legal compliance (e.g. Sarbanes-oxley)
· Unprecedented levels of data require unprecedented infrastructure capabilities
- more storage space, powerful hardware and database management
- ever-increasing internet bandwidth
- vicious cycle: enhanced capacity drives new applications, requiring even more


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Demand fluctuations
· Many companies face demand fluctuations
- seasonal fluctuations (e.g. December holidays)
- monthly fluctuations (month-end spikes)
· Demand fluctuations create inefficiencies
- some estimate up to 70% of IS capacity only used 20% of the time
- IS infrastructure is typically not readily scalable
à changing internal capacity takes time
à cloud computing may be the answer

Increasing energy needs

· Computing can require a lot of power
- hardware draws power, which generates heat
- heat requires cooling, which requires more power
· Data centers can use large amounts of power
- large data centers have hundreds of racks, more power is required for cooling and
lost through other inefficiencies.

Cloud computing = a way to allocate resources much like a utility sells power.
· Resources are used ‘on-demand’, as needed
· Customers only pay for what they consume (measured service)
· Resources can be rapidly allocated and reallocated
· Consumption becomes an operating expense
· % utilization and efficiency increase dramatically

Why could computing?

1. The efficiency benefits are tremendous
- different customers have different demand spikes
- large data centers have economies of scale
purchasing, deploying and managing technology
implementing green cooling technologies
flexibility reallocating resources
2. Customers can focus on core operations
- infrastructure can be consumed as needed
- scalability no longer a limiting factor


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Cloud computing service models

· Infrastructure as a service (Iaas) = only the basic capabilities of processing, storage
and networking are provided. The customer has most control over the resources.
Greatest flexibility. (computer, CD)
· Platform as a service (Paas) = customers can run their own applications, which are
typically designed using tools provided b the service provider. User has control over
the application, but has limited or no control over the underlying infrastructure.
(operating system, web server, database management system, programming
· Software as a service (Saas) = customer uses only applications provided via a cloud
infrastructure. Customer cares only about the application. (application software,

Public clouds = can be used by any interested party on a pay-per-use basis. Often used for
applications that need rapid scalability (ability to adapt to increases/decreases in demand
for processing/data storage) or in cases where there is insufficient capital or other resources
to build or expand an IT infrastructure.
Private clouds = internal to an organization and can help the organization to balance
demand and supply of computing resources within the organization. High degree of
customizability, flexibility and control over data and application.

Organizations have to consider various issues when managing their cloud infrastructure:
Openness, viability, scalability, privacy, costs, compliance, diversity of offerings, security,
reliability, availability.

Service-oriented architecture (SOA) = business processes are broken down into individual
components (or services) that are designed to achieve the desired results for the service
consumer. Organizations can more swiftly react to changing business needs. Using SOA,
multiple applications can invoke multiple services.

Grid computing = combining the computing power of a large number of smaller,

independent, networked computers into a cohesive system in order to solve problems that
only supercomputers were previously capable of solving. Computers located around the
world, work on parts of a large, complex problem.

Content delivery networks = store copies of content closer to the end user.
IP convergence = use of internet protocol for transporting voice, video, fax and data traffic
has allowed enterprises to make use of new forms of communication and collaboration.
Voice over IP (VoIP) = use of internet technologies for placing telephone calls.
Videoconferencing over IP.

Green computing = helping to use computers more efficiently, doing the same (or more)
with less.


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Week 2 – Chapter 4 Enabling business-to-consumer electronic commerce

Electronic commerce = the exchange of goods, services and money among firms, between
firms and their customers and between customers supported by communication
technologies and in particular the internet.

EC business models:
· Business-to-consumer (B2C) = transactions between business and their customers
· Business-to-business (B2B) = transactions among business
· Consumer-to-business (C2B) = transactions between customers and businesses
· Consumer-to-consumer (C2C) = transactions between people not necessarily working
All of the above types of EC are in the private sector.

m-commerce = any electronic transaction or information interaction conducted using a

wireless, mobile device and mobile networks that leads to the transfer of real or perceived
value in exchange for information, services or goods.

E-government = use of information systems to provide citizens, organizations and other

governmental agencies with information about public services and to allow for interaction
with the government.
Government-to-citizen (G2C) = interactions between federal, state and local governments
and their constituents.
Government-to-business(G2B) = business relationships with all levels of government.
Government-to-government (G2G) = transactions between countries or between different
levels of government within a country.

EC Business strategies

e-tailing = the online sales of goods and services

Brick-and-mortar business strategy = operate solely in the traditional physical markets.
Retails stores, not offering products or services online.
Click-only business strategy (virtual company) = business electronically in cyberspace. No
physical store locations.
Click-and-mortar business strategy = use the internet to extend their traditional offline
retail channels.


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


E-tailing: capabilities and benefits:

· Mass customization
Firms can tailor their products and services to meet a customer’s particular needs on
large scale. Generates additional value for customers and profits for producers.
· Disintermediation
Cutting out the middleman and reaching customers more directly and efficiently
· Group buying
If many people agree to purchase the product or service, they get significant
· New revenue and pricing models
- Companies can earn revenues not only through traditional sales, but also through
subscription, licensing or transaction fees
- Companies and individuals can earn money through web advertising or affiliate
- reverse pricing = name your own price (priceline.com)
· Social commerce
Utilizing social networks to build lasting relationships and advertise products.

Benefits of e-tailing:
· Product benefits: with no store size and shelf space restrictions, companies can sell a
far wider variety of goods
· Place benefits: internet storefronts are available on almost every computer
connected to the internet
· Price benefits: online retailers are efficient, with high volumes and low overhead
allow for very competitive pricing
· The long tail: catering to niche markets in addition to (or instead of) purely selling
mainstream products.

Drawbacks of e-tailing:
· Trust
This is especially a concern for new online businesses without a proven track record
· Direct product experience
E-tailing doesn’t provide sensory information
· Product delivery and returns
Except for direct downloads, e-tailing requires additional delivery time for product
Returns may also be a hassle, compared to just going to the store


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


EC web sites: attracting and retaining online customers – four key recommendations:
1. The web site should offer something unique
2. the web site must motivate people to visit, to stay and to return
3. You must advertise your presence on the web
4. You should learn from your web site

Designing web sites to meet online consumers’ needs

· Structural firmness
- no bad links, understandable error messages, privacy/security, speed
· Functional convenience
- ease of use, simple navigation, user feedback, help features, one-click ordering,
flexible payment, order tracking
· Representational delight
- aesthetically pleasing, professional look and feel, colour/font/images, consistent,
layout, no clutter

Internet marketing à if you build it, they won’t come unless you market it. Search engine
optimization (SEO) can be critical to a website’s success.

Methods of internet marketing:

· Search marketing = paid search, placing ads on search web sites based on search
terms and SEO, optimizing a web site and its relative search engine ranking.
· Display ads = simple banner ads, but now often contextualized to what the person is
· E-mail marketing = extremely low cost, less than a penny an e-mail, and hence very
popular; effectiveness also easy to track.
· Social media marketing = increasingly used for interactive communication and
relationship building with customers
· Mobile marketing = if ads can be tailored to a user’s location, then highly targeted
marketing opportunities open up
· Performance assessment = impression, pay-per-click/click-through, and conversion
models (but beware of click fraud)


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Search Engine Optimization (SEO) = SEO attempts to improve a page’s ranking in search
engines like google. Techniques include having other pages link to the page, keeping content
updated, and including key words.

Mobile EC
· Location based m-commerce
Services can be offered tailored to a person’s needs based on their current location
· Information on the Go
Customers can get further information about a product wherever they are, including
in the store, but this can lead to “showrooming”= shoppers coming into a store to
evaluate the look and feel the product, just to then purchase it online or at a
competitor’s store.
· Product and content sales
Consumers use mobile apps to make purchases while on the go

GPS (Global Positioning System) enabled location-based services:

· Location: e.g. determining the basic geographic position of the cell phone
· Mapping: e.g. capturing specific locations to be viewed on the phone
· Navigation: e.g. the ability to give route directions from one point to another
· Tracking: e.g. the ability to see another person’s location

· E-Auctions
- Individual sellers can sell or barter items at online auctions
- Consumers place bids
- examples: ebay.com and swap.com
- revenue model based on small transaction fees, highly profitable
· Online classifieds
- just advertising, no online transactions
- free cycling = giving away goods for free to anyone who is willing to pick them up
- example: craigslist.com

C2C opportunities:
· Consumers can buy and sell to broader markets
· Elimates the middleman that increases the final price of products and services
· Always available for consumers, 24/7/365
· Market demand is an efficient mechanism for setting prices in the electronic
· Increases the numbers of buyers and sellers who can find each other

C2C threats:
· No quality control
· Higher possibility of fraud
· Harder to use traditional payment methods (checks, cash, ATM cards)


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


· Relatively new phenomenon, consumers can sell small pieces of work (e.g. photos) or
services to businesses
· It might be argued that anyone who made a living doing this is actually in business for
themselves, so may be a B2B.

· Online banking and electronic bill services
- convenience
- security concerns
- mobile banking
· Online investing
- increased access to financial information and analytical tools
- online investing
- mobile investing

Securing payments in the digital world

· Credit and debit cards
- credit cards are a simple mechanism
- consumers have to transfer a lot of personal information to the seller
- risk of identity theft
· Managing risk
- businesses are financially liable for fraudulent transactions
- businesses have to look for fraud indicators and sometimes reject risky transactions
· Payment services
- examples: paypal, google checkout

Legal issues in EC:

· Taxation
- Sales taxes
- Internet freedom act: internet sales are treated like mail-order sales
· Digital rights management
- preventing unauthorized duplication
- restrict which devices can play media
- limit number of times media can be played
· Net neutrality
- should the internet be open? Or should internet access come first to the highest


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Week 3 – Chapter 5 Enhancing organizational communication and collaboration using

social media

Virtual teams = comprised of members from different geographic areas, assembled as

needed to collaborate on a certain project.
Synchronous = at the same time
Asynchronous = not coordinated in time
Virtual meeting = meet by using an online environment; such meetings can be done
synchronously, like a teleconference or asynchronously using technologies such as online
discussion boards.
Groupware = class of software that enables people to work together more effectively.
Groupware and other collaboration technologies are often distinguished along two
1. Whether the system supports synchronous or asynchronous collaboration and
2. Whether the system supports groups working together face-to-face or distributed

Communication and collaboration tools:

· Groupware
· Videoconferencing
· Intranets

Categories of collaborative tools:

· Electronic communication tools = tools allowing users to send files, documents and
pictures to each other and share information. (fax, email, blogs)
· Electronic conferencing tools = tools allowing information sharing and rich
interactions between users. (internet forums, instant messaging, skype)
· Collaboration management tools = tools used to facilitate virtual or collocated
meetings and manage group activities (Google docs, electronic calendars)

Electronic meeting system (EMS) = sophisticated software tool used to help group members
solve problems and make decisions through interactive structured processes such as
electronic idea generation, idea evaluation and voting.
Web 2.0 application = allow people to collaborate and share information online, shifting a
web user’s role from a passive consumer of content to its creator.
Mashup = new application that uses data from one or more service providers.
Enterprise 2.0 = the use of social media within a company’s boundaries or between a
company and its customers or stakeholders.
Blogging = process of creating an online text diary
Instant messaging = enables real-time written conversations.
Virtual world = people communicate by the use of avatars.
Social bookmarking = allowing users to share internet bookmarks and to create
categorization systems.
Social cataloguing = creation of a categorization system by users
Tagging = manually adding metadata to media or other content.
Metadata = data about data.
Geotagging = adding geospatial metadata to media.


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Benefits and risks of cloud-based collaboration tools:

Domain Benefit Risk

Information technology Reduced costs and risks Loss of control regarding
when using pre-existing, data and service quality
easily deployed and low- (data and tools will likely
cost web-based tools (vs in- reside on the provider’s
house developed tools) server)
Organization Tools are easy to use, Little or no documentation,
facilitating widespread training or support for
adoption throughout an system complexities or
organization problems
Competition More efficient and effective Security and compliance
than e-mail, FTP or legacy policies are nearly
collaboration tools, impossible to enforce,
potentially speeding up which may increase the
product development cycles possibility of exposing
and enabling quick sensitive corporate data;
responses to competitors increased threat of
actions industrial espionage.
Upgrade cycles No need to purchase Tools and features in the
software upgrades collaboration environment
can change without notice,
potentially causing
problems with users and
corporate IT strategy.
Collective intelligence = based on the notion that distributed groups of people with a
divergent range of information and expertise will be able to outperform the capabilities of
individual experts.
Peer production = the creation of goods or services by self-organizing communities.

The ability to create, edit or delete content, view prior versions, revert any changes and
discuss article content and suggested changes are key to the creation of high quality content
by a community à Wiki.

Social online communities = individuals with a broad and diverse set of interests meet,
communicate and collaborate here.

Viral marketing = how good marketing techniques can be driven by word-of-mouth or

person-to-person communication. Manu forms, such as video clips, e-books, text messages.
Leverage social media to let the crowd do your work for you. Multiplies outside of a
campaigns usual reach/target group. Strong competition in the market (attention economy)


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Various factors have to be taken into account for successful enterprise 2.0 applications:
· Enterprise is not web
· Culture
· Organizational context (i.e. purpose, goals)
· Organizational hierarchies (i.e. organizational structures, top management support)
· Network effects and critical mass
· Generation gap
· Technological inertia (both individual as well as organizational)
· Technological integration (portfolio and architecture management)
· Security
· Time and resources

Pitfalls of web 2.0 marketing:

· “The internet never forgets”
· Online product reviews
· Microblogging
· Social networks
· Bad vibes going viral

Week 3 – Chapter 7 Enhancing business processes using enterprise information systems

Standalone applications = system that focuses on the specific needs of individual

departments are typically not designed to communicate with other systems in the
Enterprise-wide information system = an integrated suite of business applications for
virtually every business process, allowing companies to integrate information across
operations on a company-wide basis.
Internally focused systems = support functional areas, business processes and decision
making within an organization.
Externally focused systems = help to streamline communications and coordinate business
processes with customers, suppliers, business partners and others who operate outside an
organization’s boundaries.
Interorganizational system (IOS) = a system that communicates across organizational
Packaged software/off-the-shelf software = written by third-party vendors for the needs of
many different users and organizations, supporting standardized, repetitive tasks, such as
word processing, payroll processing or preparing taxes.
Custom software = designed and developed exclusively for specific organizations
Modules = components that can be selected and implemented as needed. Enterprise
systems are designed around modules.
Vanilla version = the features and modules that an enterprise systems comes with out of the
Customization provides either additional software that is integrated with the enterprise
system or consists of direct changes to the vanilla application itself.
Best practices = most enterprise systems are designed to operate according to industry-
standard business processes.


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Enterprise resource planning (ERP) = the most enterprise-wide information systems. Make
accessing information easier by providing a central information repository, giving personnel
access to accurate, up-to-date information throughout the organization.
ERP control = locus of control over the computing systems and data contained in those
systems, as well as decision making authority.
ERP core components = support the important internal activities of the organization for
producing its products and services. These components support internal operations such as
financial, operations and human resource management.
ERP extended components =support the primary external activities of the organization for
dealing with suppliers and customers. Focus primarily on supply chain management and
customer relationship management.

The main objective of enterprise systems is to help achieve competitive advantage by

streamlining business activities within and outside a company. Experience with enterprise
system implementations suggests that there are some common problems that can be
avoided and or should be managed carefully. Organizations can avoid common
implementation problems by:
· Securing executive sponsorship
· Getting necessary help from outside experts
· Thoroughly training users
· Taking a multidisciplinary approach to implementations
· Keeping track of evolving ERP trends.

Week 3 – Lecture Communication and Collaboration

The 4 Cs which enhance organizational capabilities:

1. Communication
Blogs, microblogs, instant messaging, virtual worlds.
2. Cooperation
Media sharing, social bookmarking, social cataloguing, (geo)tagging
3. Collaboration
collective intelligence, human-based computing, virtualization, content management
4. Connection
Social networking & viral marketing
social networking: helps build and maintain virtual social ties, connectedness as
important prerequisite for social-X, ties in with other tools (e.g. social bookmarking)
Viral marketing: Leverage social media to let the crowd do your work for you.
Multiplies outside of a campaigns usual reach/target group. Strong competition in
the market (attention economy)
IT is not silver bullet
· Social media tools (and IT in general) rarely generate value all by themselves
· Even the most progressive ‘enterprise 2.0’ is not comparable to the web
· Appropriate use of technology (IT-enabled organizational capabilities) more
important than asset ownership
· Complementary changes required, for example training of employees, incentive
systems to break established routines, complementary changes in structures and


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Putting the ‘enterprise’ into the system:

Information flows in enterprises:

Domains of enterprise systems:


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Plain vanilla paradigm

· Enterprise software paradigm
- Efficiency through standardization
- Enablement of best practices
- Economies of scale for developers
· Recommendation to reduce risk
- Implement out of the box
· But mixed experiences after adoption


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Week 4 – Chapter 6 Enhancing Business Intelligence using Information Systems

Business intelligence = the use of information systems to gather and analyse data and
information from internal and external sources in order to make better business decisions.
Why organizations need business intelligence?
1. Responding to threats and opportunities

2. Understanding Big Data, Business are dealing with the challenge of Big Data:
· High volume
Unprecedented amounts of data
· High Variety
Structured and unstructured data
· High velocity
Rapid processing to maximize value
3. Effective planning is continuous
Continuous planning process = organizations continuously monitor and analyse data
and business processes; the results lead to ongoing adjustments to how the
organization is managed, but these results are also reflected in ongoing updates to
the organizational plans. It is only through timely and accurate business intelligence
that continuous planning can be executed.


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Databases: providing inputs into business intelligence applications

· Data and knowledge are an organization’s most valuable resource, over entire value
· Business Intelligence applications are used to analyse sales trends, customer
satisfaction and other key performance indicators
· Enabling interactive websites using databases:
- E-commerce makes extensive use of databases
- Product catalogue data are stored in databases and available to users
- Customer billing and shipping
- E-commerce applications process millions of transactions per day

Advantages of the database approach:

· Program-data independence
· Minimal data redundancy
· Improved data consistency
· Improved data sharing
· Increased productivity of application development
· Enforcement of standards
· Increased security
· Improves data quality
· Improved data accessibility
· Reduced program maintenance
Cost and risks of the database approach:
· Need for new, specialized personnel
· Installation and management cost and complexity
· Conversion costs
· Need for explicit backup and recovery
· Organizational conflict

How to organize databases?

1. The Data Model = map or diagram that represents entitites and relationship.
- What data will be captured
- How the data will be represented
MS access:
Tables: orders, customers, invoices, employees, products...
Queries: e.g. sales analysis
2. The Data Dictionary = document explaining several pieces of information for each
- Attribute name
- Tape of data: text, number, currency
- Valid values
- Business Rules = policies by which a business runs


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Databases: operational systems and BI

· Online transaction processing (OLTP)
-Systems that interact with customers and run a business in real time
· Master data management
- Data deemed most important in the operation of a business
- Shared among multiple organizational units
· Data warehouses
- Integrate data from multiple databases and other data resources
- Contain historic as well as current data
- extraction, transformation and loading are used to consolidate data from
operational systems into a data warehouse.
· Data Marts
- Mini data warehouse, limited in scope to organizational unit

Data: the root and purpose of information systems (chapter 1)

· Alone, raw data are not very useful
· When processed into information, data become useful
· When information is understood and used for decisions, it becomes knowledge

Common reports and queries:

Scheduled reports = reports produced at predefined intervals – daily, weekly, monthly – to
support routine decisions
Key indicator reports = reports that provide a summary of critical information on a recurring
Exception reports = reports that highlights situations that are out of the normal range
Drill-down reports = reports that provide greater detail, so as to help analyse why a key
indicator is not at an appropriate level or why an exception occurs.
Ad hoc queries = queries answering unplanned information requests to support a non-
routine decision; typically not saved to be run again.


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Information and knowledge discovery: Online Analytic Provessing (OLAP)

Online analytic processing = the process of quickly conducting complex, multidimensional
analyses of data stored in a database that is optimized for retrieval, typically using graphical
software tools.
Example: an OLAP cube is a multidimensional database structured to support slicing, dicing
and drill-down.
OLAP server = chief component of an OLAP system, which understands how data are
organized in the database and has special functions for analysing the data.
In-memory computing = data are stored in a computer’s main memory, rather than on a
comparatively slow hard drive, removing the bottlenecks associated with reading and
writing data.
Measures = values or numbers the user wants to analyse.
Dimensions = provide a way to summarize the data
Drill drown = from state, to country, to city or to the individual store location.
Roll up = from state, to sales region, to country or to continent.

Data mining = complements OLAp in that it provides capabilities for discovering ‘hidden’
predictive relationships in the data. Computer algorithms running on large data warehouses.
Algorithm = step-by-step procedures used in a computer program to make a calculation or
perform some type of computer-based process.
- Computer algorithms running on large data warehouses
- Types of data mining algorithms:
· Association discovery = technique used to find associations or correlations among
sets of items.
· Clustering = process of grouping related records together on the basis of having
similar values for attributes, thus finding structure in the data
· Classification = used when the groups are known beforehand, and records are
segmented into these classes.
· Text mining = use of analytical techniques for extracting information from textual
· Web content mining = extracting textual information from web documents
· Web usage mining = used by organizations to determine patterns in customers’
usage data.


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Business analytics to support decision making

· Systems to support human and automatic decision making
· Business Analytics
- augments BI with statistical analyses and predictive modelling, to develop
explanatory models, help understand data, identify trends, predict business
· Decision support system = special purpose information system designed to support
organizational decision making related to a particular recurring problem. DSSs are
typically used by managerial level employees. à What-if analysis very common.
Architecture of a DSS using the basic system model:

· Intelligent systems
- Machine learning (e.g. neural networks) = branch of artificial intelligence that
allows systems to learn by identifying meaningful patterns when processing massive
amounts of data.
- Neural networks = approximate the functioning of the brain by creating common
patterns in the data and then comparing new data to learned patterns to make a


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


- Expert systems (ES) = type of intelligent system that uses reasoning methods based
on knowledge about a specific problem domain in order to provide advice, much like
a human expert.
Architecture of an Expert System:

- Intelligent agents = program that works in the background to provide some service
when specific events occurs. There are several types of agents for use in a broad
range of contexts, including the following:
1. User agents = agents that automatically perform a task for a user.
2. Buyer agents (shopping bots) = agents that search to find the best price for a
particular product you wish to purchase
3. monitoring and sensing agents = agents that keep track of key data, notifying the
user when conditions change
4. data mining agents = agents that continuously analyse large data warehouses to
detect changes deemed important by a user, sending a notification when such
changes occur
5. Web crawlers = agents that continuously browse the web for specific information
– web spiders.
6. Destructive agents = malicious agents designed by spammers and other internet
attackers to farm e-mail addresses off websites or deposit spyware on machines.
· Knowledge management systems = the processes an organization uses to gain the
greatest value from its knowledge assets.
knowledge assets = the underlying skills, routines, practices, principles, formulas,
methods, heuristics and intuitions whether explicit or tacit.
Explicit knowledge = easily codified and documented
Tacit knowledge = embossed in people’s minds, hard to get at, important for the
best practices.
Goal: gain the greatest value from knowledge assets.

Social network analysis = technique that maps people’s contacts to discover connections or
missing links within the organization. Can help to analyse collaboration patterns.


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Information Visualization
· Dashboards
- Comprised of key performance indicators (KPIs)
- Visual display of summary information
- Aid in situational awareness and decision making
· Visual analytics
- interactive graphics for complex analysis
· Geographic information systems = system for creating, storing, analysing and
managing geographically referenced information.
- Visualizing geographic information
- various industries: agriculture, banking, disaster response, environment and
conservation, insurance, government, law enforcement, marine biology, media, etc.
· 3D – virtual reality

Key players: SAS, MicroStrategy, and other BI leaders

Business Intelligence is becoming big business
· Independent Pure Play analytic companies: SAS, MicroStrategy
· Larger integrated companies: IBM, SAP, Oracle, Microsoft
· Specialized companies also exist that focus on very specific aspects of business

Week 5 – Chapter 7 Enhancing Business Processes using Enterprise IS

Part 1 Core business Processes (page 278-286)

Functional view vs process view:

Functional structure:
Allows economies of scale within functional Slow response time to environmental
departments changes
Enables localized knowledge and skill May cause decisions to escalate
development unnecessarily
Enables organization to accomplish Leads to poor horizontal coordination
functional goals among departments
Works best with limited product lines Less innovative (in terms of cross-dept idea
Restricted view of organizational goals


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Business process perspective

Flexibility and rapid response to changes in Determining core processes to organize
customer needs around is difficult and time consuming
Directs the attention of every party Requires changes in culture, job design,
involved toward the creation and delivery management philosophy, information and
of value to customers reward systems
Employees have a holistic view of Dissatisfaction among existing managers
organizational goals due to power erosion
Promotes a focus on teamwork and Requires significant training of employees
collaboration – common commitment to to work effectively in a horizontal team
meeting objectives environment
Improves quality of life for employees by Can limit localized skill development
offering them the opportunity to share
responsibility, make decisions, and be
accountable for outcomes

For pursuing chosen strategy, what will differentiate successful companies from
unsuccessful ones? à Difference is made by thinking in business processes.
Consequence: chosen competitive advantage strategy determines the business process


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Different core business processes:

1. Order-to-cash = the process of selling goods or services and collecting revenue for
them. Functional areas:
- Marketing and Sales
- Accounting and Finance
- Manufacturing and Operations

2. Procure-to-pay = the process of ordering goods or services and paying for them.
Functional areas in Pocure-to-Pay:
- Supply chain management
- Accounting and Finance
- Manufacturing and operations

3. Make-to-stock = goods are produced based on forecasts and are stocked in a

warehouse (push-based approach)

4. Make-to-order = raw materials, subcomponents and accessories are procured based

on forecasts, but actual manufacturing does not start until an order is received (pull-
based approach)


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Organizational activities along the value chain:

1. Core activities:
· Inbound logistics = business activities associated with receiving and stocking
raw materials, parts and products
· Operations and manufacturing activities = transform inputs into outputs
· Outbound logistics activities = activities which mirror those of inbound
logistics. Focuses on the distribution of end products within the order-to-cash
business process.
· Marketing and sales activities = associated primarily with the presales
activities of the company. Marketing literature, communication with potential
and existing customers, pricing of goods and services.
· Customer service activities = focuses on post-sales activities.
2. Support activities = enable the primary activities to take place:
· Administrative activities = focus on processes and decision making that
orchestrate the day-to-day operations of an organization.
· Infrastructure activities = hardware and software that must be implemented
to provide the necessary components that facilitate both primary and support
· Human resource activities = all business activities associated with employee
management, such as hiring, interview, payroll and benefits management.
· Technology development activities = design and development of applications
that support the primary business activities.
· Procurement activities = purchasing of goods and services that are required
as inputs to the primary activities.
Value chain:

Value system = information flows from one company’s value chain to another company’s
value chain


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Upstream information flow = information that is received from another organization

Downstream information flow = information that is produced by a company and sent along
to another organization.

Part 2 Business Process Management (page 293-295)

Ford Case


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


à Business Process Reengineering (BPR): radical redesign

à BPR – success but also failure (downsizing)

Business process management (BPM) = a systematic, structured improvement approach by

all or part of an organization whereby people critically examine, rethink and redesign
business processes in order to achieve dramatic improvements in one or more performance
measures, such as quality, cycle time or costs.
1.Process modelling, 2. Process analysis, 3. Process redesign
Business process reengineering (BPR) = based on the notion that radical redesign of an
organization is sometimes necessary in order to lower costs and increase quality and that
information systems are the key enabler for the radical change.
The conditions that appear to lead to a successful business process improvement effort
include the following:
· Support by senior management
· Shared vision by all organizational members
· Realistic expectations
· Participants empowered to make changes
· The right people participating
· Sound management practices
· Appropriate funding

Business process management:

1. Process identification
2. Process discovery (process architecture)
3. Process analysis (weaknesses and their impact)
4. Process redesign (to-be process model)
5. Process implementation (executable process model)
6. Process monitoring and controlling (conformance and performance insights)
/ 7. Process discovery /
Or shorter:
1. Process modelling
2. Process analysis
3. Process redesign


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


1. Process modelling – BPMN (Business Process Model and Nation)

· Different representation of concepts
· Different level of granularity
· Different level of scope
· Different terminology
à What is the right process?
Core elements of a process:
- What needs to be done and when? à Control flow
- What do we need to work on? à Artefacts
- Who is doing the work? à Resources (human & systems)

· Activities (control flow)

- Active elements (e.g. enter invoice details)
- Time-consuming, resource-demanding
- State-changing
· Events (control flow)
- Passive elements (e.g. invoice received)
- Represent conditions/circumstances
- Automatic, instantaneous (no time-consuming)
· Business objects (or Artefacts)
- Organizational artefacts that undergo state changes
- Physical or electronic information
- Examples: sales order, digital object, consulting proposal
· Actors (or Resources)
- The entitites performing process activities and generating activities
- Human / systems
- Examples: financial officer, warehouse clerk. ERP, CRM, SAP, Application X


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


· Exclusive Decision / Merge
- Indicates locations within a business process where the sequence flow can
take two or more alternative paths
- Only one of the paths can be taken
- Depicted by a diamond shape that may contain a marker that is shaped like
an X
· Parallel Fork / Join
- Provide a mechanism to synchronize parallel flow and to create parallel
- Depicted by a diamond shape that must contain a marker that is shaped
like a plus sign, +.

Lanes and pools in BPMN:

· Only message flows between different pools!
· Order management process with pools: sequence flows within the pool!
· Order management process with lanes: the customer process is left as black-box

2. Process analysis: Why-why diagrams

· Tree-like diagrams
· Why has something happened?


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


3. Process redesign (heuristics)

Activity elimination Eliminate unnecessary activities from a business process: is
activity X adding value?
Activity composition Combine small activities into composite activities and divide
large activities in workable small activities
Contact Reduction Reduce the number of contacts with customers and third parties
Activity Automation Consider automating activities
Re-sequencing Move activities to more appropriate places
Parallelism Consider whether activities may be executed in parallel
Outsourcing Consider outsourcing a business process completely or parts of it
Interfacing Consider a standardized interface with customers and partners

As- Is and To-Be as illustrated in the Ford Case Study. The illustrated model is not a BPMN
process model!

The Devil’s Quadrangle

- Time decreases
- Cost lowers
- Quality improves
- Flexibility increases

Part 3 Enabling Business processing using ERP (page 299-300)

Enterprise resource planning (ERP) = the most enterprise-wide information systems. Make
accessing information easier by providing a central information repository, giving personnel
access to accurate, up-to-date information throughout the organization.
ERP control = locus of control over the computing systems and data contained in those
systems, as well as decision making authority.
ERP core components = support the important internal activities of the organization for
producing its products and services. These components support internal operations such as
financial, operations and human resource management.
ERP extended components =support the primary external activities of the organization for
dealing with suppliers and customers. Focus primarily on supply chain management and
customer relationship management


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


· ERP systems support core business processes: Oracle, SAP, ..

· Assist with:
- Order-to-cash
- Procure-to-pay
- Make-to-stock / Make-to-order
- Other business processes
· Often packaged industry-specific ERP versions
- Support industry-specific core processes: health care, automotive, construction,
retail, specialized manufacturing industries.

Week 5 – Chapter 8 Strengthening Business-to-Business relationships via Supply chain &

Customer relationship management

Supply chain = A collection of companies and processes involved in moving a product from
the suppliers of raw materials to the suppliers of intermediate components, then to the final
production and ultimately to the customer.
à Referred to as a ‘chain’ as one supplier feeds into the next, then the next, then the next.
à A ‘network’ more accurate because businesses have multiple suppliers, who have
multiple suppliers.
A typical supply network:

Electronic data interchange (EDI)= computer-to-computer communication following certain

Portals = access points (or front doors) through which a business partner accesses secured,
proprietary information that may be dispersed throughout an organization.
Supplier portals = subset of an organization’s extranet designed to automate the business
processes that occur before, during and after sales have been transacted between the
organization and its multiple suppliers.


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Business-to-business market places = operated by third-party vendors, they are built and
maintained by a separate entity rather than being associated with a particular buyer or
Vertical markets = markets comprised of firms operating within a certain industry sector.

Benefits of effectively Managing Supply Chains:

· Just-in-time production = inventory delivered just as it is needed; minimizes stock
and handling costs; reduces obsolescence charges
· Vendor-managed inventory = vendors track usage and replenish supplies
· Reducing the Bullwhip effect
- Ripple effects due to forecast errors
- Coordinated supply chain helps mitigate this: implement integrated business
· Corporate social responsibility
- Product recalls, sustainable business practices

Developing a Supply Chain Management

· Trade-offs
à Supply chain efficiency
- minimizes cost, but increased risk of stock-outs
- may sacrifice customer service
à Supply chain effectiveness
- Maximizes likelihood of meeting objectives, maximizes customer service
- Increased costs associated with: redundancy, sticking levels, cross-functionality

Supply chain planning (SCP) = the development of various resource plans to support the
efficient and effective production of goods and services. Four key processes are generally
supported by SCP modules:
1. Demand planning and forecasting
2. Distribution planning
3. Production scheduling
4. Inventory and safety stock planning


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Supply chain execution = the execution of SCP. SCE puts the SCM planning into motion and
reflects the processes involved in improving the collaboration of all members of the supply
SCE focuses on the efficient and effective flow of products, information and finances along
the supply chain.
Supply chain visibility = the ability not only to track products as they move through the
supply chain but also to foresee external events.
Supply chain analytics = use of key performance indicators to monitor performance of the
entire supply chain.

Today’s empowered customers have many ways to obtain and spread information and
opinions about companies.

Customer relationships:
· Widen = attract new customers
· Lengthen = keep current customers satisfied
· Deepen = transform minor customers into profitable customers

Customer relationship management = to assist in deploying an organization-wide strategy

for managing these increasingly complex customer relationships. It is not simply a
technology, but also a corporate-level strategy to create and maintain lasting relationships
with customers by concentrating on downstream information flows.

Companies have to realize that a successful CRM strategy must include enterprise-wide
changes, including changes to:
· Policies and business processes
· Customer service
· Employee training
· Data collection, analysis and sharing
Developing a CRM strategy:


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


A comprehensive CRM system comprises three primary components:

· Operational CRM = systems for automating the fundamental business processes
(marketing, sales and support) for interacting with the customer.
· Analytic CRM = systems for analysing customer behaviour and perceptions in order
to provide business intelligence
· Collaborative CRM = systems for providing effective and efficient communication
with the customer from the entire organization.
Architecture of a CRM System:

Operational CRM environment à used to enable customer interaction and service

Sales force automation = modules that support the day-to-day sales activities of an
Customer service and support (CSS) = modules that automate service request, complaints,
product returns and information requests.
Customer engagement center (CEC) = using multiple communication channels to support
communication preferences of customer.
Enterprise marketing management (EMM) = tools help a company in the execution of the
CRM strategy by improving the management of promotional campaigns
Social CRM = use of social media for customer relationship management
Collaborative CRM enhances communication in the following ways:
· Greater customer focus
· Lower communication barriers
· Increased information integration


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Week 6 – Chapter 9 Developing and acquiring IS

Making the business case = process of identifying, quantifying and presenting the value
provided by the system.
The productivity paradox:

Technology in itself does not improve productivity, but the way it is applied in an enterprise
Keep in mind: a series of problems that limit the paradox’s applicability in practice.
Factors leading to IS productivity paradox:
· Measurement
· Time lags
· Redistribution
· Mismanagement

Three types of arguments commonly made in business cases for an IS:

· Faith = arguments based on beliefs about organizational strategy, competitive
advantage, industry forces, customer perceptions, market share, and so on.
- Strategic arguments
- Based on mission or objectives
- E.g. corporate context
· Fear = arguments based on the notion that if the system is not implemented, the firm
will lose out to the competition or worse go out of business.
- Competitive musts
- Regulatory requirements
· Fact = arguments based on data, quantitative analysis, and/or indisputable factors
- Cost: TCO (total cost of ownership), recurring / non-recurring cost, tangible /
intangible cost
- Benefits: tangible / intangible benefit
A successful business case will be based on faith, fear and fact
Analyses to make your case:
· Cost-benefit analysis = simple comparison of total (tangible) cost and benefits
expected from any investment alternative.
· Break-even analysis = Identification of point in time at which (tangible) benefits
outweigh the total cost incurred.
· Net-present-value analysis = in light of an expected rate of return (discount rate),
present value of all of an investment’s (expected) future cash flows.
· Internal rate of return (IRR) = Calculation of virtual interest rate for investments into
one project
Presenting the business case:


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


· Know the audience

- Different stakeholders have different perspectives on the project
- Know what matters to whom and why so (a little treat for all)
- Tailor the story you tell accordingly
· Convert benefits to monetary terms
- Make your benefits concrete (facts over faith and fear)
- Easier to compare money with money (invest vs. return)
- Example: quantify time savings (i.e. process cost)
· Devise proxy variables
- Make intangibles as tangible as possible
- Think of alternative ways of expressing things
- Example: 5-point scale for value-added tasks
· Measure (and know) what is important to management
- Based on the three points above
- Come up with clear KPIs and target values for your project
- Advice: assign responsibility for benefits to where they occur

Your case’s audience à stakeholders:

- Users
- Steering committee
- Business departments
- IT executives
- Managers

Custom software à Developed to meet specifications of organization.

Off-the-shelve à used to support common business processes that do not require any
specific tailoring.
Custom software advantages:
- Customizability
- Problem specificity
Off-the-shelve advantages:
- Less costly
- Faster to procure
- Higher of quality
- Less risky


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


The “Make or Buy” decision:

- Off-the shelve:
· Buy the application and run it by yourself
- Commercial software packages with standard features
- Cost effective and time saving compared with in-house development
- Integration with existing software is challenging
· Lease the application and run it by yourself
- Can save time and money
- Might not exactly fit company’s requirements
- 80/20 rule: meet 80% of needs, change company to utilize remaining 20%
· Consume services (software-as-a-service)
- Vendor hosts applications and provide them as service
- Customer pays for the service based on actual usage (on-demand)
- Substantially reduces needed infrastructure, money, time, IT staff
- Custom:
· Develop the application yourself

Open source software = the program’s source code is freely available for use and/or
modification. It owes its success to the inputs from a large user base, helping to fix problems
or improve the software.
· Products whose source code is open (i.e. public) often maintained by community of
· While so called distributions often come with licenses, the base product is free to use
and change
· Cost effective and customizable alternative to proprietary, commercial products
while still based on tested ‘best practice’

System development life cycle (SDLC) = describes the life of an information system from
conception to retirement. The System Development Life Cycle has 4 phases:
1. System planning and selection
2. System analysis
3. System design
4. System implementation and operation


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


1. Systems planning and selection

· Individual systems
· (Strategic) Application portfolio management
- Like in an investment portfolio, application portfolios look for an optimal way to
align needs with current assets
- Basis for IT projects and investment decisions (from ‘as is’ to ‘to be’)
- Different approaches and frameworks
· Architecture management

2. Systems analysis
· Requirements
- Requirements determination
- Requirements management
· Modelling
- Data
- Processes and logic
- UML: most useful à use case. Advanced à states, classes, sequences, activities
Key system requirements:
· Functional requirements:
- Define the provided services
- Describe the system functionalities
- Describe the system behaviour
- Describe the system reactions
· Non-functional requirements
- Specification of quality of services
- Constraints on the services (e.g. timing constraints, fault tolerance, exception

3. Systems design
· Translation of the analyses’ results into a blueprint for the system
· Layers of the system
- Human-computer-interaction
- Processing and logic
- Data (and files) and databases
Design artefacts:
· HCI: wireframes, interface mock-ups
· Process and logic: flow charts, click-troughs
· Database: master data, object relations


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


4. Systems implementation and operation

· Programming and testing
· Documenting
· Conversion (change-over)
· Training and support
Change-over strategies:
· Big bang / Direct = old system is discontinued on one day and the new is used on the
· Phased = parts of the new system are implemented over time
· Parallel = old and new systems are used at the same time
· Pilot (single location) = entire system is used in one location

5. Systems maintenance
· Types of maintenance:
- Corrective (e.g. bug fixes)
- Adaptive (e.g. updating UI to enhance processing flow)
- Preventive (e.g. security issues)
- Perfective (e.g. bells and whistles)
· Documentation as important as with development
· Traceability and ability to roll-back
· Distribution / patch management
· Can be seen as an SDLC-cycle in itself
6. Systems retiring
· Picks up portfolio perspective from (1) again
· Identifies applications not / no longer required
· Important to keep portfolio clean and remove complexity
· Plan retirement carefully
- Diligent work in steps (1-4) essential for effective retiring


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Structured vs Agile development

· Most development models can be associated with any one of the two major schools
of thought
STRUCTURED AGILE (Rapid prototyping)
Plan-driven Requirements-driven
Sequential stages Iterative cycles
Pre-planned Incremental
Completing goals Approximating requirements
One overall final product Series of intermediary releases
· No right or wrong software processes
· Most projects include notions of both plan-driven and incremental
· Match characteristics to the development project at hand

Selection process for off-the-shelf approach:

1. Understand Requirements
- Understanding user requirements will help to determine the needed functionality
- The challenge is to find the best fit between the product and the organization
- Done diligently, helps to reduce costly changes later in the project
2. Evaluate Products
- Software packages can be compared
- Ranking based on objective criteria: Functionality of product, capabilities of the
vendor, availability of maintenance and updates.
3. Select and Purchase
- Base selection on a correct understanding of user requirements
- Evaluate with appropriate procedures
- Strong Business case is needed to ensure the support of senior management

Vendor and software selection:

Example: ERP Selection


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


ERP control & ERP business requirements VS ERP Core Components & Extended
ERP installation
· The implementation and operation equivalent
of the buy decision
· Be advised of limitations!
- The plain vanilla fallacy
· Interested?
- Managing technological change

Five recommendations:
· Secure executive sponsorship
· Get help from (outside) experts
· Thoroughly train users
· Multidisciplinary implementation
· Evolve the implementation

Multidisciplinary implementations à especially in culture-oriented transformation projects

A special kind of “buy”

· Rather than doing something itself, a company hires a specialized provider
· Both for functions (e.g. payroll) as well as for specific assets (e.g. IT, fleet)
· Re-locating operations (whether in house or outsourced) to other countries to make
use of country-specific advantages
· Near-shoring (e.g. Eastern Europe) vs. far-shoring (e.g. Asia)


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Week 7 – Chapter 10 Securing Information Systems

Computer crime = use of a computer to commit an illegal act.

Computer criminals come in all shapes and sizes, in order of infractions they are:
1. Current or former employees: most organizations report insider abuses as their most
common crime
2. People with technical knowledge who commit business or information sabotage for
personal gain
3. Career criminals who use computers to assist in crime
4. Outside crackers – commit millions of intrusions per year
Studies show that only 10% of cracker attacks cause damage

How do they do it?

· Technology:
- Vulnerability scanners = automatically test targeted systems for weaknesses
- Packet sniffers = analyse network traffic and capture unecrypted passwords,
keyloggers or tools to break passwords using a brute-force approach
- Keyloggers = can capture every keystroke and thus gather information such as e-
mail addresses, passwords and credit card numbers.
- Brute force
· Exploiting human weaknesses:
- Phishing = attempts to trick financial account and credit card holders into giving
away their authentication information, usually by sending spam messages to literally
millions of e-mail accounts.
- Spear phishing = more sophisticated fraudulent e-mail attack that targets a specific
person or organization by personalizing the message (phishing with a spear rather
than a broad net) in order to make the message appear as if it is from a trusted
source such as an individual within the recipient’s company, a government entity or a
well-known company.
- Social engineering = misrepresenting oneself to trick others into revealing
- Shoulder surfing = looking over one’s shoulder while the person is keying in access
- Dumpster diving = sourcing wastebaskets for potentially useful information

Professionalize password use: (1) Longer than 8 characters (2) multiple passwords (3)
exclude dictionary words / repeating letters/symbols.

Unauthorized access = whenever people who are not authorized to see, manipulate or
otherwise handle information look through electronically stored information for interesting
or useful data, peek at monitors displaying proprietary or confidential information or
intercept electronic information on the way to its destination.
Insider threats = trusted adversaries who operate within an organization’s boundaries and
are a significant danger to both private and public sectors.
Backdoors = hidden access points allowing for unauthorized access.


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Information modification = when someone accesses electronic information and then

changes the information in some way, such as when crackers hack into government Web
sites and change information or when employees give themselves electronic raises and

With the popularity of mobile devices like smartphones and tablets, many additional security
threats have emerged. Mobile threats:
· Individuals lose their mobile devices and don’t have capabilities to remotely wipe
data from the device
· Individuals keep sensitive data on mobile devices and do not use passcodes
· Individuals ‘jailbreaking’ their mobile phones. Jailbreaking = modify the operating
system to remove manufacturer or carrier restrictions
· Individuals use poorly designed mobile applications that can have security
· Individuals use unsecure wireless networks, leaving their devices vulnerable to
different types of attacks

Malware = malicious software, continues to have a tremendous economic impact on the


Computer viruses and other destructive code

· Computer viruses = destructive program that disrupts the normal functioning of
computer systems. Viruses differ from other types of malicious code in that they can
reproduce themselves.
· Worms = a variation of a virus that is targeted at networks, is designed to spread by
itself, without the need for an infected host file to be shared.
· Trojan horses = appear to be legitimate, benign programs, but carry a destructive
payload. Unlike viruses, Trojan horses do not replicate themselves, but, like viruses,
can do much damage.
· Logic bombs/time bombs = variations of Trojan horses. They lie in wait for
unsuspecting computer users to perform a triggering operation. Time bombs are set
off by specific dates, such as the birthday of a famous person. Logic bombs are set off
by certain types of operations, such as entering a specific password.
· Ransomware = holds a user’s computer hostage by locking or taking control of the
user’s computer or encrypting files or document.
· Denial of service = when electronic intruders deliberately attempt to prevent
legitimate users of a service from using that service, often by using up all of a
system’s resources. To execute such attacks, intruders often create armies of zombie
computers by infecting computers that are located in homes, schools and businesses
with viruses or worms.
· Spyware = any software that covertly gathers information about a user through an
internet connection without the user’s knowledge. Spyware can monitor your activity
and secretly transmit that information to someone else.
· Spam = Electronic junk mail or junk newsgroup postings, usually for the purpose of
advertising for some product and/or service. Spam is rampant and consumes an
enormous amount of human and technology resources.


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


· Internet hoax = a false message circulated online about new viruses. In most cases,
the consequences of passing on a hoax will be small and your friends will just ridicule
you; in other cases, spammers use such hoaxes to harvest e-mail addresses to
identify future targets.
· Cookies = small text file passed to a web browser on a user’s computer by a web
server. The browser then stores the message in a text file and the message is sent
back to the server each time the user’s browser requests a page from that server.
· Rise of botnets = destructive software robots called bots, working together on a
collection of zombie computers via the internet (called botnets) have become the
standard method of operation for professional cybercriminals. Attacks using are
emerging into a global supply chain of highly specialized criminals.
· Identity theft = stealing of another’s person’s Social Security number, credit card
number and other personal information for the purpose of using the victim’s credit
rating to borrow money, buy merchandise and otherwise run up debts that are never

Cyber harassment = a crime in many states and countries, broadly refers to the use of
computer to communicate obscene, vulgar or threatening content that causes a reasonable
person to endure distress.
Cyberstalking = repeated contacts with a victim. Cyberstalking can take many forms.
Cyberbullying = deliberately cause emotional distress in the victim.
Online predators = target vulnerable people, usually the young or old, for sexual or financial
Software piracy
Patents = process, machine or material inventions.
Copyrights = creations of the mind such as music, literature and software.
Reverse engineering = when computer criminals disassemble the software
Key generators = can be used to generate fake license keys to circumvent the protection
In many parts of the world, using pirated software is a common practice.
Cybersquatting = the dubious practice of registering a domain name and then trying to sell
the name for big bucks to the person, company r organization most likely to want it.


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Cyberwar Vulnerabilities
Cyberwar = an organized attempt by a country’s military to disrupt or destroy the
information and communication systems of another country. Cyberwar is often executed
simultaneously with traditional methods to quickly dissipate the capabilities of an enemy
and intelligence agencies from countries around the world are secretly testing networks and
looking for weaknesses in their potential enemies’ computer systems.
Goal cyberwar: turn the balance of information and knowledge in one’s favour in order to
enhance one’s capabilities while diminishing those of an opponent.
Cyberwar à uses technologies to intrude into an enemy’s IS infrastructure in order to
diminish various capabilities, including the following:
· Command-and-control systems
· Intelligence collection, processing and distribution systems
· Tactical communication systems and methods
· Troop and weapon positioning systems
· Friend-or-foe identification systems
· Smart weapons systems
Web vandalism = can occur by simply defacing web sites.
Patriot hackers = independent citizens or supporters of a country that perpetrate attacks on
perceived or real enemies.
Stuxnet = computer worm designed to find and infect a particular piece of industrial
hardware inside Iranian nuclear plants.
Cyberterrorism = use of computer and networking technologies against persons or property
to intimidate or coerce governments, civilians or any segment of society in order to attain
political, religious or ideological goals.

Threats to IS security
The primary threats to the security of information systems include:
· Natural disasters: power outrage, hurricanes, floods
· Accidents: inexperienced or careless computer operators
· Employees and consultants: people within an organization who have access to
electronic files
· Links to outside business contacts: electronic information that can be at risk when it
travels between or among business affiliates as part of doing business
· Outsiders: hackers and crackers who penetrate networks and computer systems to
snoop or to cause damage.


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Information system security = precautions taken to keep all aspects of information systems
safe from destruction, manipulation or unauthorized use or access, while providing the
intended functionality to legitimate users.
Securing against these threats must consider these primary goals:
· Availability
Ensuring that legitimate users can access the system
· Integrity
Preventing unauthorized manipulations of data and systems
· Confidentiality
Protecting data from unauthorized access
· Accountability
Ensuring that actions can be traced
The process of Information Security

Information systems security is an ongoing process!

Assessing IS risks
Information systems risk assessment à to obtain an understanding of the risks to the
availability, integrity and confidentiality of data and systems.
Threats = undesirable events that can cause
harm and can arise from actions performed
by agents internal or external to the
Vulnerabilities = weaknesses in an
organization’s systems or security policies
that can be exploited to cause damage and
can encompass both known vulnerabilities
and expected vulnerabilities.

Organizations have to understand the

interplay between threats, vulnerabilities
and impacts to plan and implement effective
IS controls.

à Interplay between threats, vulnerabilities and impacts


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Options for addressing risk:

· Risk reduction
Actively installing countermeasures
Condition: high risk cannot be accepted
· Risk acceptance
Accepting any losses that occur
Condition: there exists a low likelihood/impact + other factors are more important
than security
· Risk transference
Have someone else absorb the risk (insurance, outsourcing)
Condition: other parties may be better equipped to manage the risk
· Risk avoidance
Using alternative means, avoiding risky tasks
Condition: risk is unmanageable + risk is too high

Developing a security strategy

· After assessing risk, a strategy is developed detailing the information security
· Types of controls:
- Preventive controls = to prevent any potentially negative event from occurring,
such as by preventing outside intruders from accessing a facility
- Detective controls = to assess whether anything went wrong, such as unauthorized
access attempts and to limit danger
- Corrective controls = to mitigate the impact of any problem after it has arisen, such
as restoring compromised data
· Use the principles of least permissions and least privileges à users should only be
given access to the systems, data or resources that are needed to perform their
duties and restricting access to other resources.
Developing a security strategy: Policies & Procedures
· Not all security measures are technical in nature. Managerial activities are important
· Policies and procedures include:
- Information policy = outlines how sensitive information will be handles, stored,
transmitted and destroyed
- Security policy = explains technical controls on all organizational computer systems,
such as access limitations, audit-control software, firewalls and so on.
- Use policy = outlines the organization’s policy regarding appropriate use of in-house
computer systems; may mandate no internet surfing, use of company computer
systems only for employment-related purposes, restricted use of social networking
and e-mail and so on.
- Backup policy = explains requirements for backing up information, so that critical
data can be restored in case of data loss.
- Account management policy = lists procedures for adding new users to systems
and removing users who have left the organization
- Incident handling procedures = lists procedures to follow when handling a security
- Disaster recovery plan = lists all the steps an organization will take to restore
computer operations in case of a natural or deliberate disaster.


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Developing a security strategy: Disaster planning

· Business continuity plan = how a business continues operating after a disaster,
before normal operations have been restored.
· Disaster recovery plan = detailed procedures for recovering from systems-related
· Questions for a disaster recovery plan:
- What events are considered a disaster
- What should be done to prepare the backup site?
- What is the chain of command; who declares a disaster?
- What hardware and software are needed?
- Which personnel are needed?
- What is the sequence for moving back to the original location?
- Which providers can be drawn on to aid in disaster recovery?
Developing a security strategy: Backups
· Backup sites are critical for business continuity in the event a disaster strikes
· Backup media include CD, external hard drives and tapes
· Cold backup site = an empty warehouse with all necessary connections for power
and communication but nothing else
· Hot backup site = fully equipped backup facility, all needed equipment and one-to-
one replication of current data
Developing a security strategy: designing the recovery plan
· Recovery time objectives
- Specify the maximum time allowed to recover from a catastrophic event
- Minutes, hours, days?
· Recovery point objectives
- Specify how current the backup data should be
- Mission-critical transaction data need to be very current
- Hot backup involves mirrored data (i.e. everything is stored synchronously on two
independent systems)

Implementing Controls and Training

Commonly used controls:
· Physical access restrictions
· Firewalls
· Encryption
· Virus monitoring and prevention
· Secure data centers
· Systems development controls
· Human controls


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Physical access restrictions

· Physical access controls typically focus on authentication
- Something you have: keys, smart cards
- Something you know: password, PIN code
- Something you are: biometrics
· Methods for implementing physical access control:
- Biometrics:
Identification via fingerprints, retinal patterns in the eye, facial features or other
bodily characteristics à one of the most sophisticated forms of governing access to
systems, data and/or facilities.
- Access Control Software
Allowing computer users access only to those files related to their work.
Restricting type of access (read, write, delete, etc.)
- Wireless LAN (WLAN) controls
Securing wireless networks prevents drive-by hacking
- Virtual Private Networks (VPN)
Also called a secure tunnel
Implementing controls and training: encryption and VPN

Firewalls = part of a computer system designed to detect intrusion and prevent

unauthorized access to or from a private network. A “security fence”. A firewall blocks
unauthorized access to organizational systems and data, while permitting authorized
communication to flow in and out of the organization to the broader internet.
Encryption= process of encoding messages using an encryption key before they enter the
network or airwaves, then decoding them using a matching key at the receiving end of the
transmission so that the intended recipients can read or hear them.


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Filter traffic:
- Incoming and/or outgoing traffic
- Filter based on traffic type
- Filter based on traffic source
- Filter based on traffic destination
- Filter based on combination of parameters

Virus monitoring and preventing

Standard precautions:
· Purchase, install and maintain antivirus software
· Do not use flash drives or shareware from unknown or suspect sources
· Use reputable sources when downloading material from the Internet
· Delete without opening any e-mail message received from an unknown source
· Do not blindly open e-mail attachments, even if they come from a known source
· If your computer system contracts a virus, report it

Implementing controls and training: secure data centers

Securing the facility’s infrastructure:
· Site selection = organizations should ensure that data centers are not built in areas
that are prone to earthquakes, floods, hurricanes or other damaging natural forces.
· Physical access restrictions = data centers should be protected from intruders using
measures such as fences, barriers and security guards.
· Intrusion detection = closes circuit television (CCTV) should monitor the physical
interior and/or exterior of a facility for physical intruders, allowing in-house security
personnel or outside security service to detect and immediately report suspicious
· Uninterruptible power supply = data centers should be self-sufficient and be able to
operate for a pre-specified time period on self-generated power.
· Protection from environmental threats

Implementing controls and training: other controls

· System development controls = ensuring that all systems are properly developed,
acquired and maintained.
· Human controls = human safeguards can help to protect IS, specifically ethic, laws
and effective management.
· Deployment and training = personnel throughout the organization should receive
training about the security policies and plans for disaster recovery and be prepared
to perform assigned tasks in that regard.


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)


Monitoring security
Organizations should monitor internal and external threats and vulnerabilities to ensure the
effectiveness of there is controls.
· Monitoring external events
- Information sharing and analysis centers, unites states computer emergency
readiness team
· IS auditing
- External entity reviews the controls to uncover any potential problems
· Sarbanes-Oxley act
- Best practices: Control Objectives for Information and related Technology (COBIT)
- COBIT = set of best practices that helps organization both maximize the benefits
from there is infrastructure and establish appropriate controls.
· Responding to security incidents
- Ability to rapidly respond
· Computer forensics
- use of formal investigative techniques to evaluate digital information for judicial
- honeypot = a computer, data or network site that is designed to be enticing to
crackers so as to detect, deflect or counteract illegal activity.
- Examining the computers of crime victims for evidence
- Auditing computer activity logs

Sarbanes-Oxley Act
The Sarbanes-Oxley (S-OX) Act addresses financial controls
· Companies must demonstrate that controls are in place
· Companies must preserve evidence documenting compliance
· Information systems typically used to meet compliance requirements
· Growing need for IS auditors

The state of IS security management

· Information security is a huge management challenge
- in 2013, malware introduced into Target’s point-of-sale system captured the credit
card data of 40 million shoppers
· 2013 US state of Cybercrime Security survey
- 38 percent of executives indicate lack of good security assessment methodology
- Greatest security threats from crackers, insiders and foreign nation-states
- Insider attacks more costly than external threats
- Executives use free internet sites for security information; not necessarily reliable

Course Closure:
· Technological progress improves economy of scale; productivity frontier
· Technological innovations initiate change
· The winner takes all (Facebook, Zalando, top 10 tech billionaires)


Downloaded by Ashagre Mekuria (ashagremekuria2@gmail.com)