13. Information Technology Economics
14. Building Information Systems
15. Managing Information Resources and Security
16. Impacts of IT on Organizations, Individuals, and
Resources: From National to
On January 1, 2000, the world was relieved to know that the damage to infor- mation systems due to the YK2 problem was minimal. However, only about six weeks into the new millennium, computer systems around the world were at- tacked, unexpectedly, by criminals.
On February 6, 2000, the biggest e-commerce sites were falling like domi- nos. First was Yahoo, which was forced to close down for three hours. Next were eBay, Amazon.com, E*Trade, and several other major EC and Internet sites that had gone dark.
The attacker(s) used a method called denial of service (DoS). By hammering a Web site\u2019s equipment with too many requests for information, an attacker can effectively clog a system, slowing performance or even crashing a site. All one needs to do is to get the DoS software (available for free in many hacking sites), break into unrelated unprotected computers and plant some software there, se- lect a target site, and instruct the unprotected computers to repeatedly send re- quests for information to the target site. It is like constantly dialing a telephone number so that no one else can get through. It takes time for the attacked site to identify the sending computers and to block e-mails from them. Thus, the attacked site may be out-of-service for a few hours.
The magnitude of the damage was so large that on February 9, the U.S. Attorney General pledged to track down the criminals and ensure that the Internet remains secure. This assurance did not last too long, as can be seen from the following story told by Professor Turban:
When I opened my e-mail on May 4, 2000, I noticed immediately that the number of messages was larger than usual. A closer observation revealed that about 20 mes- sages were titled I LOVE YOU, and most of them came from faculty, secretaries, and administrators at City University of Hong Kong. It was not my birthday and there was no reason to believe that so many people would send me love messages the same day. My initial thought was to open one message to \ufb01nd out what\u2019s going on. But, on second thought I remembered the \u201cMelissa\u201d virus and the instructions not to open any attachment of a strange e-mail. I picked up the telephone and called one of the senders, who told me not to open the attachment since it contained a deadly virus.
Although Professor Turban\u2019s system escaped the virus, thousands of users worldwide opened the \u201clove\u201d attachment and released the bug. It is interesting to note that the alleged attacker, from the Philippines, was not prosecuted be- cause he did not break any law in the Philippines. The damage, according to Zetter and Miastkowski (2000), was estimated at $8.7 billion worldwide.
Since May 2000 there have been more than a dozen major virus attacks, and hundreds of small ones, causing damages to organizations and individuals. (see Richardson, 2003).
company, or can attack many companies and individuals without discrimination, using various attack methods. Although variations of the attack methods are known, the defense against them is dif\ufb01cult and/or expensive. As the story of the \u201clove\u201d virus demonstrated, many countries do not have suf\ufb01cient laws to deal with computer criminals. For all of these reasons, protection of networked systems can be a complex issue.
The actions of people or of nature can cause an information system to func- tion in a way different from what was planned. It is important, therefore, to know how to ensure the continued operation of an IS and to know what to do if the system breaks down. These and similar issues are of concern to the man- agement of information resources, the subject of this chapter.
In this chapter we look at how the IS department and end users work to- gether; the role of the chief information of\ufb01cer; the issue of information secu- rity and control in general and of Web systems in particular. Finally, we deal with plans of business continuity after a disaster, and the costs of preventing computer hazards.
Throughout this book, we have seen that information systems are used to increase productivity and help achieve quality, timeliness, and satisfaction for both employees and customers. Most large, many medium, and even some small organizations around the world are strongly dependent on IT. Their informa- tion systems have considerable strategic importance.
IT resources are very diversi\ufb01ed; they include personnel assets, technology assets, and IT relationship assets. The management of information resources is divided between the information services department (ISD) and the end users.Infor-
planning, organizing, acquiring, maintaining, securing, and controlling of IT resources. The division of responsibility depends on many factors, beginning with the amount of IT assets and nature of duties involved in IRM, and ending with outsourcing policies. Decisions about the roles of each party are made during the IS planning (Chapter 9). (For some insights, see Sambamurthy et al., 2001.)
A major decision that must be made by senior management is where the ISD is to report in the organizational hierarchy. Partly for historical reasons, a common place to \ufb01nd the ISD is in the accounting or \ufb01nance department. In such situations, the ISD normally reports to the controller or the chief \ufb01nan- cial of\ufb01cer. The ISD might also report to one of the following: (1) a vice presi- dent of technology, (2) an executive vice president (e.g., for administration), or (4) the CEO.
organizations call the director of IS a chief information of\ufb01cer (CIO), a title similar to chief \ufb01nancial of\ufb01cer (CFO) and chief operating of\ufb01cer (COO). Typi- cally, only important or senior vice presidents receive this title. Other common titles are: vice president for IS, vice president for information technology, or director of
Now bringing you back...
Does that email address look wrong? Try again with a different email.