Managing Information and Technology

What is Information Management?

1. Data Acquisition

4. Archiving
2. Classification

5. Deletion
3. Analysis

It is the cycle of the above activities.

1. Data Acquisition

Data input such as payments, sales,

or adjusting journal entries.
2. Classification

Example: Posting of journal

entries to T-accounts
3. Analysis

Example: Income statements analysis

 4. Archiving
Data storage

Security of information

Speed when retrieving or

updating information
 5. Deletion

Due to limited capacity of

data storage.
What is Information Technology?
 Information Technology is the study,
design, development, implementation,
support, or management of computer-
based information systems—
particularly software applications and
computer hardware.
IT: Software applications and
computer hardware.

IT falls under the umbrella of

“Information Systems.”
 Why Information
Technology is Important?
  Increased Employee Productivity
 Secured Sensitive Information
 Improved Communication Processes
 Broaden Customer Bases
 Increased Employee Productivity

Enterprise software enables a firm to automate

back office functions such as record-keeping,
accounting, and payroll.

May result to reduced working hours, overtime,

and time spent correcting mistakes

Will reduce payroll costs.

 Secured Sensitive Information
*Multi-factor Authentication *Backups *Firewall
*Cloud Storage
 Improved Communication Processes
*Zoom *Skype *Teams *Messenger *Gmail
 Broaden Customer Bases
*FB Marketplace *Lazada *FoodPanda *LBC
 STRATEGIES
FOR AN
EFFECTIVE
INFORMATION
TECHNOLOGY
1. Aligning IT
Objectives
with Company
Objectives
Company
IT Objectives
Objectives
 Example: If you want to earn more by
reaching out more customers from
remote locations, then you may want
to try online selling and hiring third-
party food couriers

Online selling,
More profit, third-party
more customers food couriers
 Or if you want to speed up cashier
transactions, then you might want to try
acquiring a Point-of-Sale (POS) System.

Speed up cashier Point-of-Sale

transactions System
Do not fix something that is
not broken 
2. Establishing
IT Governance
Okay now you have lots of
IT projects to satisfy your
company objectives.

But is your fund and

manpower enough to finish
all your projects in time?
 IT governance is the
practice of capturing,
publishing, and regularly
reviewing all the IT
department’s project
requests with key company
managers.

It is about prioritizing
which IT projects should
come first.
3. Managing Electronic Risk
One high-risk issue that often surfaces is endpoint security. An
“endpoint” is a computer system on your network used by an
individual to interact with computer servers or applications.
 Endpoints can include:
PCs, laptops, smartphones, tablets, and
specialized components such as POS
terminals.
Endpoints are vulnerable because humans are vulnerable:
a. They will blindly click on a link in an email.
Beware of whatever they are sending us such as links. Those
links might lead us to a fake bank website than can phish our
confidential information such as usernames and passwords.
There are already reports about bank accounts and even
Facebook accounts that are hacked.
b. People will connect a laptop to an unfamiliar Wi-Fi network.
-Free Wi-Fi is great right? But be careful when connecting to
public Wi-Fis. These networks can hack and access our
personal and browsing information on our gadgets.
Follow these tips:
 Stick with HTTPS when browsing. Chrome will usually prompt
you when the site you are visiting uses an unencrypted HTTP
connection rather than an encrypted HTTPS encryption by
labeling HTTP "Not Secure."
 Do not give too much info such as e-mail address and phone
number. Stores and restaurants that do this want to be able to
recognize you across multiple Wi-Fi hotspots and tailor their
marketing accordingly
 Limit AirDrop and File Sharing
 Read the attached terms and conditions
 Use a VPN
All these innocent mistakes can lead to a loss or compromise of
sensitive data for an organization, and, therefore, might require a
public acknowledgment of breach by the company. As a part of
your security program, ensure your endpoint devices are well
protected.
Anti-virus is a must for most desktop and laptop systems.
Security patches are released monthly, or more frequently, and
should be applied quickly and in accordance with your
organization’s established framework and procedures.
Cloud Storage
Another high-risk security issue that should be evaluated is the
security of third parties responsible for storing, processing, or
transmitting data on your behalf such as Onedrive and Google
Drive. (Our MS Teams is using OneDrive)
These services offer convenience by integrating with endpoint
devices to seamlessly copy data from the computer’s hard drive
to a server somewhere on the Internet. In this way, the data is
now easily accessible by other devices such as a smartphone or
tablet.
These free services do not provide any guarantee of security over
the data stored on the service, and your organization cannot be
sure sensitive data pushed to one of these “cloud-based”
services won’t be seen by unauthorized individuals.
Therefore, your company should have a clearly defined policy
regarding how file-sharing services should be used and
employees should be trained accordingly.
Also, you should establish a vendor management process to
ensure all third parties who store, process or transmit data on
behalf of your organization have a contractual obligation to apply
an appropriate degree of security to your data and that they
periodically provide evidence (such as a Service Organization
Control report) confirming their controls are in place and
functioning.
4. Measuring IT
Performance
Metrics can play an important
role in achieving excellence as
they force the organization to
pay attention to their
performance and prompt
management to make
adjustments when goals are
not being achieved.
Critical Metrics for IT Success
1. Operational Metrics
-system performance
2. Organizational Metrics
-employee performance
3. Financial Metrics
-cost control performance
Operational Metrics
1. Online application performance -
The average time it takes to load a
screen or page.
2. Online application availability - The
percentage of time the application is
functioning properly.
3. Batch SLAs (Service Level Agreement)
met - The percentage of key batch
jobs that finish on time.
4. Production incidents - The number of
production problems by severity.
Organizational metrics
1. Attrition - The percentage of
employees who move to other jobs.
Exclude involuntary separations so
that managers will not retain poor
performers. Differentiate between
employees who leave the company
versus those that leave to take
another position within the company.
2. Performance reviews - The
percentage of employees with
current written reviews.
Financial metrics
1. Budget variance - Actual costs
compared to budgeted costs. This
should be done for both direct
expenses and inter-company
expenses since direct expenses are
more controllable.
2. Resource cost - The average cost of a
technology resource. This provides a
good view of how well managers are
controlling costs by using cheaper
outsourcing labor or higher priced
temporary labor and managing an
organization that is not top heavy
with expensive employees.
IT Tools for Business
Internet
1. Internet - The internet is a global computer network
providing a variety of information and communication
facilities, consisting of interconnected networks using
standardized communication protocols.
 What composes the internet are:

 Different computer servers of different cloud and

website owners
 Gadgets to connect to websites, cloud, and other
internet users.
What are the benefits of using the Internet?
 Information, Knowledge, and Learning
If you have an If you need a certain
assignment: Wikipedia recipe: YouTube.

You can even use the internet to check for spelling.

Connectivity, Communication, and Sharing

Messenger, E-mail, and online meetings.

 Banking, Bills, and Shopping

Online banking, G-Cash, and Paymaya

Collaboration, Work from Home, and Access to a Global Workforce

Onlines job like bookkeeping, online data

entry, and graphic design work.
 Internet of Things

The Internet of things is a system of interrelated computing

devices, mechanical and digital machines provided with unique
identifiers and the ability to transfer data over a network without
requiring human-to-human or human-to-computer interaction.
 Internet of Things

Example: Smart cars with automatic

braking system and seatbelt detection
 Internet of Things

Other examples are smart watches, smart

thermostats, and smart appliances.
 Cloud Computing and Cloud Storage

The “Cloud” is not an intangible thing. It is still an information

system with server computers including the software and
databases that run on them.

Access anywhere for as long as you have an internet connection

 Cloud Computing and Cloud Storage

Example: Facebook – Log-ins, posts, comments

 Cloud Computing and Cloud Storage

“Cloud storage” refers to the

storage of your data in Facebook’s
servers
 Global Positioning System (GPS) and
Geographical Information System (GIS)
• GPS is one of the many ways that are
used to pinpoint an exact location on the
earth’s surface.
• This is made possible by a vast network of
satellites that are in space relaying
information on the ground regarding the
specific coordinates on the earth’s
surface.
 GIS is a computer program that is designed
to capture, analyze, interpret, and store data
that has been transmitted from navigation
systems such as GPS and make the
information available for use.
 Used for location based
applications such as Google
Map and Waze.
Ride-sharing applications such as Grab and Lyft
• Book a ride
• Location of the driver
• Fee
Network Devices
 Network devices or networking
hardware, are physical devices that
are required for communication and
interaction between hardware on a
computer network.
 1. Switch - The device that provides
connectivity between network devices
on a Local Area Network (LAN)
Examples of LAN connection:
• Networking in home and office.
• Networking in computer laboratory
and university
• Networking between two computers
• Wi-Fi (a wireless LAN)
• Internet shops
 2. Router - Allows devices
separated on different LANs
to talk to each other.

A router also connects your

home LAN to a modem then
to your internet service
provider (ISP) network.

Example of ISP is PLDT,

Or ISP Converge and Globe.
3. Modem - The modem receives
information from your internet
service provider (ISP) and converts it
into a digital signal. The router push
this signal out to connected devices,
either through wired Ethernet
cables or Wi-Fi, so that all of your
devices can access the Internet.

Or ISP
To summarize:
1. Switch – connects devices in a
local area network (LAN)
2. Router – connects LANs;
connects to a modem
3. Modem – connects Router to
internet service provider (ISP)

ISPs oftentimes provide hybrid

devices that have router, modem,
and Wi-Fi capabilities.
How Infrastructure Relate to
Business Growth?

A growing business will lead to:

 More dependent on
computing speed, cloud
solutions, and IT reliability
 More vulnerable to online
security breaches
 Keep up with customers,
competitors, and market
trends
1. Speed to market
 An unreliable network can
cause chaos and upset
customers.
 Employees may be taking
orders that are no longer in
the inventory
2. Accept what the research
and experts say
 Adapt little by little
3. Better infrastructure
serves employees too
 Increased productivity
and reduced stress
 Tips to Develop an Agile
IT Infrastructure for Your Business

1. Choose the right team size

 What is the team trying to accomplish?
 How many specific and separate roles are necessary to complete
the team goals?
 Is there a deadline set for work completion?
 Larger team = More collaboration >> Too much conversations
 Too many people with similar job skills and roles on the same
team will lead to lost of motivation and productivity
Ringelmann Effect
2. Consider your scalability plans
3. Choose reliable vendors
 Trial Period
 Will they act
immediately in case of
problems?
 Will they charge extra
costs for minimal
support?
 Are they available to
reach 24/7?
SaaS examples: BigCommerce, Google Apps, Salesforce,
Dropbox, MailChimp, ZenDesk, DocuSign, Slack, Hubspot.

PaaS examples: AWS Elastic Beanstalk, Heroku, Windows

Azure (mostly used as PaaS), Force.com, OpenShift, Apache
Stratos, Magento Commerce Cloud.

IaaS examples: AWS EC2, Rackspace, Google Compute

Engine (GCE), Digital Ocean, Magento 1 Enterprise Edition*.
IT Security Chain
IT Security Chain has three components:
1. Network Security
2. Internet Security
3. Endpoint Security

*Internet and endpoint security are already

discussed in Chapter 2
First, what is a network?
A network consists of two or more
computers that are linked in order to share
resources such as printers and data server,
exchange files, or allow electronic
communications.
What is a Network?
The computers on a network may be linked
through cables, telephone lines, radio waves,
satellites, or infrared light beams.
What is a Network?
There is another type of network which is
WAN (Wide Area Network). As the name
suggest, WAN refers to a wider version ng
LAN. Example of WAN is the internet.
So what is network security?
Network security is anything you do to
protect your network, including both
hardware and software.
 API
Security
API security is an overarching term
One way to protect your network is referring to practices and products
through Application Program that prevent malicious attacks on or
Interfaces (API) misuse of APIs.
 API
Security
Example of APIs are the interfaces
used to access applications such as
Facebook and Google Chrome.

Multi-factor
authentication
(MFA)
 Security
Engineering

 Vulnerability Assessment
 Penetration Testing
 Network Intrusion Detection System (NIDS)
Password Salt and Peppering
 Random values are
attached to the password
Virtual Private Network (VPN)
 An encrypted connection
over the Internet from a
device to a network.

Honeypots
 Decoy databases that
attract hackers but do not
house any important
information.
Application Whitelisting
 Prevents unauthorized apps from
running on a computer

Firewalls
 Block unauthorized access to a
network or data interceptions
Antivirus Software
 A program or set of programs
that are designed to prevent,
search for, detect, and remove
software viruses, and other
malicious software.
Encryption
 Decoding data, in transit or at
rest, including end-to-end
encryption often used in
messaging apps and platforms
that only allows encrypted
messages to be read by sender
and receiver.
Malwares
 Short for malicious software
 Malware is any piece of
software that was written with
the intent of damaging devices,
stealing data, and generally
causing a mess. Malwares
Virus
 Infects files then replicates to
infect other files
 Can spread uncontrollably,
damaging a system’s core
functionality by deleting or
corrupting files. Examples of Malware
 Usually appear as an executable
file (.exe)
Worms
 Acts like a virus
 But viruses needed a “trigger”
to start infecting such as when a
person opens an exe file of a
virus
 Worms can self-replicate as soon
Examples of Malware
as they have breached the
system without a trigger
Trojans
 Disguises itself as legitimate
software or is hidden in
legitimate software that has
been tampered with.
 Acts unnoticeably and create
backdoors in your security to let Examples of Malware
other malware in.
Spyware
 Designed to spy on you
 Hides in the background
 Records what you do online,
including passwords, credit card
numbers, surfing habits, etc.
Examples of Malware
Ransomware
 Typically locks down your
computer and your files or a
website and threatens to erase
everything unless you pay a
ransom.
Examples of Malware
Adware
 Not always malicious in nature
 But aggressive advertising
software can destabilize your
security just to serve you ads
which can give other malware an
easy way in. Examples of Malware
 Pop-ups are really annoying.
Botnets
 Networks of infected computers
that are made to work together
under the control of an attacker

Examples of Malware
 IT Disaster
Recovery Plan
IT Disaster Recovery Plan
 A critical process that can help
an organization survive and
recover in case of disaster –
whether a natural disaster,
accidental data loss, or
malicious cyberattack.
What does the organization
aims to achieve?
 Target Recovery Time
 Maximum downtime
allowed for each critical
system Goals
 Maximum amount of
acceptable data loss
Who is responsible for
executing the plan?
Personnel
 List hardware and
software assets, their
criticality, and whether
they are leased, owned, IT inventory
or used a service
How and where (exactly on
which devices and in which
folders) each data resource Backup
is backed up, and how to Procedures
recover from backup.
 Emergency response to
minimize damages, last-
minute backups, mitigation, Recovery
and eradication (for Procedures
cybersecurity threats).
 A robust plan should
include a hot disaster
recovery site – an
alternative data center in a
remote location that has all
critical systems, with data
Recovery
replicated or frequently Sites
backed up to them.
 Operations can be switched
over to the hot site when
disaster strikes.
Procedures for recovering from
complete systems loss to full
operations Restoration