Professional Documents
Culture Documents
DEPARTMENT OF MANAGEMENT
Introduction
The concept of strategic information systems is one of the contemporary concepts of the
historical development of the applications of information systems in different fields. This
concept is related to facilitating the management of strategic planning, which enables the
organization to achieve its objectives while recognizing changes in the internal and external
environments that contribute to generating real threats and opportunities. Thus, Strategic
information systems contributing to the formulation of their strategic objectives through the
provision of appropriate information (Turoff et al., 2004).
In the past, information has been used as a specific decision-making tool. In today's business
environment, fundamental changes have taken place in the role of information systems, so that
information has become a weapon of competition and a strategic resource (Al-Taee & Al-
Khafaji, 2016).
Turoff et al. (2004) points out that our modern world is characterized by complexity and speed of
change. Strategic information systems are an important tool in dealing with this world. Within
this approach, many research and development efforts have been made in recent years, focusing
on the design, construction, use and evaluation of strategic information systems that facilitate the
task of the organizations' departments in preparing for and responding to crises.
Strategic information system has been looked at from many different perspectives, particularly in
the Information system (IS) literature. Hemmatfar et al. (2010) define strategic information
system as “Any IS has the ability to change objectives, processes, products or environmental
relationships to help the organization gain competitive advantage or reduce competitive
disadvantages”.
The strategic information system also can be defined as an information system that creates or
enhances the company’s competitive advantage or changes the industry structure by
fundamentally changing how business is conducted. It is conventional information systems used
in innovative ways (Rubel et al., 2014).
Description: Information technology is used to shorten the intervals between the various critical
steps in a business process. Telecommunications is a lot faster than most other forms of
communications, thus, it provides information to remote locations immediately after it is
requested. Telecommunications networks enable you to communicate with people almost
anywhere in the world. Telecommunications and computing technologies make it possible to
distribute key business activities to where they are needed, where they are best performed, or
where they best support the competitive advantage of a business.
One of the most popular competitive strategies today is business process reengineering (BPR),
most often simply called reengineering. Reengineering is the fundamental rethinking and radical
redesign of business processes to achieve dramatic improvements in cost, quality, speed, and
service. BPR combines a strategy of promoting business innovation with a strategy of making
major improvements to business processes so that a company can become a much stronger and
more successful competitor in the marketplace.
The following steps (Davenport, 1992) can help BPR realize its core principles of customer
satisfaction, reduced costs of business and increased competitiveness.
Business vision and objectives Any BPR activity needs to begin with a clearly defined and
measurable objectives. Whether the goal is reducing costs, improving quality of product, or
increasing efficiency, the framework for what needs to be achieved has to be decided upon at the
outset, in line with the company’s vision and mission.
Once a clear goal is in mind, all processes need to be studied and those seen as ‘slacking’ or that
can be improved need to be identified.
Among these, those processes with direct impact on the company’s output or those that clash
with the company’s mission become part of the ‘red’ list. This clear identification makes the
difference between BPR success and failure.
With a list of slacking processes in hand, it is imperative to identify how they were identified as
such. Are they taking too much time to complete? Is the quality of the outcome being
compromised?
Whatever the issue, each process must be judged objectively either against industry standards or
ethically obtained competitor best practices.
An efficient and relevant IT system is an essential BPR enabler. Without such a system, it is not
possible to keep a check on all factors affecting the change. Before setting out on a radical BPR
activity, it is vital to set in place information systems that can deal with the magnitude of the
change.
Design, build and test the new prototype: Before any new product is launched, a prototype is
tested out. A failure at a testing stage should never be implemented at a larger scale. BPR
projects fail more often than not for a variety of reasons but a basic reason is the inability to
identify and accept any limitations at the testing stage. Among other factors, both the
management’s attitude towards the new way of work and the employees’ outlook towards the
change should be carefully assessed.
Adapting the organization Managing change brought about by BPR activities is the final effort
towards a successful project. Providing updated documentation, organizational structures,
governance models as well as updated charts of authority and responsibility leave little room for
confusion and allow a smooth transition into the new way of work.
Business process reengineering is a radical change activity that cannot be repeated if it goes
wrong the first time. It is often a high risk activity that involves monetary investment and a risk
of demotivated employees. In is essential to have buy in all the way from top management down
and it should have a broad functional scope.
It Is Important to Acknowledge and understand that BPR is not a foolproof method of success.
As with all activities it runs the risk of failure [
- Customer needs are made the priority and this vision is used to appropriately direct
business practices.
- There are cost advantages to be achieved that help the organization become more
competitive in its industry.
- A strategic view of all operational processes is taken with relevant questions being asked
about the established way of work and how it can be developed over the long term into
more efficient business practices.
- There is a willingness to look beyond tasks and traditional functional boundaries with a
focus out comes. Through this, entire processes can be eliminated or amalgamated into
fewer but more relevant and powerful processes throughout the organization.
- There is a real desire to simplify the way of work by objectively assessing all activities
and tasks and eliminating any that add less value and more complexity.
2.4. A BPR program will fail if
- It is seen as a way to make minor adjustments and improvements to existing processes. If
there is no clear willingness to put all existing process onto the chopping block, there is
no chance of success.
- It is seen as a one-time cost cutting exercise. In reality, cost reductions are often a handy
by product of the activity but not the primary concern. It is also not a one-time activity
but an ongoing change in mindset.
- There is no success in gaining dedicated long term commitment from management and
the employees. Bringing people onboard is a difficult task and many BPR initiatives
never take off because enough effort is not put into securing support.
- There is less effort to redesign and more to automate.
- One department is prioritized at the expense of the process. There needs to be an
openness towards studying every single process in detail and a willingness to change
whatever is needed to achieve overall efficiency.
- There is too much internal focus and not enough of an eye on the industry and what
competitor best practices can be used as benchmarks
VC typically use an organizational structure called a network structure since most virtual
companies are inter linked by the internet, intranets, and extranets. People and corporations are
forming VC as the best way to implement key business strategies that promise to ensure success
in today’s turbulent business climate.
Distributed or virtual companies have found ways to overcome challenges associated with
remote teams, and they’re reshaping traditional benefits and perks at the same time.
We originally published this article in April, 2016—four years before the COVID-19 virus forced
companies to become remote in a very short amount of time. Now, at the tail-end of the
pandemic, Canadian employers have a choice to make: remote, hybrid, or return to the office
entirely?
As the Amazon Business Return to Office report recently uncovered, most Canadian employees
want remote work to stay for good. "Only one-in-eight (12%) say that working entirely at their
physical workplace is their ideal working scenario moving forward, and more than two-in-five
(43%) Canadian office workers say they would be likely to look for a new job if their current
employer mandated they return to the office full time." With that in mind, the virtual-only
companies we feature in this article—pioneers in remote work and still in business today—
prove that workplace culture doesn’t depend on the proximity of team members.
Who says that team-building is impossible with distributed companies? Fire Engine RED, a
software provider in the education sector, proves otherwise. A virtual walking club and virtual
book club keep team members connected, while biweekly all-hands meetings, conducted via
conference call, ensure everyone is on the same page. “By not spending money on office
space,” Director of Communications Chuck Vadun explains, “we’re able to invest more in
serving our clients better.”
The company encourages employees to save also, as evidenced by the company’s “REDuce Your
Bills” event. “Our CEO put together a tip sheet,” Vadun explains, “then gave our team the entire
day off to call our cable providers, cell phone companies, insurance agents, and others to get
better deals.” Together, Fire Engine RED employees saved an extra 25,000 dollars each year. It’s
clear that this 100% virtual company has made cost-effectiveness part of its culture, to the
benefit of clients and team members alike.
2. Zapier
Zapier has been completely remote since the very beginning. “Even though Bryan, Mike, and I
lived in the same city, we had different schedules and were bootstrapping Zapier on the side,”
co-founder Wade Foster explains the company’s origins. “We worked on Zapier in every spare
moment we each had, but those moments didn’t magically line up at the same time where we
could work in the same room.” And as the company grew? “Since we were already a distributed
team, it made sense to keep moving that way…we could hire people we knew were awesome,
but just didn’t live in the places we lived.”
Foster acknowledges that it’s more challenging for an established company to suddenly
become wholly virtual. That’s why he advises starting slow: “Have a single department try
remote and have everyone work from home for a month to see how it goes.” Soon enough, you
might find your team spread over several continents, just like Zapier’s own!
3. Buffer
At the end of 2012, Buffer—whose app facilitates social media sharing—became a fully virtual
company. So far, so good. In fact, CEO Joel Gascoigne says he is “in love with the choice we
made to be distributed all across the world.” Buffer’s team members (over 85 at last count)
work all around the globe and do so with unquestionable synergy.
How? Well, that collaborative spirit is fostered by “Buffer Bootcamp,” a 45-day probationary
period that allows potential new hires to see if remote working, as well Buffer’s overall culture,
suits them. During this time, candidates for full-time positions first come on as contract
workers. Several in-depth chats over the course of six weeks ensure they and Buffer are a good
cultural match. In the end, about 70% of these candidates are hired on full-time and connect on
a more permanent basis with the Buffer team—remotely, of course!
4. FlexJobs
FlexJobs is dedicated to helping people find flexible work options, including remote
opportunities. The company has been office-less itself for the last eight years. It hasn’t held
them back. “Creating a company culture is an interesting task in a virtual environment,” notes
Director of Online Content Brie Reynolds. “We think about how to translate traditional office
happenings into a virtual environment, and that’s led us to try activities like virtual trivia happy
hours, virtual yoga classes, and even a remote book club.”
Some of those ideas, of course, have been more successful than others. The key, according to
Reynolds, is constant check-ins with your team and a willingness to experiment with what
works best. Sure, a virtual environment can never function exactly like a physical office, but
with a little effort and ingenuity, it might work even better.
5. The Content Factory
This digital PR firm is 100 percent virtual, a decision that owner Kari DePhillips has never
regretted. “I’m not limited to searching for talented workers who live within a 20-mile radius of
where I am,” she explains. “I get to hire the best person for the job, no matter where they live.”
That virtual model also led to a more diverse workplace. “We have two employees with chronic
health issues,” DePhillips explains, “and although they can work from home, they wouldn’t be
able to regularly work in a standard office environment.” The Contact Factory’s flexible
environment creates career opportunities for people who might not otherwise have ready
access to them. As a result, the company benefits from additional perspectives.
6. Automattic
They’re the people behind WordPress—and in fact, it’s that very platform that inspired the
company’s business model. “Automattic made a decision from the beginning that distributed is
the future of work, and that future also matched perfectly with the mission of WordPress.com:
to be a global platform for users around the world,” the company tells us. “Why not have our
own team represent that same global community?”
Automattic team members mostly communicate through the WordPress platform, publishing
internal blogs to keep everyone up-to-date. Google Hangouts and Slack fill in the gaps, allowing
colleagues to connect virtually. “Going distributed made sense and continues to work for us,”
Automattic explains, “because we built our entire culture around it.”
Ready to tear up your lease? We don’t blame you. Slack, Zoom, and Basecamp (to name just a
few tools) facilitate collaboration so that working remotely is as good as being there. In any
event, the success stories of these companies show that the typical workplace model is on its
way out the door.
Internet Strategy is the strategy adopted by a business to go online and use web approach for
marketing, communicating and engaging customers through a proprietary website. It is a
strategic plan adopted by business to create and develop online presence of company by adhering
to their overall business development strategy. It is more than designing web strategy as it uses
internet as an opportunity to design business strategy. It is like a map basically how and when to
use internet to expand overall business and to implement such strategies overall.
The elements included in internet strategy will be business strategy, web design strategy, search
engine optimization, website design and maintenance, website hosting and management .It
includes overall business strategy which can make internet to incorporate in overall business. It
includes all tactical aspects to improve customer relations, communication between employees
and customers, to gain competitive advantage and increase marketing efficiencies.To improve
sales there should be proper internet marketing strategies otherwise they will be of no use.
Internet strategy is designed by high skilled business professionals and web strategist. They are
hired to design internet strategy because they know latest online trends, businesses, users
experience and principles of technology. There is continuous need to made and implement
necessary changes in the internet strategies according to business maturity.
Digital marketing continues to grow in importance. People are spending more time online, and
marketing budgets continue to shift toward digital. With so many opportunities in digital
marketing, it is easy to get into execution mode and just start doing. However, investing in your
strategy is one of the best ways to grow your digital return on investment. A clear strategy
reduces waste, adds focus to your efforts and builds on what is already working.
For Example
This Jewish Beauty Founder Partnered With Two Muslim Investors To Help Women
Through Her Company Beauty Magnet
A solid strategy starts by analyzing and examining. This gives you a clear idea of your starting
point and how you stack up against your competitors and a deeper understanding of your
customers.
- Analyze your performance. Start by evaluating your performance over the last year. Dive into
analytics to determine what worked and didn’t work and why.
- Evaluate your competitors. Spend some time looking at your competitors' digital presence. The
great thing about digital marketing is that it is easy to see what your competitors are doing
because it is all public. Use competitive research tools like Spy Fu to get a free analysis of their
strategy.
- Get to know your customers. Facebook Audience Insights is a free tool by Facebook that you can
use to uncover details about your audience size, demographics, behaviors and interests. Google
Trends is another free tool to see topics people search for and search trends over time.
Build a clear strategy based on what you want to achieve and how you want to achieve it. The
GSOT strategy framework stands for goals, strategies, objectives and tactics and will help you
align your plan.
- Goals are what you want to achieve on a high level. For example, it could be to grow sales by
5% or generate 200 signups for an event.
- Strategy is the approach you’ll use to achieve your goals. This is usually defined by the stages of
the marketing funnel — you can choose to focus on awareness, interest, desire and action.
- Objectives are measurable numbers that link to your goal. For example, if I want to grow sales
by 5% this year, I may have an objective of establishing 200 leads or reaching 400 people.
- Tactics align with your objectives. For example, if I need 200 leads, I may use a landing page
with a webinar and social media to entice prospective new clients.
- Setting a clear strategy will help you focus your efforts on the areas that are most likely to drive
business growth. In digital marketing, there is no shortage of what you could do; the challenge is
deciding what you should do.
- In digital marketing, you have the opportunity to execute campaigns with very precise targeting.
Go beyond traditional demographic targeting and be as specific as possible. Create buyer
personas for your ideal customer to really get to know who they are.
Based on your marketing objectives and your target audience, map out a content plan. This
should identify the main topics or buckets of content to include in your execution.
1. Go back to step one and look for ideas from your competition and customer analysis.
2. Check out Answer the Public to see the questions that people are asking in search engines.
3. Search hash tags on Instagram to see what is trending. Instagram is highly visual, so it is a great
source of inspirational content.
4. Look at Google Search suggestions. This shows what people are searching for related to your
category.
5. Explore Interest, which is full of viral, visual, highly shared content.
- Once you know the content that resonates with your audience, choose the channels that are most
likely to give you the best results. Consider all the potential digital channels, tools and tactics
that you could use. Then prioritize based on the strategy you created in step two. Think about
how each channel contributes to meeting your objective and goal.
- Too often, businesses start executing but struggle to answer the question of whether they are
really getting results. Each activity that you invest in should have a clear KPI, which is your
measure of success. Next, set benchmarks. Your benchmark is what you want to achieve. For
example, with email marketing, my KPI could be my email open rate, and my benchmark could
be reaching 25% or better.
7. Execute with best practices.
- Often the devil is in the details. If you miss executional steps you may find that you aren’t
getting the results you expect. Take some time to make sure that you are using best practices.
Digital marketing changes frequently, and something that worked on last year may require
tweaking to work now. Keep in mind that it is better to do a few things well than many things
poorly.
- One of the things that makes digital marketing so powerful is the ability to pivot and adjust. You
don’t have to create a set plan and stick to it. For example, if an ad isn’t delivering results, pause
it and try new creative. If your website isn’t converting visitors, run an A/B comparison test with
different calls to action.
For example, you can test a "learn more" call to action against "sign up now" to see what
performs best.
It can be easy to focus on tactics with digital marketing — you likely get pitched new ideas or
tools every week. The key to growing your results is to build a clear plan and stay focused. A
laser-focused strategy means that you clearly know how each part of your plan is building
toward your objectives and driving your business forward.
- Tacit knowledge is the valuable and highly subjective insights and intuitions that are difficult
to formalize and communicate to others. It consists of mental models, beliefs, and perspectives
so ingrained that we take them for granted and therefore cannot easily articulate them. For this
very reason, these implicit models profoundly shape how we perceive the world around us. On
the other hand,
- Explicit knowledge Is formal and systematic. So, it can be easily communicated and shared, in
product specifications or a scientific formula or a computer programmer. Nonaka has given the
detailed illustration of how Osaka-based Matsushita Electric Company developed a dough maker
from the stretching technique of the baker of the popular Osaka International Hotel to explain the
knowledge creation process. The software developer Ms. Ikuko Tanaka of Matsushita Company
learns the tacit skill of the baker through observation, imitation and practice. This becomes the
part of her knowledge base (socialization). This is tacit to tacit conversion of knowledge. Tanaka
then articulates her tacit knowledge of bread making to formalize the specifications and develop
a software model which is the tacit to explicit knowledge conversion (articulation). Based on this
model, Tanaka and her team developed the dough maker which presents the explicit to explicit
knowledge conversion (combination). Finally, through the experience of a new product, Tanaka
and her team enrich their knowledge base. This is explicit to tacit conversion (internalization).
Articulation and internalization are the critical steps in the spiral of knowledge. The reason is
that both require the active involvement of the self that is, personal commitment. The spiral or
cyclic process of knowledge conversion between tacit and explicit knowledge is a continuous
process and results in a creation of new knowledge. The key to this process is personal
commitment, individuals’ sense of identity with the enterprise and its mission.
Making personal knowledge available to others is the central activity. It takes place continuously
and at all levels of the organization. The beautiful and more important aspect of knowledge
creation is that anything can be the source for the new knowledge be that be the conflict or chaos
in an organization, metaphors, slogans or mission. Thanks to Mr. Nonaka for bringing the
concept of knowledge creation which existed between us much before but in a hidden form. He
has beautifully uncovered the entire process. I personally believe that this vision will definitely
provide the new dimension to our management practice and also become milestone for the
development of Knowledge Systems.
7. Challenges of Strategic of IS
7.1. What are the challenges posed by strategic information systems, and how should
they be addressed?
Strategic information systems often change the organization as well as its products, services, and
operating procedures, driving the organization into new behavioral patterns. Successfully using
information systems to achieve a competitive advantage is challenging and requires precise
coordination of tech-nology, organizations, and management.
1. Sustaining Competitive Advantage
The competitive advantages that strategic systems confer do not necessarily last long enough to
ensure long-term profitability. Because competitors can re-taliate and copy strategic systems,
competitive advantage is not always sustain-able. Markets, customer expectations, and
technology change; globalization has made these changes even more rapid and unpredictable.
The Internet can make competitive advantages disappear very quickly because virtually all
companies can use this technology.
For example.
- Classic strategic systems, such as American Airline’s SABRE computerized reservation
system, Citibank’s ATM system, and FedEx’s package tracking system, benefited by being the
first in their industries.
- Then rival systems emerged. Amazon was an e-commerce leader but now faces com-petition
from eBay, Wal-Mart, and Google. Information systems alone cannot provide an enduring
business advantage. Systems originally intended to be stra-tegic frequently become tools for
survival, required by every firm to stay in business, or they may inhibit organizations from
making the strategic changes essential for future success.
2. Aligning IT with Business Objectives
The research on IT and business performance has found that The more suc-cessfully a firm can
align information technology with its business goals, the more profitable it will be, and Only
one-quarter of firms achieve alignment of IT with the business. About half of a business firm’s
profits can be explained by alignment of IT with business (Luftman, 2003).Most businesses get it
wrong Information technology takes on a life of its own and does not serve management and
shareholder interests very well. Instead of businesspeople taking an active role in shaping IT to
the enterprise, they ignore it, claim not to understand IT, and tolerate failure in the IT area as just
a nuisance to work around. Such firms pay a hefty price in poor perfor-mance. 0Successful firms
and managers understand what IT can do and how it works, take an active role in shaping its use,
and measure its impact on rev-enues and profits.
To align IT with the business and use information systems effectively for com-petitive
advantage, managers need to perform a strategic systems analysis. To identify the types of
systems that provide a strategic advantage to their firms, managers should ask the following
questions:
- What is the structure of the industry in which the firm is located?
- What are some of the competitive forces at work in the industry?
- Are there new entrants to the industry?
- What is the relative power of suppliers, customers, and substitute products and services
over prices?
- Is the basis of competition quality, price, or brand?
- What are the direction and nature of change within the industry? From where are the
momentum and change coming?
- How is the industry currently using information technology? Is the organiza-tion behind
or ahead of the industry in its application of information systems?
- What are the business, firm, and industry value chains for this particular firm?
- How is the company creating value for the customer-through lower prices and transaction
costs or higher quality? Are there any places in the value chain where the business could
create more value for the customer and additional profit for the company?
- Does the firm understand and manage its business processes using the best practices
available? Is it taking maximum advantage of supply chain management, customer
relationship management, and enterprise systems?
- Does the firm leverage its core competencies?
- Is the industry supply chain and customer base changing in ways that benefit or harm the
firm?
- Can the firm benefit from strategic partnerships, value webs, ecosystems, or platforms?
- Where in the value chain will information systems provide the greatest value to the firm?
- Have we aligned IT with our business strategy and goals?
- Have we correctly articulated our business strategy and goals?
- Is IT improving the right business processes and activities to promote this strategy?
- Are we using the right metrics to measure progress toward those goals?
3. Managing Strategic Transitions
Adopting the kinds of strategic systems described in generally requires changes in business
goals, relationships with customers and suppli-ers, and business processes. These sociotechnical
changes, affecting both social and technical elements of the organization, can be considered
strategic transitions a movement between levels of sociotechnical systems.Such changes often
entail blurring of organizational boundaries, both external and internal. Suppliers and customers
must become intimately linked and may share each other’s responsibilities. Managers will need
to devise new business processes for coordinating their firms’ activities with those of customers,
suppliers, and other organizations. The organizational change requirements surrounding new
information systems are so important that they merit attention throughout this text.
An enterprise-wide system could refer to any process or way of doing things that is used
company-wide. If a business only accepts one way of completing expense reports or has a central
point person for ordering supplies to pool resources, those could be called enterprise-wide
systems.
Enterprise systems also refer to computerized applications that are used throughout the company
to share data and resources and minimize the number of manual operations employees use.
Examples include resource planning and sharing and supply chain management software, but the
term can also include the hardware (e.g. the computers and other components that make up the
system). Such enterprise systems make the business more efficient and can save the company
money by reducing repetitive work and the purchase of new resources that could have been
shared.
8.1. Enterprise wide Systems
Enterprise Resource Planning System
Organizations used independent systems in the past which did not have any integrations among
those systems. To overcome such problems from independent systems, Enterprise systems, also
known as Enterprise Resource Planning (ERP) was developed. ERP is a single information
system which provides organization –wide coordination and integration of key business
processes. With the ERP, information can seamlessly flow throughout the firm so that it can be
shared by business processes in manufacturing, accounting, human resources and other areas.
Discrete business processes from Sales, Production, Finance and Logistics can be integrated in to
company-wide business processes that flow across organizational levels and functions.
ERP systems collect data from various key business processes in different functional areas and
store those data in a central data repository where they can be used by other parts of the business.
Managers can access more precise and timely information for coordinating the daily operations
of the business. ERPs has its own best practices and processes in built to the system. Hence, the
company which implements an ERP ideally has to align its processes according to the ERP or
customize the ERP accordingly. ERP systems can run on a variety of hardware and network
configurations, typically employing a database as a repository for information.
By mid 1990s, ERP addressed all back end functions of an enterprise such as finance and admin.
However, after year 2000, ERP addressed front end and back end operations such as CRM, SCM
etc, in addition to the backend operations. ERPs were built initially targeting the manufacturing
sector. However, it was later developed to suite other sectors as well.
E.g.:- SAP, Oracle, Microsoft Dynamics, SAGE
8.3. Advantages of ERP
- It can unite and link together multiple processes and parts of the business, making the
business run more efficiently.
- Automate various functional operations ensures better tracking of the process. - Standard
and best processes can be adopted.
- Enable accurate view of the business’s information to managers and decision makers. -
Provides timely information to the management.
- Having a single data repository can also lower the risk of losing sensitive data with
proper security mechanisms in place.
- A better control ensures prevention of manipulation, errors and frauds.
- Has Business Intelligence capability which picks data from a variety of sources and
predicts useful information to the users.
8.4. Disadvantages of ERP
- ERP systems can prove to be complex and difficult to customize.
- Business processes frequently have to be re-engineered to fit the new ERP system, and
this can lead to problems with processes and staff.
- ERP systems can usually be very expensive.
- Extensive training requirements take resources from daily operations and are costly.
- Integrating independent businesses can create unnecessary dependencies.
- ERP systems centralize the data in one place can increase the risk of loss of sensitive
information in the event of a security breach.
8.4. Supply Chain Management System
Supply Chain Management (SCM) System help an organization to manage its relationship with
suppliers to optimize the planning, sourcing, manufacturing and delivery of products and
services. These systems can be used to improve relationship with many stakeholders such as
suppliers, business partners and distributors to coordinate, schedule and control business
processes for procurement, production, inventory management and delivery of products and
services.
SCMs are considered inter-organizational systems because they automate the flow of
information across organizational boundaries. The ultimate objective of the SCM systems is to
get the right amount of products from the source to the point of consumption, within the least
amount of time and cost. SCMs can be built using intranets, extranets, or special supply chain
management software.
8.5. Customer Relationship Management
Due to the importance of customers to a business, a new category of information systems,
Customer Relationship Management (CRM) was evolved. They focus on coordinating all of the
business processes surrounding the firm’s interactions with its customers in sales, marketing, and
service to optimize revenue, customer satisfaction and customer retention. In the past, there was
no way to consolidate all customer related information to provide a unified view of a customer
across the company. CRM system solves this problem by integrating the firm’s customer related
processes and consolidating customer information from multiple communication channels.
CRM systems examine customers from different perspectives and provides data as well as acts as
an analytical tool. It provides answers to questions such as what is the value derived from a
customer, who are most loyal customers? Who are the most profitable customers? Firms can use
these information to provide better service and support to existing customers, customize their
offerings and retain profitable customers.
8.6. Knowledge Management Systems
Some firms perform better than the others because they have better knowledge about how to
create, produce, and deliver products and services. Knowledge Management Systems (KMS)
collect all relevant knowledge and experience in the organization and make it available to others
whenever required to support business processes and management decisions. KMS are capable
of getting knowledge from internal and external sources.
KMS support processes for acquiring, storing, distributing and applying knowledge. They also
support the processes for creating knowledge and integrating it into the organization. KMS
capture knowledge from various systems in the organization. Expert system is a very common
example for the KMS.
8.7. Modules of an ERP System
ERP Systems have various modules in-built to it. Depending on the type of organization and the
scope of use, modules can be activated and configured accordingly. The common modules in an
ERP are as follows.
Finance/Accounting
- General Ledger, Accounts Payable, Accounts Receivable, Cash Management, Fixed
Assets, Budgeting and Consolidation.
Human Resources
- Payroll, Training, Time and Attendance, Recruitment, Talent Management etc.
Manufacturing
- Engineering, Bill of Management, Work Orders, Scheduling, Capacity, Work flow
Management, Quality Control, Cost Management, Manufacturing projects, Activity based
costing, Product life cycle management
Supply Chain Management
- Order to cash, inventory, order entry, purchasing, product configuration, supply chain
planning, supplier scheduling, inspection of goods, claim processing, commissions
Project Management
- Costing, billing, time and expense, performance units, activity management
Customer Relationship Management
- Sales and Marketing, commissions, service, customer contact, call center support
Business Intelligence
- Advanced Reporting
Access Control
- Management of user privileges and related functions.
9.E-Business Applications.
Business to business As the name represents, it is the name of electronic transactions of different
services or products between two companies or businesses. Payment processing companies and
customer relationship management (CRM) platforms are included in the B2B model.
Uber and Lyft, both of which built businesses that match drivers with people needing rides,
disrupted the taxi and livery services industries. And in 2014, Uber went one step further and
expanded its e-business with the launch of a food ordering and
1. Enterprise Management
- Enterprise management is a term used for modern examples of ERP that allow businesses
to manage vital day-to-day processes such as inventory management, accounting, human
resources and customer relationship management (CRM).
- Enterprise management is the way of conducting and controlling the business, process,
information and IT capabilities, system and service offerings, resources and activities of
the enterprise.
- Enterprise management is the enterprise capability management of the enterprise
management capability.
The purpose of enterprise management is to enable and assure the management and abilities of
the enterprise management capabilities of the enterprise are controlled, balanced and aligned to
the mission and needs of the enterprise as a whole.
The enterprise manager role is responsible for enterprise management of the enterprise
management capability and work products include enterprise management ideas, requirements,
plans, risks, opportunities, reviews, decisions and action items
- Enterprise system capability is a systematic ability to realize the offerings and capabilities of the
enterprise system.
- Offerings and capabilities are collections of enterprise system resources which together function
to realize a specific value-added ability to satisfy a customer-based need.
- Enterprise system capability is managed by enterprise system management responsibilities and
activities executed by the enterprise system manager role.
- Each system element of the enterprise system capability, including the customers,
vendor/suppliers, industry standards/regulations, and competitors in the external working
environment, has an associated management capability.
- The enterprise system manager role is supported by the enterprise system architect role and
enterprise system architecture.
• The enterprise system manager role is responsible for enterprise system management.
• The enterprise system manager role is supported by the enterprise system architect role and
enterprise system architecture.
• The enterprise system manager role is supported by the enterprise system architect role and
enterprise system architecture
• The enterprise system manager role is a systematic ability to realize the role responsible for
enterprise system management of the enterprise system capability.
• The enterprise system manager role is supported by the enterprise system architect role.
• The enterprise system manager role uses the enterprise system architecture to support enterprise
system management responsibilities and activities.
The enterprise system manager role has the focus, goals, objectives, responsibilities, skills,
abilities, knowledge and experience to conceive, organize, govern, enable, manage, analyze,
plan, execute, control, monitor, measure, improve and assure the enterprise system, the “whole
of the enterprise” (all of what the enterprise is and all of what the enterprise does).
The enterprise system manager role is responsible for the enterprise system requirements, design,
documentation, analysis, and planning, and for the management and sustainment of the
enterprise system, throughout the enterprise system’s development, deployment, operation and
improvement for the full life of the enterprise system including replacing or retiring the
enterprise system and/or elements of the enterprise system.
The enterprise system manager role uses the enterprise system architecture as a management tool
to support a systematic way of conceiving, organizing, governing, enabling, managing,
analyzing, planning, executing, controlling, monitoring, measuring, improving and assuring the
value-adding-resources of the enterprise and the success of the enterprise as a whole.
The enterprise system manager role responsibilities includes the management of business,
process, information and IT capabilities and system and service offerings, the management of the
customers, vendor/suppliers, industry standards and competitors of the enterprise, and for the
management of the business, process, information, IT, systems and services with respect to these
external systems.
The enterprise system manager role is the managerial role leading the enterprise architecture
team and as the leading role has inter-dependencies with all team members and what the team
members do. With the knowledge of how everyone fits in and the setting of expectations
between everyone, the team will be a team and the enterprise system manager role will be able to
best utilize the talent of the individuals.
In practice, the responsibilities of the enterprise system manager role are divided into managerial
sub-roles. When the enterprise system manager role is divided, the enterprise system manager
role enables and assures these managerial sub-roles are aligned in their efforts so their efforts
properly align and each also aligns with all efforts throughout the enterprise.
It should be noted in practice, the enterprise system architect role must be filled by the enterprise
system manager in situations where an enterprise system architect position does not exist in the
enterprise.
It should also be noted in practice, the enterprise system managerial sub-roles are often
combined to provide an organizationally needed job (a “specialty”) to address special needs and
other organizational needs and limitations of the organization. A common example is the
organizational position “Chief Information Officer (CIO)” may combine the information
manager role and IT manager role into one organizational position.
2. Information Resources Management (IRM)
IRM has become a popular way to emphasize a major change in the management and mission of
the information systems function in many organizations managing the information system
resources of an organization is a vital concepts in today’s business environment, because of three
major developments that are affecting how corporate management views the information systems
function.
Definition:
The concept of RM is actually no different in intent than Materials Resource Planning (MRP) as
used in manufacturing. Both are concerned with the efficient and cost-effective use of resources.
The classification and control of resources are the main objectives. Resources are classified to
prove their uniqueness so that redundancy is not introduced and to promote sharing. Control is
required to collect, inventory, and retrieve resources as required by the business.
One of the important benefits of IRM is the cataloging and cross-referencing information
resources is a model of the enterprise, including how it is organized and how it operates. Other
benefits include:
All information resources are controllable, permitting the ability to design integrated systems and
perform an “impact analysis” of a proposed resource change.
The simplified search of information resources for reuse the redundancy of resource definition is
eliminated. Complete and current documentation of all information resources in an organized
and Meaningful way.
Communications within the organization are improved since developers and users would use
standard and common definitions for information resources, all of which would be in standard
business terminology.
1. Resource management:
IRM views data, information, and computer hardware, software and personnel as valuable
resources that should be effectively and efficiently managed for the benefit of the entire
organization. If plant and equipment, money, and people are considered valuable organizational
resources so should its data, information, and other information system resources.
2. Technology management:
IRM emphasizes that all technologies that process and deliver data and information must be
managed as an integrated system of organizational resources. Such technology includes
telecommunications and office system as well as computer based information processing. These
“island of technology” are bridged by IRM and become a primary responsibility of the executive
in charge of all information services, sometimes called the chief information officer (CIO) of the
organization.
3. Functional management:
The IRM concept stresses that the management of an organization must apply common
managerial functions and techniques to the management of information resources. Managers
must be managerial techniques just as they do with other major resources and activities of the
business.
4. Strategic management:
Finally the IRM concepts stresses that the information services function in the firm must be
more than a provider of computer services. It must also make major contributes to the
profitability and strategic objectives of the firm. Information resources management focuses on
developing and managing information system that significantly improve operational efficiency
promote innovative products and services and build a strategic information resources base that
can enhance the competitiveness of the organization.
3. Technology Management.
According to the 1987 workshop report of National Research Council (NRC) of USA,
“Management of Technology” is the hidden competitive advantage bridging “the knowledge and
practice gap” between science, engineering and business management (Khalil, 2001).
Management of Technology (MOT) as a field links “engineering, science, and management
disciplines to plan, develop, implement technological capabilities to shape and accomplish the
strategic and operational objectives of an organization.”
To put it in a simple way, technology management is about getting people and technologies
working together to do what people are expecting, which is a collection of systematic methods
for managing the process of applying knowledge to extend the human activities and produce
defined products. Effective technology management synthesizes the best ideas from all sides:
academic, practitioner, generalist or technologist.
It is argued that there are three major factors strategically in modern organizations that underpin
the creation of competitive advantages. The first of these is strategic leadership. The effective
leadership ensures that the enterprise will develop itself in the right direction and the production
of product will meet the demand of the market. The second factor is having a staff with
motivation and empowerment. They are the driving forces of the organization. The third factor is
the proper management of technology. It is important that the company's technology be
appropriately and properly managed so as to achieve effective and competitive status (Harrison
and Samson, 2003).
Leadership and motivation of employees have been widely recognized as success factors. There
have been significant additions to theories and practice regarding improvement in the
management of people. Therefore, strategically, the remaining battle-field being competitive
depends on proper management of technology. To put it differently, the strategic issue will be
how a company could develop, acquire, share and manage technology appropriately and
effectively.
Example - 1
The USA experienced an increasing global competition which resulted in loss of market share in
several industry sectors in the 1970s and 1980s. It is interesting that this argument has been in
congruence with the American historical experience .This became a concern not only to
industries, but also to government and educational interests. To identify reasons of the decline in
US industrial competitiveness and to formulate a response to the challenges within global
competition, serious work and efforts had been contributed in the search for explanations and
solutions. Discussions were initiated by major establishments such as The National Research
Council (NRC), the National Science Foundation (NSF), the American Association of
Engineering Societies, the Accreditation Board for Engineering and Technology, the American
Assembly of Collegiate Schools of Business, Oak Ridge associated Universities and others. A
series of workshops were organized and attended by experts for the discussion of changing
paradigms in business and technology. A resulting consensus was that great attention and
significant amount of efforts should be directed towards making improvement in the
Management of Technology and in conducting research and developing educational programs in
this emerging field of knowledge.
Khalil (2001) highlights that efforts to improve the US position in the global economy were
being influenced by the understanding that more organizations, including government agencies,
high educational institutions, enterprises and founding agencies, become aware of issues
involved in the international arena. Today, rapid changes in the technology and business
environment continue to occur. These changes require continuous updating of methods and
techniques of business practice. For example, measuring the value of a business according to
assessment of physical assets or based on traditional accounting or finance formulas are
inadequate in the knowledge economy. Education and training institutions need to take into
consideration the changing environment in technology and business and respond by changing
their programs accordingly. Khalil (2001) argues that international business and engineering
schools need to have consideration of incorporating into their curricula educational modules
recognizing the importance of the knowledge era and the technology revolution. The intangible
assets such as intellectual capital, intellectual properties, service innovation, information
technology and many of today's rapidly growing arenas should be recognized. Furthermore,
many of the existing models and the traditional programs need to take into account the
appropriateness and effectiveness of technology and innovation as well as the volatilities of the
environment in which the technology is created and applied.
It has to be acknowledged that there are a number of endeavors to embrace the challenges that
the world is facing in terms of management of technology. The International Association for
Management of Technology (IAMOT), founded in the early eighties, has become the leading and
largest international professional association solely devoted to the promotion of management of
technology education, research and application. IAMOT is currently undertaking a major
initiative to create guidelines for academic programs in MOT and certification/accreditation
guidelines to recognize the quality of academic programs. This promises to be a strong step
towards establishing formal management of technology education globally on a sound academic
basis
Example -2
In addressing the Chinese experience in terms of management of technology, Li-Hua and Khalil
(2006) argues that appropriate infrastructures, strategies and mechanism for management of
technology needs to be established in order to support the diffusion of management of
technology principles throughout China. The conceptual framework for the future direction and
needs has been proposed based on the USA research and education experiences over the past two
decades. It is debatable whether business and engineering schools need to introduce MOT
curricula following the USA model or develop a new model shaped by the Chinese culture. It
draws upon the experience of the USA in Management of Technology over the past two decades
and projects what may be needed for China to continue its development and economic growth in
the future.
It is however evident that current situation in China in terms of MOT presents both opportunities
and challenges not only to Chinese business, but also to the Western business. Today, increased
levels of competition discussed in this editorial in the wake of China's entry into the WTO have
resulted in experimentation and risk-taking as ways of doing business in China. However, the
uncertainties and ambiguities prevalent in the Chinese business environment, in particular, in the
area of technology management, are neither well understood nor effectively negotiated by the
international investment community. In addition, the complexities of technology and knowledge
transfer have led to misunderstanding in the operation and the implementation of international
joint venture projects in China. Therefore, as to the international investors, China's business
environment continues to present many challenges, particularly in how to manage effective
business networks and ensure smooth knowledge transfer, especially in international joint
venture projects.
In response to these challenges and opportunities, there is an initiative that following the
successful launching of Journal of Technology Management in China (JTMC), in late 2005
China Association for Management of Technology (CAMOT) was established (www.camot.org).
It is encouraging to the members of CAMOT that it has been agreed that the Journal of
Technology Management in China has been granted the official journal of China Association for
Management of Technology. Therefore, JTMC is an official academic outlet for the members of
CAMOT.
4. IS planning methodologies
This method is particularly useful for identifying high-benefit IS projects. Its principal
disadvantage is it focuses on proposed IS projects only, rather than the entire range of an
organizational applications portfolio.
A critical success factor of an organization is efficient asset management. Critical success factor
involve the management in an organization to know the current status of the organization in ICT.
Based on the analysis of the business environment of the corporation, the critical success factors
concerning the firm are identified. Critical success factor is refer to the limited number of area in
which result, if satisfactory will ensure successful competitive performance for the organization.
There are such area where thing’s must go right for the business to flourish. Thus, the factor that
are critical for accomplishing the objectives are identified at this stage.
To manage data as a corporate asset, managers must understand the value of information that is
processed data. Data are used by different people in different departments for different reasons.
Therefore, data management must address the concept of shared data. Whatever the type of
organization, the database predominant role is to support managerial decision making at all level
in the organization. That’s why, Strategic information systems planning play a big role in
organization. SISP is an important management function. It can help an organization use
information technology (IT) more competitively, identify new, higher payback IT applications,
and better forecast IT resources requirements.
An organization’s managerial structure might be divided into three levels which are top, middle
and operational. Top level management makes strategic decisions; middle management makes
tactical decisions and operational management make daily operational decisions. Operational
decisions are short terms and affect only daily operations for example deciding to change the
price of a product to clear it from inventory. Tactical decision involve a longer time frame and
after larger scale operation; for example changing the price of a product in response to
competitive pressures. Strategic decisions are those that affect the long term well-being of the
company or even its survival; for example changing pricing strategy across product lines to
capture market share. This shows that having a good SISP will lead the organization to achieve
the goal and objective in short or long term in an organization.
Business system planning is a strategy that calls for evaluating and structuring a platform for the
processing of information throughout a business operation. The goal of this type of approach to
the strategic management of a company is to make sure that all operations within the company
structure make the most efficient use of information relevant to their areas of responsibility, and
that communication between different levels of the business are operating at maximum
efficiency. While a specific approach to business system planning was created by International
Business Machines during the latter decades of the 20th century, variations on that process have
since been developed and adapted to fit newer business models.
Over the years, the use of business system planning has provided a number of benefits to
businesses of all sizes. One of the key benefits has to do with the ability to create a balanced
view of what is and is not working with the current structure of a business, especially the
technology that provides the foundation for that structure. By prompting the objective
assessment of the system at all levels, this approach can often aid in identifying what is operating
at optimal levels that meet the needs of the company, what is not operating at optimal levels but
could be adapted or enhanced in order to meet those needs, and what aspects of the technology
and the operation need to be removed or replaced in order to strengthen the company
infrastructure.
Employing the general concepts of business system planning makes it much easier for owners
and managers to identify when and how money should be spent to adapt the overall operation to
the changing circumstances within the marketplace. This affects not only matters like the internal
operation but ultimately the product line offered by the business, the way that customers are
approached and supported by the business, and deciding when changes will be in the best
interests of the company.
For instance a case of sample Company want to save up to 30% on your monthly bills?
This tool helps you do just that a company does not have to operate hundreds of locations and
have a substantial employee base in order to benefit from the use of business system planning.
Even a small business with one central location and a limited staff can take the general principles
and apply them to the management of a product line, the internal workings of the business, and
even to the task of becoming more visible to potential customers. There are a number of
consultants today who work with companies of all sizes and types to help establish the basic
framework for business system planning, training key people in how to make the most of the
process, and even aid in the launching of the initiative. While there may be some expense on the
front end, the benefits derived from this type of systematic approach will usually offset those
expenses in a short period of time.
Identifies the information systems a company needs and looks at the whole to determine what
information systems the business requires to fulfill its goals. For large businesses, this can be an
expensive process involving consultants and specialists, but smaller businesses can often perform
the analysis and planning in house. Prerequisites for effective business systems planning are the
existence of a business plan that details the goals and strategies of the company and the
communication of the plan to the people responsible for implementing the plan are
The requirements for a company's information systems can only be integrated into a plan when it
is clear where the company wants to go and how it plans to get there. A strategic plan lays out
the company goals and the strategies it intends to implement to achieve them. In small
businesses, such strategies often focus on financial goals and corresponding marketing plans.
These business plans are the initial input for the information systems plan and influence the types
of systems that the company will consider.
- Corporate Processes
Once the overall orientation of the information system is clear from the strategic plan, the
business systems planning process has to look at what the company does. If the company has
manufacturing, the information system has to include production planning. If it is service
oriented, the software has to have hourly billing and cost assignment features. The key corporate
processes are a second step in defining the requirements for the proposed information systems.
Sometimes the processes themselves require re-engineering to let them work with information
systems.
- Corporate Data
A key question for the planning of information systems is the nature of the company's data
processing requirements. Large volumes of complex data need different systems than flat, simple
databases or mailing lists. A company's data is a valuable asset and its nature can't easily be
changed. As a result, the data has a major influence on the kind of information systems that are
required.
- Constraints
The strategies, company processes and data represent the major inputs to the planning of the
information systems, but the systems themselves are subject to constraints. The most important
limitation, especially for small businesses, is the cost. Other constraints may include technical,
space, time and operational factors. The information system planning process has to consider that
the ideal system may not be a realistic possibility, and alternatives must be situated within the
constraints.
- End-user Input
Once the planning process has established the overall concept and requirements for the
information systems, it is important to involve the end users in the design for the interface. The
people who carry out the work have the best knowledge of what is required to do their job. Not
supplying what is required is a frequent planning failure, and getting end user input at this stage
is vital to the success of the business systems plan.
- Implementation
The final step for an information system is to plan for implementation. At this stage the plan
becomes a project and the planners have to assign responsibilities and resources, ensure that the
project plan matches the strategic and business plans and set completion, budget and
performance targets. At this stage the business can expect to have functioning information
systems at the project completion date, fulfilling the identified needs.
Computer-aided process planning (CAPP) is the use of computer technology to aid in the process
planning of a part or product, in manufacturing. CAPP is the link between CAD and CAM in that
it provides for the planning of the process to be used in producing a designed part.
The planning process can be quite difficult and time consuming. That’s what gives organizations
the “we don’t have time to plan” excuse for using a formal planning process. So vendors have
developed CAP tools to help ease the burden of planning.
This process results in an enterprise model of the business. An enterprise model defines the
structures and relationship of business processes and data elements as well as other planning
structures. Developing an enterprise model for a business is a starting point for the strategic data
planning process. Data administration personnel use enterprise modeling to help them develop a
variety of data models for the organization.
5.2.Security and Ethical Challenges of IT Definition
The security and ethical challenges of IT refer to the difficulties that organisations face in
managing increasingly complex information and communication technologies. The term
embraces the management of systems, policies and procedures designed to protect organisations,
their employees, customers and other stakeholders from malicious external threats, and from
internal acts of noncompliance with IT policies. The concept has important implications for
growing IT areas such as Big Data, social media, and Bring Your Own Device (BYOD) (Dutta &
McCrohan, 2002; Simonite, 2015; Soares, 2015).
Information systems have made many businesses successful today. Some companies such as
Google, Facebook, EBay, etc. would not exist without information technology. However,
improper use of information technology can create problems for the organization and employees.
Criminals gaining access to credit card information can lead to financial loss to the owners of the
cards or financial institute. Using organization information systems i.e. posting inappropriate
content on Facebook or Twitter using a company account can lead to lawsuits and loss of
business.
5.4.Cyber-crime
Cyber-crime refers to the use of information technology to commit crimes. Cyber-crimes can
range from simply annoying computer users to huge financial losses and even the loss of human
life. The growth of smartphones and other high-end Mobile devices that have access to the
internet have also contributed to the growth of cyber-crime.
Types of cyber-crime
1. Identity theft
Identity theft occurs when a cyber-criminal impersonates someone else identity to practice
malfunction. This is usually done by accessing personal details of someone else. The details used
in such crimes include social security numbers, date of birth, credit and debit card numbers,
passport numbers, etc.
Once the information has been acquired by the cyber-criminal, it can be used to make purchases
online while impersonating himself to be someone else. One of the ways that cyber-criminals use
to obtain such personal details is phishing. Phishing involves creating fake websites that look
like legitimate business websites or emails.
For example, an email that appears to come from YAHOO may ask the user to confirm their
personal details including contact numbers and email password. If the user falls for the trick and
updates the details and provides the password, the attacker will have access to personal details
and the email of the victim.
If the victim uses services such as PayPal, then the attacker can use the account to make
purchases online or transfer funds.
Other phishing techniques involve the use of fake Wi-Fi hotspots that look like legitimate ones.
This is common in public places such as restaurants and airports. If an unsuspecting user logons
into the network, then cyber-crimes may try to gain access to sensitive information such as
usernames, passwords, credit card numbers, etc.
According to the US Department of Justice, a former state department employee used email
phishing to gain access to email and social media accounts of hundreds of women and accessed
explicit photos. He was able to use the photos to extort the women and threatened to make the
photos public if they did not give in to his demands.
2. Copyright infringement
Piracy is one of the biggest problems with digital products. Websites such as the pirate bay are
used to distribute copyrighted materials such as audio, video, software, etc. Copyright
infringement refers to the unauthorized use of copyrighted materials.
Fast internet access and reducing costs of storage have also contributed to the growth of
copyright infringement crimes.
3. Click fraud
Advertising companies such as Google AdSense offer pay per click advertising services. Click
fraud occurs when a person clicks such a link with no intention of knowing more about the click
but to make more money. This can also be accomplished by using automated software that
makes the clicks.
An email is sent to the target victim that promises them a lot of money in favor of helping them
to claim their inheritance money.
In such cases, the criminal usually pretends to be a close relative of a very rich well-known
person who died. He/she claims to have inherited the wealth of the late rich person and needs
help to claim the inheritance. He/she will ask for financial assistance and promise to reward later.
If the victim sends the money to the scammer, the scammer vanishes and the victim loses the
money.
5. Hacking
Hacking is used to by-pass security controls to gain unauthorized access to a system. Once the
attacker has gained access to the system, they can do whatever they want. Some of the common
activities done when system is hacked are; Install programs that allow the attackers to spy on the
user or control their system remotely Deface websites Steal sensitive information. This can be
done using techniques such as SQL Injection, exploiting vulnerabilities in the database software
to gain access, social engineering techniques that trick users into submitting ids and passwords,
etc.
Information Systems controls are a set of procedures and technological measures to ensure
secure and efficient operation of information within an organization. Both general and
application controls are used for safeguarding information systems.
8.1.General Controls
These controls apply to information systems activities throughout an organization. The most
important general controls are the measures that control access to computer systems and the
information stored or transmitted over telecommunication networks. General controls include
administrative measures that restrict employee access to only those processes directly relevant to
their duties, thereby limiting the damage an employee can do. Some general controls are as
follows.
8.2.Software Controls
Monitor the use of system software and prevent unauthorized access of software programs,
system failure and computer programs.
8.3.Hardware Controls
Ensure the computer hardware is physically secure and check for equipment malfunctions.
Computer equipment should be specially protected against extreme temperatures and humidity.
Organizations should make provisions for backup or continued operation to maintain constant
service.
This include controls over setup of computer processing jobs and computer operations and
backup and recovery procedures for processing that ends abnormally.
8.5.Data Security Controls
Ensures critical business data on disk and tapes are not subject to unauthorized access, change or
destruction while they are in use or in storage.
Audit the system development process at various points to ensure that the process is properly
controlled and managed.
8. 7. Administrative Controls
Formalize standards, rules, procedures and control discipline to ensure that the organization’s
general and application controls are properly executed and enforced.
Application controls are specific to a given application and include measures as validating input
data, regular archiving copies of various databases, and ensuring that information is disseminated
only to authorized users. This can be classified as input, processing and output controls.
1. Input Controls – Input controls check data for accuracy and completeness when they
enter the system. There are specific input controls for input authorization, data conversion, data
editing and error handling.
2. Processing Controls – Processing controls establish that data are complete and accurate
during updating. Run control totals, computer matching, and programmed edit checks are used as
processing controls.
3. Output Controls –Output controls ensure that the results of computer processing are
accurate, complete and properly distributed.
1. Firewall –The firewall acts like a gatekeeper that examines each user’s credentials before
access is granted to a network. The firewall identifies names, internet protocol (IP) addresses,
applications and other characteristics of incoming traffic. It checks this information against the
access rules that have been programmed in to the system by the network administrator. The
firewall prevents unauthorized communication into and out of the network, allowing the
organization to enforce a security policy on traffic flowing between its network and other
untrusted networks, including the internet. Firewalls can deter but not completely prevent,
network penetration by outsiders and should be viewed as one element in an overall security
plan. To deal with internet security effectively, broader corporate policies and procedures, user
responsibilities and security awareness training may be required.
2. Intrusion Detection System – In addition to firewalls, commercial security vendors now
provide intrusion detection tools and services to protect against suspicious network traffic
attempts to access files and databases. Intrusion detection systems feature full-time monitoring
tools placed at the most vulnerable places. The system generates an alarm if it finds a suspicious
event. Scanning software looks for patterns indicative of known methods of computer attacks
such as bad password, checks to see if important files have been removed or modified and sends
warnings to the system administrator. Monitoring software examines events as they are
happening to discover security attacks in progress. The intrusion detection tool can be
customized to shut down a particular sensitive part of a network if it receives unauthorized
traffic.
3. Antivirus software – Antivirus software is designed to check computer systems for the
presence of computer viruses. Often the software can eliminate the virus from the infected area.
However, most antivirus software is effective only against viruses already known when the
software was written. To remain effective, the antivirus software must be continually updated.
9. Facility Controls
Physical facility control is methods that protect physical facilities and their contents from loss
and destruction. Computer centers are prone to many hazards such as accidents, thefts, fire,
natural disasters, destructions etc. Therefore physical safeguards and various control procedures
are required to protect the hardware, software and vital data resources of computer using
organizations.
Our engineers have extensive experience planning and implementing a broad variety of building
management applications—whether they entail Internet-based controls and interfaces or legacy
system interactions.
- Electrical systems
- kWh metering
- Fire protection
- Security
- Access control
Procedural controls establish a framework for validating and maintaining the computer system
and for ensuring that users understand how to use the system. Procedural controls usually take
the form of standard operating procedures (SOPs) and user manuals.
Procedural control is a method of providing air traffic control services without the use of radar. It
is used in regions of the world, specifically sparsely populated land areas and oceans, where
radar coverage is either prohibitively expensive.
Any computer equipment, instrumentation, and software that you buy needs to come from a
reputable vendor and needs to be documented and tested for the environment in which it will be
used.
- System Lifecycle
- Identifying and involving knowledgeable, qualified stakeholders to define, test, and document
the system
- Assessing and addressing risks to the computer system
- Grouping and prioritizing tasks and completing them in a controlled and orderly manner
- Describing requirements for the system and maintaining traceability from that starting point
through to implementation
- Verifying individual parts, and the system as a whole, using a combination of reviews, testing,
and audits
- Tracking, evaluating, prioritizing, and fixing defects
- Identification and control of system components and associated documentation
- Using change control to manage changes to system components and associated documentation
- Creating and maintaining documentation of the computer system and development and
maintenance activities through the life of the system.
10.2. Procedural Control Examples
Procedural controls refer to the procedures performed by individuals. They are often detailed in
written documents that an organization uses for security. Procedural controls are directives from
senior management on how to address security within the organization.
The following sections provide examples of some of the common procedural controls in these
categories:
Computer crime is a new Problem in our society therefore we must know that what computer
crime is. If we talk about computer crime we will refer to a crime which is conducted with the
help of a computer and a network is involved in it. As we refer to computer it can even be a
small computer device like mobile. And the network mainly used is an Internet connection
because of its availability and access. Computer crime includes acts in which you use a computer
or a network to harm someone else either by stealing data, plotting a virus, hacking someone’s
computer etc.
Computer or cybercrime may include broader terms like hacking, copying of copyrighted
material, child grooming, stealing and misuse of Confidential/private information of someone
else , making a computer virus or a bug or a malware with a intention to plot at someone’s
computer or a network in order to gain a benefit or to take revenge or another cause which make
you do such an act is a computer crime. These are few types of computer crimes it is much more
vast and expanded term.
Now if we talk about computer crimes conducted earlier or have started at first are, using
someone else computer to scan or print what you want without consulting the owner or using
someone else internet connection to distribute false information or conduct a fraud with the help
of a computer or use false to information steal from someone else on the internet and use
someone else internet name etc. these are all type of old computer crime. Now a days computer
crime or new computer crime includes work like stealing some ones privacy, create a software or
a tool to harm someone else computer and put the virus or malware in order to harm him in any
case, use someone else email account to do mails eg to a mail to black mail someone etc.
11.2. Here we will discuss some details of the types of computer crime
11.3. Now we could use an example which could explain computer crime.
Melissa virus was speeded on March 26, 1999 it was spreader through email it was just an
attachment it affect about 100,000 people throughout the world in the head it was written
important message from user and in the body here is the document you asked and don’t share
with any one. And when the user open the attachment Melissa virus come into his computer.
Now we will discuss effect of computer crime on our world. Due to computer crime there is loss
of billions of dollar annually. Computer crime is increasing every day and it is creating big losses
and company level and at individual level stock losses.
If we talk about computer crime it may be 15 $ at individual level but is very large at corporate
level it can rise up to 225 billion $ so loss due to computer crime can be vary between 15 $ to
225 billion $. United States is leading in cyber-attacks throughout the world about 35 %
(approximately) in total of the whole world followed by South Korea 12 % of cyber-attacks of
the whole world. Hackers and cyber criminals reside or flourish in countries having few
computer crime laws. From these countries they can easily attach rich countries. Due to
increasing Computer crime throughout the world insurance companies are providing insurance
against computer crimes. After an attach to a firm the firm losses its price of stock in the stock
market by 1 % – 5 % therefore the companies suffer the loss at company level but the stock
holders also bear the price due to decrease in the stock price.
A company suffers losses due to computer crime when a hacker steals confidential information
and future plans of the company. And he simply sells the information to a competitor company
and they use the information to get benefits. Wastage of time is another problem because many
IT personals spend a lot of time on handling harmful incidents which may be caused due to
computer crimes. This time should be spend on the development. And if the company is attacked
by a computer criminal it would cost a lot and much time is needed to recover from the loss.
One of the problem is that when a hacker enter in an organization and steals confidential
information form the company the people who entrust the company loses their confidence in the
company as the company may contains confidential information like credit cards of customers
and as the information is stolen the customer will not trust the company again and will move to
someone else who could protect their confidential information.
Computer crime reduces the productivity of a company as a company will take measure to
reduce cybercrime so there will be more password entering or other acts this will take time to do
and therefore will effect on the productivity and it also will increase the cost as to stop viruses
and malware companies must buy strong security software to reduce the chances of attacks from
such attacks.
In some cases victim of the cybercrime not even know that he has been attacked. And the
attacker are so clever that they not even left a small clue to be detected.
When you use credit card at ha store the transitions are encrypted and sent to the internet and the
internet is available globally. Hackers are smart and they can decrypt the information in a few
time.
There are few solutions to keep safe from computer crime and they could be a little help for the
attacks, antivirus and antispyware tools, firewalls, Cryptography. After theses cyber ethics and
law has been formulated to stop these kinds of things. And after these the internet service
providers must provide secured internet connections to keep the users safer from the cyber-
attacks.
In the end I may conclude that computer crime is a strict criminal act and the it should be
punished strictly and there should be strict laws against cyber criminals like there are should be
punishment against them as there is punishment for other criminals who have committed crimes
like stealing etc. computer crime cannot be stopped at this level but immunity can be used to
keep safe from it or at least harm could be a lesser.
In most cases, someone commits a computer crime to obtain goods or money. Greed and
desperation are powerful motivators for some people to try stealing by way of computer crimes.
Some people may also commit a computer crime because they are pressured, or forced, to do so
by another person. Some people also commit a computer crime to prove they can do it. A person
who can successfully execute a computer crime may find great personal satisfaction in doing so.
These types of people, sometimes called black hat hackers, like to create chaos, wreak havoc on
other people and companies. Another reason computer crimes are sometimes committed is
because people are bored. They want something to do and don't care if they commit a crime.
There are many privacy issues related to information technology, such as electronic surveillance,
which involves monitoring people with technology, often without their knowledge. In addition,
companies often share or sell personal information to other companies. Identity theft is also an
important privacy issue. Other examples of IT privacy issues include cookies, spyware, and
Employee Internet Management software.
Technological advances often require people to give up their privacy. Information privacy refers
to the right to determine when, and to what extent, information about oneself can be
communicated to others. Technology provides opportunities for companies and criminals to take
those rights away through practices like data mining and identity theft.
Internet is the fastest way of connecting with the world but, unfortunately, it is not the safest one.
The internet is full of scams and gambles, and you are on the verge of security risks when you
choose to be online.
Most internet users are least bothered about their online privacy and are unaware of the plausible
risks associated with it. Not only your privacy but your safety is also endangered, especially
when you are using the internet to carry out important and secretive tasks like online banking and
sharing crucial business files.
Online users are incredibly vulnerable to security threats, and there is a long list of issues
associated with their safety. Here we are discussing only the major issues concerning online
privacy.
When you are online, you are spied by a number of trackers for various purposes. Trackers keep
a record of your search history and track all your online activities through various means. This
provides them a clear picture of who you are and your interests, which is a breach of online
privacy policy and makes you a public property. Most of the time, this tracking is for
advertisement purposes only and it allows advertisers to show ads according to your taste and
interests. But sometimes this information is used by cybercriminals to carry out unauthorized and
illegal activities risking your online existence.
2. Information Mishandling
There are various sites on the internet that need your personal information to get access to their
services. These sites often store cookies and save your personal information and later use it for
various purposes. Most of the time this information is not encrypted and can be accessed by
anyone. This mishandling of personal information may lead to serious consequences. The
modern trend of e-banking and e-business portals have multiplied the risks associated with
online privacy. By sharing your bank details and crucial files on the internet, you are paving
ways for burglars and making yourself vulnerable to cybercriminals.
3. Location Tracking
Most of the internet users proudly upload their social media posts highlighting their current
location along with tagging friends and family members. It's fun and exciting to share your life
events with friends and family, but this data does not remain restricted to your expected audience
only. This same data is stored on the social media site you are using and stays there forever,
often without you knowing (though you may have given consent through a terms and services
agreement). Along with social media apps, Google Maps and other apps also ask for your
location and by turning on your location you are providing first-hand information to the world
about where exactly you are and what your next move is, which is certainly risky and insecure.
12.3. Five Possible Ways to Protect Against Online Privacy Threats
There’s no way to completely avoid threats and attacks, but still, there are some steps you can
take to avoid being victim on the internet. Here are some measures that should be followed:
1. Use a VPN
There are various ways of protecting your online privacy, but the most successful and certain
way is through VPN. It is a tool that provides an encrypted tunnel for all your online activities,
which means it encodes all the information transferred between you and your host site and leaves
no chances of snooping and spying. It also provides you an anonymous IP and disguises your
actual identity, hiding your geographical location and making your online existence more safe
and secure.
There are various VPN available including free and paid ones. Some VPN work on a small scale
and have access to a few countries only while others are international ones with access to most
parts of the world.
Hackers can easily track your activities and get into your system through your browser. It’s
highly recommended to keep your browser updated to the latest version. Avoid using spammy
websites that asks for user details. You can also block ads on your browser and take extra time to
actually read privacy policies before giving your consent.
Keep your system up to date to ensure that you don’t miss out any feature and security fixes. If
you find it a hassle to manually apply updates, you can always use tools to automate your
software updates. Regularly scan your system or it’s better to keep auto scan on in your system.
4. Use Anti-Virus
A strong anti-virus program will keep your device free from all types of malware, such as
spyware, viruses, Trojans, etc. You can also use a good anti-virus that will keep you updated if it
found something wrong in your system. Using anti-virus is essential as it helps you to get real
time updates.
Take advantage of the options that are available to you. Big Internet companies such as
Facebook and Google usually give you options to opt out of some, if not all, of their
personalization and tracking.
There are many debates about what should be considered private or personal information, who
should have access to what information, and who is responsible for providing approval for others
to access it. Disagreements occur because people often exchange their personal information for
coupons, or another type of incentive, without thoroughly understanding what the information
will be used for
As technology advances and people continue to store personal information on their devices,
personal privacy issues are becoming more challenging. There are many types of personal
privacy issues in information technology ("IT").
- Electronic surveillance involves monitoring people with technology, often without their
knowledge. This can be done through video or recording devices.
- Personal information is provided to companies when users sign-up for accounts, such as
Facebook, Instagraam, YouTube, or grocery discount cards. These companies then sell the
personal information (what links are clicked, products purchased, how much money was spent,
etc.) to other companies that use the data to market to the user.
- Identity theft occurs when someone steals an individual's information to commit a crime, such as
fraud. Identity thieves can use this data to make purchases, apply for credit cards, get medical
services, or apply for a job.
- Cookie are small data files that websites use to track users visiting the site. There are several
different types, but third-party cookies are typically the ones that cause personal data to be
compromised. This is because these types of cookies follow and record the user as they do
business online.
- Spyware is a small computer program that gets stored on a user's hard drive. The program
collects the user's habits and transmits that information to a third party, all without the user's
consent. The data is then transmitted to marketers, criminals, or firms that pay others to collect
data on users.
- Employee Internet Management Software (e.g., Web Watcher, Refuge Employee Monitor, Work
Time) is used to ensure that employees are not using their work computers for non-work
activities, which can disrupt employee production and expose the organization to security
breaches. The software can monitor staff websites, filter out websites that the organization feels
are inappropriate, monitor employee phone calls, and record voicemail messages.