DIREDAWA UNIVERSITY

COLLEGE OF BUSINESS AND ECONOMICS

DEPARTMENT OF MANAGEMENT

Program: Masters of Business administration

Course title: Management Information System

Portfolio Assessment Based on the Strategic roles of IS and MIS

Submitted To:-Banbul Shewakena (Assi. Prof)
Prepared by Girma Tefera Tilahun
ID NO- DDU1400961
Table of Content Page No
Section A: Strategic roles of IS
1. Introduction ---------------------------------------------------------------1-1
2. Breaking Business Barriers ---------------------------------------------1-4
3. Business Processes Reengineering -------------------------------------4-6
4. Improving Business Quality --------------------------------------------6-7
5. Creating Virtual Company ---------------------------------------------7-10
6. Using Internet Strategically--------------------------------------------10-13
7. Building knowledge Creating Company -----------------------------13-14
8. Challenges of Strategic of IS ------------------------------------------14-15
9. Enterprise – wide systems and ----------------------------------------16-18
10. E- Business Applications---------------------------------------------18-23
Section B: Managing information systems
1. Enterprise Management ------------------------------------------------24-26
2. Information Resource Management -----------------------------------26-28
3. Technology Management -----------------------------------------------28-32
4. IS planning methodologies ---------------------------------------------32-39
5. Critical Success factors -------------------------------------------------39-40
6. Business Systems Planning ---------------------------------------------41-43
7. Computer Aided Planning Tools. Security & Ethical Challenges ---43-46
8. IS controls ----------------------------------------------------------------46-47
9. Facility Controls ---------------------------------------------------------48-48
10. Procedural Controls ----------------------------------------------------48-50
11. Computer Crime --------------------------------------------------------50-53
12. Privacy issues------------------------------------------------------------53-56
SECTION A- Strategic roles of IS

Introduction

The concept of strategic information systems is one of the contemporary concepts of the
historical development of the applications of information systems in different fields. This
concept is related to facilitating the management of strategic planning, which enables the
organization to achieve its objectives while recognizing changes in the internal and external
environments that contribute to generating real threats and opportunities. Thus, Strategic
information systems contributing to the formulation of their strategic objectives through the
provision of appropriate information (Turoff et al., 2004).

In the past, information has been used as a specific decision-making tool. In today's business
environment, fundamental changes have taken place in the role of information systems, so that
information has become a weapon of competition and a strategic resource (Al-Taee & Al-
Khafaji, 2016).

Turoff et al. (2004) points out that our modern world is characterized by complexity and speed of
change. Strategic information systems are an important tool in dealing with this world. Within
this approach, many research and development efforts have been made in recent years, focusing
on the design, construction, use and evaluation of strategic information systems that facilitate the
task of the organizations' departments in preparing for and responding to crises.

Strategic information system has been looked at from many different perspectives, particularly in
the Information system (IS) literature. Hemmatfar et al. (2010) define strategic information
system as “Any IS has the ability to change objectives, processes, products or environmental
relationships to help the organization gain competitive advantage or reduce competitive
disadvantages”.

The strategic information system also can be defined as an information system that creates or
enhances the company’s competitive advantage or changes the industry structure by
fundamentally changing how business is conducted. It is conventional information systems used
in innovative ways (Rubel et al., 2014).

1. Breaking Business Barriers

Description: Information technology is used to shorten the intervals between the various critical
steps in a business process. Telecommunications is a lot faster than most other forms of
communications, thus, it provides information to remote locations immediately after it is
requested. Telecommunications networks enable you to communicate with people almost
anywhere in the world. Telecommunications and computing technologies make it possible to
distribute key business activities to where they are needed, where they are best performed, or
where they best support the competitive advantage of a business.

1.1.Several vital capabilities of information technology that break traditional barriers

to strategic business success include:
 1. Breaking Time Barriers
- Information technology is used to shorten the intervals between the various critical steps ina
business process.
- Telecommunication’s is a lot faster than most other forms of communications! Thus it provides
information to remote locations immediately after it is requested.
2. Breaking Geographic Barriers
- Telecommunications networks enable you to communicate with people almost anywhere in the
world.
- Telecommunication’s and computing technologies make it possible to distribute key business
activities to where they are needed where they are best performed! or where they best support the
competitive advantage of a business.
3. Breaking Cost Barriers
- Computers and telecommunications can often significantly reduce the cost of business operations
when compared with other means of information processing and communications. Or example
they can reduce costs in such areas as production Inventory, distribution or communications.
Information technologies have also helped companies cut labor costs minimize inventory levels
reduce the number of distribution centers and lower communications costs.
4. Break structural barriers

2. Business Processes Reengineering

2.1. One of Strategic Uses of IT are BPR

One of the most popular competitive strategies today is business process reengineering (BPR),
most often simply called reengineering. Reengineering is the fundamental rethinking and radical
redesign of business processes to achieve dramatic improvements in cost, quality, speed, and
service. BPR combines a strategy of promoting business innovation with a strategy of making
major improvements to business processes so that a company can become a much stronger and
more successful competitor in the marketplace.

2.2. How to Implement Business Process Reengineering In Your Business?

The following steps (Davenport, 1992) can help BPR realize its core principles of customer
satisfaction, reduced costs of business and increased competitiveness.

Business vision and objectives Any BPR activity needs to begin with a clearly defined and
measurable objectives. Whether the goal is reducing costs, improving quality of product, or
increasing efficiency, the framework for what needs to be achieved has to be decided upon at the
outset, in line with the company’s vision and mission.

1. Identification and slacking processes

Once a clear goal is in mind, all processes need to be studied and those seen as ‘slacking’ or that
can be improved need to be identified.
Among these, those processes with direct impact on the company’s output or those that clash
with the company’s mission become part of the ‘red’ list. This clear identification makes the
difference between BPR success and failure.

2. Understand and measure the ‘red’ processes

With a list of slacking processes in hand, it is imperative to identify how they were identified as
such. Are they taking too much time to complete? Is the quality of the outcome being
compromised?

Whatever the issue, each process must be judged objectively either against industry standards or
ethically obtained competitor best practices.

3. Information system and technology capabilities

An efficient and relevant IT system is an essential BPR enabler. Without such a system, it is not
possible to keep a check on all factors affecting the change. Before setting out on a radical BPR
activity, it is vital to set in place information systems that can deal with the magnitude of the
change.

Design, build and test the new prototype: Before any new product is launched, a prototype is
tested out. A failure at a testing stage should never be implemented at a larger scale. BPR
projects fail more often than not for a variety of reasons but a basic reason is the inability to
identify and accept any limitations at the testing stage. Among other factors, both the
management’s attitude towards the new way of work and the employees’ outlook towards the
change should be carefully assessed.

Adapting the organization Managing change brought about by BPR activities is the final effort
towards a successful project. Providing updated documentation, organizational structures,
governance models as well as updated charts of authority and responsibility leave little room for
confusion and allow a smooth transition into the new way of work.

Business process reengineering is a radical change activity that cannot be repeated if it goes
wrong the first time. It is often a high risk activity that involves monetary investment and a risk
of demotivated employees. In is essential to have buy in all the way from top management down
and it should have a broad functional scope.

It Is Important to Acknowledge and understand that BPR is not a foolproof method of success.
As with all activities it runs the risk of failure [

2.3. A BPR program can be successful if

- Customer needs are made the priority and this vision is used to appropriately direct
business practices.
- There are cost advantages to be achieved that help the organization become more
competitive in its industry.
 - A strategic view of all operational processes is taken with relevant questions being asked
about the established way of work and how it can be developed over the long term into
more efficient business practices.
- There is a willingness to look beyond tasks and traditional functional boundaries with a
focus out comes. Through this, entire processes can be eliminated or amalgamated into
fewer but more relevant and powerful processes throughout the organization.
- There is a real desire to simplify the way of work by objectively assessing all activities
and tasks and eliminating any that add less value and more complexity.
2.4. A BPR program will fail if
- It is seen as a way to make minor adjustments and improvements to existing processes. If
there is no clear willingness to put all existing process onto the chopping block, there is
no chance of success.
- It is seen as a one-time cost cutting exercise. In reality, cost reductions are often a handy
by product of the activity but not the primary concern. It is also not a one-time activity
but an ongoing change in mindset.
- There is no success in gaining dedicated long term commitment from management and
the employees. Bringing people onboard is a difficult task and many BPR initiatives
never take off because enough effort is not put into securing support.
- There is less effort to redesign and more to automate.
- One department is prioritized at the expense of the process. There needs to be an
openness towards studying every single process in detail and a willingness to change
whatever is needed to achieve overall efficiency.
- There is too much internal focus and not enough of an eye on the industry and what
competitor best practices can be used as benchmarks

3. Improving Business Quality

3.1. How Information Systems Can Improve Business Quality

For you to run a successful business, you need to invest in high-quality information systems that
will simplify processing data and statistics, either organizational or financial. Most companies
have experienced data problems caused by lack of accuracy and reliability, and as a result, the
workflow slows down. So, the primary goal for all companies is to reduce human errors and
increase efficiency. To be able to achieve such goals, your company has to get an excellent
information system. In this article, you will learn the difference an information system can make
to your business by applying the following measurments
1. Organized data
A brilliant organization is vital for any company that is trying to be successful. The acquisition
of a great information system ensures that your business will be organized, and you will be able
to make decisions and solve problems faster. The advantage is that the employees will be able to
gain access to all the information and as a result, improve their productivity. A good information
system has a Management Information System (MIS) feature, which helps in organizing your
database. The MIS can offer you past, current and present information by using all resources in
the system. If your business lacks proper data organization, you are likely to have severe
problems and a lot of useless data.
2. Avoid any form of crisis
In the past, businesses could not analyze the share market and their level of organization. As a
result, there was a lot of crisis in the business sector. Making use of an information system
enables your company to analyze stocks and check on their previous performance to predict any
form of disaster. The MIS can keep track of all margins and profits so that your business can
have all the necessary data for anticipating and invading a crisis.
3. Storage of information
Information systems are convenient because they can help you store data that you will need in a
few years to come. For example, newspaper editing companies keep their photos safely in an
archive which can be opened to reveal pictures if need be. Saving your data manually using hard
copy means will waste a lot of time since searching for something will be hectic. A good
information system groups your data according to date and time, making the searching process
convenient. All information is stored in a comprehensive database that is accessible to you 24
hours a day.
4. Easy decision making
Without a functional information system, the decision-making process wastes so much time and
energy. The decisions and strategic plans made by the management of an organization dictate the
level of success. The management of your company can use information systems to come up
with strategic plans and make best decisions when it comes to taking business steps. A good
information system evaluates information from all the company’s sources and manages to come
up with the best conclusion in regards to the current economy. A decision like purchasing
performance appraisal software would be a good one for any company because it will help in
motivating your employees and as a result, they will become more efficient and productive. If
you do not do that, you will waste time and energy making decisions that may mess up your
brand.
5. You get a better perspective on the future of your business
As a company manager, you have to establish broad perspectives using an excellent MIS. The
MIS can assess your company’s organization and come up with easier ways of analyzing
processes that are independent. The main goal is normally producing high-quality products and
services. For your company to be able to compete with other companies in the same industry,
ensure you invest in a well-designed information system. By incorporating an information
system, you will get regular updates on the business trends. Therefore, you will not waste time
working on things that are not useful. Your focus will be the main goal that will bring business
success by applying the following techniques

4. Creating Virtual Company

4.1. Discuss about Virtual Company (VC) strategy.

VC typically use an organizational structure called a network structure since most virtual
companies are inter linked by the internet, intranets, and extranets. People and corporations are
forming VC as the best way to implement key business strategies that promise to ensure success
in today’s turbulent business climate.

4.2. Strategies for VC:

- Share infrastructure and risk

- Link complementary core competencies

- Increase facilities and market coverage

- Migrate from selling products to selling solutions.

Example for a case of vertual company

Distributed or virtual companies have found ways to overcome challenges associated with
remote teams, and they’re reshaping traditional benefits and perks at the same time.

We originally published this article in April, 2016—four years before the COVID-19 virus forced
companies to become remote in a very short amount of time. Now, at the tail-end of the
pandemic, Canadian employers have a choice to make: remote, hybrid, or return to the office
entirely?

As the Amazon Business Return to Office report recently uncovered, most Canadian employees
want remote work to stay for good. "Only one-in-eight (12%) say that working entirely at their
physical workplace is their ideal working scenario moving forward, and more than two-in-five
(43%) Canadian office workers say they would be likely to look for a new job if their current
employer mandated they return to the office full time." With that in mind, the virtual-only
companies we feature in this article—pioneers in remote work and still in business today—
prove that workplace culture doesn’t depend on the proximity of team members.

1. Fire Engine RED

Who says that team-building is impossible with distributed companies? Fire Engine RED, a
software provider in the education sector, proves otherwise. A virtual walking club and virtual
book club keep team members connected, while biweekly all-hands meetings, conducted via
conference call, ensure everyone is on the same page. “By not spending money on office
space,” Director of Communications Chuck Vadun explains, “we’re able to invest more in
serving our clients better.”

The company encourages employees to save also, as evidenced by the company’s “REDuce Your
Bills” event. “Our CEO put together a tip sheet,” Vadun explains, “then gave our team the entire
day off to call our cable providers, cell phone companies, insurance agents, and others to get
better deals.” Together, Fire Engine RED employees saved an extra 25,000 dollars each year. It’s
clear that this 100% virtual company has made cost-effectiveness part of its culture, to the
benefit of clients and team members alike.

2. Zapier
Zapier has been completely remote since the very beginning. “Even though Bryan, Mike, and I
lived in the same city, we had different schedules and were bootstrapping Zapier on the side,”
co-founder Wade Foster explains the company’s origins. “We worked on Zapier in every spare
moment we each had, but those moments didn’t magically line up at the same time where we
could work in the same room.” And as the company grew? “Since we were already a distributed
team, it made sense to keep moving that way…we could hire people we knew were awesome,
but just didn’t live in the places we lived.”

Foster acknowledges that it’s more challenging for an established company to suddenly
become wholly virtual. That’s why he advises starting slow: “Have a single department try
remote and have everyone work from home for a month to see how it goes.” Soon enough, you
might find your team spread over several continents, just like Zapier’s own!

3. Buffer

At the end of 2012, Buffer—whose app facilitates social media sharing—became a fully virtual
company. So far, so good. In fact, CEO Joel Gascoigne says he is “in love with the choice we
made to be distributed all across the world.” Buffer’s team members (over 85 at last count)
work all around the globe and do so with unquestionable synergy.

How? Well, that collaborative spirit is fostered by “Buffer Bootcamp,” a 45-day probationary
period that allows potential new hires to see if remote working, as well Buffer’s overall culture,
suits them. During this time, candidates for full-time positions first come on as contract
workers. Several in-depth chats over the course of six weeks ensure they and Buffer are a good
cultural match. In the end, about 70% of these candidates are hired on full-time and connect on
a more permanent basis with the Buffer team—remotely, of course!

4. FlexJobs

FlexJobs is dedicated to helping people find flexible work options, including remote
opportunities. The company has been office-less itself for the last eight years. It hasn’t held
them back. “Creating a company culture is an interesting task in a virtual environment,” notes
Director of Online Content Brie Reynolds. “We think about how to translate traditional office
happenings into a virtual environment, and that’s led us to try activities like virtual trivia happy
hours, virtual yoga classes, and even a remote book club.”

Some of those ideas, of course, have been more successful than others. The key, according to
Reynolds, is constant check-ins with your team and a willingness to experiment with what
works best. Sure, a virtual environment can never function exactly like a physical office, but
with a little effort and ingenuity, it might work even better.
5. The Content Factory

This digital PR firm is 100 percent virtual, a decision that owner Kari DePhillips has never
regretted. “I’m not limited to searching for talented workers who live within a 20-mile radius of
where I am,” she explains. “I get to hire the best person for the job, no matter where they live.”

That virtual model also led to a more diverse workplace. “We have two employees with chronic
health issues,” DePhillips explains, “and although they can work from home, they wouldn’t be
able to regularly work in a standard office environment.” The Contact Factory’s flexible
environment creates career opportunities for people who might not otherwise have ready
access to them. As a result, the company benefits from additional perspectives.

6. Automattic

They’re the people behind WordPress—and in fact, it’s that very platform that inspired the
company’s business model. “Automattic made a decision from the beginning that distributed is
the future of work, and that future also matched perfectly with the mission of WordPress.com:
to be a global platform for users around the world,” the company tells us. “Why not have our
own team represent that same global community?”

Automattic team members mostly communicate through the WordPress platform, publishing
internal blogs to keep everyone up-to-date. Google Hangouts and Slack fill in the gaps, allowing
colleagues to connect virtually. “Going distributed made sense and continues to work for us,”
Automattic explains, “because we built our entire culture around it.”

Ready to tear up your lease? We don’t blame you. Slack, Zoom, and Basecamp (to name just a
few tools) facilitate collaboration so that working remotely is as good as being there. In any
event, the success stories of these companies show that the typical workplace model is on its
way out the door.

5. Using Internet Strategically

5.1. What is Internet Strategy?

Internet Strategy is the strategy adopted by a business to go online and use web approach for
marketing, communicating and engaging customers through a proprietary website. It is a
strategic plan adopted by business to create and develop online presence of company by adhering
to their overall business development strategy. It is more than designing web strategy as it uses
internet as an opportunity to design business strategy. It is like a map basically how and when to
use internet to expand overall business and to implement such strategies overall.

The elements included in internet strategy will be business strategy, web design strategy, search
engine optimization, website design and maintenance, website hosting and management .It
 includes overall business strategy which can make internet to incorporate in overall business. It
includes all tactical aspects to improve customer relations, communication between employees
and customers, to gain competitive advantage and increase marketing efficiencies.To improve
sales there should be proper internet marketing strategies otherwise they will be of no use.
Internet strategy is designed by high skilled business professionals and web strategist. They are
hired to design internet strategy because they know latest online trends, businesses, users
experience and principles of technology. There is continuous need to made and implement
necessary changes in the internet strategies according to business maturity.

Digital marketing continues to grow in importance. People are spending more time online, and
marketing budgets continue to shift toward digital. With so many opportunities in digital
marketing, it is easy to get into execution mode and just start doing. However, investing in your
strategy is one of the best ways to grow your digital return on investment. A clear strategy
reduces waste, adds focus to your efforts and builds on what is already working.

For Example

This Jewish Beauty Founder Partnered With Two Muslim Investors To Help Women
Through Her Company Beauty Magnet

5.2. Here's how to create a solid digital marketing strategy:

1. Explore the landscape and analyze your results.

A solid strategy starts by analyzing and examining. This gives you a clear idea of your starting
point and how you stack up against your competitors and a deeper understanding of your
customers.

- Analyze your performance. Start by evaluating your performance over the last year. Dive into
analytics to determine what worked and didn’t work and why.
- Evaluate your competitors. Spend some time looking at your competitors' digital presence. The
great thing about digital marketing is that it is easy to see what your competitors are doing
because it is all public. Use competitive research tools like Spy Fu to get a free analysis of their
strategy.
- Get to know your customers. Facebook Audience Insights is a free tool by Facebook that you can
use to uncover details about your audience size, demographics, behaviors and interests. Google
Trends is another free tool to see topics people search for and search trends over time.

2. Map out your strategy.

Build a clear strategy based on what you want to achieve and how you want to achieve it. The
GSOT strategy framework stands for goals, strategies, objectives and tactics and will help you
align your plan.

- Goals are what you want to achieve on a high level. For example, it could be to grow sales by
5% or generate 200 signups for an event.
- Strategy is the approach you’ll use to achieve your goals. This is usually defined by the stages of
the marketing funnel — you can choose to focus on awareness, interest, desire and action.
- Objectives are measurable numbers that link to your goal. For example, if I want to grow sales
by 5% this year, I may have an objective of establishing 200 leads or reaching 400 people.
- Tactics align with your objectives. For example, if I need 200 leads, I may use a landing page
with a webinar and social media to entice prospective new clients.
- Setting a clear strategy will help you focus your efforts on the areas that are most likely to drive
business growth. In digital marketing, there is no shortage of what you could do; the challenge is
deciding what you should do.

3. Define your target audience.

- In digital marketing, you have the opportunity to execute campaigns with very precise targeting.
Go beyond traditional demographic targeting and be as specific as possible. Create buyer
personas for your ideal customer to really get to know who they are.

4. Build your content strategy.

Based on your marketing objectives and your target audience, map out a content plan. This
should identify the main topics or buckets of content to include in your execution.

Here are five ways to get content inspiration:

1. Go back to step one and look for ideas from your competition and customer analysis.
2. Check out Answer the Public to see the questions that people are asking in search engines.
3. Search hash tags on Instagram to see what is trending. Instagram is highly visual, so it is a great
source of inspirational content.
4. Look at Google Search suggestions. This shows what people are searching for related to your
category.
5. Explore Interest, which is full of viral, visual, highly shared content.

5. Choose your channels and tactics.

- Once you know the content that resonates with your audience, choose the channels that are most
likely to give you the best results. Consider all the potential digital channels, tools and tactics
that you could use. Then prioritize based on the strategy you created in step two. Think about
how each channel contributes to meeting your objective and goal.

6. Set key performance indicators and benchmarks.

- Too often, businesses start executing but struggle to answer the question of whether they are
really getting results. Each activity that you invest in should have a clear KPI, which is your
measure of success. Next, set benchmarks. Your benchmark is what you want to achieve. For
example, with email marketing, my KPI could be my email open rate, and my benchmark could
be reaching 25% or better.
 7. Execute with best practices.

- Often the devil is in the details. If you miss executional steps you may find that you aren’t
getting the results you expect. Take some time to make sure that you are using best practices.
Digital marketing changes frequently, and something that worked on last year may require
tweaking to work now. Keep in mind that it is better to do a few things well than many things
poorly.

8. Analyze and adjust.

- One of the things that makes digital marketing so powerful is the ability to pivot and adjust. You
don’t have to create a set plan and stick to it. For example, if an ad isn’t delivering results, pause
it and try new creative. If your website isn’t converting visitors, run an A/B comparison test with
different calls to action.

For example, you can test a "learn more" call to action against "sign up now" to see what
performs best.

It can be easy to focus on tactics with digital marketing — you likely get pitched new ideas or
tools every week. The key to growing your results is to build a clear plan and stay focused. A
laser-focused strategy means that you clearly know how each part of your plan is building
toward your objectives and driving your business forward.

6. Building knowledge Creating Company

The Knowledge Creating Company By Ikujiro Nonaka What is the knowledge-creating

company? We may have a question of how knowledge can be created in a company because
knowledge gives more of a feeling of life. This insightful article not only explains how
knowledge can be created but also provides several illustrations of how Japanese Companies like
Matsushita ,Honda, Canon and others became extremely successful due to their knowledge
creating capabilities and disseminating it throughout the organization, and embodying it in
products, services and systems overcoming the tough competition, shifting market trends and
short product life cycle. The more holistic approach to knowledge at many Japanese companies
founded the important fundamental insight that a company is not a machine but a living
organism much like an individual that is continuously evolving and can have a collective sense
of identity, understanding and fundamental purpose. In this respect, the knowledge creating
company is as much about ideals as it is about ideas. Inventing new knowledge is not specialized
activity but a way of behaving, indeed a way of being, in which everyone is a knowledge worker
that is to say, an entrepreneur. The author has differentiated knowledge into tacit knowledge and
explicit knowledge and provided four basic patterns for creating knowledge which exist in
dynamic interaction resulting in the spiral model of knowledge creation.

- Tacit knowledge is the valuable and highly subjective insights and intuitions that are difficult
to formalize and communicate to others. It consists of mental models, beliefs, and perspectives
so ingrained that we take them for granted and therefore cannot easily articulate them. For this
very reason, these implicit models profoundly shape how we perceive the world around us. On
the other hand,

- Explicit knowledge Is formal and systematic. So, it can be easily communicated and shared, in
product specifications or a scientific formula or a computer programmer. Nonaka has given the
detailed illustration of how Osaka-based Matsushita Electric Company developed a dough maker
from the stretching technique of the baker of the popular Osaka International Hotel to explain the
knowledge creation process. The software developer Ms. Ikuko Tanaka of Matsushita Company
learns the tacit skill of the baker through observation, imitation and practice. This becomes the
part of her knowledge base (socialization). This is tacit to tacit conversion of knowledge. Tanaka
then articulates her tacit knowledge of bread making to formalize the specifications and develop
a software model which is the tacit to explicit knowledge conversion (articulation). Based on this
model, Tanaka and her team developed the dough maker which presents the explicit to explicit
knowledge conversion (combination). Finally, through the experience of a new product, Tanaka
and her team enrich their knowledge base. This is explicit to tacit conversion (internalization).
Articulation and internalization are the critical steps in the spiral of knowledge. The reason is
that both require the active involvement of the self that is, personal commitment. The spiral or
cyclic process of knowledge conversion between tacit and explicit knowledge is a continuous
process and results in a creation of new knowledge. The key to this process is personal
commitment, individuals’ sense of identity with the enterprise and its mission.

Making personal knowledge available to others is the central activity. It takes place continuously
and at all levels of the organization. The beautiful and more important aspect of knowledge
creation is that anything can be the source for the new knowledge be that be the conflict or chaos
in an organization, metaphors, slogans or mission. Thanks to Mr. Nonaka for bringing the
concept of knowledge creation which existed between us much before but in a hidden form. He
has beautifully uncovered the entire process. I personally believe that this vision will definitely
provide the new dimension to our management practice and also become milestone for the
development of Knowledge Systems.

7. Challenges of Strategic of IS

7.1. What are the challenges posed by strategic information systems, and how should
they be addressed?
Strategic information systems often change the organization as well as its products, services, and
operating procedures, driving the organization into new behavioral patterns. Successfully using
information systems to achieve a competitive advantage is challenging and requires precise
coordination of tech-nology, organizations, and management.
1. Sustaining Competitive Advantage
The competitive advantages that strategic systems confer do not necessarily last long enough to
ensure long-term profitability. Because competitors can re-taliate and copy strategic systems,
competitive advantage is not always sustain-able. Markets, customer expectations, and
technology change; globalization has made these changes even more rapid and unpredictable.
The Internet can make competitive advantages disappear very quickly because virtually all
companies can use this technology.
For example.
- Classic strategic systems, such as American Airline’s SABRE computerized reservation
system, Citibank’s ATM system, and FedEx’s package tracking system, benefited by being the
first in their industries.
- Then rival systems emerged. Amazon was an e-commerce leader but now faces com-petition
from eBay, Wal-Mart, and Google. Information systems alone cannot provide an enduring
business advantage. Systems originally intended to be stra-tegic frequently become tools for
survival, required by every firm to stay in business, or they may inhibit organizations from
making the strategic changes essential for future success.
2. Aligning IT with Business Objectives
The research on IT and business performance has found that The more suc-cessfully a firm can
align information technology with its business goals, the more profitable it will be, and Only
one-quarter of firms achieve alignment of IT with the business. About half of a business firm’s
profits can be explained by alignment of IT with business (Luftman, 2003).Most businesses get it
wrong Information technology takes on a life of its own and does not serve management and
shareholder interests very well. Instead of businesspeople taking an active role in shaping IT to
the enterprise, they ignore it, claim not to understand IT, and tolerate failure in the IT area as just
a nuisance to work around. Such firms pay a hefty price in poor perfor-mance. 0Successful firms
and managers understand what IT can do and how it works, take an active role in shaping its use,
and measure its impact on rev-enues and profits.

Management Checklist: Performing a Strategic Systems Analysis

To align IT with the business and use information systems effectively for com-petitive
advantage, managers need to perform a strategic systems analysis. To identify the types of
systems that provide a strategic advantage to their firms, managers should ask the following
questions:
- What is the structure of the industry in which the firm is located?
- What are some of the competitive forces at work in the industry?
- Are there new entrants to the industry?
- What is the relative power of suppliers, customers, and substitute products and services
over prices?
- Is the basis of competition quality, price, or brand?
- What are the direction and nature of change within the industry? From where are the
momentum and change coming?
- How is the industry currently using information technology? Is the organiza-tion behind
or ahead of the industry in its application of information systems?
- What are the business, firm, and industry value chains for this particular firm?
- How is the company creating value for the customer-through lower prices and transaction
costs or higher quality? Are there any places in the value chain where the business could
create more value for the customer and additional profit for the company?
- Does the firm understand and manage its business processes using the best practices
available? Is it taking maximum advantage of supply chain management, customer
relationship management, and enterprise systems?
- Does the firm leverage its core competencies?
- Is the industry supply chain and customer base changing in ways that benefit or harm the
firm?
 - Can the firm benefit from strategic partnerships, value webs, ecosystems, or platforms?
- Where in the value chain will information systems provide the greatest value to the firm?
- Have we aligned IT with our business strategy and goals?
- Have we correctly articulated our business strategy and goals?
- Is IT improving the right business processes and activities to promote this strategy?
- Are we using the right metrics to measure progress toward those goals?
3. Managing Strategic Transitions
Adopting the kinds of strategic systems described in generally requires changes in business
goals, relationships with customers and suppli-ers, and business processes. These sociotechnical
changes, affecting both social and technical elements of the organization, can be considered
strategic transitions a movement between levels of sociotechnical systems.Such changes often
entail blurring of organizational boundaries, both external and internal. Suppliers and customers
must become intimately linked and may share each other’s responsibilities. Managers will need
to devise new business pro­cesses for coordinating their firms’ activities with those of customers,
suppliers, and other organizations. The organizational change requirements surrounding new
information systems are so important that they merit attention throughout this text.

8. Enterprise – wide systems

An enterprise-wide system could refer to any process or way of doing things that is used
company-wide. If a business only accepts one way of completing expense reports or has a central
point person for ordering supplies to pool resources, those could be called enterprise-wide
systems.
Enterprise systems also refer to computerized applications that are used throughout the company
to share data and resources and minimize the number of manual operations employees use.
Examples include resource planning and sharing and supply chain management software, but the
term can also include the hardware (e.g. the computers and other components that make up the
system). Such enterprise systems make the business more efficient and can save the company
money by reducing repetitive work and the purchase of new resources that could have been
shared.
8.1. Enterprise wide Systems
Enterprise Resource Planning System
Organizations used independent systems in the past which did not have any integrations among
those systems. To overcome such problems from independent systems, Enterprise systems, also
known as Enterprise Resource Planning (ERP) was developed. ERP is a single information
system which provides organization –wide coordination and integration of key business
processes. With the ERP, information can seamlessly flow throughout the firm so that it can be
shared by business processes in manufacturing, accounting, human resources and other areas.
Discrete business processes from Sales, Production, Finance and Logistics can be integrated in to
company-wide business processes that flow across organizational levels and functions.
ERP systems collect data from various key business processes in different functional areas and
store those data in a central data repository where they can be used by other parts of the business.
Managers can access more precise and timely information for coordinating the daily operations
of the business. ERPs has its own best practices and processes in built to the system. Hence, the
company which implements an ERP ideally has to align its processes according to the ERP or
customize the ERP accordingly. ERP systems can run on a variety of hardware and network
configurations, typically employing a database as a repository for information.
By mid 1990s, ERP addressed all back end functions of an enterprise such as finance and admin.
However, after year 2000, ERP addressed front end and back end operations such as CRM, SCM
etc, in addition to the backend operations. ERPs were built initially targeting the manufacturing
sector. However, it was later developed to suite other sectors as well.
E.g.:- SAP, Oracle, Microsoft Dynamics, SAGE
8.3. Advantages of ERP
- It can unite and link together multiple processes and parts of the business, making the
business run more efficiently.
- Automate various functional operations ensures better tracking of the process. - Standard
and best processes can be adopted.
- Enable accurate view of the business’s information to managers and decision makers. -
Provides timely information to the management.
- Having a single data repository can also lower the risk of losing sensitive data with
proper security mechanisms in place.
- A better control ensures prevention of manipulation, errors and frauds.
- Has Business Intelligence capability which picks data from a variety of sources and
predicts useful information to the users.
8.4. Disadvantages of ERP
- ERP systems can prove to be complex and difficult to customize.
- Business processes frequently have to be re-engineered to fit the new ERP system, and
this can lead to problems with processes and staff.
- ERP systems can usually be very expensive.
- Extensive training requirements take resources from daily operations and are costly.
- Integrating independent businesses can create unnecessary dependencies.
- ERP systems centralize the data in one place can increase the risk of loss of sensitive
information in the event of a security breach.
8.4. Supply Chain Management System
Supply Chain Management (SCM) System help an organization to manage its relationship with
suppliers to optimize the planning, sourcing, manufacturing and delivery of products and
services. These systems can be used to improve relationship with many stakeholders such as
suppliers, business partners and distributors to coordinate, schedule and control business
processes for procurement, production, inventory management and delivery of products and
services.
SCMs are considered inter-organizational systems because they automate the flow of
information across organizational boundaries. The ultimate objective of the SCM systems is to
get the right amount of products from the source to the point of consumption, within the least
amount of time and cost. SCMs can be built using intranets, extranets, or special supply chain
management software.
8.5. Customer Relationship Management
Due to the importance of customers to a business, a new category of information systems,
Customer Relationship Management (CRM) was evolved. They focus on coordinating all of the
business processes surrounding the firm’s interactions with its customers in sales, marketing, and
service to optimize revenue, customer satisfaction and customer retention. In the past, there was
no way to consolidate all customer related information to provide a unified view of a customer
across the company. CRM system solves this problem by integrating the firm’s customer related
processes and consolidating customer information from multiple communication channels.
CRM systems examine customers from different perspectives and provides data as well as acts as
an analytical tool. It provides answers to questions such as what is the value derived from a
customer, who are most loyal customers? Who are the most profitable customers? Firms can use
these information to provide better service and support to existing customers, customize their
offerings and retain profitable customers.
8.6. Knowledge Management Systems
Some firms perform better than the others because they have better knowledge about how to
create, produce, and deliver products and services. Knowledge Management Systems (KMS)
collect all relevant knowledge and experience in the organization and make it available to others
whenever required to support business processes and management decisions. KMS are capable
of getting knowledge from internal and external sources.
KMS support processes for acquiring, storing, distributing and applying knowledge. They also
support the processes for creating knowledge and integrating it into the organization. KMS
capture knowledge from various systems in the organization. Expert system is a very common
example for the KMS.
8.7. Modules of an ERP System
ERP Systems have various modules in-built to it. Depending on the type of organization and the
scope of use, modules can be activated and configured accordingly. The common modules in an
ERP are as follows.
Finance/Accounting
- General Ledger, Accounts Payable, Accounts Receivable, Cash Management, Fixed
Assets, Budgeting and Consolidation.
Human Resources
- Payroll, Training, Time and Attendance, Recruitment, Talent Management etc.
Manufacturing
- Engineering, Bill of Management, Work Orders, Scheduling, Capacity, Work flow
Management, Quality Control, Cost Management, Manufacturing projects, Activity based
costing, Product life cycle management
Supply Chain Management
- Order to cash, inventory, order entry, purchasing, product configuration, supply chain
planning, supplier scheduling, inspection of goods, claim processing, commissions
Project Management
- Costing, billing, time and expense, performance units, activity management
Customer Relationship Management
- Sales and Marketing, commissions, service, customer contact, call center support
Business Intelligence
- Advanced Reporting
Access Control
- Management of user privileges and related functions.

9.E-Business Applications.

9.1. What are E-business applications ?

- Web-based applications that can be implemented to perform tasks for businesses. These
applications are not just for online businesses, but also for traditional ones. Behind the scenes, e-
business applications usually rely on relationships between company servers and end user
computers.
- E-business (electronic business) is the conduct of online business processes on the web, internet,
extranet or a combination thereof. These customer-, internal- and management-focused business
processes include buying and selling goods and services, servicing customers, processing
payments, managing production and supply chains, collaborating with business partners, sharing
information, running automated employee services and recruiting employees.
- Electronic Business (E-Business) is the administration of conducting any business using the
internet, extranet, web, and intranet. This would include buying and selling of goods or services
using commercial transactions conducted electronically along with providing customer or
technical support with the help of the internet. E-business is similar to E-commerce but it is more
than just a simple act of buying and selling services or goods online. In fact, it is the method of
utilizing digital information and advanced communication technologies to streamline different
business processes – from the initial to the implementation phase. E-business includes a lot of
business processes including online order processing, CRM (Customer Relationship
Management), supply chain management, and many more. E-commerce is a part of e-business,
so let me give you a comprehensive detail about what is e-business.
9.2. Advantages of e-business
- E-business has drastically changed how enterprises, government agencies, nonprofit
organizations and other institutions operate, allowing them to increase productivity, lower costs,
move more quickly toward digital transformation and upgrade processes.
- Electronic invoicing, automated billing and digital payment systems lower the amount of time
workers devote to these tasks, many of which were handled manually just a few decades ago.
That kind of time savings allows businesses to decrease department head count or shift workers
onto higher-value tasks. Digital systems also streamline workflows, reducing the time between
invoicing and payment and improving cash flow for the business.
- Electronic communication systems, such as email, video conferencing and online collaboration
platforms increase productivity by decreasing delays between inquiries and responses -- whether
the communication is among employees, employees and external business partners, or
employees and customers. Decision-making is faster, resulting in more agile companies that are
responsive to stakeholder needs and market demands. Electronic communication has also
eliminated, in some cases, employee business travel and supported more open, collaborative
cultures so any employee can contribute ideas.
- Digital systems that power e-business can also extend an organization's reach beyond its brick-
and-mortar walls. Cloud-based business applications enable remote and hybrid workers to
perform their jobs in the office, from their home and other locations. Similarly, cloud-based apps
and the internet allow business transactions 24/7 so even solo practitioners and small businesses
can conduct business globally.
- Advanced technologies like big data, AI, machine learning, the cloud, automation and IoT have
improved the ease, speed and effectiveness of numerous e-business tasks. These tasks include
archiving information, deriving data insights, recording financial transactions and personalizing
interactions with customers.
- E-commerce software and services have delivered new capabilities to organizations like email
marketing and created new avenues to sell their goods and services, such as online stores. It has
enabled the creation of entirely new business models, such as eBay's capacity for B2C and C2C
sales, social networking sites like Facebook and Twitter, and Shoplift, which offers the
infrastructure and e-commerce platform for customers to create online stores and sell their own
goods.E-business promotes improved customer interactions E-business influences just about
every aspect of an enterprise, including customer service, experiences, expectations and
transactions.
9.2. Types of e-business
Most organizations have at least some e-business capabilities to support their core competencies
and ancillary functions, but the amount of e-business conducted within an enterprise varies.Some
organizations have limited e-business capabilities.
For example, a small business that processes payments using a mobile payment service but uses
no other digital services. On the other end of the spectrum are those companies whose business
model is fully empowered by electronic and digital services.
Businesses emerging from the fallout of the COVID-19 pandemic are increasingly using digital
services to support a host of functions and capabilities. Those organizations could be classified
as e-commerce entities or fully powered e-businesses but tend to be categorized in traditional
terms.
Business and digital authorities still frequently classify e-business as B2B, B2C, C2B and C2C.
Some offer additional classes of e-business, such as business-to-government and business-to-
employee.
9.3. Challenges of e-business
The types of challenges presented by electronic business vary from one organization to another,
depending on a host of factors, including whether the company was born digital, whether digital
services power the company's core value proposition, whether digital services are used for e-
business in only parts of the company's operations and whether the company houses legacy
technology. Despite the various levels of digital transformation, e-business challenges have a
common thread that include the following securing e-business services against increasingly
sophisticated cyber threats; scaling services fast enough to meet demand without jeopardizing
performance; evolving technologies fast enough to keep pace with changing market dynamics;
finding and training skilled workers to keep pace with advanced technologies; and keeping pace
with e-business capabilities that, by their electronic nature, are always on.Additionally, many
companies struggle to integrate their siloed data and functions with e-business services to
converge and work seamlessly together.
9.4. Security and risks
E-business tactics offer advantages like reaching a wider customer base and faster transactions,
but they also come with associated risks.
E-business creates huge data security risks -- for example, because customers are often required
to provide sensitive information, such as contact information and credit card numbers, during e-
business transactions. This information is enticing to hackers and particularly vulnerable to data
breaches, so e-business website owners are responsible for incorporating methods like data
encryption to ensure secure transactions. Failure to ensure data integrity and incorporate
appropriate data security measures can lead to costly fines and the loss of customer brand
loyalty.
E-business relies on swift, secure online transactions, so even something as simple as a bad web
hosting service creates a financial risk for companies. Crashed servers and insufficient
bandwidth lead to persistent website downtime and customer dissatisfaction, making it
imperative for organizations to invest in well-known and reliable hosting providers, which, in
turn, can drive up the costs associated with running a successful e-business.
Marketing comes with its own set of risks as well. All types of businesses rely on effective
marketing to drive growth and sales, but online marketing techniques are very different from
traditional offline methods. Without an effective marketing campaign specifically tailored to
promote e-business, businesses face a huge financial risk by investing in marketing resources
that don't drive consumer traffic to the transaction websites.
E-businesses are also vulnerable to systemic risk that influences the entire online market
segment. The dot-com crash of 2000 to 2001, for example, began after several e-business
startups went public and were purchased by other e-businesses. Many of these e-businesses had
little cash flow, valued growth more than financial stability and went out of business due an
unsustainable economic bubble that eventually burst.
E-business is similar to e-commerce but encompasses much more than online purchasing
transactions. Functions and services range from the development of intranets and extranets to the
provision of e-services over the internet by application service providers. Enterprises conduct e-
business to buy parts and supplies from other companies, collaborate on sales promotions and
conduct joint research.
Corporations are continuously rethinking and reshaping their business models influenced by
advanced technologies, hybrid workforces, heightened customer expectations and, specifically,
the internet's availability, reach and ever-changing capabilities. The growth of e-business in
recent decades has given rise to new business requirements. Consumers expect organizations to
provide self-service options to conduct transactions, personalized experiences, and speedy,
secure interactions. New regulatory laws and best practices for keeping electronic data secure
have been established. Companies have adopted stringent security protocols and tools, including
encryption, digital certificates and multi-factor authentication, to protect against hackers, fraud
and theft.
Cybersecurity has become ingrained in e-business with deployments of endpoint device security
and advance detection and response capabilities. Security is built into browsers, and digital
certificates are now available for individuals and companies from various vendors providing
cybersecurity tools and technologies. Even though securing business transactions on the web
remains a pressing issue for consumers and enterprises, e-business continues to grow at a healthy
pace.
E-business model origins and evolution
IBM was one of the first companies to use the term e-business in October 1997, when it launched
a thematic campaign to address the confusion many consumers had about internet-based
businesses. The company spent approximately $500 million on an advertising and marketing
campaign to show the value of the e-business model and to demonstrate that IBM had the "talent,
the services and the products to help customers capture the benefits of this new way of doing
business," according to the company's website. By 2000, IBM's e-business revenue had grown to
more than $88 billion from $64 billion in 1994, and net income had nearly tripled.
9.4. Components of E-Business
E-business has several components including BI (Business Intelligence), CRM (Customer
Relationship Management), ERP (Enterprise Resource Planning), SCM (Supply Chain
Management), Collaboration, online activities, and electronic transactions within the firm. But
following three areas have great importance for e-business:
1. E-Procurement
 It is also known as supplier exchange in which business to business, business to government,
business to consumer, and sales of services are made with the help of the internet. Basically, e-
procurement is a way adopted by companies to reduce costs and efforts by sourcing products or
services electronically.
2. Online Stores
It is electronic sourcing (website or application) for products or services, such as online shopping
stores. Online stores are also known as e-shops, internet shops, web-store, virtual stores, web-
shop, m-commerce, and online storefront. The main purpose of these online stores is to save
precious time and money. Anyone can buy products or services by making online payments
using credit cards, cash on delivery, and other payment methods. The owners of online stores
should host their eCommerce website on the PCI compliant hosting because Payment Card
Industry Security Standards Council (PCI SSC) makes it compulsory for those who are accepting
the online payments.
3. Online Marketplace
It is electronic commerce that connects the buyers and suppliers to the services or products over
the internet. Keep in mind, that the operator of an online marketplace only presents the inventory
of other people and provides the transaction facility.
Moreover, the following are also known as e-business areas:
4. Online Communities
Online communities (also known as web communities or internet communities) are groups of
people having the same interests or purposes who use the internet to communicate with each
other. It is used between individuals and organizations to prepare transaction decisions.
5. Online Companies
It is electronic business cooperation that connects the individual companies and forms a virtual
business with a common transaction offer.
9.5. E-Business Driver
What is e-business and why do we need its drivers? As you hire a salesman for your
traditional shop to efficiently manage your processes and to increase your sales.
For a similar purpose, there are several processes used to enhance e-business operations and
functionality with the help of different drivers. These drivers include streamlining physical
operating processes, reducing their costs, delivering rapid response (information), and increasing
services to customers as
9.5.1. Product Inquiry Fulfillment Process
Once you have finalized the product availability inquiry in order to make your e-business
application more effective and trustworthy. It is necessary to identify the information assets and
mapping them with the processes that support them. In the example given in the picture below is
the information asset created by the process “product availability”.
The E-Business Supply Chain
In order to understand the e-business conceptually you need to be defined from both B2C and
B2B perspectives. In B2C, online retailers have introduced a consumer-based supply chain to
assistances of Internet consumers and enhance the processes of the physical world .
There are mainly three classes of B2C that make it possible the e-business realities:
- Delivery of unlimited products under the single business brand
- Creation of new market channels
- Eliminating the middlemen
Amazon is the first, eBay is the second, and Dell is an example of a third B2C e-business class.
 9.6. What is E-Commerce and its Types?
It is the short form of “Electronic Commerce” that is used for buying and selling products or
services over the internet. E-commerce has the following types:
1. Business to Business (B2B)

Business to business As the name represents, it is the name of electronic transactions of different
services or products between two companies or businesses. Payment processing companies and
customer relationship management (CRM) platforms are included in the B2B model.

2. Business to Consumer (B2C)

Business to consumer B2C is the most common form of e-commerce business because it is the
relationship between a seller and final customers. Business to Consumer has developed greatly
with the development of the internet and the latest technologies. Anyone can find various kinds
of online stores on the internet and buy products or services without visiting the market.
3. Consumer to Consumer (C2C)
Consumer to consumer In C2C, electronic transactions are made between the customer and
another customer. It became possible with the help of third-parties such as eBay as a marketplace
for online action.
4. Consumer to Business (C2B)
- Consumer to business Any particular company cannot provide anything and they also need
different products/services to execute their business processes. So, it is a kind of business model
in which the customers or users create a service/product that is used by the company. For
example, any freelance designer is creating a logo and any business can use his services as they
need.
5. Business to Administration (B2A)
- Business to administration B2A is a form of electronic transactions of the products or services in
which the business and government are involved. For example, social security, legal documents,
etc.
6. Consumer to Administration (C2A)
- Consumer to administration includes all transactions between the consumer/customer and the
government. For example, taxes, education, etc.
9.7. What are The Key Differences Between E-Commerce and E-Business?
E-Business is not limited to just buying and selling products or services. Whereas E-Commerce
is the name of buying and selling products/services with the help of the internet.
E-Commerce is a main part of E-Business
- There is no need for an E-Business to have a physical presence. If the company has physical
offices along with its online business activities then it can be referred to as E-Commerce.
- Supports any kind of business transaction related to money, but E-Business includes monetary
and allied activities.
- E-Commerce needs the internet to be able to communicate with online customers from all over
the world. E-Business can use the internet, intranet, and extranet to be able to connect with the
parties.
If you want to build your own e-business or e-commerce store then register a domain name, get
Cloud VPS Hosting and start developing your store from scratch like a professional.
Examples of e-business
E-business encompasses older companies that digitally transformed from legacy processes to
data-centric operations and newer digitally oriented companies. The latter are organizations that
advisory firm Gartner has defined as starting after 1995 with "operating models and capabilities
[that] are based on exploiting internet-era information and digital technologies as a core
competency." Since then examples of e-business organizations of different shapes and sizes have
flooded the digital landscape.
Amazon, the world's largest online retailer and marketplace, has used its e-business model to
disrupt and expand into numerous well-established industries, including publishing and
supermarkets.

Uber and Lyft, both of which built businesses that match drivers with people needing rides,
disrupted the taxi and livery services industries. And in 2014, Uber went one step further and
expanded its e-business with the launch of a food ordering and

SECTION B: Managing information systems

1. Enterprise Management

- Enterprise management is a term used for modern examples of ERP that allow businesses
to manage vital day-to-day processes such as inventory management, accounting, human
resources and customer relationship management (CRM).
- Enterprise management is the way of conducting and controlling the business, process,
information and IT capabilities, system and service offerings, resources and activities of
the enterprise.
- Enterprise management is the enterprise capability management of the enterprise
management capability.

The purpose of enterprise management is to enable and assure the management and abilities of
the enterprise management capabilities of the enterprise are controlled, balanced and aligned to
the mission and needs of the enterprise as a whole.

1.1.Enterprise Management Responsibilities

The enterprise manager role is responsible for enterprise management of the enterprise
management capability and work products include enterprise management ideas, requirements,
plans, risks, opportunities, reviews, decisions and action items

1.2.Enterprise Management Team

Enterprise Management Team Concept, enterprise management is interconnected with and

interdependent on business management, process management, information management, IT
management, system management and service management.

1.3. Enterprise Management Team Concept

 Within the enterprise capability enterprise management is interconnected with and
interdependent on governance, organization, integration, compliance and assurance.

1.4.Enterprise System Management

- Enterprise system management is a systematic ability for conceiving, organizing,
developing, recording, governing, enabling, managing, analyzing, planning, executing,
controlling, monitoring, measuring, improving, maintaining and assuring the value-added
resources of the enterprise and the success of the enterprise as a whole.
- Enterprise system management is an ability to systematically manage the enterprise
system capability in order to enable and assure the whole enterprise (all of what the
enterprise is and all of what the enterprise does), is serving the purposes of satisfying the
cost, schedule, ability and socio-cultural needs and requirements of the customers and
stakeholders, serving the enterprise mission, and sustaining the existence of the
enterprise.
- The goal of enterprise system management is to enable and assure the management and
abilities of the offerings and capabilities are controlled, balanced and aligned to the
mission and needs of the enterprise system..
1.5.Enterprise System Capability

- Enterprise system capability is a systematic ability to realize the offerings and capabilities of the
enterprise system.
- Offerings and capabilities are collections of enterprise system resources which together function
to realize a specific value-added ability to satisfy a customer-based need.
- Enterprise system capability is managed by enterprise system management responsibilities and
activities executed by the enterprise system manager role.
- Each system element of the enterprise system capability, including the customers,
vendor/suppliers, industry standards/regulations, and competitors in the external working
environment, has an associated management capability.
- The enterprise system manager role is supported by the enterprise system architect role and
enterprise system architecture.

1.6.Enterprise System Manager Role

• The enterprise system manager role is responsible for enterprise system management.
• The enterprise system manager role is supported by the enterprise system architect role and
enterprise system architecture.
• The enterprise system manager role is supported by the enterprise system architect role and
enterprise system architecture
• The enterprise system manager role is a systematic ability to realize the role responsible for
enterprise system management of the enterprise system capability.
• The enterprise system manager role is supported by the enterprise system architect role.
• The enterprise system manager role uses the enterprise system architecture to support enterprise
system management responsibilities and activities.

The enterprise system manager role has the focus, goals, objectives, responsibilities, skills,
abilities, knowledge and experience to conceive, organize, govern, enable, manage, analyze,
 plan, execute, control, monitor, measure, improve and assure the enterprise system, the “whole
of the enterprise” (all of what the enterprise is and all of what the enterprise does).

The enterprise system manager role is responsible for the enterprise system requirements, design,
documentation, analysis, and planning, and for the management and sustainment of the
enterprise system, throughout the enterprise system’s development, deployment, operation and
improvement for the full life of the enterprise system including replacing or retiring the
enterprise system and/or elements of the enterprise system.

The enterprise system manager role uses the enterprise system architecture as a management tool
to support a systematic way of conceiving, organizing, governing, enabling, managing,
analyzing, planning, executing, controlling, monitoring, measuring, improving and assuring the
value-adding-resources of the enterprise and the success of the enterprise as a whole.

The enterprise system manager role responsibilities includes the management of business,
process, information and IT capabilities and system and service offerings, the management of the
customers, vendor/suppliers, industry standards and competitors of the enterprise, and for the
management of the business, process, information, IT, systems and services with respect to these
external systems.

The enterprise system manager role is the managerial role leading the enterprise architecture
team and as the leading role has inter-dependencies with all team members and what the team
members do. With the knowledge of how everyone fits in and the setting of expectations
between everyone, the team will be a team and the enterprise system manager role will be able to
best utilize the talent of the individuals.

1.7.Practitioners in the Enterprise System Manager Role

In practice, the responsibilities of the enterprise system manager role are divided into managerial
sub-roles. When the enterprise system manager role is divided, the enterprise system manager
role enables and assures these managerial sub-roles are aligned in their efforts so their efforts
properly align and each also aligns with all efforts throughout the enterprise.

It should be noted in practice, the enterprise system architect role must be filled by the enterprise
system manager in situations where an enterprise system architect position does not exist in the
enterprise.

It should also be noted in practice, the enterprise system managerial sub-roles are often
combined to provide an organizationally needed job (a “specialty”) to address special needs and
other organizational needs and limitations of the organization. A common example is the
organizational position “Chief Information Officer (CIO)” may combine the information
manager role and IT manager role into one organizational position.
2. Information Resources Management (IRM)

Information Resources Management (IRM) is the process of managing information resources to

accomplish agency missions and to improve agency performance, including the reduction of
information collection burdens on the public. When standardized and controlled, these resources
can be shared and reused throughout an agency, not just by a single user or application.

IRM has become a popular way to emphasize a major change in the management and mission of
the information systems function in many organizations managing the information system
resources of an organization is a vital concepts in today’s business environment, because of three
major developments that are affecting how corporate management views the information systems
function.

Definition:

Information Resource Management (IRM) is a technique of managing information as a shared

organizational resource.

2.1. Information Resources Classes

There are three (3) classes of information resources:

1. Business Resources: Enterprises, Business Functions, Positions (Jobs), Human/Machine

Resources, Skills, Business Objectives, Projects, and Information Requirements.
2. System Resources: Systems, Sub-Systems (business processes), Administrative
Procedures (manual procedures and office automation-related), Computer Procedures,
Programs, Operational Steps, Modules, and Subroutines.
3. Data Resources: Data Elements, Storage Records, Files (computer and manual), Views,
Objects, Inputs, Outputs, Panels, Maps, Call Parameters, and Data Bases.

2.2. Information Resources Management (IRM) Concept

The concept of RM is actually no different in intent than Materials Resource Planning (MRP) as
used in manufacturing. Both are concerned with the efficient and cost-effective use of resources.
The classification and control of resources are the main objectives. Resources are classified to
prove their uniqueness so that redundancy is not introduced and to promote sharing. Control is
required to collect, inventory, and retrieve resources as required by the business.

2.4. Benefits of Information Resources Management (IRM)

One of the important benefits of IRM is the cataloging and cross-referencing information
resources is a model of the enterprise, including how it is organized and how it operates. Other
benefits include:

All information resources are controllable, permitting the ability to design integrated systems and
perform an “impact analysis” of a proposed resource change.
The simplified search of information resources for reuse the redundancy of resource definition is
eliminated. Complete and current documentation of all information resources in an organized
and Meaningful way.

Communications within the organization are improved since developers and users would use
standard and common definitions for information resources, all of which would be in standard
business terminology.

2.5. Explain five dimensions of the information resource management (IRM). .

1. Resource management:

IRM views data, information, and computer hardware, software and personnel as valuable
resources that should be effectively and efficiently managed for the benefit of the entire
organization. If plant and equipment, money, and people are considered valuable organizational
resources so should its data, information, and other information system resources.

2. Technology management:

IRM emphasizes that all technologies that process and deliver data and information must be
managed as an integrated system of organizational resources. Such technology includes
telecommunications and office system as well as computer based information processing. These
“island of technology” are bridged by IRM and become a primary responsibility of the executive
in charge of all information services, sometimes called the chief information officer (CIO) of the
organization.

3. Functional management:

The IRM concept stresses that the management of an organization must apply common
managerial functions and techniques to the management of information resources. Managers
must be managerial techniques just as they do with other major resources and activities of the
business.

4. Strategic management:

Finally the IRM concepts stresses that the information services function in the firm must be
more than a provider of computer services. It must also make major contributes to the
profitability and strategic objectives of the firm. Information resources management focuses on
developing and managing information system that significantly improve operational efficiency
promote innovative products and services and build a strategic information resources base that
can enhance the competitiveness of the organization.

3. Technology Management.

3.1.What is technology management?

 Technology management or management of technology (MOT) can be viewed from many
different perspectives since the word technology itself is subject to various interpretations.
However, the author of this editorial approaches the topics from different experiences that are
associated with different environments and backgrounds. It is hoped that this editorial will
present the many facets of technology management. The two words of management and
technology not only carry the burden of many different meanings, but also present additional
sophistication due the anthropological diversity. To many, MOT means managing engineering
and technology. To others, MOT indicates managing knowledge and information, managing
research and development, managing manufacture and operation, managing the activities of
engineers and scientists or managing the functional activities without concern for the total of
activities that encompass the business concepts to commercialization process. According to
Gaynor (1996), these interrelated activities must be integrated into a technology system. MOT
means not only managing the system, but also managing the pieces, which involves integrating
the “pieces” into an acceptable “whole” by focusing attention on the interdependence of the
pieces. However, these elaborations are only part of the process of MOT by this editorial.

According to the 1987 workshop report of National Research Council (NRC) of USA,
“Management of Technology” is the hidden competitive advantage bridging “the knowledge and
practice gap” between science, engineering and business management (Khalil, 2001).
Management of Technology (MOT) as a field links “engineering, science, and management
disciplines to plan, develop, implement technological capabilities to shape and accomplish the
strategic and operational objectives of an organization.”

3.2.The NRC report summaries important contributions to industry that management of

technology knowledge can make as follows:
- How to integrate technology into the overall strategic objectives of organization
- How to get into and out of technologies faster and more efficiently
- How to assess/evaluate technology more efficiently
- How best to accomplish technology transfer
- How to reduce new product development time and costs
- How to manage large, complex and interdisciplinary or inter-organizational
projects/systems
- How to manage the organization’s internal use of technology
- How to leverage to effectiveness of technical professionals.

To put it in a simple way, technology management is about getting people and technologies
working together to do what people are expecting, which is a collection of systematic methods
for managing the process of applying knowledge to extend the human activities and produce
defined products. Effective technology management synthesizes the best ideas from all sides:
academic, practitioner, generalist or technologist.

3.3.Significance of technology management

It is argued that there are three major factors strategically in modern organizations that underpin
the creation of competitive advantages. The first of these is strategic leadership. The effective
leadership ensures that the enterprise will develop itself in the right direction and the production
of product will meet the demand of the market. The second factor is having a staff with
motivation and empowerment. They are the driving forces of the organization. The third factor is
the proper management of technology. It is important that the company's technology be
appropriately and properly managed so as to achieve effective and competitive status (Harrison
and Samson, 2003).

Leadership and motivation of employees have been widely recognized as success factors. There
have been significant additions to theories and practice regarding improvement in the
management of people. Therefore, strategically, the remaining battle-field being competitive
depends on proper management of technology. To put it differently, the strategic issue will be
how a company could develop, acquire, share and manage technology appropriately and
effectively.

Example - 1

The USA experienced an increasing global competition which resulted in loss of market share in
several industry sectors in the 1970s and 1980s. It is interesting that this argument has been in
congruence with the American historical experience .This became a concern not only to
industries, but also to government and educational interests. To identify reasons of the decline in
US industrial competitiveness and to formulate a response to the challenges within global
competition, serious work and efforts had been contributed in the search for explanations and
solutions. Discussions were initiated by major establishments such as The National Research
Council (NRC), the National Science Foundation (NSF), the American Association of
Engineering Societies, the Accreditation Board for Engineering and Technology, the American
Assembly of Collegiate Schools of Business, Oak Ridge associated Universities and others. A
series of workshops were organized and attended by experts for the discussion of changing
paradigms in business and technology. A resulting consensus was that great attention and
significant amount of efforts should be directed towards making improvement in the
Management of Technology and in conducting research and developing educational programs in
this emerging field of knowledge.

Khalil (2001) highlights that efforts to improve the US position in the global economy were
being influenced by the understanding that more organizations, including government agencies,
high educational institutions, enterprises and founding agencies, become aware of issues
involved in the international arena. Today, rapid changes in the technology and business
environment continue to occur. These changes require continuous updating of methods and
techniques of business practice. For example, measuring the value of a business according to
assessment of physical assets or based on traditional accounting or finance formulas are
inadequate in the knowledge economy. Education and training institutions need to take into
consideration the changing environment in technology and business and respond by changing
their programs accordingly. Khalil (2001) argues that international business and engineering
schools need to have consideration of incorporating into their curricula educational modules
recognizing the importance of the knowledge era and the technology revolution. The intangible
assets such as intellectual capital, intellectual properties, service innovation, information
technology and many of today's rapidly growing arenas should be recognized. Furthermore,
many of the existing models and the traditional programs need to take into account the
 appropriateness and effectiveness of technology and innovation as well as the volatilities of the
environment in which the technology is created and applied.

In addition, in the twenty-first century, technology assumes a great importance in advancing

every aspect of human endeavors. MOT assumes even greater importance in the capacity
building of countries, companies and individual to embrace technological changes in order to
advance their competitive status in a global marketplace. It has been recognized that the interest
in the field of management of technology has mushroomed since the inception of the movement
to introduce MOT as a new field of study and research in the 1980s. The application of MOT
principles has made a significant impact on the wealth creation ability of the USA and a large
number of other countries.

3.4. New endeavors in management of technology

It has to be acknowledged that there are a number of endeavors to embrace the challenges that
the world is facing in terms of management of technology. The International Association for
Management of Technology (IAMOT), founded in the early eighties, has become the leading and
largest international professional association solely devoted to the promotion of management of
technology education, research and application. IAMOT is currently undertaking a major
initiative to create guidelines for academic programs in MOT and certification/accreditation
guidelines to recognize the quality of academic programs. This promises to be a strong step
towards establishing formal management of technology education globally on a sound academic
basis

Example -2

In addressing the Chinese experience in terms of management of technology, Li-Hua and Khalil
(2006) argues that appropriate infrastructures, strategies and mechanism for management of
technology needs to be established in order to support the diffusion of management of
technology principles throughout China. The conceptual framework for the future direction and
needs has been proposed based on the USA research and education experiences over the past two
decades. It is debatable whether business and engineering schools need to introduce MOT
curricula following the USA model or develop a new model shaped by the Chinese culture. It
draws upon the experience of the USA in Management of Technology over the past two decades
and projects what may be needed for China to continue its development and economic growth in
the future.

It is however evident that current situation in China in terms of MOT presents both opportunities
and challenges not only to Chinese business, but also to the Western business. Today, increased
levels of competition discussed in this editorial in the wake of China's entry into the WTO have
resulted in experimentation and risk-taking as ways of doing business in China. However, the
uncertainties and ambiguities prevalent in the Chinese business environment, in particular, in the
area of technology management, are neither well understood nor effectively negotiated by the
international investment community. In addition, the complexities of technology and knowledge
transfer have led to misunderstanding in the operation and the implementation of international
joint venture projects in China. Therefore, as to the international investors, China's business
environment continues to present many challenges, particularly in how to manage effective
business networks and ensure smooth knowledge transfer, especially in international joint
venture projects.

In response to these challenges and opportunities, there is an initiative that following the
successful launching of Journal of Technology Management in China (JTMC), in late 2005
China Association for Management of Technology (CAMOT) was established (www.camot.org).
It is encouraging to the members of CAMOT that it has been agreed that the Journal of
Technology Management in China has been granted the official journal of China Association for
Management of Technology. Therefore, JTMC is an official academic outlet for the members of
CAMOT.

CAMOT is an international organization committed to encouraging and supporting researchers

and professionals who are engaging research in management of technology in China. CAMOT
aims to establish national, regional, and international collaborative research programs in the field
of technology management, technology innovation, technology transfer as well as knowledge
transfer by engaging government agencies, funding agencies, educational institutions, state-own
enterprises (SOEs) as well as private sectors in China. CAMOT stresses the importance of
keeping-up with the fast pace of technological change and the emerging new global paradigms of
the business environment. MOT is an important strategic instrument to improve competitiveness
and create prosperity in China. CAMOT believes that a need to address the existing gaps in the
process of technology management, which will assist in implementing more sustainable
arrangement for successful technology transfer and development. The vision of CAMOT is to
inspire excellence for management of technology and promote the appropriate diffusion of
management of technology principles throughout China.

4. IS planning methodologies

An IS planning methodology provides a set of methods and techniques, often referred to as a

framework, with which to conduct a formal planning process. Many of the methodologies were
designed specifically for IS planning, while others were adapted from planning activities in other
areas. A framework for comparison and selection of IS planning methodologies would be of
considerable value to an IS planner.
The strategic grid defines four IS planning environments that are characterized by
1. The degree of strategic
2. Impact of the existing IS
3. Applications portfolio, and
4. The strategic impact of the portfolio of applications planned for development
The impact of IS in this situation dictates top management guidance in the planning effort. Total
integration of IS with the organizational plan is the goal. Long-term IS performance can be
impacted by IS shortfalls. The impact of IS on the organization's future is sufficient to warrant
significant top management involvement as well. Factory: while the smooth functioning of IS
remains important, strategic goal setting for IT, with linkage to long-term organizational
strategy, is not as critical in this setting. It is critically important, however, to ensure that a viable
and detailed year-to-year operational plan is in place. The IS plan must still be in concert with
the organizational plan in this environment. Support: in this environment IS activities are useful,
though not of strategic importance to the organization. Shortfalls in IS performance will not
cause significant problems. Management is much less involved.
The strategic IS grid is a diagnostic tool that is used to aide in understanding the role of IS in an
organization. The relative position of IS in the grid signifies the criticality of IS to the org o the
degree of involvement required of management, and the relationship required of the IS plan and
the organizational plan. Additional planning is needed when a firm is trying to deal with a
mismatch. A mismatch occurs when there is a difference between where the organization is on
the grid, and where top management believes is should be. The strategic grid may also show that
different organization functions are at different points on the grid; consequently the planning for
one may be quite different from another. The primary disadvantage to the strategic grid is that it
explains the location of the organization but fails to determine where the organization should go
next. This is a descriptive methodology that provides neither tools nor clear criteria for
determining the location of the organization on the strategic grid.

4.1 STRATEGIC FIT WITH ORGANIZATIONAL CULTURE

The premise of this methodology is that every organization has its own culture of values, norms,
and beliefs. Strategic fit with organizational culture provides a means to align the IS goals,
objectives, and strategy with the culture to avoid resistance and risk of failure. It is essential that
a match with culture be made to facilitate the smooth and successful operation of the IS. The
matching or fitting of the goals and strategies of the IS to the organizational culture is an
important factor in IS planning, as it is difficult to alter or change the culture and particularly
dangerous to ignore it. The principal drawback of this methodology is that it is strictly
descriptive.
4.2.STRATEGY SET TRANSFORMATION (SST)
It is this organizational strategy set that will be utilized as the basis for the determination of the
"information systems strategy set". The IS strategy set is composed of: System objectives: define
the purpose of the IS. System design strategies: oriented toward the user or technical capabilities
of the system, for example.Strategic IS planning is the process of transforming the organizational
strategy set into the IS strategy set. The first step is the identification and interpretation of the
organizational strategy set. The second step is transforming the organizational strategy set into
the IS strategy set. The process involves identification of the IS strategic elements for each
element within the organizational strategy set. The outputs of the transformation process become
the IS strategy set. The main disadvantage of this method is that it is both conceptual and
normative.
4.3.COMPETITIVE STRATEGY
Competitive strategy (Porter, 1980) is a methodology which focuses on organizational strategy,
rather than on IS strategy specifically. It is an analytical framework which seeks to aid the user in
understanding industries and competitors, and in formulating a competitive strategy
Competitive strategy identifies five major competitive forces that all organizations face:
1. Threat of new competitors.
2. Intensity of rivalry from existing competitors.
3. Pressure from substitute products.
4. Bargaining power of buyers.
5. Bargaining power of Suppliers
He further proposes that organizations wishing to gain strategic advantage over their competitors
should consider guiding defenses against them by formulating specific courses of competitive
action that can directly influence these forces. A firm's relative position within its industry is a
central issue in the determination of competitive strategy. The two basic types of competitive
advantage, low cost and differentiation, combined with the scope of activities, lead to the three
generic activities for achieving competitive advantage: cost leadership, differentiation, and focus.
Wetherbe translated Porter's generic strategies that determine competitive strategy in IS
applications: " Be a low-cost supplier: IS technology is utilized to reduce clerical, scheduling,
inventory costs, etc." Differentiate product or service: IS technology can add features to products
or services. IS can have a powerful effect on both cost and differentiation. It has been found that
an organization's IS structure often is determined by its competitive strategy. He speculated that
a conservative competitive strategy exerts pressure for the centralization of IS responsibilities,
while an aggressive competitive strategy exerts pressure for the decentralization of IS
responsibilities

4.4 VALUE CHAIN MODEL

The value chain is a business planning concept developed by Porter and adapted to IS planning
by Porter and Millar. The model seeks to identify the most critical information demands of the
organization. 'The "value chain" highlights the role of IS in a competitive scenario. The value
created by a organization is assessed by the amount that buyers are willing to pay for a product
or service. The organization is profitable if the value it creates exceeds the cost of performing the
value activities. Figure 9 depicts the value chain model and the relationships of the groups and
activities. The planners categorize the activities that are performed within an organization in the
value chain matrix. An organization's value chain is a system of interdependent activities which
are interconnected by linkages with other activities. Information technology pervades the value
chain, causing a dramatic change in the way that activities are performed and linked to other
activities.
- Information technology architecture (ITA) methodology
- Analyzing information requirement and setting up master plan
- The organizational informational requirements analysis level is generally divided into two
phases:
1. Long-range plans: which assesses current and projected information needs to support
decision making and operations of organizations.
2. Medium-range plans: from which master development plans are assembled. (Ahituv
and Neumann, 1990).
The overall information systems architecture, consisting of a description of general courses of
action and broad resources required to execute the strategies, is developed through a long-range
plan.
1. Collecting background information:
strategic organizational objectives for IS; characteristics of future hardware and software
technology; characteristics of future use of human resources; potential external pressures for
change; portfolio of information services foreseen by users for the next five to ten years;
current major problem areas from the IS management point of view and from the user
management point of view. Developing the long-range document: Specify objectives, and
project future trends; resource plans, organizational effects, scope and structure of the IS
function and potential risks and opportunities. The master plan, often referred to as the
medium-range plan, is the detailed plan for developing an information system necessary to
 meet the present information net of an organization. The focus of a master plan is
managerial; it contains a portfolio of prioritized projects to be implemented. Every
organization involved in development and maintenance of IS must have a master plan.
2. Objectives and general strategy:
a restatement of organizational long-range and medium-range objectives, strategies, and
priorities, combined with a statement of the overall objectives for the information system and
the IS unit. Current IS situation: current systems in operation and in development, and level
of resources used by each, hardware and software, including levels and costs; organization
and staffing, including skill level and type and costs; and facilities utilization. Support plan:
hardware and software requirements for the chosen planning period and the personnel needed
to meet these requirements. Operations plan: major characteristics of IS operations projected
over the chosen planning period and the resources needed for production and support of
development projects. Staffing and organization plan: total personnel requirements for a
planning period by major type of activity
5. Application development plan:
new or revised application that will be developed or acquired over the next five years,
including time schedules and expenditures for each application. This should as a minimum
include: project priority ranking; development timetable for project portfolio; specific project
descriptions; specific development cost estimates; specific operating cost estimates; specific
project benefits estimates; and specific project risk evaluations. The IS master plan should be
a closely coordinated endeavor with caption of top management, the IS function, the users,
and any standing or ad hoc IS committees.
4.8 Business system planning (BSP) method
Business system planning method BSP is a highly structured approach to enterprise analysis
that focuses on data, the flow of data, and the data repositories, leading to the development of an
IS architecture based on the data analysis. The methodology was originally developed for its own
internal use by IBM and later became a successful commercial product. BSP utilizes a top-down
approach with bottom-up implementation of a process designed to translate the organization's
business strategy to IS strategy. Because of the importance of top management involvement with
the process, an assessment of top management's commitment is conducted before beginning the
process. Once top management is on board with the project, a project team is selected from the
organization's management, which usually includes both business and IS professionals. The
project team's first tasks are to identify and set goals and objectives for the organization, and to
establish the scope of the project.
Following the initial steps of preparing and starting the BSP analysis, ten additional steps
are undertaken to complete the BSP process: processes, a description of each, and the
identification of key processes.
1. Define business data: identify entities and group their data into data classes.
2. Define information architecture: relate the business processes to the data classes.
3. Analyze current systems support: identify the existing organizations, business
processes, IS applications, and data files, to detect voids or redundancies.
4. Interview executives: a critical aspect of the top-down approach, this step validates
the work of the project team, determines the objectives, defines the problems,
ascertains IS needs and calculates their value.
 5. Define findings and conclusions: analyze problems and their relationships to the
business processes, establish priorities for IS support, and thereby alleviate the
problems.
6. Determine architecture priorities: development and implementation takes time, this
step determines the importance of each IS initiative.
7. Review information resource management: define the environment in which the
information architecture is to be developed, implemented, and operated efficiently
and effectively.
8. Develop recommendations: assist management in their decisions regarding the
follow-on activities.
9. Report results: present the final results to top management. (IBM, 1984)This well-
documented and widely-recognized methodology recognizes and emphasizes data as
a corporate resource. It involves and facilitates communication between
users,business managers, and IS managers. The BSP methodology is a process of
synthesis and interpretative analysis, with the following principal activities (Zviran, et
al., 1989):
10. Identification and clarification of organizational processes. Analysis and summary of
the organizational process and its relation to IS requirements " Synthesis of the
application location to meet the requirements, determine the scope of the databases,
and set development priorities.
The principal advantages to BSP are its emphasis on information as a resource and the
involvement of top management throughout the process. Another advantage is that BSP is a
frequently-applied methodology with which IBM has considerable experience.
One disadvantage is that it focuses on automating existing procedures, without consideration of
reengineering. However the principal disadvantages are that the BSP process is time consuming,
cumbersome, and costly. Gill (1981), in his study of the implementation of BSP at Tel Aviv
University, opined that time was a serious constraint in the BSP process
4.9. CRITICAL SUCCESS FACTORS (CSF)
CSFs are the critical areas found in any organization, in which satisfactory performance must be
maintained, for that organization to endure and prosper. New opportunities for the use of IS, as
well as prioritization of existing IS resources, can be achieved through the analysis of an
organization's CSFs. The process of ascertaining an organization's critical success factors, or key
information needs, is achieved through a series of interviews with senior managers. The
relationships between the goals and the CSFs are discussed thoroughly, to ensure that the analyst
understands the underlying factors. The critical factors that determine success will vary from
industry to industry.
There are four principal sources of CSFs:
1. Industry structure: the distinctive attributes of the industry that make it unique.
2. Competitive strategy, position in industry and geographic location: each
organization determines its place in the industry and the world.
3. Environmental factors: geo-political and other environmental changes that will vary
the CSFs over time.
4. Temporal factors: internal organizational considerations that surface occasionally,
that may be considered critical, at that time, because they have fallen below a
measurable point. (Rockart, 1979)
There are several advantages to the use of this methodology:
- It clearly focuses on vital organizational issues.
- It is a practical and intuitive methodology.
- It provides a link between strategic and tactical IS planning.
- It assures that critical information needs are addressed. (Shank, et al., 1985)
The primary drawback to this methodology is that it has a narrow focus on a specific activity of
the integrated planning process, rather than providing a broad framework for integrated planning.

4.9.1. IS growth stage model

• Procedure of IS growth
• Initiation
• Contagion
• Control
• Integration
• Data administration
• Maturity

4.9.2. ENDS/MEANS ANALYSIS

It can be used to determine information requirements at the organizational, functional, or
individual manager level.This methodology is based upon general systems theory and
focuses first on the outputs (goods, services, and information) called ends, which are
generated by each organizational process. Ends/means analysis is primarily concerned with
the effectiveness and efficiency of generating outputs from processes. Effectiveness is the
degree to which the outputs from a process fill the input criteria of the other processes. The
ends/means analysis model provides two types of information, effectiveness and efficiency.
In this example the efficiency measures needed for inventory management are: the number
and cost of orders placed, cost of holding inventory, and loss from disposal of obsolete or
unusable inventory. Efficiency will depend on the cost to attain a given level of effectiveness.
Effectiveness measures needed for inventory management in this example are the number
and seriousness of stockouts.This methodology has been used in a wide range of
organizational settings with positive results.
4.9.3. BUSINESS INFORMATION ANALYSIS AND INTEGRATION
TECHNIQUE
It employs a questionnaire, with seven questions, to define precisely the organization's
information requirements and the IS required to support those requirements. In his description of
BIA1T, Carlson listed and defined the ground rules for the use of the methodology: " Classify
the order: a formal or informal request, such as a purchase order, that requires a response from a
supplier". All questions have one of two answers: either a simple yes or no, or one of two
choices.The seven BIAIT questions consist of four concerning the supplier and three concerning
the ordered entity. The result is a score that will lead to the construction of a comprehensive
model of the organization's information requirements. The methodology attempts to elicit an
agreement between end user management and information analysts before beginning installation
of the actual IS. One of the advantages of this methodology is that it describes the information
requirements in language easily understood by both top management and IS personnel, while
defining the providers and owners of information. A distinct disadvantage is that this method
fails to link the IS and organization plans.
4.9.4. CUSTOMER RESOURCE LIFE CYCLE (CRLC)
The customer resource life cycle is an innovative framework proposed by Ives and Learmonth
(1984). This methodology focuses directly on the customer, its relationship to an organization,
and how a relationship can be changed or enhanced through strategic application of IS. The
authors propose that proper application of this methodology will result in competitive advantage.
Just as an organization's products or services go through a life cycle, the customer goes through a
life cycle as well. CRLC proposes that the customer goes though thirteen fundamental stages in
its relationship to a supplier, and that each of the stages should be examined to determine if IS
can be used to achieve a strategic advantage. The thirteen stages are as follows:
1. Establish customer requirements: estimating future needs for the required resources.
2. Specify customer requirements: the customer specifies the required attributes of the
resource.
3. Select a source (match customer with supplier): the customer locates a source for the
required resource. It may be an intermediary fim that affects the linkage of customer
an supplier.
4. Place order: IS may facilitate this, just as the airlines have accomplished with the
placement of terminals in travel agencies.
5. Authorize and pay for goods or services: the authorization for expenditure, and
arrangement for payment, before the resource is acquired.
6. Acquire goods or services: the customer takes receipt of the resource; the time
involved with this process is usually reduced by IS.
7. Test and accept goods or services: the customer verifies the acceptability of the
resource before placement into service.
8. Integrate into and manage inventory: the customer adds the resource to the existing
inventory and manages its usage.
9. Monitor use and behavior: the customer ensures that the resources remain acceptable.
10. Upgrade if needed: requirements may change.
11. "Maintenance: suppliers may need to make repairs to maintain resources, as a part of
the initial transaction or as just good business practice.
12. Transfer or dispose: the end of the product resource life cycle usually does not
involve the supplier.
13. Accounting of purchases: customer monitors the how and where of resource
expenditures. (Ives and Learmonth, 1984)
If an organization can assist a customer through application of IS, an organization may be able to
differentiate itself from its competitors, thereby achieving competitive advantage. This may
introduce switching costs (costs that customers incur if they switch to another supplier) as well,
further solidifying the customer base. By focusing on customer needs, IS is used to enhance
customer service. As a firm examines its role from the CRLC viewpoint, it may discover other
opportunities that will enhance its overall strategy. (Ives and Learmonth, 1984)
There is little doubt that the CRLC model helps to identify potentially important opportunities
for applying IS to its competitive advantage. It does, however, fail to rank the relative
importance of the IS projects or assess the efforts required to develop and implement these
systems. A further disadvantage is the lack of support for the entire set of planning activities
involved with implementation of effective IS. (Zviran, et al., 1989)

4.9.5. RETURN-ON-INVESTMENT ROI

 ROI is a classic business decision-making approach, adapted to IS resource allocation planning,
that is based on cost-benefit analysis and the prediction of a "return on investment". Very simply,
the projects with the highest return on investment are chosen for development. For instance, a
project with a 15 percent ROI is ranked over a project with 10 percent ROL The selection
process can be varied by the consideration of resource constraints, organization priorities, or
other variables, as desired.The financial benefits of this method are clear, but, serious drawbacks
have been identified : - Many benefits can not be quantified; however, the project is intuitively
known to be of high priority.- Projects based solely on ROI may not take into account such
factors as risk.- ROI considers proposed projects only, neglecting the value of existing projects.
ROI is a useful planning tool, taking into account the degree to which the costs and benefits of IS
projects can be quantified. However, the costs and benefits of IS projects are inconsistent,
complicated, interrelated, and extremely difficult to estimate, e.g., analysis of the ROI for IS
projects is not a trivial matter.

4.9.6. ZERO-BASED BUDGETING (ZBB)

ZBB scrutinizes the existing portfolio as well as the proposed portfolio. Starting from "zero,"
each existing and proposed IS package is added to the portfolio, prioritized by its importance to
the organization. The ae bw basic steps to this method: - Develop the decision
packages.(Applications, projects, activities and expenditures, to be reevaluated for addition or
deletion).- Prioritize the packages.- Allocate resources as required. In reality, the organization
does not start at zero, as it would be very costly to begin the process from scratch. As the
prioritized list of projects ascends the organization, the highest priority items are reviewed for
appropriateness and blended with the priorities of other departments. Finally at the top of the
organization a master list is developed, priorities are reviewed, and a line is drawn. An
evaluation of an operational system can be employed for decisions relative to the deletion or
reduction of the services in the existing system.

This method is particularly useful for identifying high-benefit IS projects. Its principal
disadvantage is it focuses on proposed IS projects only, rather than the entire range of an
organizational applications portfolio.

5. Critical Success factors

A critical success factor of an organization is efficient asset management. Critical success factor
involve the management in an organization to know the current status of the organization in ICT.
Based on the analysis of the business environment of the corporation, the critical success factors
concerning the firm are identified. Critical success factor is refer to the limited number of area in
which result, if satisfactory will ensure successful competitive performance for the organization.
There are such area where thing’s must go right for the business to flourish. Thus, the factor that
are critical for accomplishing the objectives are identified at this stage.

To manage data as a corporate asset, managers must understand the value of information that is
processed data. Data are used by different people in different departments for different reasons.
Therefore, data management must address the concept of shared data. Whatever the type of
organization, the database predominant role is to support managerial decision making at all level
in the organization. That’s why, Strategic information systems planning play a big role in
organization. SISP is an important management function. It can help an organization use
information technology (IT) more competitively, identify new, higher payback IT applications,
and better forecast IT resources requirements.

An organization’s managerial structure might be divided into three levels which are top, middle
and operational. Top level management makes strategic decisions; middle management makes
tactical decisions and operational management make daily operational decisions. Operational
decisions are short terms and affect only daily operations for example deciding to change the
price of a product to clear it from inventory. Tactical decision involve a longer time frame and
after larger scale operation; for example changing the price of a product in response to
competitive pressures. Strategic decisions are those that affect the long term well-being of the
company or even its survival; for example changing pricing strategy across product lines to
capture market share. This shows that having a good SISP will lead the organization to achieve
the goal and objective in short or long term in an organization.

It also Computer-based management information systems provide powerful support to Managers

at all levels to perform strategic planning and to control daily operations. Such systems can vary
wildly in terms of complexity, sophistication, and the level of integration within an organization.
A management information system cannot be bought off the shelf and be ready for use like a
word processing package - it requires a formal project to acquire it and to adapt it to meet the
specific needs of the organization. After the acquisition and implementation process, it requires
teams of people to feed data into it, to process the data and to generate the required reports. A
support infrastructure is required which includes the capability to handle special requests, to
perform routine and emergency main tenancy, and to ensure that the appropriate supplies of
materials and spares are always available. Because much of the information is of a sensitive
nature, security is important, as is the need for backups and a fall-back capability. Management
information systems require a large investment from companies in terms of capital outlay as well
as the training of users, operators, and maintainers. They also tend to become a highly critical
facility of the organization and must therefore perform optimally. This article describes a
research project that attempted to identify the factors that could make the difference between
success and failure for management information systems. A number of proposed success factors
were identified in the literature on management information systems. The degree to which these
factors were applied in real companies were determined by means of questionnaires, and
compared with the perceived success of the management information systems concerned.

5.1. CRITICAL SUCCESS FACTORS (CSF)

CSFs are the critical areas found in any organization, in which satisfactory performance must be
maintained, for that organization to endure and prosper. New opportunities for the use of IS, as
well as prioritization of existing IS resources, can be achieved through the analysis of an
organization's CSFs. The process of ascertaining an organization's critical success factors, or key
information needs, is achieved through a series of interviews with senior managers. The
relationships between the goals and the CSFs are discussed thoroughly, to ensure that the analyst
understands the underlying factors. The critical factors that determine success will vary from
industry to industry.
There are four principal sources of CSFs:
 1. Industry structure: the distinctive attributes of the industry that make it unique.
2. Competitive strategy, position in industry and geographic location: each organization
determines its place in the industry and the world.
3. Environmental factors: geo-political and other environmental changes that will vary
the CSFs over time.
4. Temporal factors: internal organizational considerations that surface occasionally,
that may be considered critical, at that time, because they have fallen below a measurable
point. (Rockart, 1979)
5.2. There are several advantages to the use of this methodology:
- It clearly focuses on vital organizational issues.
- It is a practical and intuitive methodology.
- It provides a link between strategic and tactical IS planning.
- It assures that critical information needs are addressed. (Shank, et al., 1985)
The primary drawback to this methodology is that it has a narrow focus on a specific activity of
the integrated planning process, rather than providing a broad framework for integrated planning.

6. Business Systems Planning

6.1 What Is Business System Planning?

Business system planning is a strategy that calls for evaluating and structuring a platform for the
processing of information throughout a business operation. The goal of this type of approach to
the strategic management of a company is to make sure that all operations within the company
structure make the most efficient use of information relevant to their areas of responsibility, and
that communication between different levels of the business are operating at maximum
efficiency. While a specific approach to business system planning was created by International
Business Machines during the latter decades of the 20th century, variations on that process have
since been developed and adapted to fit newer business models.

Over the years, the use of business system planning has provided a number of benefits to
businesses of all sizes. One of the key benefits has to do with the ability to create a balanced
view of what is and is not working with the current structure of a business, especially the
technology that provides the foundation for that structure. By prompting the objective
assessment of the system at all levels, this approach can often aid in identifying what is operating
at optimal levels that meet the needs of the company, what is not operating at optimal levels but
could be adapted or enhanced in order to meet those needs, and what aspects of the technology
and the operation need to be removed or replaced in order to strengthen the company
infrastructure.

Employing the general concepts of business system planning makes it much easier for owners
and managers to identify when and how money should be spent to adapt the overall operation to
the changing circumstances within the marketplace. This affects not only matters like the internal
operation but ultimately the product line offered by the business, the way that customers are
approached and supported by the business, and deciding when changes will be in the best
interests of the company.
 For instance a case of sample Company want to save up to 30% on your monthly bills?

This tool helps you do just that a company does not have to operate hundreds of locations and
have a substantial employee base in order to benefit from the use of business system planning.
Even a small business with one central location and a limited staff can take the general principles
and apply them to the management of a product line, the internal workings of the business, and
even to the task of becoming more visible to potential customers. There are a number of
consultants today who work with companies of all sizes and types to help establish the basic
framework for business system planning, training key people in how to make the most of the
process, and even aid in the launching of the initiative. While there may be some expense on the
front end, the benefits derived from this type of systematic approach will usually offset those
expenses in a short period of time.

6.2. Business Systems Planning

Identifies the information systems a company needs and looks at the whole to determine what
information systems the business requires to fulfill its goals. For large businesses, this can be an
expensive process involving consultants and specialists, but smaller businesses can often perform
the analysis and planning in house. Prerequisites for effective business systems planning are the
existence of a business plan that details the goals and strategies of the company and the
communication of the plan to the people responsible for implementing the plan are

- Goals and Strategies

The requirements for a company's information systems can only be integrated into a plan when it
is clear where the company wants to go and how it plans to get there. A strategic plan lays out
the company goals and the strategies it intends to implement to achieve them. In small
businesses, such strategies often focus on financial goals and corresponding marketing plans.
These business plans are the initial input for the information systems plan and influence the types
of systems that the company will consider.

- Corporate Processes

Once the overall orientation of the information system is clear from the strategic plan, the
business systems planning process has to look at what the company does. If the company has
manufacturing, the information system has to include production planning. If it is service
oriented, the software has to have hourly billing and cost assignment features. The key corporate
processes are a second step in defining the requirements for the proposed information systems.
Sometimes the processes themselves require re-engineering to let them work with information
systems.

- Corporate Data

A key question for the planning of information systems is the nature of the company's data
processing requirements. Large volumes of complex data need different systems than flat, simple
databases or mailing lists. A company's data is a valuable asset and its nature can't easily be
 changed. As a result, the data has a major influence on the kind of information systems that are
required.

- Constraints

The strategies, company processes and data represent the major inputs to the planning of the
information systems, but the systems themselves are subject to constraints. The most important
limitation, especially for small businesses, is the cost. Other constraints may include technical,
space, time and operational factors. The information system planning process has to consider that
the ideal system may not be a realistic possibility, and alternatives must be situated within the
constraints.

- End-user Input

Once the planning process has established the overall concept and requirements for the
information systems, it is important to involve the end users in the design for the interface. The
people who carry out the work have the best knowledge of what is required to do their job. Not
supplying what is required is a frequent planning failure, and getting end user input at this stage
is vital to the success of the business systems plan.

- Implementation

The final step for an information system is to plan for implementation. At this stage the plan
becomes a project and the planners have to assign responsibilities and resources, ensure that the
project plan matches the strategic and business plans and set completion, budget and
performance targets. At this stage the business can expect to have functioning information
systems at the project completion date, fulfilling the identified needs.

7.Computer Aided Planning Tools. Security & Ethical Challenges

Explain computer aided planning (CAP) tools.

Computer-aided process planning (CAPP) is the use of computer technology to aid in the process
planning of a part or product, in manufacturing. CAPP is the link between CAD and CAM in that
it provides for the planning of the process to be used in producing a designed part.

The planning process can be quite difficult and time consuming. That’s what gives organizations
the “we don’t have time to plan” excuse for using a formal planning process. So vendors have
developed CAP tools to help ease the burden of planning.

This process results in an enterprise model of the business. An enterprise model defines the
structures and relationship of business processes and data elements as well as other planning
structures. Developing an enterprise model for a business is a starting point for the strategic data
planning process. Data administration personnel use enterprise modeling to help them develop a
variety of data models for the organization.
 5.2.Security and Ethical Challenges of IT Definition

The security and ethical challenges of IT refer to the difficulties that organisations face in
managing increasingly complex information and communication technologies. The term
embraces the management of systems, policies and procedures designed to protect organisations,
their employees, customers and other stakeholders from malicious external threats, and from
internal acts of noncompliance with IT policies. The concept has important implications for
growing IT areas such as Big Data, social media, and Bring Your Own Device (BYOD) (Dutta &
McCrohan, 2002; Simonite, 2015; Soares, 2015).

5.3.Ethical & Security Issues in Information System

Information systems have made many businesses successful today. Some companies such as
Google, Facebook, EBay, etc. would not exist without information technology. However,
improper use of information technology can create problems for the organization and employees.

Criminals gaining access to credit card information can lead to financial loss to the owners of the
cards or financial institute. Using organization information systems i.e. posting inappropriate
content on Facebook or Twitter using a company account can lead to lawsuits and loss of
business.

5.4.Cyber-crime

Cyber-crime refers to the use of information technology to commit crimes. Cyber-crimes can
range from simply annoying computer users to huge financial losses and even the loss of human
life. The growth of smartphones and other high-end Mobile devices that have access to the
internet have also contributed to the growth of cyber-crime.

5.5.Ethical & Security Issues in Information System

Types of cyber-crime

1. Identity theft

Identity theft occurs when a cyber-criminal impersonates someone else identity to practice
malfunction. This is usually done by accessing personal details of someone else. The details used
in such crimes include social security numbers, date of birth, credit and debit card numbers,
passport numbers, etc.

Once the information has been acquired by the cyber-criminal, it can be used to make purchases
online while impersonating himself to be someone else. One of the ways that cyber-criminals use
to obtain such personal details is phishing. Phishing involves creating fake websites that look
like legitimate business websites or emails.

For example, an email that appears to come from YAHOO may ask the user to confirm their
personal details including contact numbers and email password. If the user falls for the trick and
updates the details and provides the password, the attacker will have access to personal details
and the email of the victim.

If the victim uses services such as PayPal, then the attacker can use the account to make
purchases online or transfer funds.

Other phishing techniques involve the use of fake Wi-Fi hotspots that look like legitimate ones.
This is common in public places such as restaurants and airports. If an unsuspecting user logons
into the network, then cyber-crimes may try to gain access to sensitive information such as
usernames, passwords, credit card numbers, etc.

According to the US Department of Justice, a former state department employee used email
phishing to gain access to email and social media accounts of hundreds of women and accessed
explicit photos. He was able to use the photos to extort the women and threatened to make the
photos public if they did not give in to his demands.

2. Copyright infringement

Piracy is one of the biggest problems with digital products. Websites such as the pirate bay are
used to distribute copyrighted materials such as audio, video, software, etc. Copyright
infringement refers to the unauthorized use of copyrighted materials.

Fast internet access and reducing costs of storage have also contributed to the growth of
copyright infringement crimes.

3. Click fraud

Advertising companies such as Google AdSense offer pay per click advertising services. Click
fraud occurs when a person clicks such a link with no intention of knowing more about the click
but to make more money. This can also be accomplished by using automated software that
makes the clicks.

4. Advance Fee Fraud

An email is sent to the target victim that promises them a lot of money in favor of helping them
to claim their inheritance money.

In such cases, the criminal usually pretends to be a close relative of a very rich well-known
person who died. He/she claims to have inherited the wealth of the late rich person and needs
help to claim the inheritance. He/she will ask for financial assistance and promise to reward later.
If the victim sends the money to the scammer, the scammer vanishes and the victim loses the
money.

5. Hacking
Hacking is used to by-pass security controls to gain unauthorized access to a system. Once the
attacker has gained access to the system, they can do whatever they want. Some of the common
activities done when system is hacked are; Install programs that allow the attackers to spy on the
user or control their system remotely Deface websites Steal sensitive information. This can be
done using techniques such as SQL Injection, exploiting vulnerabilities in the database software
to gain access, social engineering techniques that trick users into submitting ids and passwords,
etc.

- ks on enterprise networks are the result of successful spear phishing.

- According to Symantec, phishing rates have increased across most industries and
organization sizes — no company or vertical is immune.
- According to the Webroot Threat Report, nearly 1.5 million new phishing sites are created
each month.

8. Information System Controls

Information Systems controls are a set of procedures and technological measures to ensure
secure and efficient operation of information within an organization. Both general and
application controls are used for safeguarding information systems.

8.1.General Controls

These controls apply to information systems activities throughout an organization. The most
important general controls are the measures that control access to computer systems and the
information stored or transmitted over telecommunication networks. General controls include
administrative measures that restrict employee access to only those processes directly relevant to
their duties, thereby limiting the damage an employee can do. Some general controls are as
follows.

8.2.Software Controls

Monitor the use of system software and prevent unauthorized access of software programs,
system failure and computer programs.

8.3.Hardware Controls

Ensure the computer hardware is physically secure and check for equipment malfunctions.
Computer equipment should be specially protected against extreme temperatures and humidity.
Organizations should make provisions for backup or continued operation to maintain constant
service.

8.4. Computer Operations Controls

This include controls over setup of computer processing jobs and computer operations and
backup and recovery procedures for processing that ends abnormally.
8.5.Data Security Controls

Ensures critical business data on disk and tapes are not subject to unauthorized access, change or
destruction while they are in use or in storage.

8.6. Implementation Controls

Audit the system development process at various points to ensure that the process is properly
controlled and managed.

8. 7. Administrative Controls

Formalize standards, rules, procedures and control discipline to ensure that the organization’s
general and application controls are properly executed and enforced.

8.8. . Application Controls

Application controls are specific to a given application and include measures as validating input
data, regular archiving copies of various databases, and ensuring that information is disseminated
only to authorized users. This can be classified as input, processing and output controls.

1. Input Controls – Input controls check data for accuracy and completeness when they
enter the system. There are specific input controls for input authorization, data conversion, data
editing and error handling.
2. Processing Controls – Processing controls establish that data are complete and accurate
during updating. Run control totals, computer matching, and programmed edit checks are used as
processing controls.
3. Output Controls –Output controls ensure that the results of computer processing are
accurate, complete and properly distributed.

8.9. Controls in Network Information Systems

1. Firewall –The firewall acts like a gatekeeper that examines each user’s credentials before
access is granted to a network. The firewall identifies names, internet protocol (IP) addresses,
applications and other characteristics of incoming traffic. It checks this information against the
access rules that have been programmed in to the system by the network administrator. The
firewall prevents unauthorized communication into and out of the network, allowing the
organization to enforce a security policy on traffic flowing between its network and other
untrusted networks, including the internet. Firewalls can deter but not completely prevent,
network penetration by outsiders and should be viewed as one element in an overall security
plan. To deal with internet security effectively, broader corporate policies and procedures, user
responsibilities and security awareness training may be required.
2. Intrusion Detection System – In addition to firewalls, commercial security vendors now
provide intrusion detection tools and services to protect against suspicious network traffic
attempts to access files and databases. Intrusion detection systems feature full-time monitoring
tools placed at the most vulnerable places. The system generates an alarm if it finds a suspicious
event. Scanning software looks for patterns indicative of known methods of computer attacks
such as bad password, checks to see if important files have been removed or modified and sends
warnings to the system administrator. Monitoring software examines events as they are
happening to discover security attacks in progress. The intrusion detection tool can be
customized to shut down a particular sensitive part of a network if it receives unauthorized
traffic.
3. Antivirus software – Antivirus software is designed to check computer systems for the
presence of computer viruses. Often the software can eliminate the virus from the infected area.
However, most antivirus software is effective only against viruses already known when the
software was written. To remain effective, the antivirus software must be continually updated.

9. Facility Controls

Physical facility control is methods that protect physical facilities and their contents from loss
and destruction. Computer centers are prone to many hazards such as accidents, thefts, fire,
natural disasters, destructions etc. Therefore physical safeguards and various control procedures
are required to protect the hardware, software and vital data resources of computer using
organizations.

9.1.Facility Control Systems

ACS is a full-service commercial and industrial facility control systems integrator—designing,

programming, installing and servicing all facility-related control applications. The facility
automation team’s experience ranges from complex special purpose facilities such as R&D and
test centers, to large production facilities with centralized systems supporting multiple processes.

Our engineers have extensive experience planning and implementing a broad variety of building
management applications—whether they entail Internet-based controls and interfaces or legacy
system interactions.

- Areas of Core Competence Include:

- HVAC controls and system integration

- Water supply and treatment

- Fluid distribution systems

- Electrical systems

- Energy supply and usage studies

- kWh metering

- Fire protection
 - Security

- Access control

10. Procedural Controls

Procedural controls establish a framework for validating and maintaining the computer system
and for ensuring that users understand how to use the system. Procedural controls usually take
the form of standard operating procedures (SOPs) and user manuals.

Procedural control is a method of providing air traffic control services without the use of radar. It
is used in regions of the world, specifically sparsely populated land areas and oceans, where
radar coverage is either prohibitively expensive.

10.1. Key Concepts for Procedural Controls

- Vendor/Supplier management

Any computer equipment, instrumentation, and software that you buy needs to come from a
reputable vendor and needs to be documented and tested for the environment in which it will be
used.

- System Lifecycle

A System Lifecycle is a defined set of expectations, activities, and deliverables promotes a

controlled, well-thought-out system through the life of the research project and reduces the risk
of errors. How you go about building, assembling, and maintaining your system is an important
part of validation. Activities to incorporate in your lifecycle are:

- Identifying and involving knowledgeable, qualified stakeholders to define, test, and document
the system
- Assessing and addressing risks to the computer system
- Grouping and prioritizing tasks and completing them in a controlled and orderly manner
- Describing requirements for the system and maintaining traceability from that starting point
through to implementation
- Verifying individual parts, and the system as a whole, using a combination of reviews, testing,
and audits
- Tracking, evaluating, prioritizing, and fixing defects
- Identification and control of system components and associated documentation
- Using change control to manage changes to system components and associated documentation
- Creating and maintaining documentation of the computer system and development and
maintenance activities through the life of the system.
10.2. Procedural Control Examples

Procedural controls refer to the procedures performed by individuals. They are often detailed in
written documents that an organization uses for security. Procedural controls are directives from
senior management on how to address security within the organization.
 The following sections provide examples of some of the common procedural controls in these
categories:

- Policies and procedures

- Security plans
- Insurance and bonding
- Background and financial checks
- Data loss prevention program
- Education, training, and awareness
- Rules of behavior
- Software testing
- Policies and Procedures
- Policies and procedures are written documents

11. Computer Crime

11.1. What is Computer Crime and its effect on the world?

Computer crime is a new Problem in our society therefore we must know that what computer
crime is. If we talk about computer crime we will refer to a crime which is conducted with the
help of a computer and a network is involved in it. As we refer to computer it can even be a
small computer device like mobile. And the network mainly used is an Internet connection
because of its availability and access. Computer crime includes acts in which you use a computer
or a network to harm someone else either by stealing data, plotting a virus, hacking someone’s
computer etc.

Computer or cybercrime may include broader terms like hacking, copying of copyrighted
material, child grooming, stealing and misuse of Confidential/private information of someone
else , making a computer virus or a bug or a malware with a intention to plot at someone’s
computer or a network in order to gain a benefit or to take revenge or another cause which make
you do such an act is a computer crime. These are few types of computer crimes it is much more
vast and expanded term.

Now if we talk about computer crimes conducted earlier or have started at first are, using
someone else computer to scan or print what you want without consulting the owner or using
someone else internet connection to distribute false information or conduct a fraud with the help
of a computer or use false to information steal from someone else on the internet and use
someone else internet name etc. these are all type of old computer crime. Now a days computer
crime or new computer crime includes work like stealing some ones privacy, create a software or
a tool to harm someone else computer and put the virus or malware in order to harm him in any
case, use someone else email account to do mails eg to a mail to black mail someone etc.

11.2. Here we will discuss some details of the types of computer crime

▪ Spam:-Sending many mails to people in order to conduct commercial benefits.

▪ Fraud:-A dishonest way to make someone to do a loss which could make a profit for you in any
case e.g. make a false webpage of a bank to retrieve information of account of someone.
▪ Offensive contents:- Websites such as blogs publishing political, social or religious information
which could be suitable for one sect or creed but is harmful for the other. Such is the case of
facebook.
▪ Harassment:-Mail individual or a particular group and make offence on the base of age, sex, cast,
religion etc. These types of things are also done in chat rooms.
▪ Malware and virus:-Creating tools to harm the computer of others.
▪ Hacking:-Controlling computer of others stealing information and data or use it to conduct a
crime etc.

11.3. Now we could use an example which could explain computer crime.

Melissa virus was speeded on March 26, 1999 it was spreader through email it was just an
attachment it affect about 100,000 people throughout the world in the head it was written
important message from user and in the body here is the document you asked and don’t share
with any one. And when the user open the attachment Melissa virus come into his computer.

11.4. Effects of Computer Crime

Now we will discuss effect of computer crime on our world. Due to computer crime there is loss
of billions of dollar annually. Computer crime is increasing every day and it is creating big losses
and company level and at individual level stock losses.

If we talk about computer crime it may be 15 $ at individual level but is very large at corporate
level it can rise up to 225 billion $ so loss due to computer crime can be vary between 15 $ to
225 billion $. United States is leading in cyber-attacks throughout the world about 35 %
(approximately) in total of the whole world followed by South Korea 12 % of cyber-attacks of
the whole world. Hackers and cyber criminals reside or flourish in countries having few
computer crime laws. From these countries they can easily attach rich countries. Due to
increasing Computer crime throughout the world insurance companies are providing insurance
against computer crimes. After an attach to a firm the firm losses its price of stock in the stock
market by 1 % – 5 % therefore the companies suffer the loss at company level but the stock
holders also bear the price due to decrease in the stock price.

A company suffers losses due to computer crime when a hacker steals confidential information
and future plans of the company. And he simply sells the information to a competitor company
and they use the information to get benefits. Wastage of time is another problem because many
IT personals spend a lot of time on handling harmful incidents which may be caused due to
computer crimes. This time should be spend on the development. And if the company is attacked
by a computer criminal it would cost a lot and much time is needed to recover from the loss.

One of the problem is that when a hacker enter in an organization and steals confidential
information form the company the people who entrust the company loses their confidence in the
company as the company may contains confidential information like credit cards of customers
and as the information is stolen the customer will not trust the company again and will move to
someone else who could protect their confidential information.

Computer crime reduces the productivity of a company as a company will take measure to
reduce cybercrime so there will be more password entering or other acts this will take time to do
and therefore will effect on the productivity and it also will increase the cost as to stop viruses
and malware companies must buy strong security software to reduce the chances of attacks from
such attacks.

In some cases victim of the cybercrime not even know that he has been attacked. And the
attacker are so clever that they not even left a small clue to be detected.

When you use credit card at ha store the transitions are encrypted and sent to the internet and the
internet is available globally. Hackers are smart and they can decrypt the information in a few
time.

There are few solutions to keep safe from computer crime and they could be a little help for the
attacks, antivirus and antispyware tools, firewalls, Cryptography. After theses cyber ethics and
law has been formulated to stop these kinds of things. And after these the internet service
providers must provide secured internet connections to keep the users safer from the cyber-
attacks.

In the end I may conclude that computer crime is a strict criminal act and the it should be
punished strictly and there should be strict laws against cyber criminals like there are should be
punishment against them as there is punishment for other criminals who have committed crimes
like stealing etc. computer crime cannot be stopped at this level but immunity can be used to
keep safe from it or at least harm could be a lesser.

Alternatively referred to as cybercrime, electronic crime, or hi-tech crime. Computer crime is an

act performed by a knowledgeable computer user, sometimes referred to as a hacker that illegally
browses or steals a company's or individual's private information. In some cases, this person or
group of individuals may be malicious and destroy or otherwise corrupt the computer or data
files.

11.5. Why do people commit computer crimes?

In most cases, someone commits a computer crime to obtain goods or money. Greed and
desperation are powerful motivators for some people to try stealing by way of computer crimes.
Some people may also commit a computer crime because they are pressured, or forced, to do so
by another person. Some people also commit a computer crime to prove they can do it. A person
who can successfully execute a computer crime may find great personal satisfaction in doing so.
These types of people, sometimes called black hat hackers, like to create chaos, wreak havoc on
other people and companies. Another reason computer crimes are sometimes committed is
because people are bored. They want something to do and don't care if they commit a crime.

11.6. Examples of computer crimes

The different types of computer crimes today are

1. Child pornography - Making, distributing, storing, or viewing child pornography.

2. Copyright violation - Stealing or using another person's Copyrighted material without
permission.
3. Cracking - Breaking or deciphering codes designed to protect data.
4. Cyber terrorism - Hacking, threats, and blackmailing towards a business or person.
5. Cyber bully or Cyber stalking - Harassing or stalking others online.
6. Cybersquatting - Setting up a domain of another person or company with the sole intention of
selling it to them later at a premium price.
7. Creating Malware - Writing, creating, or distributing malware (e.g., viruses and spyware.)
8. Data diddling - Computer fraud involving the intentional falsification of numbers in data
entry.
9. Denial of Service attack - Overloading a system with so many requests it cannot serve
normal requests.
10. Doxing - Releasing another person's personal information without their permission.
11. Espionage - Spying on a person or business.
12. Fake - Products or services that are not real or counterfeit. For example, a fake antivirus and
fake technical support examples of something fake.
13. Fraud - Manipulating data, e.g., changing banking records to transfer money to an account or
participating in credit card fraud.
14. Green Graffiti - A type of graffiti that uses projectors or lasers to project an image or
message onto a building.
15. Harvesting - Collect account or account-related information on other people.
16. Human trafficking - Participating in the illegal act of buying or selling other humans.
17. Identity theft - Pretending to be someone you are not.
18. Illegal sales - Buying or selling illicit goods online, including drugs, guns, and psychotropic
substances.

12. Privacy issues

What are the privacy issues in information technology?

There are many privacy issues related to information technology, such as electronic surveillance,
which involves monitoring people with technology, often without their knowledge. In addition,
companies often share or sell personal information to other companies. Identity theft is also an
important privacy issue. Other examples of IT privacy issues include cookies, spyware, and
Employee Internet Management software.

12.1. How does technology affect individuals' privacy?

Technological advances often require people to give up their privacy. Information privacy refers
to the right to determine when, and to what extent, information about oneself can be
communicated to others. Technology provides opportunities for companies and criminals to take
those rights away through practices like data mining and identity theft.
Internet is the fastest way of connecting with the world but, unfortunately, it is not the safest one.
The internet is full of scams and gambles, and you are on the verge of security risks when you
choose to be online.

Most internet users are least bothered about their online privacy and are unaware of the plausible
risks associated with it. Not only your privacy but your safety is also endangered, especially
when you are using the internet to carry out important and secretive tasks like online banking and
sharing crucial business files.

12.2. Three Major Issues Concerning Online Privacy

Online users are incredibly vulnerable to security threats, and there is a long list of issues
associated with their safety. Here we are discussing only the major issues concerning online
privacy.

1. Spying and Snooping

When you are online, you are spied by a number of trackers for various purposes. Trackers keep
a record of your search history and track all your online activities through various means. This
provides them a clear picture of who you are and your interests, which is a breach of online
privacy policy and makes you a public property. Most of the time, this tracking is for
advertisement purposes only and it allows advertisers to show ads according to your taste and
interests. But sometimes this information is used by cybercriminals to carry out unauthorized and
illegal activities risking your online existence.

2. Information Mishandling

There are various sites on the internet that need your personal information to get access to their
services. These sites often store cookies and save your personal information and later use it for
various purposes. Most of the time this information is not encrypted and can be accessed by
anyone. This mishandling of personal information may lead to serious consequences. The
modern trend of e-banking and e-business portals have multiplied the risks associated with
online privacy. By sharing your bank details and crucial files on the internet, you are paving
ways for burglars and making yourself vulnerable to cybercriminals.

3. Location Tracking

Most of the internet users proudly upload their social media posts highlighting their current
location along with tagging friends and family members. It's fun and exciting to share your life
events with friends and family, but this data does not remain restricted to your expected audience
only. This same data is stored on the social media site you are using and stays there forever,
often without you knowing (though you may have given consent through a terms and services
agreement). Along with social media apps, Google Maps and other apps also ask for your
location and by turning on your location you are providing first-hand information to the world
about where exactly you are and what your next move is, which is certainly risky and insecure.
 12.3. Five Possible Ways to Protect Against Online Privacy Threats

There’s no way to completely avoid threats and attacks, but still, there are some steps you can
take to avoid being victim on the internet. Here are some measures that should be followed:

1. Use a VPN

There are various ways of protecting your online privacy, but the most successful and certain
way is through VPN. It is a tool that provides an encrypted tunnel for all your online activities,
which means it encodes all the information transferred between you and your host site and leaves
no chances of snooping and spying. It also provides you an anonymous IP and disguises your
actual identity, hiding your geographical location and making your online existence more safe
and secure.

There are various VPN available including free and paid ones. Some VPN work on a small scale
and have access to a few countries only while others are international ones with access to most
parts of the world.

2. Conduct Safe Browsing

Hackers can easily track your activities and get into your system through your browser. It’s
highly recommended to keep your browser updated to the latest version. Avoid using spammy
websites that asks for user details. You can also block ads on your browser and take extra time to
actually read privacy policies before giving your consent.

3. Keep Your System Up-to-Date

Keep your system up to date to ensure that you don’t miss out any feature and security fixes. If
you find it a hassle to manually apply updates, you can always use tools to automate your
software updates. Regularly scan your system or it’s better to keep auto scan on in your system.

4. Use Anti-Virus

A strong anti-virus program will keep your device free from all types of malware, such as
spyware, viruses, Trojans, etc. You can also use a good anti-virus that will keep you updated if it
found something wrong in your system. Using anti-virus is essential as it helps you to get real
time updates.

5. Adjust Your Settings on Social Media

Take advantage of the options that are available to you. Big Internet companies such as
Facebook and Google usually give you options to opt out of some, if not all, of their
personalization and tracking.

12.1. What is Information Privacy?

 Privacy protects our personal space and allows people to choose who has access to their
information. Information privacy refers to the right to determine when, and to what extent,
information about oneself can be communicated to others. As technology advances to make life
easier, privacy may be increasingly compromised.

There are many debates about what should be considered private or personal information, who
should have access to what information, and who is responsible for providing approval for others
to access it. Disagreements occur because people often exchange their personal information for
coupons, or another type of incentive, without thoroughly understanding what the information
will be used for

12.7. Types of Personal Privacy Issues in Information Technology

As technology advances and people continue to store personal information on their devices,
personal privacy issues are becoming more challenging. There are many types of personal
privacy issues in information technology ("IT").

12.8. Personal Privacy Issues Description

- Electronic surveillance involves monitoring people with technology, often without their
knowledge. This can be done through video or recording devices.
- Personal information is provided to companies when users sign-up for accounts, such as
Facebook, Instagraam, YouTube, or grocery discount cards. These companies then sell the
personal information (what links are clicked, products purchased, how much money was spent,
etc.) to other companies that use the data to market to the user.
- Identity theft occurs when someone steals an individual's information to commit a crime, such as
fraud. Identity thieves can use this data to make purchases, apply for credit cards, get medical
services, or apply for a job.
- Cookie are small data files that websites use to track users visiting the site. There are several
different types, but third-party cookies are typically the ones that cause personal data to be
compromised. This is because these types of cookies follow and record the user as they do
business online.
- Spyware is a small computer program that gets stored on a user's hard drive. The program
collects the user's habits and transmits that information to a third party, all without the user's
consent. The data is then transmitted to marketers, criminals, or firms that pay others to collect
data on users.
- Employee Internet Management Software (e.g., Web Watcher, Refuge Employee Monitor, Work
Time) is used to ensure that employees are not using their work computers for non-work
activities, which can disrupt employee production and expose the organization to security
breaches. The software can monitor staff websites, filter out websites that the organization feels
are inappropriate, monitor employee phone calls, and record voicemail messages.