Planning for Information Systems

‡ Systems planning, especially strategic systems planning, is becoming more difficult and more important at the same time. Technology is changing so fast that it is seems futile to plan for it, yet the dependence on this technology makes planning its effective use a matter of organizational life and death ‡ It is important to establish the appropriate mindset for planning: ± Some managers believe = ³determining what decisions to make in the future´ ± Better view = developing a view of the future that guides decision making today ± Subtle difference = µstrategy making¶ ‡ Strategy = stating the direction in which you want to go and how you intend to get there ± The result of strategy-making is a plan

Types of Planning: ‡ Planning is usually defined in three forms, which correspond to the three planning µhorizons¶. (Figure 4-1)
± Strategic = 3-5 years ± Tactical = 1-2 years ± Operational 6 months ± 1 year

. Planning involves ± Identification of the applications Evaluation of these applications Establishing a priority ranking for applications Determining the architecture of IS that can serve the top priority application .Thus.It runs various applications for offering information .Planning for IT infrastructure: Need for New Approach -Planning for IS involves identification of resource requirements and allocation of the resources in a cost-effective manner.Why you require IS? ± for catering to information needs of its users.Planning methodology involves evaluation of alternatives and selection of the best alternative. . .

Identifying IT applications Two approaches ± Structured and Unstructured Approach Structured Approach .Easy to identify the steps that are involved in the process of planning and the associated costs can be assesses and budgeted.Provides a framework of the steps that need to be taken for the purpose of planning. There are two basic planning methods to identify IS possibilities BSP method CSF method . .The entire process can be monitored for its progress. .

Business Systems Planning (BSP) Method Developed by IBM when database technology was the in thing and centralized database formed the basis of IS. A rigorous analysis of the operations in the business is done and a detailed mapping is done finally resulting in definition of databases required for the enterprise. From this stage a detailed development plan can be drawn. . It enables to analyze the role information plays in the business and also how it can help to improve the competitive strength of the enterprise. VCA generates information regarding important external and internal business information relationships and issues. This may be done using VCA.

Features of BSP method (1) It helps in improving the performance of the managers. (2) The resource allocation is determined by the value of information generated. . These data classes serve as building blocks for databases. The level of management addressed is quite high (generally general managers) where the allocation of resources is done across the entire business unit. Top-down approach is preferred to identify and define valid planning and performance data. (3) The plan aims to determine the data classes that are required.

Advantage Managers get clear understanding of the IS and their commitment to the success of the system is quite high. Danger Raises expectations of the managers and another is managers get too much involved in the analysis of their operations to pay attention to opportunities and threats. .

Critical Success Factors (CSF) Method .Developed by John F. Rockart at the Centre of IS research (CISR) at MIT¶s Sloan School of Management. . Managers implicitly know and consider these key areas when they set goals and as they direct operational activities and tasks that are important to achieving goals.Critical Success Factors (CSFs) define key areas of performance that are essential for the organization to accomplish its mission.This method assumes that IS must focus on CSFs as perceived by individual managers and provide information and tools for analysis of such information. . .

Accordingly. Rockhart suggested that styling. management could then identify the information that was most important to making critical enterprise decisions.. an organization¶s information systems must focus on factors that determine organizational success. For example. the underlying premise is that decisions made in this manner should be more effective because they are based on data that is specifically linked to the organization¶s success factors.The CSFs here would mean and include those things that must go as planned if the objectives of the organization are to be achieved. an efficient dealer organization. in the automotive industry. . and tight control of manufacturing costs are important success factors. -Using success factors as a filter.To be effective in avoiding information overload. .

.The CSF are hierarchical in an enterprise and one should ensure to avoid conflict in CSF at all levels in the hierarchy.. This in turn would help in establishing priorities for IT projects on the basis of their criticality in achievement of objectives. Corporate Group Company Division Department Individual The CSF help in assessing the relative significance of activities in terms of their contribution towards the achievement of common goals of the enterprise.

. -BSP is suitable in enterprises where impact of IT was low on business but diffusion of IT was low.Also.CSF focus on objectives rather than business process. -More blends of these methods are used as more and more companies are having both a high degree of diffusion of IT and a high impact of IT on business. structured methods may not be suitable and thus a more flexible approach may perhaps be more suitable in dynamic business environment. .CSF was successful where impact of IT was low but the diffusion of IT was high. . the CSF studies are more effective in identifying information needs of managers than shaping the IT infrastructure..

CSF Procedure for IS Planning Manager A Determine Individual CSFs Manager B Manager C Determine Individual Determine Individual CSFs CSFs Analyze individual CSF to determine organizational CSFs Determine priority information databases and key systems IS Planning: Prioritize IS development .

. .Similarly there are other compulsions like a captive buyer may insist on availability of IT infrastructure of a particular configuration and use of IT infrastructure for given applications.Unstructured Approach to IT Infrastructure Planning -Using IT as a strategic tool to bar the entry of competitors in the niche markets requires quicker decisions. . The applications for this purpose are critical for survival in the market and is one of the market compulsions.Such situations may not warrant any structured approach for planning IT infrastructure.

-Thus.Techniques of evaluating IT investments .IT applications compete with other corporate priorities and other IT applications. payroll fall under this category and can be easily calculated.aims at substituting manpower by machine power. Financial Justification Three broad categories of IT applications for the purpose of financial justifications by Parker (a) Substitutive. . evaluate them and determine the priorities on the basis of financial justification and technological impact. inventory control. .Applications like financial accounting.

Applications like spreadsheets. presentations. financial expert systems.Examples like home banking. desk management including text and document handling and query packages.(b) Complementary ± aims at improving the performance of employees at various levels in the enterprise. . .evaluation is difficult as higher risk is involved. -Benefits from such applications are intangible and lesser risk involved in realizing the benefits. (c) Innovative ± meant to create and maintain technological entry barriers and help enterprises differentiate their products in order to gain competitive edge. . .

.However. cost avoidance. where the amount of investment is substantial. . Cost-Benefit analysis .The costs are the measurement of resources required to obtain the benefits that may be in terms of cost savings. . increase in revenue and the intangible benefits. there are different techniques for evaluating these applications.Intangible benefits may be measured by assigning surrogate values determined by consensus as it is difficult to measure them.They are prominent in case of operational or tactical application.As different applications are there. Parker suggests five techniques for evaluating IT investment proposals ± 1. .Another problem is one cannot often estimate in advance the requirements and the impacts of the applications and there this method is often questionable. . one should use this method.Traditional technique to measure quantifiable benefits of the IT application. .

3.It is useful in substitutive applications.The improvement maybe in terms of accuracy and quick performance of activities. .The traditional tools for evaluating investment proposals such as ROI. Value Linking . . such a saving which is accelerated by time savings maybe substantial with the increase in volume and value of such transactions.Focus on improvement in business performance and not just on cost savings.. . -This method is useful in substitutive and complementary applications. 2. thereby increasing the capability of the enterprise. Pay back period may be used to compare different proposals. .example. accepting payment through credit cards in retail stores. NPV. Value Acceleration -It is used to assess the financial implications of time saved in the business process with the help of IT infrastructure.

4. 5. products and services. . . . increased productivity.Such benefits are obtained by combining.These applications are strategic and quantification of benefits from such applications is difficult. eliminating or redefining responsibilities in different departments that may result in reduced response time. Innovation -IT may help innovate the business activity by creating new/alternative functions. improved communication.It aims at measuring the benefits of an application that stem from organizational change. Value Restructuring -Focus on the business values associated with restructuring a job or function. job enrichment. open up new niche markets offering competitive edge to the enterprise. R&D etc. ROI is less important and the value of µbeing first¶ or risk of µnot being there or having to face failure¶ becomes more important. . .The benefits of this technique are more profound in functions such as legal advisory services. perspective planning. etc. .Here.

E. Competitive Advantage (1980).VALUE CHAIN ANALYSIS The value chain is a systematic approach to examining the development of competitive advantage. The chain consists of a series of activities that create and build value. The 'margin' depicted in the diagram is the same as added value. It was created by M. They culminate in the total value delivered by an organization. The organization is split into 'primary activities' and 'support activities. Porter in his book.' .

any competitive advantage is clearly communicated to the target group by the use of the promotional mix. Operations : The raw materials and goods obtained are manufactured into the final product. retailers or customers. Services: After the product/service has been sold what support services does the organization have to offer. The marketing mix is used to establish an effective strategy. maybe essential for the firm to develop the competitive advantage which Porter talks about in his book. Marketing and Sales: Marketing must make sure that the product is targeted towards the correct customer group. . With the above activities. any or a combination of them. guarantees and warranties. This may come in the form of after sales training.Primary activities Inbound logistics : Refers to goods being obtained from the organizations suppliers ready to be used for producing the end product. Outbound logistics : Once the products have been manufactured they are ready to be distributed to distribution centers. Value is added to the product at this stage as it moves through the production line. wholesalers.

train and develop the correct people for the organization if they are to succeed in their objectives. They include: Procurement: This department must source raw materials for the organization and obtain the best price for doing so. Within the service sector eg airlines it is the µstaff¶ who may offer the competitive advantage that is needed within the field. or in research and development to develop new products. Firm infrastructure: Every organizations needs to ensure that their finances. legal structure and management structure works efficiently and helps drive the organization forward. Technology can be used in production to reduce cost thus add value. or via the use of the internet so customers have access to online facilities. Human resource management: The organization will have to recruit. Technology development: The use of technology to obtain a competitive advantage within the organization. The value chain encompasses the whole organization and looks at how primary and support activities can work together effectively and efficiently to help gain the organization a superior competitive advantage. Staff will have to be motivated and paid the µmarket rate¶ if they are to stay with the organization and add value to it over their duration of employment. . This is very important in today¶s technological driven environment. For the price they must obtain the best possible quality.Support Activities The support activities assist the primary activities in helping the organization achieve its competitive advantage.

(d) Technical Risk .Broadly four types of risks ± (a) Organizational Risk Availability of necessary skills. work culture (does not allow interpersonal communication.RISKS IN INFORMATION SYSTEMS . More risk when new projects have greater degree of dependence on existing IT infrastructure. .Risk in adopting new and untried technologies is more than ones that are well established and commercially tried technologies. reluctance of employees.Assess the risks associated with the realization of values from IT infrastructure. then use of emails remains underutilized) (b) IT Infrastructure Risk Existing IT systems are not in tune with the proposed ones. . (c) Definitional Risk The specific objectives that are sought to be achieved through the proposed IS projects are to be defined properly to the IS designers.

trojan horse.Risks to Hardware ‡ Natural Disasters ‡ Blackouts and Brownouts ‡ Vandalism or Sabotage Risks to Data and Applications ‡ Theft of Information and Identity Theft ‡ Computer Viruses. worms. logic bombs ‡ Back Doors or Trap Doors ‡ Denial of Service ‡ Alien Software ‡ Phishing .

Protecting Information Resources Risk management Risk is the probability that a threat will impact on information resource. then control is not cost-effective. b) Risk Mitigation . It implements controls to prevent identified threats from occurring and develop a means of recovery should a threat become a reality. Three most common risk strategies are ± risk acceptance. risk transference c) Controls Evaluation The organization identifies security deficiencies and calculates the costs of implementing adequate control measures. Goal is to identify. If the cost of implementing is greater than the value of assets being protected. Three processes in risk management ± a) Risk analysis Process in which an organization prioritizes the assets to be protected based on each asset¶s value. risk limitation.The organization takes concrete actions against risks. . control and minimize the impact of threats. its probability of being compromised. and the estimated cost of protection. RAID _ Redundant Array of Independent Disks programmed to replicate stored data to provide a higher degree of reliability Access Controls Physical Control. Backup Duplicate all data periodically and these backups should be routinely transported off site for more security There are firms that specialize in providing back-up facilities on line (e. A highly robust program includes code that promptly produces a clear message if a user either errs or tries to circumvent a process.Controls They are constraints and other restrictions imposed on a user or a system to secure systems against the risks or to reduce damage. Weakness with physical control is tailgating.only authorized users have a key to unlock a system. amerivault. Common controls areProgram Robustness and Data Entry Controls Program is robust is it free of bugs and can handle unforeseen situations well. .

at what time and under whose approval. Account numbers. Audit Trail A series of documented facts that help detect who recorded which transactions. It ensures that full entry occurs in all the appropriate files. .Access Controls are classified into three groups ± What you know ± User IDs. This is done to trace who has done abuses and moreover discourages abuse. passwords What you have ± security cards Who you are ± biometrics Atomic transactions It is a set of indivisible transactions that are either all executed or none are-never only some.

Trusted Network . or to sites that provide no useful resources. such as computer viruses and other rogue software.Security Measures Firewalls and Proxy Servers Firewall software screens the activities of a person who logs onto a web site. It is also programmed to block employee access to sites that are suspected of launching rogue programs. It is used to keep unauthorized software or instructions away.

It is a network of computers connected to company¶s trusted network (like intranet) at one end and untrusted network at the other end. There are two types of encryption ± (a) Symmetric Encryption where the sender and the receiver use the same key. Authentication and Encryption Authentication is the process of ensuring that the person who sends a message to or receives message from you is indeed that person. A key is used to decipher the ciphertext back to plaintext which is a unique combination of bits. The original message is called plain text and the coded message is called ciphertext. .A proxy server represents another server for all information request from resources inside the trusted network. . (b) Asymmetric Encryption (public key encryption) uses two different keys.a public key and a private key.- Another approach to increase security is DMZ (Demilitarized Zone) that is like a barrier and is established by using a proxy server. For this encryption programs are used that scramble information transmitted over the network so that an interceptor only receives unintelligible data.

A requests DC from Verisign (third Party) A Verisign 2. Verisign creates DC for A No ± 1223 Issuer ± Verisign Valid from 1900-1910 A A¶s Public key 0011 1100 1010 0110 3. A presents DC to B for authentication purpose B .Digital Certificates It is an electronic document attached to a file certifying that the file is from the organization it claims to be from and has not been modified from its original format. an organization that serves as a trusted third party. An issuer of digital certificates is called a Certificate Authority. Verisign Transmits DC to A 4. 1.

Transport Layer Security Protocol used for transactions on the web usually with a 128-bit key Works as follows ± -When a visitor connects to a site. -The visitors browser creates a temporary secret key which is transmitted to the site¶s server encrypted by using the site¶s public key. the site¶s server sends the visitor¶s browser its public key. . .The visitor can now safely transmit confidential information.

Disaster recovery is the chain of events linking planning to protection and to recovery . Prioritize recovery needs v.Nine steps i. Continually test and evaluate. Perform risk assessment and impact analysis iv.Disaster Recovery Planning or Business Recovery Plan . Disaster Avoidance Oriented towards prevention . . Establish a planning committee iii. Test the plan ix. a process called business continuity.Purpose is to keep the business running after a disaster occurs. Select a recover plan vi. Develop and implement the plan viii. Obtain management¶s commitment to the plan ii. Select vendors vii.