Module - 5

Managing information systems -Enterprise Management –

Information Resource Management –Technology Management –

IS planning methodologies – Critical Success Factors –

Business Systems Planning – Computer Aided Planning Tools—

Security & Ethical Challenges-IS controls –Facility Controls –

Procedural Controls – Computer Crime – Privacy Issues – Hacking

5.2 Enterprise management

Enterprise Management (EM), in broad terms, is the field of

organizational development that supports organizations in
managing integrally and adapting themselves to the changes of
a transformation

An enterprise is an undertaking that needs to be managed for

desired results. A business organisation is an enterprise.
The definition of what constitutes Enterprise Management
depends largely on the business environment, but could include
the following:

1. Network management and monitoring

2. Systems management and monitoring
3. Database management and monitoring
4. Application management and monitoring
5. application integrators
6. Incident management
7. Notification management and strategy
8. Performance management
9. Service management
10.Reporting

3
1. Network Management & Monitoring
 
•Enterprise network management is the task of ensuring
that the networks and systems provide the required
services with the specified quality of service to the users
and other systems.

•Most enterprise network management architectures

use agent-manager relationship where the agents,
residing on managed network/system elements, provide
network/system management information such as alerts
or performance measurements to the manager

4
2. Systems Management & Monitoring
 

•The monitoring of servers is critical to the success of any

Enterprise Monitoring strategy. 
•The scope of this monitoring depends heavily on the business
environment,
•Monitoring of servers will typically involve the installation of
monitoring agents which pro-actively monitor the systems
according to well-defined & agreed monitoring baselines. 
•Some examples of this are the monitoring of file systems, disks,
critical processes, important log files, as well as availability
monitoring of the servers themselves.  All servers of importance
5
should be monitored effectively within your environment.
3. Database management & monitoring
 
Once the servers are monitored using a well-defined
and agreed strategy, the next natural progression
should be to start to consider the next tier, for
example databases such as MS SQL, Oracle, Sybase,
or DB2. 
All critical databases should be monitored to some
degree, whether this is via in-house scripting and
basic logfile/process monitoring, or via a more
advanced/complete mechanism.

7
4. Application management and monitoring

•After considering network devices, servers and databases, the next

thing to consider is application monitoring.  This is not complicated,
it could mean the monitoring of simple application processes,
logfiles, or the running of scripts. 
•The manager has to identify the critical applications in use within the
organisation and engage with those teams to ascertain what level of
monitoring would be useful. 

8
5. Application integrations

•To further enhance the monitoring capability the manager

might also consider integrating applications within the
environment into the Enterprise Monitoring system. 
•With any single-point integration the manager should always
consider the risks associated with such configurations and try
and mitigate these where possible - single-point integration can
sometimes mean single-point-of-failure! 
•An alternative integration method can be to utilise a local
monitoring agent, so that an application agent sends alerts
locally to the resident agent, which in turn alerts to the central
monitoring console using standard mechanisms. 
•The benefit of this approach is that the manager can eliminate
the single-point-of-failure scenario, and also reduce network
traffic. 
9
6. Incident Management
 
Incident management, in the context of Enterprise Monitoring, relates to
how alerts & faults highlighted In the monitoring environment are escalated
and recorded in the incident management system .  Once an alert from the
monitoring environment is produced it should be escalated to the incident
management system so that a record is created for the failure and the
relevant team can update the trouble-ticket with information on cause,
effect, impact and resolution/remediation details (where possible). 

10
7. Notification management & strategy

Once the Enterprise Monitoring solution has matured

the business may naturally consider the use of a
notification system.  Support teams within the
organisation might also be requesting this, especially if
the business has improved the monitoring capabilities
for their particular domain.  The organisation might
have some form of notification tool already in use
within the business, so this should be investigated and
reviewed accordingly. 

11
8. Performance & Capacity Management
 
Performance monitoring in this context does not simply
mean monitoring servers for CPU or disk utilisation. It is
more concerned with creating a function whereby you can
deliver performance data to teams if they require it.  This
could be in the form of performance graphs/reports for
reviewing testing cycle phases, for analysing environments
during major faults/incidents, or for providing dataevidence
to support trending or capacity planning exercises. 

12
9. Service management

Senior management requires a Service Management view of

their environment.  They are keen to be able to show the critical
services within the organisation, and show alerts & status to
indicate service health/degradation.    Once there is a mature
Enterprise Management and monitoring solution deployed, or at
the very least the structure and plans to deliver such a solution,
then consideration can be given to providing a service
management capability. 

13
10. Reporting
 
Effective reporting on metrics can help identify trends, show project benefits
& ultimately justify projects & resourcing.  Examples of some useful types
of reporting include incident reports (tickets per team, for example),
notification reports (frequency of out-of-hours callouts), performance
& capacity reports (CPU utilisation, free disk space etc.) and ultimately service
reports (indicating service levels, SLAs etc.).  Reporting is not something
that may need to be considered at the onset of an Enterprise Management
programme, but it should be considered carefully and investigated completely
when the requirement presents itself.

14
Information resource management

Information Resources Management (IRM) is an

emerging discipline that helps managers assess and
exploit their information assets for business
development. It is about the techniques of managing
information as a shared organizational resource. IRM
includes the following:

1. Identification of information resources

2. Type and value of information they provide
3. Ways of classification, valuation, processing, storage
and recovery of those information.
15
Without information resource management a company
may find it difficult to recover useful information with
the stored data many of which will be unwanted. It is
called drowning in data without getting the
information that is needed.

16
Importance of IRM

• To control in and out flow of information.

• To reduce operating costs.

• To improve efficiency and productivity.

• To assimilate new information management technologies.

• To ensure regulatory compliance.

• To minimize litigation risks.

• To safeguard vital information

Barriers to IRM

• Lack of well defined IRM concepts.

• Lack of ability to attract and retained skilled

people.
• Lack of strategic management process.

• Lack of performance measures.

Technology management
In technology management emphasis is given to business
knowledge on information technologies and information systems
and their management. This includes:

• analysis of work flow

• design information systems or Web sites
• design and manage networks and intranets
• conceptualize and implement complex databases
• set up security measures
• build business-to-business networks.
• developing and identifying new technologies

19
Technology Management is a multi-disciplinary activity that
focuses on the integration of engineering, computer science,
information technology, and business management for two
purposes:

1. the technology of management, which includes the design of

information technology to solve business problems, and

2. the management of technology.

The task of technology management can be under a different

manager (chief technology officer/manager) being a
specialised subject.

20
Importance
• Rapid changes in technology

• Increasing applications and data

• Growth in business management understanding of technology

21
Information system planning methodologies

• To assist in the achievements of business goals

• To ensure optimum use of resources
• To maximise benefits of technology change
• To take benefits of the expert view points of business
professionals and information technologists.

• SISP has to be cost effective, competitive and possible

to integrate with business strategy
• align IS/IT with organisational goals
• The overall objective of SISP is to direct IS resources
to those areas offering the most important corporate benefits
• should provide competitive advantage to business

22
Information system planning methodologies

• Information system planning is vital to success in a competitive

business environment.
• Often it leads to strategic information system planning (SISP).
• The plan shows the structure and development of the
information system.
• The organisations strategic plan provide the basics for SISP.
• The overall responsibility will be with the Chief information
officer (CIO)
• Master plan is reviewed by the steering committee.
• Master plan is integrated in the business strategic plan.
• Information policies and procedures are defined.
• Master plan will be short range and long range.
23
Information system planning is required to ;

• avoid expensive systems that won’t provide desired results

• to reduce overall cost of information system management for
the desired purpose
• support integration with business strategy
• prioritise investments
• manage information to the best interest of the business
• coordinate the works of systems personnel and users
• make full use of opportunities
• avoid system duplication
• ensure compatibility of system with business goals
• avoid waste of resources

24
1. Corporate mission
Steps in IS planning
statement
2. Information system mission
statement

3. Information systems strategic plan

4. Information system tactical plan

5. Operational plans

6. Budget
 Critical success factors
1. Proper Planning
One of the most important factors in implementing a information
system is proper planning in the initial stages. The organization
implementing the information system must understand what is
needed, why it is needed and the most efficient way of achieving
the goal. Information systems will not be able to deliver the
necessary information without proper planning and organization.
Even if there is a sense of urgency in implementing the
information system, it should not be at the cost of proper
planning.

26
2. Strong Leadership
Strong leadership overseeing the implementation of the
information system is an absolute necessity. The leaders
must be able to inspire and motivate people from
multiple departments and companies in order to ensure
the proper flow of information. Thus, it is necessary for
top management and organization leaders to understand
the long-term goal for the information system and
potential hurdles that may occur.

27
3. Collaboration

Implementing a strong information system is not an easy task, so

partnerships and collaboration between multiple departments or
employees is necessary. Entrusting such a large project to one
group is not sufficient. Employees from different regions,
departments and partners must be involved in the design process
in order to ensure all possible goals are met. Hopefully, a
multidisciplinary team will be able to design the optimal
information system while developing all supporting material for
the entire corporation. In essence, all these different employees
must see their efforts as a collaboration.

28
4. Implementation Skills

The implementation of an information system is even more

difficult than the development process. Implementation
requires skills in project management and support. Project
management skills will involve being able to monitor the
large number of tasks involved in implementation. Support
skills will help with ensuring the information system will
become an integral part of day-to-day activity. Good support
skills will also involve ongoing communication with users,
solving problems and improving the information system for
future use

29
 Business system planning (BSP)

• Business system planning (BSP) is a method of

analysing , defining and designing the information
architecture of organisations . It was introduced by
IBM for internal use only in 1981, although initial
work on BSP began during the early 1970s.
Steps in the BSP process

1. Obtain authorization for the study

2. Assemble the study team

3. Define the data classes

4. Define the business processes

5. Using these data classes and business processes,

define the information architecture

6. Compare this architecture with the present systems

and identify missing and/or needed systems
7. Interview senior management to ensure the
architecture is correct and to identify any problems
8. Establish priorities for each of the major systems
contained in the architecture
9. Prepare the final study report and present it to top
management
10. If approved, initiate the construction of the
architecture
5.9 Security and ethical challenges

 Hacking
 Information theft
 Software piracy
 Unauthorised use
 Intellectual property violations
 Computer viruses and worms
 Online illegal transactions

33
 Security management
 Backup
 Antivirus  Security monitors
 Encryption  Biometric security
 Firewalls  Failure control
 Monitoring mails  Fault tolerant systems
 Security codes  Disaster recovery
 Protection from illegal  System controls and
transaction audit

34
Security and ethical challenges
Ethical challenges

 Information system raises various ethical issues

 Hence it needs specific principles for conduct on
ethical issues.
 Modern information systems and the internet pose
challenges to the protection of individual privacy and
intellectual property
 Information systems and the internet affects daily
life

35
Ethical challenges

 Databases are used in appropriately by companies

 There are dangers inherent in the sue of information
system and internet
 There are many cases of failures of ethical
judgments in recent times in business: Enron, Sathyam,
Sahara… where information systems used to hide
informational transparency and used for cheating and
defrauding the stakeholders.

36
 Ethical challenges

 What is ethics?

Principles of right and wrong that individuals acting as

moral agents, use to make choices o guide their
behaviours.

37
Ethical challenges

 Information systems raise ethical questions because

they facilitate opportunities for:
 intense social changes
 threatening existing distribution of political and
other balances (money, rights and obligations)
 New kinds of criminal activities
 threats to security

38
Information system controls

 Information systems control is required to protect the

information system and ensure its safety and security

 comprises and involves various methods, processes, policies

and procedures

 Ensures protection of information system assets

 Ensures accuracy and reliability of records, and operational

adherence to management standards
Information system controls

 General controls

• Establish framework for controlling design, security and use of

computer systems for information.
• Include software, hardware, computer operations, data
security, implementation and administrative controls.

 Application controls [An application programme is a programme

designed to perform a specific function directly for the user or, in some
cases, for another application programme Examples of applications include
word processors, database programmes, Web browsers, development
tools, drawing, paint, image editing programmes and communication
programmes.]
• Unique to each application of computer.
• Includes input, processing and output controls.
Information system controls

 Online transaction processing

• Transactions entered online are immediately processed by

computer

 Fault tolerant computer systems

• Contain extra hardware, software and power supply

components
 High availability computing

• Tools and controls enabling system to recover from a crash

 Disaster recovery plan

• Runs business in the event of computer outage (temporary

suspension)

 Load balancing

• Distributes load for access among multiple servers

 Mirroring

• Duplicating all processes and transactions of server on backup

server to prevent any interruption

 Clustering

• Linking two computers together so that a second computer can

act as a backup for the primary computer or speed processing.
 Physical Facility Control

• Physical facility control is methods that protect physical

facilities and their contents from loss and destruction.
• Computer centers are prone to many hazards such as
accidents, thefts, fire, natural disasters, destructions etc.
Therefore physical safeguards and various control
procedures are required to protect the hardware, software
and vital data resources of computer using organizations.
 Procedural Control

• These methods provide maximum security to operation of

the information system.  Standard procedures are
developed and maintained manually and built in software
help display so that every one knows what to do.
• It promotes uniformity and minimize the chance of error
and fraud. It should be kept up-to-date so that correct
processing of each activity is made possible.
Managing information
system and security

Input, process, output Information system control

and storage control

Standard procedures, documentation , Procedural control

authorization, requirement, auditing

Physical protection, computer failure

control, telecommunications control, Facility control
Insurance
Computer crimes

Crimes that use computer networks or devices to

advance other ends include: Fraud and identity
theft (although this increasingly uses malware,
hacking and/or phishing, making it an example of
both "computer as target" and "computer as tool"
crime) Information warfare. Phishing scams.

Also called cyber crime, e-crime, electronic crime, or

hi-tech crime.
Computer crimes

Child pornography - Making or distributing child pornography.

Cyber terrorism - Hacking, threats, and blackmailing towards a
business or person.
Cyber bully or Cyber stalking - Harassing others online.
Creating Malware - Writing, creating, or distributing malware (e.g.
viruses and spyware.)
Denial of Service attack - Overloading a system with so many
requests it cannot serve normal requests.
Espionage - Spying on a person or business.
Some computer threats…
1. Malicious code

 Viruses: computer program that as ability to replicate and spread to

other files; most also deliver a “payload” of some sort (may be destructive

or benign); include macro viruses, file-infecting viruses and script viruses

 Worms: designed to spread from computer to computer

 Trojan horse: appears to be benign, but then does something other than

expected

 Bad applets (malicious mobile code): malicious Java applets or ActiveX

controls that may be downloaded onto client and activated merely by

surfing to a Web site

2. Hacking and Cyber Vandalism
 Hacking is identifying weakness in computer systems or networks to
exploit its weaknesses to gain access.  Hackers use computers to
commit fraudulent acts such as fraud, privacy invasion, stealing
corporate/personal data etc.

 Cyber-Vandalism accounts to the act of damaging someone’s data

from the computer that in a way disrupts the victim’s business or
image due to editing the data into something invasive, embarrassing
or absurd. The thieves create malevolent programs that prove
injurious to the hard disk data or login credentials of the victim. 
3. Credit card fraud

 Fear that credit card information will be stolen

deters online purchases
 Hackers target credit card files and other
customer information files on merchant
servers; use stolen data to establish credit
under false identity .
 One solution: New identity verification
mechanisms
4. Spoofing
   spoofing refers tricking or deceiving computer systems or
other computer users. This is typically done by hiding one's
identity or faking the identity of another user on the Internet

5. Sniffing
Packet sniffing allows individuals to capture data as it is
transmitted over a network. This technique is used by
network professionals to diagnose network issues, and
by malicious users to capture unencrypted data, like
passwords and usernames.
5.Denial of Service attack
 This is a cyber attack in which the
perpetrator(hacker) seeks to make a machine or
network recourses unavailable to its intended users
by temporarily or indefinitely disrupting services of a
host connected to the internet.
6. Phishing

 Phishing is a cyber attack that uses disguised email as a weapon. The goal
is to trick the email recipient into believing that the message is something
they want or need , a request from their bank, for instance, or a note
from someone in their company and to click a link or download an
attachment.

What really distinguishes phishing is the form the message takes: the
attackers masquerade as a trusted entity of some kind, often a real or
plausibly real person, or a company the victim might do business with. It's
one of the oldest types of cyber attacks,