Friday, March 26, 2010

Chapter 4 - Ethics and Information Security

1. Explain the ethical issues surrounding information technology.
The violation of intellectual property is an increasing issue due to advances in technology. Advances in technology have enabled people to copy many forms of media. File sharing software such as utorrent make it possible to share intellectual property without the owners permission and without paying. In Australia file sharing is illegal, however, it is very difficult to enforce ethical principles and standards upon the use of technology despite the fact they are enshrined in the law.
Privacy is also an increasing moral dilemma. Advances in technology allow information to easily be gathered by anyone. Under the Privacy Act 1988 in Australia all people have the right to have some information remain outside the public domain. Facebook, for example, violated the privacy of its users through its beacon program which used data about its users to produce advertisements without asking users to participate or allowing them to opt-out of the service.

2. Describe the relationship between an ‘email privacy policy’ and an ‘Internet use policy’.


An email privacy policy outlines how a business' email system may be used. It states what activities are permitted, details what information will be recorded and who may access it, and provides the monitoring and auditing process for this information. Whilst an internet contains general principles to guide the proper use of the internet such as defining the purpose of internet access and its restrictions and the ramifications for violating the policy. An internet use policy is much broader as it regulates the use of the internet rather than just email which is a use of the internet. The internet use policy may
therefore contain the email use policy because it is a function which uses the internet.

3. Summarise the five steps to creating an information security plan
  1. Develop the information security policies - Identify who is responsible and accountable for designing and implementing the organisation's information security policies. Policies include requiring users to log on and off their systems and never sharing passwords. The chief security officer (CSO) is responsible for designing the policy.
  2. Communicate the information security policies - Train all employees on the policies and establish clear expectations for adherence.
  3. Identify Critical Information Assets and Risks - Require the use of user IDs, passwords and anti-virus software. Ensure any systems that contain links to external networks have the appropriate technical protection. e.g. firewalls and intrusion detection software.
  4. Test and re-evaluate risks - Continually perform security reviews, audits, background checks and security assessments.
  5. Obtain stakeholder support - gain the approval and support of the information security policies from the board of directors and stakeholders.

4. What do the terms; authentication and authorization mean, how do they differ, provide some examples of each term.

Authentication: A method for confirming users' identities.

Authorisation: the process of giving someone permission to do or have something.

Authentication identifies who the user is. It is the first step of the process as it enables the process of authorisation. Authorisation differs as it is the process of determining (once the user has been identified) the access privileges of that user. In a business the process may determine what files a user can access or their amount of storage space.
There are three groups of authentication and authorisation techniques that are used:

2. something the user has e.g. smart card







3. something that is part of the user e.g. fingerprint

5. What the Five main types of Security Risks, suggest one method to prevent the severity of risk?


Human Error - an employee may not be proficient or by accident may make a mistake that damages the business.
This can be prevented or limited by creating or modifying training procedures to produce adequate employees.



Natural Disasters - destructive events on a large scale such as a bushfire, tsunami or an explosion.
It is impossible to predict natural disasters so companies attempt to limit their damage by creating a disaster recovery plan. This can involve preparation such as creating an offsite data storage.



Technical Failure - Includes failure of the hardware such as a hard drive crashing and software failures created by viruses, trojan horses and spam.
Hardware failure can be prevented by employing IT professionals to service hardware regularly. Software failures can be prevented by installing firewalls and anti-virus which updated regularly.



Deliberate Acts - Deliberate acts by people which damage the information systems of a business. May include actions such as employees and former employees destroying data or cyber criminals who hack systems to steal information and sell to competitors.
Deliberate acts can be prevented by enforcing harsh penalties for damage and strong passwords.



Management Failure - failure of the information technology system caused by poor management such as a lack of procedure, documentation or training.
Management failure can be prevented by developing a security plan, obtaining skilled staff through training, recruitment or outsourcing, and purchasing a corporate security package.
Posted by at No comments:

Tuesday, March 16, 2010

CHAPTER 3 - e-Business

1. What is an IP Address? What is it’s main function?
An Internet Protocol address is a unique numeric identifier of a computer in a network. It's performs two main functions as a host or network interface identification and location addressing. Network interface identification is the process whereby the IP address provides unique identification between a device and a network to ensure data is delivered to the correct recipient.
http://en.wikipedia.org/wiki/IP_address

2. What is Web 2.0, how does it differ from 1.0?
Web 2.0 describes a new set of trends in the internet's use. It is characterised by user participation, openness and network effects. It does not describe any updates of technical specifications or technology. Web 1.0 varies from web 2.0 as it did not enable user participation or openness, only the owner of a site could edit information. Internet users could not edit information, but they could view it.

3. What is Web 3.0?
Web 3.0 describes the future trends of the internet. It suggests the internet will transform into a database which will build information and form artificial intelligence, enable devices to connect with each other, search for information through different media, and/or progress to 3D sharing spaces. Artificial intelligence can be achieved through metadata (information about information) such as tagging which will enable a computer to predict new information such as movies an internet user may like.

4. Describe the different methods an organisation can use to access information

Intranet
An intranet is an internalised portion of the internet, protected from outside access. It allows an organisation to share information and programs to members. In business an intranet enables organisations to privately present organisational information in a central location for employees.

Extranet
An extranet is an extension of an intranet which enables strategic allies such as customers, suppliers and partners to access intranet based information and application software such as order processing. The system is beneficial as it can produce greater efficiency and improved customer relation.

Portal
A portal is a website that provides access to information through resources and services such as email and online discussions.

Kiosk
A publicly accessible computer system that allows interactive information browsing. A program runs in full screen mode which provides simple tools for navigation. E.g. Airpot self service kiosks reduce waiting time.

Internet Service Provider (ISP)
An ISP is a company the provides an individual or company with access to the internet. They also provide services such as website hosting and building, and hard-disk storage space.

Online Service Provider (OSP)
An OSP offers the services of an ISP but in addition offer unique service such as their own browser and online content.

Application service provider (ASP)
An ASP offers an organisation access to systems and services over the internet that would otherwise be located in personal or organisational computers. An ASP also assumes the operation, maintenance and upgrade responsibilities for a system. ASPs give small to medium businesses access to applications and systems that they would not be able to access unless they were large companies due to the cost and resources required. Service Level Agreements (SLAs) define the responsibilities of the ASP and customer expectations.

5. What is eBusiness, how does it differ from eCommerce?
eBusiness
conducting business on the internet, including buying and selling, but also serving customers and collaboration with business partners.

eCommerce
The buying and selling of goods and services over the internet.

eBusiness varies from eCommerce as it is not restricted to the buying and selling of goods and services. eBusiness includes all business activities that are conducted over the internet such as collaboration with business partners.

6. List and describe the various eBusiness models?
An eBusiness model is an approach to conducting electronic business on the internet.

Business-to-business (B2B)
Businesses buying from and selling to each other over the internet. Online access to data such as expected shipping and delivery dates provided by the seller or a third party are common. Electronic marketplaces are interactive business communities providing a central market where multiple buyers and sellers can engage in ebusiness activities. They increase market efficiency by tightening and automating the relationship between buyers and sellers.

Business-to-consumers (B2C)
A business sells its products or services directly to the consumer over the internet.
e-shop - an online store where customers can buy products at anytime during the day.
e-mall - consists of a number of e-shops and serves as a gateway through which a visitor can access other e-shops. e-shops in e-malls benefit from increased traffic as consumers will often browse neighbouring stores.

Consumer-to-business (C2B)
A consumer sells a product/service over the internet to a business. An intermediary is often used, e.g. istockphoto.com enables consumers to sell their stock images to companies.

Consumer-to-consumer (C2C)
Sites primarily offering goods and services which assist consumers to conduct business over the internet. They enable consumers, for a small fee, to sell goods without establishing a physical business.
electronic auction - sellers and buyers solicit consecutive bids from each other and prices are determined dynamically.
Forward Auction - the seller offers the item to many buyers and the highest bidder wins.
Reverse Auction - buyers purchase the product or service with the lowest bid.
Communities of interest - people interact on specific topics of interest.
Communities of relations - people share life experiences.
communities of fantasy - people participate in imaginary environments.

7. List 3 metrics you would use if you were hired to assess the effectiveness and the efficiency of an eBusiness web site?
cookie - a small file deposited on a hard drive by a website containing information about customers and their activities. They allow websites to record when customers enter and exit a website.
Click-through - counts the number of people who visit a site and click on an advertisement. Measures exposure to target adds as it cannot provide any information such as whether the user liked the ad or the time spent viewing the ad.
Banner ad - calculating the number of times an ad has been clicked on resulting in accessing the business's website.

8. Outline 2 opportunities and 2 challenges faced by companies doing business online?

Online business provides the opportunity to establish a business because of its relatively low setup cost. It does not, for example, require investment in physical premises. Furthermore, the internet is global which enables a business to gain far more exposure than would be possible through a conventional store and advertisements which would be localised to an area or country.

One major challenge faced by companies doing business online is competition. The internet has drastically increased the amount of competition a company may have through the process of globalisation. Consumers are not restricted by the distance of a supplier of a good or service as the internet allows them to conveniently order and pay with companies throughout the world. Conducting business over the internet can be risky as it records and stores details of both companies and their customers. Companies must therefore employ security to protect themselves and their customers in order to conduct business over the internet or the information from the company and customers can easily be misused to their disadvantage.
Posted by at No comments:

Friday, March 12, 2010

CHAPTER 2 - Strategic Decision Making

1. Define TPS & DSS, and explain how an organisation can use these systems to make decisions and gain competitive advantages
Transaction processing system (TPS) is the basic system that serves the operational level (analysts) in an organisation. For example, operational accounting systems such as payroll.

A decision support system (DSS) models information to support managers and business professionals during the decision making process. For example, Wellington taxi company's GPS system.

2. Describe the three quantitative models typically used by decision support systems.

Sensitivity Analysis
Study of the impact that changes in a model have on other parts of the model. Often users change one variable to observe the resulting changes in other variables.


http://www.rockresearch.com/images/Price%20Sensitivity%20Analysis.bmp

What-if analysis
Tests the impact of a change in assumption on the proposed solution and is repeated until all effects of various situations are understood.


Goal-Seeking Analysis
Finds the input necessary to achieve a goal by repeatedly changing variables until the goal is achieved.

3. Describe business processes and their importance to an organisation.
Business processes are a standardised set of activities that accomplish a specific task. Business processes transform a set of inputs into a set of outputs (goods or services) for another person/process by using people and tools.

By optimising and automating business processes a logical business process can be achieved which reduces undesirable occurrences in a business such as bottlenecks, eliminating duplicate activities, and identifies smooth-running business processes. Business processes therefore enable organisations to fulfil business goals such as reduced service time and increased profits by creating an efficient system which utilises all resources.

4. Compare business process improvement and business process re-engineering.
Business process improvement BPI) understand and measures the current process and make performance improvements accordingly, whilst business process re-engineering (BPR) is the analysis, redesign and reorganisation of workflow within and between enterprises.

BPI based on the assumption that the current process is relevant, works to some degree but could be improved to better meet business goals. BPR, however, assumes that the current process is irrelevant, does not work and must be completely overhauled. BPR can be an advantage as it allows the business process designers to disassociate themselves from the previous process and focus on the new process, whilst BPI can disadvantage developers by constraining them within an existing process. However, BPR is also hazardous because it is a time and resource consuming process that may impede a business from keeping up with its competitors in ventures such as new products. BPI carries far less risk because the process does not cause a large amount of disruption to an organisation as it causes fewer changes. As a result BPI can also be used more frequently, while BPR must be used infrequently.
http://en.wikipedia.org/wiki/Business_process_improvement
http://en.wikipedia.org/wiki/Business_process_reengineering

5. Describe the importance of business process modelling (or mapping) and business process models.

Business Process Modelling (mapping)
Activity of creating a detailed map of a work process in the form of a flowchart or process map, showing its inputs, tasks and activities in a structured sequence.

Business Process Models
A graphic description of a process showing the sequence or process tasks, which are developed for a specific purpose and from a selected viewpoint.


https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpfZ2Pw1bOsRQN_098e1BbSt7XTghyDjS5HHv0vUlBHMFeBGF5K9Vz6Ohx450UHeZOv07BIry2lyZqdPN9QKFUb99iXZ6XldM9XYua8-hCP4Dm-tMxTtEtYwD8oidR2hTl5lhn7-GtrkYf/s400/bpmsolution.gif
Business Process Modelling is important as it creates a visual representation of the business process which are sometimes invisible due to technology. Business process modelling is an important part of the process of BPI and BPR. As-is process models map an existing business process. Thus they are extremely important in BPI as they allow designers to view the inefficiencies in the existing business processes. Furthermore, in the processes of BPI and BPR they enable designers to convey new business processes in to-be process models which can be easily be distributed throughout the business.
http://www.projectperfect.com.au/info_business_process_modelling_overview.php
Posted by at No comments:

Sunday, March 7, 2010

CHAPTER 1 - Information Systems in Business

Explain information technology’s role in business and describe how you measure success?

Information Technology's role in business is to manage and process information. It collects raw data which when processed becomes information which is meaningful to the company. This is an important role in business as it enables success, however it requires people that understand how to use and manage it effectively.

Information Technology plays an important role in fulfilling business goals by facilitating communication and increased business intelligence. Technology can increase communication and business intelligence by utilising systems which enable the functional areas of business such as accounting, marketing, operations, human resources and logistics to share information. This is an extremely important function as each of these functional areas is interdependent as they rely on each others information. For example, sales must rely on information from operations to understand inventory, place orders, etc.

Through the business function of management information systems (MIS) information technology has an important role in the resolution of business problems. MIS is the application of people, technologies and procedures to solve a business problem. It is an integral business function which enables success.

Information Technology is measured in Key Performance Indicators (KPIs) which are measures that are tied to business drivers. Metrics are the detailed measures that inform KPIs.

Efficiency Metric - Measures the performance of an It system. For example throughput, speed and availability. Focuses on the extent an organisation is using its resources in an optimal way.

Effectiveness Metric - Measures the impact IT has on business processes and activities. For example, customer satisfaction and sell effectiveness. Focuses on how well an organisation is achieving its goals and objectives.

Benchmarking - baseline metrics benchmarking is the process of continuously measuring system results, comparing those results to optimal system performance, and identifying steps and procedures to improve system performance.

http://www.sharkyextreme.com/img/2007/09/a64x2_5600/pcmark2005_sys.jpg


List and describe each of the forces in Porter’s Five Forces Model?


https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEo-LKcj3x2O-fm0b3__yjv-ndA_lu-HgLIqievxI6TvR9yEpTIyUaIjv9YSaS_BMeQZMKXSmWWr_1yYFJMID0JREE1oPvhQnC4IzklyqFB-sIO4uE0mkL6bzlNl7jibX0pua4cK5u6-8b/s400/porter.jpg

Buyer Power
Buyer power is high when there are many sellers, and low when their are few. Buyers impact the price of items as they determine what they are willing to pay. Strong buyer power (similar to a monopsony) allows the buyer to determine the price. Businesses reduce buyer power by expanding and improving services to produce a competitive advantage and loyalty programs which reward customers for the amount and continued use of their business. IT is often employed to manage loyalty programs.

Supplier Power
The supplier provides raw materials to an organisation to produce products which may in turn become raw materials. Supplier power is high when one supplier has concentrated power over an industry. High supply power allows the supplier to charge higher prices, limit quality or service and shift costs to industry participants. High supplier power prevents organisations from passing on costs for fear of jeopardising sales. Standard parts reduce supplier power.

Threat of Substitute Products or Services
Organisations attempt to enter markets where there are few substitutes and therefore less competition.

Threat of new entrant
An entry barrier is a product of service feature which has become an expectation of customers, necessary to be competitive in a market. The threat of new entrants in a market is high when there are small entry barriers and low when there are large entry barriers.

Rivalry among existing competitors
There is a general trend towards high competition in most industries. In order to reduce competition companies introduce switching costs. A switching cost can be a feature such as customer service or an associated monetary cost such as a loyalty program. To reduce competition from rivals companies create products significantly different from their competitors' products.

Describe the relationship between business processes and value chains?
A business process is a standardised set of activities that accomplish a specific task. To evaluate the effectiveness of its business processes an organisation can use the value chain. The value chain views an organisation as a series of processes, each of which adds value to the product/service for each customer. To create a competitive advantage the value chain must allow the organisation to provide unique value to its customers.

Compare Porter’s three generic strategies?


http://www.marketingteacher.com/IMAGES/porter_generic.gif

Broad Cost Leadership
Requires a company to be a low cost producer in an industry. Companies may sell prices at market average to earn higher profits or at below average industry prices to gain a market share. Strategy is advantageous as companies will remain profitable for a long period if their production costs are cheap. Improvements in technology mean that there is a risk another company could leapfrog the production capabilities, eliminating the competitive advantage.

Broad Differentiation
 Requires a company to develop a product or service that offers unique attributes valued and perceived by customers as better than the competition. Companies may charge higher prices and increase products due to the value added by the uniqueness of the product. May enable the company to pass along costs to its customers who cannot find a substitute product. However, the strategy also has risks as it can be limited by competitors and customers may change their taste.

Focused Strategy
Requires a company to focus on a narrow segment and attempts to achieve a cost advantage or differentiation. There is a high degree of customer loyalty in niche markets which limits the threat of new entrants. Companies pursuing a focus strategy have less bargaining power with suppliers due to their smaller volume. They may, however, pass on costs to the customer since no close substitute products exist. The strategy risks a broad-market cost leader adapting its product to suit the market segment of the company and is bound to the limitations and changes in the target segments.

http://www.quickmba.com/strategy/generic.shtml
Posted by at No comments:
Subscribe to: Posts (Atom)