Preparationppt It4biz

IT for Business
Hardware
Categories of Computer Systems
3
Microcomputer Systems
 Usually called a personal computer or PC
 Computing power now exceeds that of the
mainframes of previous generations
 Relatively inexpensive
 Are the networked professional workstations used by
business processions
 Versions include hand-held, notebook, laptop, tablet,
portable, desktop, and floor-standing
4
Microcomputer Uses
 Workstations
 Supports have mathematical computer and
graphics display demands
 CAD, investment and portfolio analysis
 Network Servers
 More powerful than workstations
 Coordinates telecommunications and resource

sharing
 Supports small networks and Internet or intranet
websites
5
Corporate PC Criteria
 Solid performance at a reasonable price

 Operating system ready
 Connectivity
 Network interface cards
or wireless capabilities
6
Information Appliances
 Hand-held microcomputer devices
 Known as personal digital assistants (PDAs)
 Web-enabled PDAs use touch screens, handwriting
recognition, or keypads
 Mobile workers use to access email or the Web,
exchange data with desktop PCs or servers
 Latest entrant is the BlackBerry
 PDAs include
 Video-game consoles
 Cellular and PCS phones
 Telephone-based home email appliances

7
Midrange Systems
 High-end network servers that handle large-
scale processing of business applications
 Not as powerful as mainframes
 Less expensive to buy, operate, and maintain
 Often used to manage
 Large Internet websites
 Corporate intranets and extranets
 Integrated, enterprise-wide applications
 Used as front-end servers to assist mainframes
with telecommunications and networks
8
Mainframe Computer Systems
 Large, fast, powerful computer systems
 Large primary storage capacity
 High transaction processing
 Handles complex computations
 Widely used as superservers for…

 Large client/server networks
 High-volume Internet websites
 Becoming a popular computing platform for…

 Data mining and warehousing
 Electronic commerce applications
9
Supercomputer Systems
 Extremely powerful systems designed for…
 Scientific, engineering, and business applications
 Massive numeric computations
 Markets include…
 Government research agencies
 Large universities
 Major corporations
 Uses parallel processing

 Billions to trillions of operations per second (gigaflops
and teraflops)
10
Computer System Concept
11
 A system of hardware devices organized by
function
 Input
 Keyboards, touch screens, pens, electronic

mice, optical scanners
 Converts data into electronic form for entry
into computer system
 Processing
 Central
Processing Unit (CPU)
 CPU subunits: arithmetic-logic and control
unit 12
 Output
 Video display units, printers, audio response
units,
and so on
 Converts electronic information into human-
intelligible form
 Storage
 Primarystorage (memory)
 Secondary storage (disk drives)
 Control
 CPU controls other components of the system 13
Computer Processing Speeds
 Early computers
 Milliseconds (thousandths of a second)
 Microseconds (millionths of a second)
 Current computers
 Nanoseconds (billionth of a second)
 Picoseconds (trillionth of a second)
 Program instruction processing speeds

 Megahertz (millions of cycles per second)
 Gigahertz (billions of cycles per second)
 Commonly called the “clock speed”

14
Computer Processing Speeds
 Throughput
 The ability to perform useful computation or data
processing assignments during a given period
 Speed is dependant on…
 Size of circuitry paths (buses) that interconnect
microprocessor components
 Capacity of instruction processing registers
 Use of high-speed cache memory
 Use of specialized microprocessor, such as math

coprocessor
15
Peripherals
 Peripheral is a generic name for all input, output,
and secondary storage devices
 Parts of the computer system, but not the CPU
 Are all online devices
 Online devices
 Separate from the CPU, but electronically
connected to and controlled by it
 Offline devices
 Separate from and not under the control of the
CPU
16
Peripherals Advice
17
Input Technologies
 Keyboard - Still most widely used input device
 Graphical User Interface (GUI) - Icons, menus, windows,
buttons, bars; Selected with pointing devices
 Electronic Mouse - Most popular pointing device; Pressing
mouse buttons initiates activity represented by the icon
selected
 Trackball - Stationary device, similar to mouse; Roller ball
moves cursor on screen
 Pointing Stick - Small eraser-head device
embedded in keyboard; Cursor moves in the direction of
the pressure placed on the stick
18
Input Technologies
 Touchpad
 Small, rectangular, touch-sensitive surface
 Usually on keyboard
 Cursor moves in direction your finger moves
 Touch Screen
 Use computer by touching screen Screen emits a
grid of infrared beams, sound waves, or electric
current
 Grid is broken when screen is touched
19
Pen-Based Computing
 Used in Tablet PCs and PDAs

 Pressure-sensitive layer, similar
to touch screen, under liquid
crystal display screen
 Software digitizes handwriting,
hand printing, and hand drawing
20
Speech Recognition Systems
 Speech be the future of data entry
 Easiest, most natural means of human communication
 Recognizing speech patterns

 Discrete required pauses between each word
 Continuous speech recognition software (CSR) recognized

continuous, conversationally paced speech
 Speech recognition systems digitize, analyze, and classify speech
and sound patterns
 Compares to a database of sound patterns in its vocabulary
 Passes recognized words to the application software
 Typically requires voice recognition training
 Speaker-independent voice recognition systems

 Allows computer to recognize words from a voice it has never
heard before
 Typically used in voice-messaging computers
21
Optical Scanning
 Devices read text or graphics and convert them into digital input for a
computers
 Enables direct entry of data from source documents
 A document management library system

 Scans documents, then organizes and stores them for easy
reference or retrieval
 Scanners
 Compact desktop models are popular for low cost and ease of use
 Larger, more expensive flatbed scanners are faster and provide

high-resolution color scanning
 Optical Character Recognition (OCR)
 Software that reads characters and codes
 Used to real merchandise tags, sort mail, score tests
 Optical scanning wands read bar codes
22
Other Input Technologies
 Magnetic Stripe
 Reads the magnetic stripe on credit cards
 Smart Cards
 Microprocessor chip and memory on credit card
 Use more in Europe than in the U.S.
 Digital Cameras
 Allows you to shoot, store, and download photos or full-motion
video with audio into the PC
 Images and audio can then be edited or enhanced
 Magnetic Ink Character Recognition (MICR)

 Used by banks to magnetically read checks and deposit slips
 Requires an iron oxide-based ink
 Reader-sorter equipment magnetizes the ink, then passes it under

a reading head to sense the signal
23
Output Technologies
 Video Displays
 Cathode-ray tube (CRT)
 Liquid crystal displays (LCDs)
 Active matrix and dual scan

 Plasma displays
 Used in large TVs and flat-panel monitors
 Printed Output
 Inkjet printers spray ink on a page
 Laser printers use an electrostatic process similar

to a photocopying machine
24
Storage Tradeoffs
25
Computer Storage Fundamentals
 Uses a two-state or binary representation of data
 On or Off
 On represents the number 1
 Off represents the number 0
 Data are processed and stored in computer systems

through the presence or absence of On/Off signals
26
Bit and Byte
 Bit
 Short for binary digit
 Smallest element of data
 Either zero or one
 Byte
 Group of eight bits, which operate as a single unit
 Represents one character or number
27
Representing Characters in Bytes
28
Using Binary Code to
Calculate
29
Storage Capacity
Measurement
 Kilobyte (KB): one thousand bytes
 Megabyte (MB): one million bytes
 Gigabyte (GB): one billions bytes
 Terabyte (TB): one trillion bytes
 Petabyte (PB): one quadrillion bytes
30
Direct and Sequential Access
 Direct or Random Access
 Directly store and retrieve data
 Each storage position has a unique address and can be accessed

in the same length of time
 Semiconductor memory chips, magnetic disks
 Sequential Access
 Data is stored and retrieved sequentially
 Must be accessed in sequence by searching through prior data
 Magnetic tape
31
Semiconductor Memory
 Microelectronic semiconductor memory chips are

used for primary storage
 Advantages: small size, fast, shock and
temperature resistance
 Disadvantages: volatility; must have
uninterrupted electric power or loses memory
32
Types of Semiconductor Memory
 Random Access Memory (RAM)
 Most widely used primary storage medium
 Volatile memory
 Read/write memory
 Read-Only Memory (ROM)

 Permanent storage
 Can be read, but not overwritten
 Frequently used programs burnt into chips during

manufacturing process
 Called firmware
33
Flash Drives
 Sometimes referred to as a jump drive

 Uses a small chips containing
thousands of transistors
 Can store data for virtually
unlimited periods without power
 Easily transported and highly
durable
 Storage capacity of up to 1 GB
 Plugs into any USB port
34
Magnetic Disks
 Used for secondary storage
 Fast access and high capacity
 Reasonable cost
 Types of Magnetic Disks

 Floppy Disks (diskettes)
 Magnetic disk inside a plastic jacket

 Hard Disk Drives (hard drives)
 Magnetic disk, access arms, and read/write heads in
sealed module for stable environment
 Fixed or removable
 Capacity from several hundred MBs to

hundreds of GBs
35
RAID Storage
 Redundant Arrays of Independent Disks
 Disk arrays of hard disk drives
 Provides virtually unlimited online storage
 Combines from 6 to more than 100 small hard disk

drives into a single unit
 Data are accessed in parallel over multiple paths
from many disks
 Redundant storage of data on several disks
provides fault-tolerant capacity
 Storage area networks can interconnect many
RAID units
36
Magnetic Tape
 Secondary storage
 Tape reels, cassettes, and cartridges
 Used in robotic, automated drive assemblies
 Archival and backup storage
 Lower-cost storage solution
37
Optical Disks
38
Uses of Optical Disks
 Image processing
 Long-term storage of historical image files
 Storage of scanned documents
 Publishing medium
 Allows fast access to reference materials
 Catalogs, directories, and so on
 Interactive multimedia applications

 Video games, educational videos, and so on
39
Software
The Basics
 Software -a general term for the various

kinds of programs used to operate
computers and related devices
 Software is an intangible entity
Software
 detailed instructions that control the operation

of the computer
 seriesof statements or instructions

processed sequentially
 while executing, the program is temporarily

stored in primary storage
Software
 Software contains the instructions that the hardware

executes to perform an information processing task
 Without the aid of software, the computer (e.g.

hardware) is useless
 Two categories of software:

1. Application
2. System
Software
l System software
– manages the computer resources
– handles tasks specific to technology management
and coordinates the interaction of all technology
devices
l Application software
– software used to solve specific business problems
SOFTWARE
APPLICATION SOFTWARE
SYSTEM SOFTWARE OPERATING SYSTEM:
HARDWARE
LANGUAGE TRANSLATORS:
UTILITY PROGRAMS:
PROGRAMMING LANGUAGES:
Operating System Software
 manages and controls the activities of the

computer, including booting up
 allocation and assignment of all devices
 scheduling
 monitoring
Operating System Software
 Operating system software controls application

software and manages how the hardware devices
work together
 Microsoft Windows 2000 Pro
 Microsoft Windows 2000 ME
 Microsoft Windows XP Home
 Microsoft Windows XP Pro
 Mac OS
 Linux
Graphical User Interface
 GUI
 the part of the operating system that the user
interacts with that uses icons and mouse to issue
commands and make selections
 used to be command driven(CUI)

Multi - Tasking
TRADITIONAL SINGLE- MULTIPROGRAMMING
PROGRAM SYSTEM ENVIRONMENT
PROGRAM 1
OPERATING SYSTEM
OPERATING SYSTEM
PROGRAM 1 PROGRAM 2
PROGRAM 3
UNUSED MEMORY UNUSED MEMORY

Multi-Tasking
 How is this done?

 Concurrent use of resources
 time sharing
 virtual storage
 It
just looks like everything is happening at
once. It really isn’t.
If you have more than one
processor……
 Multi Processing
 split program among more than one
processors
 Computer utilization will be much faster
 Requires special software and hardware
 Application software is used for specific

information processing needs, including:
 Payroll
 Customer relationship management
 Project management
 Training
 Word processing and many others
 Personal productivity software - used to
perform personal tasks such as writing a
memo, creating a graph, or creating a slide
presentation
 Examples:
 Microsoft Word
 Microsoft Excel
 Internet Explorer
 Vertical market software - application software

that is unique to a particular industry
 Patient-scheduling software
 Nursing allocation software
 Horizontal market software - general enough to

be suitable for use in a variety of industries
 Inventory management software
 Payroll software
Generations of Application
Software
 Machine Language
 Programs were written using 1’s and 0’s
 Assembly Language
 Written for a specific machine, used commands
instead of 1’s and 0’s
 Third and Fourth Generation Languages
 Written with regular words using sentence-like
structure, users can write their own applications
(COBOL, FORTRAN)
 Query Language and Natural Language
 Almost no programming skills required (ASK
JEEVES)
3rd Generation Languages
 Fortran Mathematical Formulas
 COBOL Business Applications
 BASIC teaching language
 PL/1 general purpose language
 Pascal teaching language
C portable, microcomputers
 Lisp/Prolog Artificial Intelligence
Assembly Language
FORTRAN Language
COBOL Language
Fourth Generation Languages
 allows end-users to develop applications on their own quickly

 offers dramatic productivity gains
 Internet Explorer
 SAS
 SPSS
 SAP
 FOCUS
 Front Page
 Word Perfect
Software Tips
1. Make sure your hardware system has the capacity
to handle the software.
2. Make sure you are buying the most recent version.
3. Determine what kind of support is offered.
4. For non-standard software ask for references.
5. Whenever possible buy rather than develop.
6. Find out if the current data and documents are
easily transferable to the new system.
SYSTEMS APPROACH
 The systems approach assumes that all businesses comprises of
interdependent parts that can only be understood by reference to the
whole. As such, a business may be analysed in terms of inputs,
processes and outputs.
Reductionism
 Reductionism is an approach to building descriptions of systems out of
the descriptions of the subsystems that a system is composed of, and
ignoring the relationships between them.
The Systems thinking
incorporates several principles:
 Interdependence of objects and their attributes - independent
elements can never constitute a system
 Holism - emergent properties not possible to detect by analysis should
be possible to define by a holistic approach
 Goal seeking - systemic interaction must result in some goal or final
state
 Inputs and Outputs - in a closed system inputs are determined once
and constant; in an open system additional inputs are admitted from the
environment
 Transformation of inputs into outputs - this is the process by which
the goals are obtained
 Entropy - the amount of disorder or randomness present in any system
 Regulation - a method of feedback is necessary for the system to
operate predictably
 Hierarchy - complex wholes are made up of smaller subsystems
 Differentiation - specialized units perform specialized functions
INFORMATION SYSTEMS AND
BUSINESS STRATEGY
STRATEGIC INFORMATION
SYSTEM
 Definition: Computer systems at any level

of an organization that change the goals,
processes, products, services, or
environmental relationships to help the
organization gain a competitive advantage.
 Strategic information systems profoundly
alter the way a firm conducts its business
or the very business of the firm itself.
STRATEGIC LEVELS & IT
BUSINESS LEVEL STRATEGY & IT
 “How can we compete effectively in this

particular market?”
 The most common generic strategies at this
level are:
 To become the low-cost producer
 To differentiate your product or service
 To change the scope of competition by either
enlarging the market or narrowing the market
 At the business level the most common

analytic tool is value chain analysis.
 Value chain model: Model that highlights the
primary or support activities that add a
margin of value to a firm’s products or
services where information systems can best
be applied to achieve a competitive
advantage.
 Primary activities are most directly related to

the production and distribution of the firm’s
products and services that create value for
the customer.
 Primary activities include inbound logistics,
operations, outbound logistics, sales and
marketing, and service.
 Support activities make the delivery of the

primary activities of a firm possible and
consist of organization infrastructure
(administration and management), human
resources (employee recruiting, hiring, and
training), technology (improving products and
the production process), and procurement
(purchasing input).
 Organizations have competitive advantage when

they provide more value to their customers or when
they provide the same value to customers at a lower
price.
 Strategic information systems could be developed to
make each of the value activities more cost-
effective.
 Firms can use information systems to create unique

new products and services that can be easily
distinguished from those of competitors.
 Product differentiation: Competitive strategy for
creating brand loyalty by developing new and
unique products and services that are not easily
duplicated by competitors.
 Examples: banks provide on-line banking service,
Dell sells custom-tailored PC.
 Focused differentiation: Competitive strategy for

developing new market niches for specialized
products or services where a business can compete
in the target area better than its competitors.
 Information systems enable companies to finely
analyze customer buying patterns, tastes, and
preferences so that they efficiently pitch advertising
and marketing campaigns to smaller and smaller
target markets.
 Data mining: Analysis of large pools of data to

find patterns and rules that can be used to guide
decision making and predict future behavior.
 The cost of acquiring a new customer has been
estimated to be five times that of retaining an
existing customer. By carefully examining
transactions of customer purchases and
activities, firms can identify profitable customers
and win more of their business.
 Supply chain management: Integration of supplier,

distributor, and customer logistics requirements into
one cohesive process.
 Supply chain: A collection of physical entities, such
as manufacturing plants, distribution centers,
conveyances, retail outlets, people, and information,
which are linked together into processes supplying
goods or services from source through
consumption.
 To manage the supply chain, a company tries to

eliminate delays and cut the amount of resources
tied up along the way.
 Information systems make efficient supply chain
management possible by integrating demand
planning, forecasting, materials requisition, order
processing, inventory allocation, order fulfillment,
transportation services, receiving, invoicing, and
payment.
SUPPLY-CHAIN MANAGEMENT
ORDER PLANNING &

CUSTOMERS PROCESSING FORECASTING SUPPLIERS
PROCUREMENT
ACCOUNTING INTRANET
PRODUCTION
LOGISTICS
SHIPPING INVENTORY DISTRIBUTORS
SERVICES
FIRM LEVEL STRATEGY & IT
 “How can the overall performance of these

business units be achieved?”
 “How can information technology contribute?”
 Synergies: When outputs of some units can be
used as inputs to other units, or two
organizations can pool markets and expertise,
these relationships can lower costs and generate
profits.
 One use of IT is to tie together the operations of
disparate business units so that they can act as a
whole.
FIRM LEVEL STRATEGY & IT
 Core competency: An activity at which a firm is a

world-class leader.
 A core competency relies on knowledge that is
gained over many years of experience (embedded
knowledge) and a first-class research organization
or just key people who follow the literature and stay
abreast of new external knowledge (tacit
knowledge).
 Any system that encourages the sharing of
knowledge across business units enhances
competency.
INDUSTRY LEVEL STRATEGY & IT
 “How and when should we compete as

opposed to cooperate with others in the
industry?”
 Firms can cooperate to develop industry
standards in a number of areas; they can
cooperate by working together to build
customer awareness, and to work collectively
with suppliers to lower costs.
 Information partnership: Cooperative alliance

formed between two corporations for the purpose
of sharing information to gain strategic advantage.
 Such partnerships help firms gain access to new
customers, creating new opportunities for cross-
selling and targeting products. They can share
investments in computer hardware and software.
 At industry level, two analytic models are used:
the competitive forces model and network
economics.
 Competitive forces model: Model used to

describe the interaction of external
influences, specifically threats and
opportunities, that affect an organization’s
strategy and ability to compete.
MANAGING STRATEGIC TRANSITIONS
 Strategic transitions: A movement from one level of
sociotechnical system to another. Often required
when adopting strategic systems that demand
changes in the social and technical elements of an
organization.
 As companies move to make information systems
part of the overall corporate strategy, their internal
structure must also change to reflect these new
development.
Information Systems
Information
 Information is an organizational resource
which must be managed as carefully as other
resources
 Costs are associated with information
processing
 Information processing must be managed to
take full advantage of its potential
TYPES OF INFORMATION SYSTEMS
KIND OF SYSTEM GROUPS SERVED
STRATEGIC LEVEL S ENIOR
MANAGERS
MANAGEMENT LEVEL MIDDLE

MANAGERS
KNOWLEDGE LEVEL KNO WLEDGE &

DATA WORKERS
OPERATIONAL OPERATIONAL
LEVEL M ANAGERS
SALES & MANUFACTURING FINANCE ACCOUNTING HUMAN

MARKETING RESOURCES
Categories
 Eight categories of Information systems:
 Transaction processing systems (TPS)
 Office automation systems (OAS)
 Knowledge work systems (KWS)
 Management information systems (MIS)
 Decision support systems (DSS)
 Expert systems (ES)
 Group decision support systems (GDSS)
 Executive support systems (EES)
Level of Categories
Transaction Processing
Systems (TPS)
 TPS are computerized information systems
developed to process large amount of data
for routine business transactions
 TPS reduces the time once required to
perform the task manually
 TPS permits the organization to interact with
external environment
 Example: Inventory or Payroll system
Office Automation Systems
(OAS) and Knowledge Work
Systems (KWS)
 Office Automation Systems (OAS):
 Includes analysis of information so as to transform data
or manipulate it in some way before sharing or formally
disseminating it
 Example: Word processing, spreadsheets, desktop
publishing, electronic scheduling, communication through
voice email, email and voice conference etc.
 Knowledge Work Systems (KWS):
 Supports professionals (scientists, engineers, doctors) by
aiding them to create new knowledge
 Example: Scientific analysis
Management Information
Systems (MIS)
 MIS supports broader spectrum of
organizational tasks than TPS, including
decision analysis and decision making
 MIS users share a common database to
access information
 MIS outputs information that is used in
decision making
 Example: Account management system of
Internet users
Decision Support systems
(DSS)
 DSS is similar to the traditional MIS because
they both depend on a database as a source
of data
 Again, DSS departs from MIS in that DSS
emphasizes the support of decision making
in all its phases
 Example: Production increase decision by
trend analysis
Expert Systems
 Expert system is a very special class of
information system which is capable of
generating solutions to problems with the
aid of Artificial Intelligence (AI)
 An expert system (also called a knowledge
based system) uses the knowledge of an
expert for solving a particular problem
 Example: News Categorization software
Computer Supported Collaborative
Work Systems (CSCWS)
 Group Decision Support Systems
 GDSS are intended to bring a group together to solve a
problem with the help of various support such as polling,
questionnaires, brainstorming etc.
 Computer Supported Collaborative Work Systems
 CDCWS is a more general term of GDSS
 CSCWS may include software support called
“groupware” for team collaboration via network
computers
 Example: video conferencing and web survey
system
Executive Support Systems
(ESS)
 It helps executives to make decisions on
strategic level
 It may provide graphical representation and
communication support at board meeting
required to make strategic decision
 Example: New product launching decision
Integrating New Technologies
 New technologies are being integrated into

traditional systems
 E-commerce uses the Web to perform business
activities
 Enterprise Resource Planning (ERP) has the goal of
integrating many different information systems within
the corporation
 Wireless and handheld devices, including mobile
commerce (m-commerce)
 Open source software
Integrating New Technologies
E-Commerce Application and
Web Systems
Many businesses has found The Internet as
their most favored way to pursue business
growth because of the following advantages:
 Increase awareness of the availability of the
service, product, industry, person, or group
 24-hour access for users
 Standardizing the design of interface
 Creating a global system rather than remain
local
Enterprise Resource Planning
(ERP) Systems
 Many organizations predicts potential
benefits from the integration of many
information systems existing on different
management levels.
 ERP systems are designed to perform this
integration
 Example: SAP, PeopleSoft and packages
from Oracle
Systems for Wireless and
Handheld Devices
 System analyst may be asked to design

standard or wireless communication network
that integrate voice, video and email into
organizational intranet
 System analyst may also be asked to
develop intelligent agents to assist the user of
PDA or cell phone
 Wireless communication is referred as m-
commerce (mobile commerce)
TPS, MIS, DSS, and AI/ES
 Hierarchy:
Information AI/ES Less More Less More
DSS
Decision Input & Sophistication
Routine support output & complexity of
processing & analysis
MIS
Data TPS More Less More Less

Transactions
 Transactions…
 Basic business operations such as customer orders,
purchase orders, receipts, time cards, invoices, and
payroll checks in an organization
 Transaction processing systems (TPS)
 Perform routine operations and serve as a foundation
for other systems
Batch vs. On-Line Transaction
Processing
 Two types of TPS:
 Batch processing
 A system whereby business transactions are
accumulated over a period of time and prepared
for processing as a single unit or batch
 On-line transaction processing (OLTP)
 A system whereby each transaction is processed
immediately, without the delay of accumulating
transactions into a batch
Batch Schematic
Data entry
Input
of accumulated Output
transactions (batched)
On-line Schematic
Terminal
Terminal Terminal
Output
Terminal
Immediate
processing
of each
transaction
Terminal
Terminal
Objectives of TPS
 Process data generated by and about
transactions
 Maintain a high degree of accuracy
 Ensure data and information integrity and
accuracy
 Produce timely documents and reports
 Increase labour efficiency
 Help provide increased and enhanced service
 Help build and maintain customer loyalty
 Achieve competitive advantage
Simplified Overview of a
Transaction Processing System
Schematic
Data entry & input
Documents
Processing
& reports
Documents:
Internally generated
transactions: • pick list
Database • cheques to vendors
• shipped orders
• purchase orders • receiving notices
Database update: • paycheques
• employee time cards
• customer orders
Externally generated Operational reports:
transactions: • inventory
• finished product
• customer orders • purchase orders inventory status
• vendor invoices • customers • raw materials; packing
materials; spare parts;
• customer payments • suppliers inventory status
Data Processing Activities
Common to TPSs
A transaction processing cycle
 Data collection
 Data editing
 Data correction
 Data manipulation
 Data storage
 Document production
Schematic
Original data
Data
collection
Data
edit
Data
Data manipulation
correction
Data
storage
Document
production
Source Data Automation
 Source data automation
 The process of capturing data at its source with
minimal manual effort
 Data are entered directly into the computer
Point-of-Sale Transaction
Processing System
Customer’s
receipt Management Exception
Inventory information report
database system
UPC and
Point-of-sale quantity
UPC transaction
Scanner
Quantity, processing
Date, system Item, quantity,
time date, time, price
UPC Price Purchases

database
Item
database
Control and Management
Issues
 Business resumption planning
 The process of anticipating and providing for disasters.
 Disaster recovery
 The implementation of the business resumption plan.
 Transaction processing system audit
 An examination of the TPS in an attempt to answer three
basic questions
 Does the system meet the business need?
 What procedures and controls have been established?
 Are the procedures and controls being properly used?
Traditional TPS –
Order Processing
 Order processing
 Processing an order from entry to delivery,
including traditional accounting transactions
Schematic
Invoice
Customer
Products Customer order in person or via
mail, phone, EDI, internet
Inventory status Order entry/

sales configuration
Orders
Planned
Finished Shipment shipments
product Routing
planning
inventory
Pick list Planned
shipments
Shipment & routes
execution
Shipped orders Scheduling
Invoicing
Order Processing Support
Systems - Sales Configuration
 Sales configuration
 Ensures that products and services ordered are
sufficient to accomplish customer’s objectives and will
work well together
Systems - Shipment Planning
 Shipment planning
 A system that determines which open orders will be
filled and from which location they will be shipped
 E.g., (from Figure 8.9)
LOC LINK ITEM NUMBER DESCRIPTION ORDERED SHIPPED BO
8 105 10 L1L16028 FASENTING TOOL 3 EACH 3

20 S8276 STAPLE ¾ INCH 15 CASE 15
30 S8279 STAPLE 1 INCH 15 CASE 12 3
40 SHIPPING CHARGE
Systems - Shipment Execution
 Shipment execution
 A system that coordinates the outflow of all products
and goods from the organization, with the objective of
delivering quality products on time to customers
Systems - Inventory Control
 Inventory control
 A system that updates the computerized inventory
records to reflect the exact quantity on hand of each
stock keeping unit
 Status reports
 Summarize all inventory items in stock, or shipped over a
specified period of time
 E.g., see Figure 8.10
Systems - Invoicing
 Invoicing
 Generates customer invoices based on records
received from the shipment execution TPS
 E.g., see Figure 8.11
Order Processing Support Systems -
Customer Interaction System
 Customer interaction
 A system that monitors and tracks each customer
interaction with the company
Customer
Request Problem, idea,

Other
for Sale request for
contacts
proposal information
Customer
interaction
system
Market Product
research development
Sales Quality
control
Marketing
Order Processing Support Systems
- Routing and Scheduling
 Routing
 A system that determines the best way to get goods
and products from one location to another
 Scheduling
 A system that determines the best time to deliver
goods and services
Purchasing System
Schematic
Raw materials
Packing materials
Spare parts
Inventory control
Inventory control
Purchase status report
order
request Purchase order
Employees
processing
Purchase
order
Purchase
order
Material
Receiving Supplier
Receiving Invoice
notice
Accounts Cheque
payable
Purchasing System
 Inventory control
 Maintains stock of items such as raw materials, packing
materials, spare parts, and supplies
 Purchase order (P.O.) processing
 A system that helps purchasing department complete
transactions quickly and efficiently
 Receiving
 A system that creates a record of expected and actual
receipts
 Reconciles purchase orders with what is actually
received
 Accounts payable
 A system that increases an organization’s control over
purchasing, improves cash flow
 increases profitability, and provides more effective
management of current liabilities
Accounting System
 Accounting systems
 Consist of…
 Budget
 Accounts receivable
 Accounts payable
 Payroll
 Asset management
 General ledger
Financial Systems
Schematic
Asset
Customer
management
Cost of assets
Payments
Accounts Accounts
receivable payable
Amounts owed by customers Amounts owed by company

Amounts paid by customers Amounts paid by company
Labour costs General

Payroll
ledger Asset depreciation
Paycheques Expense
Time transactions
cards
Customer Budget
Financial Systems -
Accounts Receivable
 Accounts receivable
 A system that manages the cash flow of the company
by keeping track of the money owed the company on
charges for goods sold and services performed
Financial Systems –
Accounts Receivable
 Accounts receivable aging report
 Tells managers what bills are overdue, either
customer by customer or in a summary format
Financial Systems - Payroll
 Payroll…
 Generates payroll checks and stubs, as well as W-2
statements at the end of the year for tax purposes
Financial Systems - Payroll
 Payroll journal
 Helps managers monitor total payroll costs for an
organization and the impact of those costs on cash
flow
Financial Systems -
Asset Management
 Assetmanagement transaction processing
system
 A system that controls investments in capital
equipment and manages depreciation for maximum
tax benefits
Financial Systems - General Ledger
Enterprise Resource Planning
(ERP)
 ERP
 Real-time monitoring of business functions
 Advantages
 Eliminate costly, inflexible legacy systems
 Provide improved work processes
 Provide access to data for operational decision making
 Upgrading technology infrastrucutre
 Disadvantages
 Time consuming, difficult, expensive to implement
 Make radical changes in how a company operates
 Lack of vendor responsiveness in light of high demand
ERP Examples
Software Vendor Name of Product

Avalon Software Avalon CIM
qad.inc MRG/PRO
Oracle Oracle Manufacturing
SAP America SAP R/3
Baan Triton
PeopleSoft PeopleSoft
J.D. Edwards World
Example of an ERP System -
SAP/R3
 Clients in the SAP system
 Application servers in the SAP system
 Business application programming interfaces
(BAPIs)
 Database server in the SAP systems
 Objects in the SAP system
 Repository
 Tables
SAP Three-Tier Client/Server
Architecture
Database
server
Application
servers
Client
desktop
computers
DSS
Computer-Based Decision
Support
 Purpose of a DSS
 Improve decision making ability of managers (and
operating personnel) by allowing more or better
decisions within constraints of cognitive, time,
economic limits)
 Increase productivity of decision makers
Support
 Supplement one or more of a decision maker’s
abilities. For example:
 knowledge collection (what is?)
 formulation (of potential plans for analysis or action)
 analysis (what if, what about, what follows) knowledge
derivation
 problem recognition (finding overall or subproblems)
 Facilitate one or more of the decision-making phases
 intelligence (e.g., provide relevant information)
 design (e.g., identify or analyze alternatives)
 choice (e.g., advice about which alternative to choose)
Support
 Facilitate problem solving flows
 identify problems
 problem reduction
 problem solving
 combine problem solutions
 Aid
decision maker in addressing unstructured or
semi-structured decisions
Support
 Enhance a decision maker’s knowledge
management competence, supplementing human
KM skills with computer-based KM capabilities
 DSSs in historical perspective
 Another way to begin to appreciate DSS
characteristics is to compare/contrast them with traits
of other kinds of business computing systems
 Each serves a different purpose in managing an
organization’s knowledge resources
Support
 decision support limited by
 predefined reports
 periodic reports
 descriptive knowledge only
 relevant information in MIS reports incomplete, hard to
dig out, unfocused, difficult to grasp, in need of
processing, unavailable when needed
 Decision support systems
 some DSS characteristics
 includes descriptive and possibly other types of
knowledge
Support
 has ability to acquire/maintain these types
 has ability to present knowledge on ad hoc basis in
customized ways (as well as in standard reports)
 has ability to select any desired subset of stored
knowledge for presentation or derivation during problem
recognition/solving
 can interact directly with decision maker who has
flexibility in choice/sequencing of knowledge
management activities
 there are variations with respect to these five characteristics
Support
 DSS notion arose in early 1970s and by 1990s was in
widespread practice
 advances spurred by microcomputers, spreadsheet
implementations, management science packages, ad
hoc query interfaces
 fostered computer literacy
 do-it-yourself creation of DSSs
 solvers for complex, quantitative problems
 non-procedural, selective, ad hoc retrieval
 technological developments lead to continuing
advances
 computer networks
 artificial intelligence (e.g., expert systems)
 direct manipulation and multimedia
Support
 Task support systems

 include management support systems
 which include DSSs
Support
 DSS benefits (potential)
- depend on nature of DSS, the decision maker
(DM), and decision context
- a good fit among these is important
 Augment DM’s innate knowledge handling
abilities
 DM can have DSS solve problems that DM alone
would not even attempt or that would consume
great DM time due to their complexity
 Even for relatively simple problems, DSS may be
able to reach solutions faster and/or more reliably
than DM
Support
 Even though a DSS might be unable to solve a
problem facing DM, it could be used to stimulate the
DM’s thoughts about the problems (e.g., exploratory
retrieval; analysis; advice; solving”similar” problem
may trigger insight about present problem)
 Activity of constructing DSS (with DM involvement)
may reveal new ways of thinking about decision
domain and partially formalize aspects of decision
making
Support
 Provide more compelling evidence to justify DM’s
position (e.g., aid in securing agreement)
 Competitive advantage to organization due to
enhanced internal productivity
 DSS Limitations
 unable to replicate some innate human KM
skills/talents
Support
 may be too specifc (i.e., many DSSs needed in
course of working on a single decision - how to
coordinate them?)
 may not match DM’s mode of expression or
perception
 cannot overcome a faulty DM
 constrained by the knowledge it possesses (to

what extent can a DSS learn and is its knowledge
at any moment “sufficient” for DM’s needs?)
 over dependence dangers
Support
 Explain
various special cases of the generic DSS
framework, including:
 text-oriented DSSs,
 database-oriented DSSs,
 spreadsheet-oriented DSSs,
 solver-oriented DSSs,
 rule-oriented DSSs, and
 compound DSSs
Support
 Generic framework for DSSs
 systematic study and research of DSS topics can
benefit from a framework that identifies fundamental
DSS constituents and their relationships
 ideally, the framework should not be so
detailed/restrictive that it precludes consideration of
some DSSs
Support
 DSS defined in terms of 4 systems
 Language System (LS)
 Presentation (PS)
 Knowledge System (KS)
 Problem Processing System (PPS)
 the first 3 are systems of knowledge representation
 the PPS is a software system that uses these
representations in recognizing/solving problems
Support
 LS
 is not software
 is representational system composed of all requests user
can make
 to have DSS solve a problem, user chooses/states one
of the LS elements
 can be command, menu, mouse, natural language, fill-in-
blank, direct manipulation oriented
Support
 PS
 is not a piece of software
 is representational system comprised of all responses
the DSS can issue
 the PPS determines which PS element is to be used for
a response
 can be tabular, textual, graphical, etc.
Support
 KS
 is not a piece of software
 is representational system containing all readily
changeable knowledge available to the DSS for use in
problem solving and comunicating
Support
 no type of knowledge is precluded
- data - domain
- procedural - user (relational)
- linguistic - self
- reasoning
- presentation
- assimilative
 in principle, any knowledge representation technique is
permissible
Support
 PPS
 is the DSS software that reacts to user requests and
drives the problem solving process toward a
corresponding response
 it takes an element of the LS and draws on elements of
the KS to produce an element of the PS for the user
and/or to modify KS contents
 as a practical matter, the PPS must be able to process
each knowledge representation held in the KS, act on
each element allowed in the LS, and present each PS
element
 the framework is indifferent as to LS contents, PS
contents, KS contents, and PPS dynamics
Support
 Specialized frameworks
 each is a special case of the generic framework
 each characterizes a certain class of DSSs by
 restricting KS contents to those allowed by a certain KM
technique
 restricting PPS abilities to processing allowed by that
technique
 text-oriented DSSs
 KS of textual documents
 PPS accomplishes storage/rcall
 hypertext extension
Support
 database-oriented DSSs
 KS of structured records (descriptive knowledge)
 PPS comprised of
 database control system
 query processing system
 custom-built processors
 spreadsheet-oriented DSSs
 KS comprised of spreadsheet files (grids of descriptive and
procedural knowledge)
 PPS can carry out procedures (e.g., for “what if” analysis)
Support
 solver-oriented DSSs
 solver - a procedure that can solve any member of a class
of problems
 fixed approach
 solvers are part of PPS
 set of available solvers fixed and each solver is fixed
 KS holds data sets used by solvers
 KS can also hold problem statements and report format
descriptions
Support
 flexible approach
 solvers are part of the KS (library of solver modules)
 can be modified, deleted, augmented
 can be executed in sequence to solve a problem
 KS can also hold data sets, problem statements, report
formats, reasoning knowledge to coordinate module
executions
 rule-oriented DSS
 KS holds rule sets and state descriptions
 PPS has inference engine for reasoning with rules
Support
 compound DSSs
 what if DM needs upport offered by multiple KM
techniques?
 use multiple DSSs
 use single DSS with multiple KM techniques
Support
 A specialized compound framework a DSS has 3
components
 database (holds data)
 model base (holds procedures)
 a software system
 the first two are a special kind of KS
 the latter is a special kind of PPS
Support
 Software system comprised of
 DBMS
 MBMS(MODEL BASE MANAGEMENT SYSTEM)

 DGMS (dialog generation and management system )
Support
 DGMS is software that effectively defines the DSS’s
 action language (what user can do)
 display language (what user sees)
 DBMS is software that allows a database to be
 created (generated and restructured)
 updated
 interrogated
 MBMS is software that allows a model base to be
 created/updated
 used (linking, cataloging, accessing procedures)
Stages of Decision Making
 Intelligence (in the military sense of gathering

information)
 Design (Identifying the alternatives, structuring
how the decision will be made)
 Choice (Picking an alternative or making the
judgment)
 Implementation and Evaluation also can be

added as further stages for the purpose of
improvement.
Structured vs Unstructured
Decision Stages
 Each stage can be Structured (automated) or
Unstructured
 “Structured” means that there is an algorithm,
mathematical formula, or decision rule to
accomplish the entire stage. The algorithm can be
implemented manually or it can be computerized,
but the steps are so detailed that no little or no
human judgment would be needed.
 Any decision stage that is not structured is
unstructured
Structured, Semi-structured, and
unstructured decisions
 In a structured decision all three stages are
structured
 In a non-structured decision all three stages
are unstructured
 A semi-structured decision is one in which
part, but not all, of the decision is structured.
Key point:
 Therealm of Decision Support Systems is
Semi-Structured and unstructured
Decisions…the type of decisions that can
benefit from “decision support” but the
human decision maker is still involved.
General Categories of DSS
 Data driven
 Model driven
 Knowledge driven
 Document driven
 Communications driven and group DSS
 Function specific or general DSS
 Web Based
DSS categorized by type of task
 Choice (pick one of several alternatives)
 Judgment (assessment or prediction)
 Ranking
 More complex problem (has multiple, often
interrelated, parts)
 Diagnosis or “scientific discovery” (hypothesis
generation and testing)
 Pattern identification, sense-making
The Components of DSS
External Model
Database
Data Component
Component
Internal
Data Communications
Component
User Interface
Component
Users
DSS Classification Viewed from
three Directions
Decision
Technology
Task
Decision
Maker(s)
E-Customer Relationship Management
Introduction
 What keeps customers coming back through the

virtual door is the overall quality of the customer
experience.
 The cost of marketing to an existing customer is almost 5
times less over the Internet versus attaining a new web
customer.
 ECRM solutions will give companies the tools they

need to create, maintain & extend competitive
advantage in their market spaces.
Benefits
 Keeping existing customers happy is more profitable
than going after new customers.
 The best way to keep one’s existing customers happy is to
deliver value to them on their own terms.
 Anderson Consulting found 64% of the difference in

return on sales between average and high performing
companies is attributable to ECRM performance.
 Improvements in the overall customer experience will
lead to greater customer satisfaction and have a
positive effect on the company’s profitability.
Increased Customer Loyalty
 An ECRM system lets a company communicate

with its customers using a single & consistent voice.
 ECRM software gives everyone in an organization
access to the same transaction history and
information about the customer.
 Data allows a firm to focus its time and resources on
its most profitable customers.
 One tool that a company can implement in pursuit of
customer loyalty is personalization.
More Effective Marketing
 An ECRM system allows a company to predict the
kind of products that a customer is likely to buy as
well as the timing of purchases.
 Information helps an organization create more
effective and focused marketing/sales campaigns
designed to attract the desired customer audience.
 Customer data can be analyzed from multiple
perspectives to discover which elements of a
marketing campaign had the greatest impact on
sales and profitability.
Improved Customer Service & Support
 An ECRM system provides a single repository of customer
information that allows an organization to:
 more accurately receive, update and close orders remotely
 log materials, expenses and time associated with service
orders
 view customer service agreements
 search for proven solutions and best practices
 subscribe to product-related information and software
patches
 access knowledge tools useful in completing service orders
Greater Efficiency & Cost Reduction
 Automating customer data mining saves

valuable human resources.
 Integrating customer data into a single
database allows marketing teams, sales
forces and other departments
to share information and work toward
common corporate objectives using the
same underlying statistics.
Developing Customer Focused Business Strategies
 Listen to the customer and try to create opportunities
beneficial to the customer and the company.
 Offer customers what they are currently demanding
and anticipate what they are likely to demand in the
future.
 Achieved by providing a variety of existing access
channels for customers and by preparing to provide for
future access channels, such as wireless
communication.
Retooling Business Functions
 ECRM will require disruptive organizational change to
determine the departments/functions that are servicing
the customer and the ones only adding to overhead.
 Changes required during an ECRM implementation are
only possible with buy-in from the top levels of
management and company-wide accountability of all
stakeholders.
 The responsibility of senior management is to ensure
that all employees understand the necessity of the
changes, how they will benefit from them, and how the
changes will enhance their ability to serve customers.
Work Process Re-engineering
 Departmental role and responsibility changes from

retooling business functions will necessitate adopting
new work processes.
 A company has 2 choices:

 the traditional step-wise approach
 an integrated one toward improving work efficiency
 In the step-wise approach, departments are treated as

separate efficiency entities.
Work Process Re-engineering
 The integrated approach tends to produce

superior results because it recognizes the
interdependencies among the company’s
multiple functions and departments, and
how these create the larger perspective of
the entire organization.
Technology Choices
 Consider the company’s industry, its position in the

industry, and which ECRM configurations are good
candidates for the company in particular:
 scalability of software
 tool set flexibility for customization
 stability of the existing ECRM application code
 compatibility of ECRM application with legacy and Internet
systems
 level of technical support available during and after
implementation
 upgradable support
 the availability of additional modules
Technology Choices
 Compatibility of the proposed ECRM system with a
company’s existing ERP system is essential.
 Without integration of ERP and ECRM systems,

organizations risk redundancy of data, increased
response times and loss of customers due to delays
and botched transactions.
Training and Preparation
 Training of employees should occur before the new
ECRM system has been implemented to ensure a
seamless transition for customers.
 All employees with access to the system should
receive full, appropriate and timely training.
 Training should be an ongoing, managed activity as
systems will continuously change and evolve.
 A firm should plan to spend about 5% of its total
ECRM implementation budget on training.
Proven ECRM Success
 Hewlett-Packard
 Paul Horstmeier, New E-marketing Manager
 HP made a muddle of its attempts at e-mail marketing
 Launching separate, uncoordinated e-mail campaigns from

nine different marketing groups
 His group needed to take over management of the e-mail
campaigns
 promote the idea that marketing should be a long-term
process that focuses on the life cycle of customers instead
of looking at a sale as a one shot transaction
Proven ECRM Success
 The e-marketing group brought in e-mail
analysis, segmentation and personalization
tools from San Mateo, CA based Digital
Impact
 HP found that its business customers fell into two
groups:
 IT managers
 End users
Proven ECRM Success
 HPstarted to learn what these groups
wanted through small pilot tests
 IT Managers
 general product support alerts and newsletters
 End Users
 specific information about the exact product that they
had bought and how to use it
Proven ECRM Success
 Results
 More of HP’s customers responded to the low-cost e-mail
offer than to the direct mail offer, making the e-mail offer
both more productive in terms of sales generated and more
cost-effective in terms of expenses saved
 85% saying they were quite satisfied with the content that
they received
 New e-mail campaigns generate an estimated $15 million
in new monthly sales revenues, as well as half a million
dollars in monthly cost savings from the consolidated e-
mail campaigns
Conclusion
 We identified the five critical issues that
companies must consider at the threshold of
ECRM implementation.
 We explored the customer-centric and corporate
benefits of implementing an ECRM solution.
 ECRM solutions give companies the power to
say “YES!” to virtually any question from a
customer.
 The very survival of organizations depends on
their commitment to this answer.
BPR
 Envision new processes

 Secure management support
 Identify reengineering opportunities
 Identify enabling technologies
 Align with corporate strategy
 Initiating change
 Set up reengineering team
 Outline performance goals
 Process diagnosis
 Describe existing processes
 Uncover pathologies in existing processes
BPR contd.
 Process redesign
 Develop alternative process scenarios
 Develop new process design
 Design HR architecture
 Select IT platform
 Develop overall blueprint and gather feedback
 Reconstruction
 Develop/install IT solution
 Establish process changes
 Process monitoring
 Performance measurement, including time, quality, cost, IT
performance
 Link to continuous improvement
Expert System Definition
 An expert system is a computer program that
represents and reasons with knowledge of
some specialist subject with a view to solving
problems or giving advice.
 Possess knowledge
 Specific domain
 Solving problem or giving advice

Basic Expert System Concepts
 Knowledge base
 Inference engine
 Facts
 Expertise
 Problem domain
 Knowledge domain of the expert

Expert System components
 User interface
 Explanation facility- explains reasoning of the
system to a user
 Knowledge Base – production memory (rules)
 Working memory- global database of facts
 Inference engine
 Agenda- prioritized list of rules satisfied by facts
 Knowledge acquisition facility
Advantages of Expert systems
 Increased availability
 Reduced cost
 Reduced danger
 Permanence
 Multiple expertise
 Increased reliability
 Explanation
 Fast response; steady, unemotional complete
response at all times;
 Intelligent tutor, Intelligent database
Expert System Tasks
 The interpretation of data
 Diagnosis of malfunctions
 Structural analysis of complex objects
 Configuration of complex objects
 Planning sequences of actions

Expert Systems Domains
 Medical and health applications
 Agricultural, Livestock, and food issues and
needs
 Energy Options
 Natural Resource Exploitation
 Space Technology
Expert System Characteristics
 Simulates human reasoning about a problem
domain
 Performs reasoning over representations of
human knowledge.
 Solves problems by heuristic or approximate
methods.
Explanation Facility
 May be simple or elaborate
 A simple system may just list the facts that made the
last rule fire
 More elaborate systems may:
 List all the reasons for and against a particular hypothesis,
 List all the hypotheses that may explain the observed
evidence,
 Explain all the consequences of a hypothesis,
 Give a prognosis of prediction of what will occur if the
hypothesis is true, etc. (see page 9-10)
Key Topics in Expert Systems
 Knowledge acquisition
 Knowledge representation
 Controlling reasoning
 Explaining solutions
Introduction to E-
Business
The terms Internet, electronic

commerce, electronic business, and
cybertrade are used often. However,
they are used interchangeably and
with no common understanding of
their scope or relationships.
Electronic business (e-
business)
 is any process that a business organization conducts over
a computer-mediated network. Business organizations include
any for-profit, governmental, or nonprofit entity. Their processes
include production-, customer-, and internal or management-
focused business processes. Examples of electronic business
processes are:
 Production- focused processes include procurement, ordering,
automated stock replenishment, payment processing and other
electronic links with suppliers, as well as production control and
processes more directly related to the production process.
 Customer-focused processes include marketing, electronic
selling, processing of customers orders and payments, and
customer management and support
 Internal or management-focused processes include automated
employee services, training, information sharing, video
conferencing, and recruiting.
Electronic commerce (e-
commerce)
 is any transaction completed over a computer-
mediated network that involves the transfer of
ownership or rights to use goods or services.
Transactions occur within selected e-business
processes (e.g., selling process) and are
"completed" when agreement is reached between
the buyer and seller to transfer the ownership or
rights to use goods or services. Completed
transactions may have a zero price (e.g., a free
software download). Examples of both e-commerce
and non e-commerce transactions are listed below.
Computer-mediated networks
 are electronically linked devices that communicate interactively over
network channels. Generally, both electronic devices will be computer-
enabled, but at a minimum at least one device must be computer-enabled as in
the case of a typical telephone linking with an computer-enabled interactive
telephone system. Typically, the interactive link involves minimal human
intervention though someone activates the electronic devices, accesses the
network, and may even assist with the process or transaction. For example,
many e-commerce businesses are providing shoppers with the on-line capability
of "chatting" with customer support representatives or even speaking with them
through the use of internet telephony software. Examples of devices and
networks are:
 Linked electronic devices such as computers, personal digital assistants, webTV,
 Internet-enabled cellular phones, and telephones linked with interactive telephone
systems.
 Networks such as the Internet, intranets, extranets, Electronic Data Interchange (EDI)
networks, and telecommunication networks. Networks may be either open or closed.
E-COMMERCE EXAMPLES
 An individual purchases a book on the Internet.
 A government employee reserves a hotel room over the Internet.
 A business calls a toll free number and orders a computer using
the seller's interactive telephone system.
 A business buys office supplies on-line or through an electronic
auction.
 A retailer orders merchandise using an EDI network or a
supplier's extranet.
 A manufacturing plant orders electronic components from
another plant within the company using the company's intranet.
 An individual withdraws funds from an automatic teller machine
(ATM).
Complex Scenarios
 A consumer visits a bookstore and inquires about the availability of an
out-of-stock book. A bookstore employee downloads a digital copy of
the book and prints it along with cover. Not an e-commerce retail
transaction since agreement to purchase did not occur over an
electronic network. However, the right to access the digital archived
copy is an e-commerce service transaction.
 Consumer uses Internet to research the purchase of a computer, but
calls a toll free number and places the order with an operator. Not an e-
commerce transaction because agreement to transfer ownership did not
occur over computer-mediated network; neither telephone was
computer-enabled.
 An individual visits a retail store and purchases merchandise not
currently in stock from a computer-enabled kiosk located inside the
shop. An e-commerce transaction since agreement occurred over
computer-mediated networks. In contrast, the purchase of a pre-
packaged music CD from a computerized kiosk would not be
considered an e-commerce transaction. If the kiosk was network linked,
the digital music was downloaded, and the CD was mastered within the
kiosk this would be an e-commerce transaction.
E-Commerce models
 B2B
 B2C
 C2C
E-Commerce models Contd.
The five categories are called

Vanity: Many web sites are started as vanity sites.
These sites are often created by individuals as an
outlet of self expression, to share a hobby, promote
a cause, or find others with similar interests. These
sites are created with no intentions of deriving
revenue and no illusions of grandeur. It could be as
simple as a one page family site or a complex forum
on a specific topic. The costs are borne either by the
individual or by some altruistic enterprise such as
universities, libraries, communities, associations,
and even businesses. Nevertheless, the costs are
real of these "free" sites.
Billboard: Billboard sites (also called brochure or information sites)

are designed to derive economic benefit through indirect means
from either referred sales, reduced cost, or both. Revenue
comes from creating awareness of its products or services via
the web, with the actual purchase transaction occurring off-line.
Just like a billboard on a highway, success is measured on
viewership as net citizens "surf" by and are influenced to
purchase product. Most corporate sites today put up these
electronic brochures to provide information about their products,
employment information, or public information. Economic benefit
is created through the indirect purchase of goods or services
from existing physical outlets and cost savings through the
elimination of infrastructure or inefficiency. Finally, some
businesses feel this is the best way to avoid channel conflict'a
potential pricing disparity between different supply chains.
 Advertising: Network television, radio, and many periodicals

follow the advertising model. All programming and content is
funded by advertising dollars, with consumer viewership
measuring value. Agencies conduct sophisticated surveys to
measure the value and establish the pricing. For eCommerce,
advertising can be in the form of banners, sponsorships, ezine
ads, and other promotion methods.
 This is a much-ballyhooed but still largely unproven model on the
web. While there are a few sites that are entirely supported by
advertising dollars, the lack of web-savvy viewership statistics
hinder the mass adoption by advertisers. As the knowledge of
consumer behavior is further understood, experts will prepare
purchase pattern analyses providing advertisers with empirical
data to support their promotion campaigns.
 Subscriptions: In other media, the subscription models are well

established'accepted by subscribers and nurtured by publishers.
On the web, subscriptions are not yet widely accepted by
consumers. Of those that are accepted, the subscription model
caters to sites targeted to particular niches of individuals who
have specific needs. These sites are often specialized with
expert content and timely information. The subscriptions fund the
development and maintenance of the site.
 Subscriptions can be paid on a weekly, monthly, or annual basis.
Payment through a credit card account is a common payment
scheme for subscription sites because of the ability to
periodically process the purchase transaction electronically.
 Storefront: To some people, a products-offered site is narrowly

defined as a "true" eCommerce site. A website that offers
products for sale is the electronic version of a catalog. These
virtual storefronts are built to describe the offering with pictures
and words, offer promotions, provide a "shopping cart," and
complete the purchase transaction. Once the product is
purchased, the cyber enterprise arranges for product fulfillment
including shipping and handling. The fulfillment is sometimes
completed by the website enterprise or directly from the
manufacturer in a drop shipping arrangement. Some
manufacturers are now passing up the intermediary wholesalers
and retailers by offering their products directly to consumers.
This collapsing of the supply chain is called disintermediation
E-Commerce models
a simple poster or billboard website model

 The site offers information and asks the user to
take action by sending an email to a contact
 Emails from this company can have the url in
the signature to alert/advertise to
contacts/customers the existence of the web
site and stationary(letters/faxes/business
cards) should show the url as well
E-Commerce models
 “yellow pages” model
 A larger undertaking - a menu of items pointing to
other sources and information
 A greater catchments area and profile for the
business
E-Commerce models
 Cyber brochure model
 More sophisticated form of yellow pages model
 Contains information sheets, brochures and
general information about the firm and its
products
E-Commerce models
 Advertising model
 A site which sells space for advertising goods and
services - national or international
 Banners flash up offering goods and services
 Some sites have a measure of directed
advertising - if for example you are searching
for a particular good or service then vendors
offering that service will flash up
E-Commerce models
 Subscription models
 a members/customers only site - customer to
subscribe to an on-line magazine
 model has downloads of software, white papers
 Used by some software firms as an on-line
way of making available new versions of
software, patches for software,
documentation releases
E-Commerce models
 Virtual or cyber Storefront – “the works!”
 Full information about the company
 On-line ordering and secure payment
World Wide Web
 Main ingredients of the Web
 URL, HTML, and HTTP
 Key properties of HTTP
 Request-response, stateless, and resource meta-data
 Web components
 Clients, proxies, and servers
 Caching vs. replication
 Interaction with underlying network protocols
 DNS and TCP
 TCP performance for short transfers
 Parallel connections, persistent connections, pipelining
Main Components: URL
 Uniform Resource Identifier (URI)
 Denotes a resource independent of its location or value
 A pointer to a “black box” that accepts request methods
 Formatted string
 Protocol for communicating with server (e.g., http)
 Name of the server (e.g., www.foo.com)
 Name of the resource (e.g., coolpic.gif)
 Name (URN), Locator (URL), and Identifier (URI)
 URN: globally unique name, like an ISBN # for a book
 URI: identifier representing the contents of the book
 URL: location of the book
Main Components: HTML
 HyperText Markup Language (HTML)
 Representation of hyptertext documents in ASCII format
 Format text, reference images, embed hyperlinks
 Interpreted by Web browsers when rendering a page
 Straight-forward and easy to learn
 Simplest HTML document is a plain text file
 Easy to add formatting, references, bullets, etc.
 Automatically generated by authoring programs
 Tools to aid users in creating HTML files
 Web page
 Base HTML file referenced objects (e.g., images)
 Each object has its own URL
Main Components: HTTP
 HyperText Transfer Protocol (HTTP)
 Client-server protocol for transferring resources
 Client sends request and server sends response
EDI: Electronic Data Interchange
 What is EDI?
 Exchange of electronic data between
companies using precisely defined
transactions
 Set of hardware, software, and standards

that accommodate the EDI process
Electronic Data Interchange
Electronic Data Exchange
 How does EDI work
 Supplier’s proposal sent electronically to purchasing
organization.
 Electronic contract approved over network.
 Supplier manufactures and packages goods, attaching

shipping data recorded on a bar code.
 Quantities shipped and prices entered in system and

flowed to invoicing program; invoices transmitted to
purchasing organization
Electronic Data Exchange
 Manufacturer ships order.
 Shipment notice EDI transaction sent
 Purchasing organization receives packages, scans bar
code, and compares data to invoices actual items received.
 Payment approval transferred electronically.
 Bank transfers funds from purchaser to supplier’s account

using electronic fund transfer (EFT).
 EDI Standards
 EDI requires companies to agree on standards
 Compatible hardware and software
 Agreed upon electronic form format
 Established EDI standards

 Automotive Industry Action Group (AIAG)
 X.12 de facto umbrella standard in U.S. and Canada
 EDI for Administration, Commerce, and Trade
(EDIFACT) umbrella of standards in Europe
 How to Subscribe to EDI
 Larger companies purchase hardware and
software
 Medium and small companies seek third-
party service
 Value-addednetworking (VAN)
 Managed network services available for a
fee
 EDI on the Web
 Advantages of Web EDI
 Lower cost
 More familiar software
 Worldwide connectivity
 Disadvantages of Web EDI

 Low speed
 Poor security
 The Importance of EDI

 Need for timely, reliable data exchange in response to
rapidly changing markets
 Emergence of standards and guidelines
 Spread of information into many organizational units
 Greater reliability of information technology
 Globalization of organizations
OOAD
Object modelling
 is useful for designing computer systems, whether those
systems are to be implemented in object-oriented
languages or not. Most designs are likely to need more
than an object-oriented language, such as a database.
 Object modelling also has a use outside of the design of
computer systems. It is an excellent analysis method,
and it can be used in business process reengineering, in
social science research, or any complex environment
where it is important to capture the structure and
functionality of some world.
Why Design?
 Even the most professional programmers feel the temptation to sit down
and produce code at the earliest possible moment. Therein lie many of the
ills of the software engineering industry. Design is a process which involves
 communication
 creativity
 negotiation
 agreement
 It is a human process, to produce products for human consumption. Too
often the communication, negotiation and agreement aspects are left out.
 Object modelling provides a notation which is clear, consistent, and which
can be used to communicate within a software development team, and with
the clients and other third-parties which the team need to deal with.
Objects
 We begin at the beginning. The world is made of objects. Just open
your eyes and ears. They are out there. Bank customers, students,
cats, elephants, cars, balls of string, atoms, molecules, tubs of ice
cream, Madonna, stars, bureaucrats, Robin Hood. The world is built
of objects. Objects are built of smaller objects, and so ad infinitum.
Objects combine to make bigger objects. We already live in an
object-oriented world.
 The first thing an object analyst must do is to remove the scales
from his or her eyes. Object modelling consists of looking for
objects. Of course, there has to be some boundary. Even sitting at
ones desk one can see more objects than one could reasonably list.
But that is where the beauty of object modelling comes in. It uses
observation.
Objects
Objects can be described by their attributes and operations. Attributes are
the changeable characteristics of an object. Cats have colour, size and
weight. Operations are the things an object does or can have done to it.
Cats can catch mice, eat, miaow, worm up to owners, and be stroked. In our
notation we draw an object such as a cat like this.
The name is shown at the top. The attributes are listed underneath.
The operations are listed below that. Actually, strictly speaking, this
is a class diagram. But we will explain that later.
In an object model, all data is stored as attributes of some object. The
attributes of an object are manipulated by the operations. The only way
of getting at the attributes is through an operation. Attributes may
sometimes be objects in their own right (more of that later).
In an object model, all functionality is defined by operations. Objects
may use each others operations, but the only legal way one object can
manipulate another object is through an operation. An operation may
inform, say "mass of ball", or change the state of an object, say "throw
ball".
Object modelling is about finding objects, their attributes and their
operations, and tying them together in an object model. Nothing more.
Here are some more objects:
Objects
Objects
 Do not be constrained to be those dull systems that most software
engineers drag out. Object modelling can be used to design lots of
things. The trick comes in knowing what objects are appropriate,
and what their appropriate attributes and operations are.
 Remember entity-relationship models having a notion of entity.
These are really objects. All we are doing in object modelling is
relabelling entity modelling. However, we put the emphasis on
capturing and grouping together both functions and data (operations
and attributes in our terminology). That is the elegant simplicity of
object modelling. object models look remarkably like entity-
relationship models.
 We will now look one powerful way of arranging objects - inheritance
hierarchies.
Inheritance
 Often we will find that there are objects which

have something in common. It is then useful
to create an abstract object which groups
together the common features, and to use
inheritance to define the original objects.
Inheritance
Inheritance
 Designing complex class hierarchies takes time and
good design requires experience. But the basic
principles outlined above, with some intuitive guidelines,
are the basis for the design of good, re-usable designs.
 Re-use can be viewed from two directions. Components
can be re-used, which is a sort of bottom-up approach to
re-use. Or designs can be re-used. Both elements are
important in the production of re-usable software.
 Experience shows that describing things using
hierarchies is an easy and comprehensive way of
communicating both structure and functionality.
Relationships and
Object Models
Aggregation
 We can make up objects our of other objects.

This is known as aggregation. The behaviour
of the bigger object is defined by the
behaviour of its component parts, separately
and in conjunction with each other. Here is a
simple example of a juggler:
Ethics and Security
What Do We Know?
 Cyber attacks immediately follow physical

attacks
 Cyber attacks are increasing in volume,
sophistication, and coordination
 Cyber attackers are attracted to high-value
targets
 Many, if not most, targets would probably be
commercial computer and communications
systems
Cyberwar Strategies
 The basic elements are:

 Hacking
 Virus writing
 Electronic snooping
 Old-fashioned human spying
 Mass disruption can be unleashed over
the internet, but
 Attackers first must compromise private
and secure networks
InfoWarriors are not Scrip Kiddies
 Funded by foreign military organizations and
terrorist groups
 Likely to have more people and deeper pockets
 Can devote more resources – people and time
 They can crack systems that might withstand casual
assault
 Likely to be more experienced
 Will use more sophisticated tactics
 Serious IW attackers would not reveal their
activities until it is absolutely necessary
Commercial Sector a Key Target
 Communication systems
 News organizations
 Telephony suppliers
 Corporations
 Component suppliers (boots, food, radios, etc.)
 Civilian consulting companies
 Financial institutions
 Government funds tied up in commercial banks
 Healthcare industry
 Pharmacies, hospitals, clinics
 Drug companies (vaccines, antibiotics)
But Companies Not the Only
Targets
 Power grids
 For 11 days in Feb 2001, a development server at cal-
ISO electricity exchange was left connected to the
internet and was being quietly hacked
 Transportation systems
 “A foreign adversary could significantly hinder U.S.
Forces in reaching, say, the Persian gulf or Taiwan
straits by attacking the computers at commercial harbor
facilities used to ship ammunition or the air traffic
control system that would be needed to support and
airlift personnel and supplies” (Bruce Berkowitz)
 Water authorities
Why Use Cyber Warfare?
 Low barriers to entry – laptops cost a lot less

than tanks
 Complex societies are dependent on
computers and networks
 Computer disruption has economic, logistical,
and emotional effect
 Paralysis caused by computer outages levels
the playing field for less-well-equipped
countries
What Can We Do?
 Go on the defensive now
 Educate senior management on risks of cyberwarfare
 Make infosec a top priority
 Beef up your security technology
 Insist on flawless execution: compliance to security
standards in all areas
 Work with other companies, government
agencies
Some Specifics:
Be Prepared
 Maintain high alert & vigilance
 Update OS and applications regularly
 Enforce strong passwords
 “Lock down" systems
 Keep anti-virus software installed and up-to-
date
 Employ intrusion detection systems and
firewalls
Sources of Threats
 Three sources of security problems are: human error

and mistakes, malicious human activity, and natural
events and disasters.
 Human errors and mistakes include accidental

problems caused by both employees and
nonemployees.
 An example is an employee who misunderstands operating
procedures and accidentally deletes customer records.
 This category also includes poorly written application
programs and poorly designed procedures.
Sources of Threats (Continued)
 The second source of security problems is malicious

human activity.
 This category includes employees and former employees who
intentionally destroy data or other systems components.
 It also includes hackers who break into a system and virus
and worm writers who infect computer systems.
 Malicious human activity also includes outside criminals who
break into a system to steal for financial gain; it also includes
terrorism.
Sources of Threats (Continued)
 Natural events and disasters are the third source of

security problems.
 This category includes fires, floods, hurricanes, earthquakes,
tsunamis, avalanches, and other acts of nature.
 Problems in this category include not only the initial loss of
capability and service, but also losses stemming from actions
to recover from the initial problem.
Problem Types
 Five types of security problems are:

 Unauthorized data disclosure
 Incorrect data modification
 Faulty service
 Denial of service
 Loss of infrastructure
Unauthorized Data Disclosure
 Unauthorized data disclosure can occur by human
error when someone inadvertently releases data in
violation of a policy.
 An example at a university would be a new department
administrator who posts student names, numbers, and
grades in a public place.
 The popularity and efficacy of search engines has
created another source of inadvertent disclosure.
 Employees who place restricted data on Web sites

that can be reached by search engines may
mistakenly publish proprietary or restricted data over
the Web.
Unauthorized Data Disclosure (Continued)
 Pretexting occurs when someone deceives by

pretending to be someone else.
 A common scam involves a telephone caller who pretends to
be from a credit card company and claims to be checking the
validity of credit card numbers.
 Phishing is a similar technique for obtaining

unauthorized data that uses pretexting via email.
 The phisher pretends to be a legitimate company and sends
an email requesting confidential data, such as account
numbers, Social Security numbers, account passwords, and
so forth.
 Spoofing is another term for someone pretending to

be someone else.
 If you pretend to be your professor, you are spoofing your
professor.
 IP spoofing occurs when an intruder uses another

site’s IP address as if it were that other site.
 Email spoofing is a synonym for phishing.

 Sniffing is a technique for intercepting computer
communications.
 With wired networks, sniffing requires a physical connection
to the network.
 With wireless networks, no such connection is required.
 Drive-by sniffers simply take computers with wireless
connections through an area and search for unprotected
wireless networks.
 Even protected wireless networks are vulnerable.
 Other forms of computer crime include breaking into

networks to steal data such as customer lists, product
inventory data, employee data, and other proprietary
and confidential data.
Incorrect Data Modification
 Incorrect data modification can occur through human

error when employees follow procedures incorrectly or
when procedures have been incorrectly designed.
 Examples include incorrectly increasing a customer’s
discount or incorrectly modifying an employee’s salary.
 Hacking occurs when a person gains unauthorized

access to a computer system.
 Examples include reducing account balances or causing the
shipment of goods to unauthorized locations and customers.
Faulty Service
 Faultyservice includes problems that result

because of incorrect system operation.
 Faulty service could include incorrect data

modification, as previously described.
 Italso could include systems that work

incorrectly, by sending the wrong goods to the
customer or the ordered goods to the wrong
customer, incorrectly billing customers, or
sending the wrong information to employees.
Faulty Service (Continued)
 Usurpation occurs when unauthorized programs

invade a computer system and replace legitimate
programs.
 Faulty service can also result from mistakes made

during the recovery from natural disasters.
Denial of Service
 Human error in following procedures or a lack of

procedures can result in denial of service.
 For example, humans can inadvertently shut down a Web
server or corporate gateway router by starting a
computationally intensive application.
 Denial-of-service attacks can be launched maliciously.

 A malicious hacker can flood a Web server, for example, with
of millions of bogus services requests that so occupy the
server that it cannot service legitimate requests.
 Natural disasters may cause systems to fail, resulting in
denial of service.
Loss of Infrastructure
 Human accidents can cause loss of infrastructure.

 Examples are a bulldozer cutting a conduit of fiber-optic
cables and the floor buffer crashing into a rack of Web
servers.
 Theft and terrorist events also cause loss of infrastructure.
A disgruntled, terminated employee can walk off
with corporate data servers, routers, or other
crucial equipment.
 Natural disasters present the largest risk for
infrastructure loss.
 A fire, flood, earthquake, or similar event can destroy data
centers and all they contain.
The Security Program
 A security has three components:

 Senior management involvement:
 Senior management must establish the security policy
This policy sets the stage for the organization to

respond to threats.
 Senior management must manage risk by balancing the
costs and benefits of the security program.
 Safeguards of various kinds.

 Safeguards are protections against security threats.
 Safeguards involve computer hardware and software,
data, procedures and people.
The Security Program (Continued)
 A security has three components: (continued)

 Incident response
 A security program consists of the organization’s
planned response to security incidents.
Security Elements
 When you manage a department, you have the

responsibility for information security in that
department, even if no one tells you that you do.
 Security can be expensive.

 Computer security should have an appropriate cost-benefit
ratio.
 Cost can be direct, such as labor costs; and they can be
intangible, such as employee or customer frustration
 Managers should assign specific tasks to specific

people or specific job functions.
Security Elements (Continued)
 There is no magic bullet for security.
 Security is a continuing need, and every company

must periodically evaluate its security program.
 Social factors put some limits on security programs.

Security Policy
 A security policy has three elements:

 A general statement of the organization’s security program.
 Management specifies the goals of the security program
and the assets to be protected.
 A department is designated for managing the
organization’s security program and documents.
 Issue-specific policy
 For example, management might formulate a policy on
personal use of computers at work and email privacy.
Security Policy (Continued)
 A security policy has three elements: (continued)

 System-specific policy is concerned with specific information
systems.
 For example, what customer data from the order entry
system will be sold or shared with other organizations?
Risk Management
 Risk is the likelihood of an adverse occurrence.
 Management cannot manage threats directly, but it

can manage the likelihood that threats will be
successful.
 Companies can reduce risks, but always at a cost.
 Uncertainty refers to the things we don’t know that we

don’t know.
Risk-Management Decisions
 After reviewing the risk assessment, senior

management must decide what to do.
 Companies can protect some assets by use of

inexpensive and easily implemented safeguards.
 Installing virus protection software is an example.
 Some vulnerability is expensive to eliminate, and

management must determine if the costs of the
safeguard are worth the benefit of probable loss
reduction.
Technical Safeguards
Identification and Authentication
 Every information system today should require users

to sign in with a user name and password.
 The user name identifies the user (the process of

identification), and the password authenticates the
user (the process of authentication)
Smart Cards
 A smart card is a plastic card similar to a credit card,

which has a microchip.
 The microchip is loaded with identifying data.

Biometric Authentication
 Biometric authentication uses personal

physical characteristics such as fingerprints,
facial features, and retinal scans to
authenticate users.
 Biometric authentication provides strong

authentication, but the required equipment is
expensive.
 Biometric authentication is in the early stages

of adoption.
Single Sign-on for Multiple Systems
 Today’s operating systems have the capability to

authenticate you to networks and other servers.
 You sign on to your local computer and provide

authentication data; from that point on, your operating
system authenticates you to another network or
server, which can authenticate you to yet another
network and server, and so forth.
 A system called Kerberos authenticates users without

sending their passwords across the computer network.
Wireless Access
 Drive-by sniffers can walk or drive around business or

residential neighborhoods with a wireless computer
and locate dozens, or even hundreds, of wireless
networks.
 The IEEE 802.11 Committee, the group that develops

and maintains wireless standards, first developed a
wireless security standard called Wired Equivalent
Privacy (WEP).
Wireless Access (Continued)
 Unfortunately, WEP was insufficiently tested before it

was deployed, and it has serious flaws.
 The IEEE 802.11 committee developed improved

wireless security standards known as WPA (Wi-Fi
Protected Access) and a newer, better version,
called WPA2.
 Only newer wireless devices can use these techniques.
Encryption
 Senders use a key to encrypt a plaintext

message and then send the encrypted
message to a recipient, who then uses a key to
decrypt the message.
 Withsymmetric encryption, both parties use

the same key.
 Withasymmetric encryption, the parties use

two keys, one that is public and one that is
private.
Encryption (Continued)
 Secure Socket Layer (SSL) is a protocol that uses

both asymmetric and symmetric encryption.
 With SSL, asymmetric encryption transmits a

symmetric key. Both parties then use that key for
symmetric encryption for the balance of that session.
 SSL version 1.0 had problems, most of which were

removed in version 3.0, which is the version Microsoft
endorsed.
 A later version, with more problems fixed, was renamed
Transport Layer Security (TLS).
Figure 11-6 Basic Encryption Techniques
Digital Signatures
 Digital signatures ensure that plaintext messages

are received without alterations.
 The plaintext message is first hashed.

 Hashing is a method of mathematically manipulating the
message to create a string of bits that characterize the
message.
 The bit string, called the message digest, has a specified,
fixed length, regardless of the length of the plaintext.
 Hashing is a one-way process.
 Hashing techniques are designed so that if someone changes
any part of a message, rehashing the changed message will
create a different message digest.
Digital Signatures (Continued)
 Authenticationprograms use message digests

to ensure that plaintext messages have not
been altered.
 The idea is to create a message digest for the
original message and send the message and the
message digest to the receiver.
 The receiver hashes the message it received and
compares the resulting message digest to the
message digest that was sent with the message.
 Ifthe two message digests are the same, then
the receiver knows that the message was not
altered.
Digital Certificates
 When using public keys, a message recipient must

know that it has the true party’s public key.
 To solve this problem, trusted, independent third-party

companies, called certificate authorities (CAs),
supply public keys
 Thus, for your browser to obtain the public key for

Bank of America, either to conduct a secure session
using SSL/TLS or to authenticate a digital signature,
your browser will obtain Bank of America’s public key
from a certificate authority.
Digital Certificates (Continued)
 Your browser will receive a digital certificate from the

CA that contains among other data, the name of Bank
America and Bank of America’s public key.
 Your browser will verify the name and then use that public
key.
 The CA signs the digital certificate with its digital

signature.
Firewalls
A firewall is a computing device that prevents

unauthorized network access. It can be a
special-purpose computer or a program on a
general-purpose computer or on a router
 Organizations normally use multiple firewalls.

 A perimeter firewall sits outside the organization
network; it is the first device that Internet traffic
encounters.
 Some organizations employ internal firewalls
inside the organizational network in addition to the
perimeter firewall.
Firewalls (Continued)
 A packet-filtering firewall examines each packet and

determines whether to let the packet pass.
 Packet-filtering firewalls can prohibit outsiders from

starting a session with any user behind the firewall.
 They can also disallow traffic from particular sites, such as
known hacker addresses.
 They can also prohibit traffic from legitimate, but unwanted
addresses, such as competitors’ computers.
 Firewalls can filter outbound traffic as well.

Firewalls (Continued)
 A firewall has an access control list (ACL), which

encodes the rules stating which packets are to be
allowed and which are to be prohibited.
 No computer should connect to the Internet without

firewall protection.
 Many ISPs provide firewalls for their customers.

Use of Multiple Firewalls
Malware Protection
 The term malware has several definitions.
 Our focus will be on the broadest one: malware is

viruses, worms, Trojan horses, spyware, and adware.
Spyware and Adware
 Spyware programs are installed on the user’s

computer without the user’s knowledge.
 Spyware resides in the background and, unknown to

the user, observes the user’s actions and keystrokes,
monitors computer activity, and reports the user’s
activities to sponsoring organizations.
Spyware and Adware (Continued)
 Adware is similar to spyware in that it is installed

without the user’s permission and resides in the
background and observes user behavior.
 Most adware is benign in that it does not perform

malicious acts or steal data.
 Adware produces pop-up ads and can also change

the user’s default window or modify search results and
switch the user’s search engine.
Malware Safeguards
 Install
antivirus and antispyware programs on
your computer.
 Setup your anti-malware programs to scan

your computer frequently.
 Update malware definitions.
 Open email attachments only from known

sources.
Malware Safeguards (Continued)
 Promptly install software updates from legitimate

sources.
 Browse only in reputable Internet neighborhoods.

Malware Is a Serious Problem
 America Online (AOL) and the National Cyber Security

Alliance conducted a malware study using Internet
users in 2004.
 They asked the users a series of questions and then,

with the users permission, they scanned the users
computers to determine how accurately the users
understood malware problems on their own
computers.
Malware Survey Results
Data Safeguards
 Data safeguards are measures used to protect

databases and other organizational data.
.
 The organization should protect sensitive data
by storing it in encrypted form.
 Such encryption uses one or more keys in ways
similar to that described for data communication
encryption.
 Backupcopies of the database contents should

be made periodically.
Data Safeguards (Continued)
 The organization should store at least some of the

database backup copies off premises, possibly in a
remote location.
 IT personnel should periodically practice recovery, to

ensure that the backups are valid and that effective
recovery procedures exist.
 The computers that run the DBMS and all devices that
store database data should reside in locked,
controlled-access facilities.
Human Safeguards–Position Definitions
 Effective human safeguards begin with definitions of

job tasks and responsibilities.
 Given appropriate job descriptions, user accounts

should be defined to give users the least possible
privilege needed to perform their jobs.
 The security sensitivity should be documented for

each position.
Human Safeguards–Hiring and Screening
 Security considerations should be part of the hiring

process.
 When hiring for high-sensitive positions, however,

extensive screening interviews, references, and high
background investigations are appropriate.
 This also applies to employees who are promoted into
sensitive positions.
Human Safeguards–Dissemination and Enforcement
 Employees need to be made aware of the security

policies, procedures, and responsibilities they will
have.
 Employee security training begins during new-

employee training with the explanation of general
security policies and procedures.
 Enforcement consists of three interdependent factors:

responsibility, accountability, and compliance.
Human Safeguards–Termination
 Companies must establish security policies and

procedures for the termination of employees.
 Standard human resources policies should ensure

that system administrators receive notification in
advance of the employee’s last day, so that they can
remove accounts and passwords.
 The need to recover keys for encrypted data and any

other special security requirements should be part of
the employee’s out-processing.
Security Policy for In-House Staff
Human Safeguards for Nonemployee Personnel
 Business requirements may necessitate

opening information systems to nonemployee
personnel-temporary personnel, vendors,
partner personnel (employees of business
partners), and the public.
 In the case of temporary, vendor, and partner

personnel, the contracts that govern the activity
should call for security measures appropriate to
the sensitivity of the data and IS resource
involved.
Human Safeguards for Nonemployee Personnel (Continued)
 Companies should require vendors and

partners to perform appropriate screening and
security training.
 The best safeguard from threats from public

users is to harden the Web site or other facility
against attack as much as possible.
 Hardening a site means to take extraordinary

measures to reduce a system’s vulnerability.
Human Safeguards for Nonemployee Personnel (Continued)
 Hardened sites use special versions of the operating

system, and they lock down or eliminate operating
systems features and functions that are not required
by the application.
Account Administration
 The administration of user accounts, passwords, and

help-desk policies and procedures are important
components of the security system.
Account Management
 Account management concerns the creation of new

user accounts, the modification of existing account
permissions, and the removal of unneeded accounts.
 Information system administrators perform all of these

tasks, but account users have the responsibilities to
notify the administrators of the need for these actions.
Password Management
 Passwords are the primary means of authentication.
 Passwords are important not just for access to the user’s

computer, but also for authentication to other networks
and servers to which the user may have access.
 Because of the importance of passwords, NIST

recommends that employees be required to sign
statements known as account acknowledgement forms.
Password Management (Continued)
 When an account is created, users should immediately

change the password they are given to a password of
their own.
 Well-constructed systems require the user to change the

password on first use.
 Some systems will require a password change every 3

months or perhaps more frequently.
Help-Desk Policies
 Many systems give the help-desk representative a

means of authenticating the user.
 Typically, the help-desk information system has answers

to questions that only the true user would know such as:
 User’s birthplace
 Mother’s maiden name
 Last four digits of an important account number
System Procedures
System Procedures
 Procedures exist for both users and operations

personnel.
 For each type of user, the company should develop

procedures for normal, backup, and recovery operations.
 Normal-use procedures should provide safeguards

appropriate to the sensitivity of the information system.
System Procedures (Continued)
 Backup procedures concern the creation of backup data

to be used in the event of failure.
 Where as operations personnel have the responsibility

for backing up system databases and other systems
data, departmental personnel have the need to back up
data on their own computers.
 Systems analysts should develop procedures for system

recovery.
System Monitoring
 Important monitoring functions are activity log

analyses, security testing, and investigating and
learning from security incidents.
 Many information system programs produce

activity logs.
 Firewalls produce logs of their activities, including lists
of all dropped packets, infiltration attempts, and
unauthorized access attempts from within the firewall.
 DBMS products produce logs of successful and failed
log-ins.
System Monitoring (Continued)
 Web servers produce voluminous logs of Web

activities.
 Theoperating systems in personal computers

can produce logs of log-ins and firewall activities.
 An important security function is to analyze

activity logs for threats patterns, successful and
unsuccessful attacks, and evidence of security
vulnerabilities.
System Monitoring (Continued)
 Companies should test their security programs.

 Both in-house personnel and outside security
consultants should conduct such testing.
 Security incidents need to be investigated.
 New technology changes the security landscape,

and new threats arise.
 Security, like quality, is an ongoing process.

Disaster Preparedness
 The best safeguard against disaster is appropriate

location.
 If possible, place computing centers, Web farms, and

other computer facilities in locations not prone to floods,
earthquakes, hurricanes, tornados, or avalanches.
 Even in these locations, place infrastructure in unobtrusive
buildings, basements, backrooms, and similar locations well
within the physical perimeter of the organization.
 Locate computing infrastructure in fire-resistant buildings
designed to house expensive and critical equipment.
Disaster Preparedness (Continued)
 Even at a good location, disasters do occur.
 Some businesses prepare backup processing centers in

locations geographically removed from the primary
processing site.
 Organizations create backups for the critical resources at

the remote processing centers.
Disaster Preparedness (Continued)
 Hot sites are remote processing centers run by

commercial disaster-recovery services.
 For a monthly fee, they provide all the equipment needed to
continue operations following a disaster.
 Cold sites provide office space, but customers

themselves provide and install the equipment needed to
continue operations.
 Preparing a backup facility is very expensive; however,

the costs of establishing and maintaining that facility are
a form of insurance.
Incident Response
 Every organization should have an incident-response

plan as part of the security program.
 No organization should wait until some asset has been

lost or compromised before deciding what to do.
 The plan should include how employees are to respond

to security problems:
 Whom they should contact
 The reports they should make
 The steps they can take to reduce further loss
Incident Response (Continued)
 The plan should provide centralized reporting of all

security incidents.
 The incident-response plan should identify critical

personnel and their off-hours contact information.
Summary
 Computer threats come from human errors and

mistakes, malicious human activity, and natural
disaster.
 Five types of security problems are unauthorized data

disclosure, incorrect data modification, faulty service,
denial of service, and loss of infrastructure.
 Management has two critical security functions:

establishing a security policy and managing security
risk.
Summary (Continued)
 A security policy consists of a program policy

statement (why, what, who, and how), an issue-
specific policy, and a systems-specific policy.
 Risk is the likelihood of an adverse occurrence.
 Management must assess assets, threats,

safeguards, vulnerability, consequences, likelihood,
and probable loss to decide what security safeguards
to implement.
Summary (Continued)
 Safeguards are classified into technical, data, and

human categories.
 Disaster preparedness safeguards include asset

location, identification of mission-critical systems, and
the preparation of remote backup facilities.
 Organizations should prepare for security incidents

ahead of time by developing a plan, ensuring
centralized reporting, defining responses to specific
threats, and practicing the plan.
Problem Solving Guide–Testing Security
 The combination of bias and dissimilar worldviews

means that security systems cannot be tested by the
people who build them, or at least not only by the
people who built the system.
 Therefore, many companies hire outsiders to test the

security of their systems.
 White hat hackers are people who break into networks

for the purpose of helping the organization that
operates the network.
Problem Solving Guide–Testing Security (Continued)
 White-hat hackers report the problems they find and
suggest solutions-or at least they are supposed to.
 A second problem concerns results:

 “Never ask a question for which you don’t want the answer”
 If the problems found are severe and widespread, they may be
too expensive to fix
 Or, they may require more attention than management is able
to supply
Security Guide–Metasecurity
 Metasecurity is security about security

 “How do we secure the security system?”
 The accounting profession has dealt with some of these

problems for decades and has developed a set of
procedures and standards know as accounting
controls.
 In general, these controls involve procedures that provide
checks and balances, independent reviews of activity logs,
control of critical assets, and so forth.
 Properly designed and implemented, such controls will catch the
help-desk representative performing unauthorized account
transfers.
Security Guide–Metasecurity (Continued)
 Many computer networks threats are new, proper

safeguards are under development, and some threats
are not yet known.
 The safeguards for some problems have unexpected
consequences.
 Ironically, the answers for many metasecurity problems

lie in openness.
 Encryption experts generally agree that any encryption algorithm
that relies on secrecy is ultimately doomed, because the secret
will get out.
Security Guide–Metasecurity (Continued)
 WEP was unwisely deployed before it was tested, and

thousands upon thousands of wireless networks are
vulnerable as a result.
 Hardware and software are only part of the problem.
 Metasecurity extends to the data, procedures, and

people components as well.
Ethics Guide–Security Privacy
 Some organizations have legal requirements to protect
the customer data they collect and store, but the laws
may be more limited than you think:
 Gramm-Leach-Bliley (GLB) Act
 Privacy Act of 1974
 Health Insurance Portability and Accountability Act
(HIPAA)
 Most consumers would say, however, that online

retailers have an ethical requirement to protect a
customer’s credit card.
Ethics Guide–Security Privacy (Continued)
 What requirements does your university have on the

data it maintains about you?
 State Law or university policy may govern those records.
 What you write is no longer your personal data; it belongs to
the academic community.
 You can ask your professor what she intends to do with your
coursework, emails, and office conversations, but none of
those data are protected by law.
Business Intelligence
Business intelligence tools
 Spreadsheets
 Reporting and querying software - are tools
that extract, sort, summarize, and present
selected data
 OLAP
 Digital Dashboards
 Data mining
 Process mining
 Business performance management
Data warehouse
Operational database layer
 The source data for the data warehouse - An
organization's ERP systems fall into this
layer.
Data warehouse Contd.
Informational access layer

 The data accessed for reporting and
analyzing and the tools for reporting and
analyzing data - Business intelligence tools
fall into this layer.
Data access layer

 The interface between the operational and
informational access layer - Tools to extract,
transform, load data into the warehouse fall
into this layer.
Metadata layer
 The data directory - This is often usually
more detailed than an operational system
data directory. There are dictionaries for the
entire warehouse and sometimes dictionaries
for the data that can be accessed by a
particular reporting and analysis tool.
Dimension (data warehouse)

 A data warehouse dimension provides the means to "slice and
dice" data in a data warehouse. Dimensions provide structured
labeling information to otherwise unordered numeric measures.
For example, "Customer", "Date", and "Product" are all
dimensions that could be applied meaningfully to a sales receipt.
A dimensional data element is similar to a categorical variable in
statistics.
 The primary function of dimensions is threefold: to provide
filtering, grouping and labeling. For example, in a data
warehouse where each person is categorized as having a gender
of male, female or unknown, a user of the data warehouse would
then be able to filter or categorize each presentation or report by
either filtering based on the gender dimension or displaying
results broken out by the gender.

Preparationppt It4biz

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Preparationppt It4biz

Uploaded by

Copyright:

Available Formats

IT for Business

 Coordinates telecommunications and resource

 Solid performance at a reasonable price

 Cellular and PCS phones

 Telephone-based home email appliances

 High transaction processing

 Handles complex computations

 Widely used as superservers for…

 High-volume Internet websites

 Becoming a popular computing platform for…

 Electronic commerce applications

 Massive numeric computations

 Uses parallel processing

 Keyboards, touch screens, pens, electronic

 Microseconds (millionths of a second)

 Picoseconds (trillionth of a second)

 Program instruction processing speeds

 Gigahertz (billions of cycles per second)

 Commonly called the “clock speed”

 Use of high-speed cache memory

 Use of specialized microprocessor, such as math

 Are all online devices

 Used in Tablet PCs and PDAs

 Recognizing speech patterns

 Continuous speech recognition software (CSR) recognized

 Passes recognized words to the application software

 Typically requires voice recognition training

 Speaker-independent voice recognition systems

 A document management library system

 Larger, more expensive flatbed scanners are faster and provide

 Used to real merchandise tags, sort mail, score tests

 Optical scanning wands read bar codes

 Use more in Europe than in the U.S.

 Magnetic Ink Character Recognition (MICR)

 Requires an iron oxide-based ink

 Reader-sorter equipment magnetizes the ink, then passes it under

 Liquid crystal displays (LCDs)

 Active matrix and dual scan

 Laser printers use an electrostatic process similar

 On represents the number 1

 Off represents the number 0

 Data are processed and stored in computer systems

 Smallest element of data

 Either zero or one

 Represents one character or number

 Each storage position has a unique address and can be accessed

 Must be accessed in sequence by searching through prior data

 Microelectronic semiconductor memory chips are

 Read-Only Memory (ROM)

 Can be read, but not overwritten

 Frequently used programs burnt into chips during

 Sometimes referred to as a jump drive

 Plugs into any USB port

 Types of Magnetic Disks

 Magnetic disk inside a plastic jacket

 Capacity from several hundred MBs to

 Provides virtually unlimited online storage

 Combines from 6 to more than 100 small hard disk

 Storage of scanned documents

 Catalogs, directories, and so on

 Interactive multimedia applications

 Software -a general term for the various