Julianne's MIS Blog

Chapter 10: Information Systems Security

Q10-1: What is the goal of information systems security?

Trade-off between security and freedom / cost and risk
The IS security threat/loss scenario

Threat - person or organization, without owner's permission or knowledge, seeking to obtain or alter data or other IS assets illegally
Vulnerability - opportunity for threats to obtain access to organizational or individual assets
Safeguard - some measure taken to block the threat from obtaining the asset > not always effective
Target - asset that the threat desires

What are the sources of threats?

Human errors and mistakes - employees / non-employees accidental
Computer crime - employees / non-employees intentional destroy
Natural events & disasters - fires, floods, earthquake etc.

What types of security loss exist?

Unauthorized data disclosure

Pretexting - when someone pretends to be someone else and deceives; e.g. they pretend to be credit card company
Phishing - pretexting via email to obtain unauthorized data

Phisher - sends an email pretending to be a legit company, requesting confidential data

Spoofing - someone pretending to be someone else, e.g. pretending to be mom for phone bill

IP spoofing - when an intruder masquerades as another site by using another site's IP address
Email spoofing - synonym for phishing

Sniffing - intercepting computer communications; need physical connection to network if wired networks

Wardrivers - search for unprotected wireless networks and take computers with wireless connections through an area

Hacking - stealing data such as customer lists, product inventory data, employee data, and other proprietary and confidential data by breaking into computers, servers, or networks

Incorrect data modification
Faulty service

Usurpation - when computer criminals invade computer system & replace legit programs with own, unauthorized ones to shut down legit apps and substitute their own processing to spy, steal, and manipulate data

Denial of service (DoS) - human error in following procedures or a lack of procedures
Loss of infrastructure

Advanced Persistent Threat (APT) - when large, well-funded organizations such as governments engage in sophisticated, long-running computer hack

Q10-2: How big is the computer security problem?

We don't know full extent of financial and data losses due to computer security threats
Losses due to natural disasters are enormous and impossible to compute
No one knows that cost of computer crime & all studies are based on surveys
6 most expensive types of computer crime:

Denial of service
Malicious insiders
Web-based attacks
Malicious code
Phishing & Social Engineering
Stolen devices

Q10-3: How should you respond to security threats?

Intrusion detection system (IDS) - computer program that sense when another computer is attempting to scan or access a computer or network
Brute force attack - password cracker tries every possible combination of characters
Cookies - when you visit Web sites, small files are received by your browser
Create strong passwords / create multiple
Send no valuable data via email or IM
Use https at trusted, reputable vendors
Clear browsing history, temporary files, and cookies
So what? Black Hat

Show how to exploit weaknesses in hardware, software, protocols, or systems from smartphones to ATMs
Serve as education forum for hackers, developers, manufactures, gov't
Dan Geer recommends:

Mandatory reporting of security vulnerabilities
Make software venders liable for damage their code causes after abandoned, or users allowed to see/have source code.
ISP liable for harmful, inspected content
Right to be forgotten - appropriate and advantageous
End-to-End Encrypted Email

Q10-4: How should organizations respond to security threats?

Senior management created company-wide policies:

What sensitive data will be stored?
How data processed?
Will data be shared?
Can employees / others obtain copies of data stored about them?
Can employees / others request changes to inaccurate data?

Senior management can't eliminate risk so > manages risk

Q10-5: How can technical safeguard protect against security threats?

Technical safeguards - involve the software and hardware components of an IS; primary safeguards include:

Identification and authentication

Identification - username identifies the user
Authentication - password authenticates that user
Smart cards - similar to credit card, plastic card that has a microchip, which holds far more data than magnetic strip

Personal identification number (PIN) - required by smart cards to be authenticated

Biometric authentication - uses fingerprints, facial features, and retinal scans (personal physical characteristics) to authenticate users

Encryption

Encryption - secure storage or communication by transforming clear text into coded, unintelligible text
Encryption algorithms - procedures for encrypting data
Key - encrypting data using a string a bits

Symmetric encryption - same key used to encode & decode
Asymmetric encryption - two keys are used, 1 encode & 1 decode

Public key encryption - used on the Internet, special asymmetrical encryption

https - protocol for most secure communication over the Internet
Secure Sockets Later (SSL) / Transport Layer Security (TLS) - protocol for encrypting data > uses a combo of public key encryption and symmetric encryption

Firewalls

Firewalls - computing device that prevents unauthorized network access
Perimeter firewall - sits outside the organizational network
Internal firewall - Inside organizational network
Packet-filtering firewall - examines each part of the message and determines whether to let that part pass; examines source address, destination address, and other data

Malware protection

Malware - Viruses, spyware, and adware that is a broad category of software
Virus - computer program that replicates itself
Payload - delete programs or data OR modify data in undetected ways
Trojan horses - viruses that masquerade as useful programs or files
Worm - virus that self-propagates using Internet or other computer network
Spyware - programs installed on you just computer without their knowledge or permission
Adware - also installed without user permission and resides in background observing user behavior
Ransomware - malicious software that blocks access to system or data until money is paid to the attacker

Design for secure applications
Malware Types and Spyware/Adware Symptoms

Slow system startup
Sluggish system performance
Pop-up advertisements
Suspicious browser homepage changes
Suspicious changes to taskbar and other system interfaces
Unusual hard-disk activity

Design for Secure Applications

SQL injection attack - User enters SQL statement into a form instead of a name or other data

SQL code becomes part of database commands issued
Improper data disclosure, data damage and loss possible

Q10-6: How can data safeguards protect against security threats?

Data safeguards - protect databases another organizational data

Define data policies
Data rights and responsibilities
Rights enforced by user accounts authenticated by passwords
Data encryption
Backup and recovery procedures
Physical Security

Data administration - organization-wide function in charge of developing their policies and enforcing data standards
Database administration - function that pertains to a particular database
Key escrow

Q10-7: How can human safeguards protect against security threats?

Human safeguards - procedure components and people of information systems; for employees:

Position definition
Hiring and screening
Dissemination and enforcement
Termination

Human safeguards for non-employee personnel

Temporary personnel, vendors, partner personnel (employees of business partners and the public > appropriate screening and security training

Provide accounts and passwords with least privilege and remove accounts as soon as possible

Hardening - taking extraordinary measures to reduce a system's vulnerability

Account administration

Account management - standards for new user accounts, modification of account permissions, removal of unneeded accounts
Password management - Users change passwords frequently
Help-desk policies - provides means of authenticating users

Systems procedures

Normal operation - Use the system to perform job tasks with security appropriate to sensitivity
Backup - Prepare for loss of system functionality
Recovery - Accomplish job tasks during failure. Know tasks to do during system recovery

Security monitoring

Honeypots - false targets for computer criminals to attack, created by companies

Q10-8: How should organizations respond to security incidents?

Factors in incident response:

Have a plan in place
Centralized reporting
Specific responses > speed, preparation, and don't make problem worse
Practice

Q10-9: 2026?

Concern about balance of national security of data privacy

PRISM - intelligence program by which National Security Agency (NSA) requested and received data about Internet activities from major Internet providers
Privacy - freedom from being observed
Security - free from danger

APTs more common
Security improved on devices and at large organizations
Strong, local "electronic" sheriffs

Chapter 9: Business Intelligence Systems

Introduction

BI systems - IS that can produce patterns, relationships, and other information from organizational structured and unstructured data + from external, purchased data

Q9-1: How do organizations use business intelligence (BI) systems?

Business Intelligence (BI) systems - identifying patterns, relationships, and trends for use by business professionals and other knowledge workers > from information systems that process operational, social, and other data

Components of BI systems / data sources: operational databases, social data, purchased data, and employee knowledge

Business Intelligence - the patterns, trends, relationships, and predictions
BI application - the BI system's software component

Analyze data through reporting, data mining, BigData, and knowledge management

How do organizations use BI? 4 Collaborative Tasks:

Project management, problem solving, deciding, and informing
Decision support systems - older term, synonym for decision-making BI systems

What are typical BI applications?

Identifying changes in purchasing patterns > important life events change what customers buy
BI for entertainment > classify customers (Netflix) by viewing patterns
Predictive policing > analyze data on past crimes, location, data, time, day of week, etc.
Just-in-time medical reporting > real-time data mining and reporting

Q9-2: What are the three primary activities in the BI process?

Acquire data

Data acquisition - obtaining, cleaning, organizing, relating, and cataloging data

Perform analysis

BI analysis - creating business intelligence
Reporting, data mining, BigData, knowledge management

Publish results

Publish results - delivering business intelligence to knowledge workers who need it
Push publishing - without any request from user, delivers BI to users
Pull publishing - user is required to request BI

Ethics Guide: Unseen Cyberazzi

Data broker or aggregator acquires / purchases consumer and other data from public records, retailers, Internet cookie vendors, social media trackers, and other sources
Data broker enable you to view data stored about you, but difficult to learn how to request your data

Q9-3: How do organizations use data warehouses and data marts to acquire data?

Data warehouses - facility that manages BI data of organization

Functions of warehouses: obtain, cleanse, organize & relate, and catalog data
Basic report and simple analysis not recommended for security and control reasons
Operational data is structured for fast and reliable transaction processing
Data warehouses include data purchased from outside sources

Data warehouse metadata database - holds metadata concerning the data

Note: BI users = specialists in data analysis vs. knowledge workers = nonspecialist users of BI results

Problems with operational data

Dirty data, missing values, inconsistent data, data not integrated, wrong granularity, too much data
Granularity - level of detail represented by the data > can be too fine or not fine enough > better to have too fine than too coarse

Data warehouses vs. Data marts

Data mart - smaller than the data warehouse, it is a data collection that addresses the needs of a particular department or functional area of the business
Data warehouse = distributor in a supply chain
Data mart = retail store in a supply chain

Q9-4: How do organizations use reporting applications?

Create meaningful information from disparate data sources & deliver information to user on time
Reporting application - inputting data from one or more sources using a BI application, and applying reporting operations to that data to produce business intelligence

Basic reporting operations: sorting, filtering, grouping, calculating, and formatting

RFM Analysis - used to analyze and rank customers according to their purchasing patterns, a technique readily implemented with basic reporting operations
Online Analytical Processing (OLAP) - more generic than RFM, second type of reporting application that provides ability to sum, count, average, and perform other simple arithmetic operations on groups of data

Measure - data item of interest
Dimension - characteristic of a measure
OLAP cube - some software product show displays using three axes
Drill down - further divide the data into more detail

Q9-5: How do organizations use data mining applications?

Data mining - finding patterns and relationships among data for classification and prediction through the application of statistical techniques
Unsupervised data mining - a model or hypothesis is not created before running the analysis, instead, a data mining application is applied to the data & the results are observed

Analysts create a hypothesis after the analysis to explain the patterns found
Cluster analysis - a common unsupervised technique that identifies groups of entities that have similar characteristics
Market-basket analysis - technique for determining sales patterns; shows products that customers tend to buy together

Cross-selling - fact that customers that buy X also buy Y
Support - probability that two items will be purchased together
Confidence - conditional probability estimate
Lift - ratio confidence to the base probability of buying an item

Supervised data mining - prior to the analysis, a model is developed and statistical techniques are applied to data to estimate parameters of the model

Regression analysis - measure the effect of a set of variables on another variable
Neural networks - second type, used to predict values and make classifications such as "good prospect" / "poor prospect" customers

Decision Tree - predicting a classification or a value through a hierarchical arrangement of criteria

Q9-6: How do organizations use BigData applications?

BigData - data collections characterized by huge volume, rapid velocity, and great variety

Are at least a petabyte in size, generated rapidly, and has structured data, free-form text, log files, graphics, audio, and video
MapReduce - technique for harnessing the power of thousands of computers working in parallel; BigData collection is broken into pieces
Hadoop - supported by the Apache Foundation, an open source program that implements MapReduce on thousands of computers

Q9-7: What is the role of knowledge management systems?

Knowledge management (KM) - creating value from intellectual capital and sharing that knowledge with employees, managers, customers, suppliers, and others who need that capital

Benefit organization by improving process quality and increasing team strength

What are expert systems?

Expert systems - encoding human knowledge, using rule-based systems, in the form of If / Then rules
Expert system shells - program that processes a set of rules
Drawbacks of Expert Systems:

Difficult and expensive to develop

Labor intensive

Difficult to maintain

Changes cause unpredictable outcomes
Constantly needs expensive changes

Don't live up to expectations

Can't duplicate diagnostic abilities of humans

What are content management systems?

Content management systems (CMS) - knowledge that is encoded in documents; information systems that support the management and delivery of documents including reports, Web pages, and other expressions of employee knowledge
Challenges: most are huge, content is dynamic, documents do not exist in isolation of each other, and document contents are perishable
CMS alternatives: in-house custom, off-the-shelf, and public search engine

How do hyper-socal organizations manage knowledge?

Hyper-social knowledge management - application of SM and related applications for management and delivery of organizational knowledge resources
Alternative media:

Rich directory - employee directory that includes organizational structure and expertise and the standard name, email, phone, and address

Resistance to knowledge sharing:

Employees reluctant to exhibit their ignorance + competition
Strong management endorsement
Strong positive feedback
"Nothing wrong with praise or cash ... esp. cash"

Q9-8: What are the alternatives for publishing BI?

Characteristics of BI Publishing Alternatives

Static reports - BI documents that are fixed at the time of creation and do not change
Dynamic reports - BI documents that are updated at the time they are requested
Subscriptions - user requests for particular BI results on a particular schedule or in response to particular events

What are the two functions of a BI server?

BI server - purpose-built, Web server application for publishing of business intelligence
Management and delivery

Q9-9: 2026?

Exponentially more info about customers + better data mining techniques
Companies able to buy & sell purchasing habits and psyche
Singularity > computer systems adapt & create own software without human assistance, machines will create info for themselves

Will we know what machines know?

Chapter 8: Social Media Information Systems

Introduction

Do you have a social media strategy? Will using social media affect their bottom line?

Q8-1: What is a social media information system (SMIS)?

Social media (SM) - using IT to support the sharing of content among a network of users
Communities (of practice) - groups of related people with a common interest
Social media information system (SMIS) - the IT that supports content sharing among network of users
Social Media is a convergence of disciplines: psychology, organization theory, marketing, MIS, computer science, and sociology
Three SMIS Roles:

Social media providers - platforms such as Facebook, LinkedIn, Instagram, etc. that enable the creation of social networks (compete for attention of users for associated advertising dollars)

Attract & target certain demographic groups
Social networks - social relationships for people with common interest

Users - both individuals & organizations using SM sites to build relationships

Organizations can be users / providers / both > hire staff to maintain SM presence, build relationships, promote products, and manage their image.
Internal platforms = wikis, blogs, and discussion boards

Communities

formed based on mutual interests > transcend geographic, familial, and organizational boundaries
Most people belong to several / many different communities
How the SM site relates the communities depend on its goals

Pure publicity = viral hook - inducement for passing communication along

SMIS Components

Hardware - mobile devices, laptops, desktops, etc. used to process SM sites
Software - mobile applications for variety of platforms: iOS, Android, Windows / Provider: applications, NoSQL, DBMS, analytics
Data

Content data - responses to data / data, contributed by users
Connection data - relationship data > like particular pages / relation to friends

Procedures - designed to be easy to learn & use > informal, evolving, and socially oriented

Organization procedures to create content, manage user responses, remove obsolete / objectionable content, and extract value

People - goals and personalities influence what people do > key users, adaptive, can be irrational

Q8-2: How do SMIS advance organizational strategy?

Strategy determines value chain > business processes > information systems
Social media is very dynamic by nature > cannot be designed or diagrammed
Social Media and the Sales and Marketing Activity

Social CRM - dynamic, CRM process that is SM-based
As both organization & customers create and process content, emerge in dynamic process > each customers crafts own relationship with company
Relationship emerge from joint activity so customers same control as organizations
Organizations struggling to transition from controlled, structured, traditional CRM > wide-open, adaptive, dynamic social CRM processes
Risk: loss of credibility and bad PR

Social Media and Customer Service

Product users willing to help each other solve problems, without pay
Primary risk of peer-to-peer support = loss of control

Social Media and Inbound & Outbound Logistics

Benefits

Numerous solution ideas and rapid evaluation
Solutions to complex SupChain problems
Facilitates user created content/feedback for problem solving

Risk:

Loss of Privacy
Open discussion of problem definitions, causes, and solution constraints

Social Media and Manufacturing & Operations

Develop supplier relationships, and operational efficiencies
Crowdsourcing - employing users to participate in product design or product redesign
Business-to-consumer (B2C) - market products to end users
Business-to-business (B2B) - promoting brand awareness and generating new leads to retailers
Risk: loss of efficiency / effectiveness

Socials Media and Human Resources

SM used for finding employees, recruiting candidates, or for candidate evaluation
Risk: error to form conclusions about employee & loss of credibility

Q8-3: How do SMIS increase social capital?

Capital - resources invested for future profit; physical = factories, machines, equipment, etc.
Human capital - investing in human knowledge and skills for future profit
Social capital - investing in social relations with expectation of returns in marketplace
What is the value of social capital? > Relationships provide:

Information - about opportunities, alternatives, problems, etc. that are important to business professionals
Influence - opportunity to influence decision makers
Social credentials - bask in glory with whom you are related
Personal reinforcement - in professional's identity, image, and position

Value of social capital - determined by number of relationships in social network

How do social networks add value to businesses?

Elements of social capital: number of relationships, strength of relationships, and resources controlled by "friends"

Using social networking to increase the number of relationships

Influencer - your opinion may force a change in others' beliefs and behaviors
Express opinion by word-of-mouth to social network, SMIS allow scale of relationships

Using social networks to increase the strength of relationships

Strength of relationship - how likely the other entity (organization or person) in the relationship will do something that benefits the organization

Using social networks to connect to those with more resources

Social capital = number of relationships x relationship strength x entity resources
Huge network of people with few resources = less valuable than a smaller network of people with substantial resources
Resources MUST be relevant

Q8-4: How do (some) companies earn revenue from social media?

Hyper-social organization - transforms interactions with customers, employees, and partners into mutually satisfying relationships with them and their communities
You are the product

Monetize - free product to attract users, but how do they make money from their application, service, or content?
Make users the product

Revenue Models for Social Media

Advertising

Pay-per-click - advertisers display ads to potential customers for free and pay only when the customer clicks
Use increases value - the more people using a site, the more value it has > the more people will visit

Freemium - offering users basic service for free and then charges premium for upgrades or advanced features (revenue model)

Ad-blocking software - filter out advertising content, rarely see internet ads

Does mobility reduce online ad revenue?

Average click-through rate of smartphones is 4.12% but just 2.39% on PC
Ads take up so much more space on mobile devices than on PC, sometimes accidental click
Paid search, display, or banner ads, mobile ads, classifieds, or digital video ads
Conversion rate - measures frequency that someone who clicks on ad, makes a purchase

Q8-5: How do organizations develop an effective SMIS?

Organizations should focus strategy to: being cost leader OR differentiate their products from competition
Social Media Plan Development:

Define your goals

Brand awareness, conversion rates, web site traffic, and user engagement

Identify success metrics

Success metrics / key performance indicators (KPI) - metrics that will indicate when you have achieved your goals
Metrics - measurements used to track performance

Identify target audience
Define your value

Competitive analysis - identify strengths and weaknesses in competitors' use of SM > what they're doing right and wrong > use to see how you can add value

Make personal connections
Gather and analyze data

Q8-6: What is an enterprise social network (ESN)?

Enterprise social network (ESN) - using social media through a software platform to facilitate cooperative work of people within an organization
Improve communication, collaboration, knowledge sharing, problem solving, and decision making
Enterprise 2.0

Web 2.0 - dynamic, user-generated content systems
Enterprise 2.0 - inside companies, use of emergent social software platforms
SLATES - search, links, authoring, tags, extensions, and signals
Folksonomy - content structure emerging from processing of use tags

Changing communication

Communication channels - way of delivering messages
Using ESNs, employees can bypass managers and post ideas directly for CEO
Quickly identify internal experts to solve unforeseen problems

Deploying successful enterprise social networks

Best practices - ensuring successful implementation of ESN through methods that have been proven to produce successful results in prior implementations
Strategy, sponsorship, support, and success
Develop strategic plan for using SM internally via same process as used for external social media use

Q8-7: How can organizations address SMIS security concerns?

Managing the risk of employee communication

Social media policy - develop and publicize a statement, delineating employees' rights and responsibilities
Intel Corporation:

Disclose - be transparent, truthful, & be yourself
Protect - don't tell secrets, slam competition, or overshare
Use common sense - add value, keep it cool, and admit mistakes

Managing the risk of inappropriate content

User-generated content (UGC) - content contributed by users on your SM site
Problems from external sources:

Junk contributions
Inappropriate content
Unfavorable reviews
Mutinous movements

Responding to social networking problems:

Leave it
Respond to it
Delete it

Internal risks from social media

Affect ability to secure information resources / threats to info security > unintentional leak of information
Employees using SM could inadvertently increase corporate liability
Increase SM use may lead to decreased employee productivity

Q8-8: 2026?

New mobile devices with innovative mobile-device UX, coupled with dynamic and agile IS based on cloud computing and dynamic virtualization
BYOD - bring your own device
Non routine cognitive skills more important
Digital is Forever >> Transmitting personal info using internet can make victim, impossible to delete, stored on numerous servers / server farms > Digital Zombie
Companies analyze everything you digitally say or do
Big Data = Big Money >> personal data illegally accessed or sold on black market

Legally accessed by companies and sold to others

Steps to mask / remove digital footprints > Clear cookies, encrypt emails, avoid using real name, VN mask internet Protocol
Develop your personal brand (understand importance and value)

Social media presence one component of a professional brand
Traditional sources of personal branding like personal networks f2f relationships, important

Chapter 7: Processes, Organizations, and Information Systems

Q7-1: What are the basic types of processes?

Transforming inputs into outputs = network of activities that generate value > business process

Organization is one big problem > need to break down into smaller problems = processes for each
Human processes / machine-assisted processes / machine processes

How do structured processes differ from dynamic processes?

Structured processes - stable, almost fixed activities/data flows > day-to-day operations & standardized/formally defined processes

Support operational and structured managerial decisions/activities
Customer returns, payroll, etc.

Dynamic processes - less structured and often creative > adaptive processes that are flexible/informal and involve less structured/strategic managerial decisions and activities

Support strategic and less structured/specific managerial decision/activities
Opening a new store, collaboration, social networking, etc.

How do processes vary by organizational scope? (three levels, the wider = the more challenging)

Workgroup processes - allowing workgroups to fulfill goals, purpose, and charter of particular department/group

Sales & marketing / operations / manufacturing / accounting / HR / customer service, etc. departments // e.g. midterm, final, blog, etc. processes
Workgroup information system - one or more processes support
Functional information system - two or more different IS to support department processes; e.g. operations management system / general ledger

Functional application - program component of FIS

Enterprise processes - support activities across an organization in multiple departments

e.g. processes spanning across SJSU
Enterprise information system - support 1+ EP

Inter-enterprise processes - support 2 or more independent organizations

e.g. when companies made special website for gov't companies
Inter-enterprise information system - support 1+ IEP

Q7-2: How can information systems improve process quality?

Two dimensions of process quality:

Process efficiency - ratio measure of process outputs to inputs (correctly)
Process effectiveness - measures success / how well achieved strategy of the organization (doing right things)

How can processes be improved?

Change the process structure - reorganizing the process
Change process resources - change allocation of resources (IS & humans)
Change BOTH process structure & resources

How can information systems improve process quality?

Performing (entirety of) an activity
Augmenting a human performing an activity
Controlling data quality process flow

Q7-3: How do information systems eliminate the problems of information silos?

Information silo - when there is an isolation of data in separated info systems
What are the problems of information silos?

Data duplication / disjointed processes / increased expense / limited info / lack of integrated info / isolated decisions > inefficiencies
Data integrity problem - when data is inconsistent or duplicated

How do organizations solve the problems of information silos?

Revise applications to use database < integrate data into single database

Q7-4: How do CRM, ERP, and EAI support enterprise processes?

The need for business process engineering

Business process reengineering (BPR) - taking advantage of new information systems by designing new business processes/altering existing ones

e.g. engineering student changed everything & start all over

Integrated data & enterprise systems offered potential substantial improvements in process quality (difficult, slow, & expensive)

Emergence of enterprise application solutions

Inherent processes - procedures for the usage of software products that are predesigned

Customer Relationship Management (CRM) - managing all interactions with customer from lead generation to customer service through a database, suite of applications, and inherent processes (customer-centric organization)

Customer life cycle - four phases: marketing (attract) > customer acquisition (sell) > relationship management (support and resell) > and loss/churn (categorize)
CRM database = relationship management apps + customer support apps + sales apps + lead management apps

Enterprise resource planning (ERP) - consolidating business operations - through a database, modules (ERP application programs), and inherent processes - into single, consistent, computing platform

ERP System - ERP technology-based information system
e.g. SJSU's Oracle > mysjsu.edu managing everything

Enterprise application integration (EAI) - providing layers of software that connect applications together to integrate existing systems through a suite of software applications

Enables organizations to use existing apps while eliminating serious problems of isolated systems

Q7-5: What are the elements of an ERP system?

Five components of ERP solution:

Hardware
ERP application programs

Applications that integrate: supply chain / manufacturing / CRM / HR / accounting

ERP databases, their two types of program code:

Trigger - when certain conditions arise, this computer program stored within database will run and keep database consistent
Stored procedure - enforce business rules through a computer program stored in the database

Business process procedures

Process blueprints - ERP solution's defined inherent processes

Training and Consulting

Train the trainer - vendors train the organization's employees (super users) to reduce expenses since they become in-house trainers

Industry-specific solutions - starter kits for specific industries ERP vendors provide to reduce the work of customizing ERP apps to a particular customer
Which companies are the major ERP vendors?

Microsoft Dynamics / Sage / Infor / Oracle / SAP

Q7-6: What are the challenges of implementing and upgrading enterprise information systems?

Collaborative management

Enterprise systems have no clear boss, the groups that manage are slow and expensive

Requirement gaps

Organizations purchase licenses that already have specific functions and features, but never a perfect fit for the specific organization > gaps between organization's requirements & application's capabilities

Transition problems

Difficult, require careful planning and substantial training + inevitable problems

Employee resistance

Self-efficacy - person's belief in themselves for being successful at his or her job

New technology

Q7-7: How do inter-enterprise IS solve the problems of enterprise silos?

Distributed systems - distributing applications processing across multiple computing devices

Q7-8: 2026?

Hybrid model - ERP customers store most of their data on cloud servers managed by cloud vendors + sensitive data on servers they manage themselves

Chapter 6: The Cloud

Introduction

Data communications, Internet tech, and cloud-based services > the cloud
Cloud trend (everything moving there) / data mining (big data - lots of jobs) / socializing (everywhere with everything) / everything connects to web (IoT) / business intelligence
HITS - human intelligence tasks > computers can't do it / CAPTCHA

Q6-1: Why is the cloud the future for most organizations?

What is the cloud?

Cloud - over the Internet, elastic leasing of pooled computer resources

on demand & scalable

Elastic - leased computing resources could be increased/decreased dynamically, programmatically, in short span of time; organizations only pay for the resources they use //

Automatically adjusts for unpredictable demand & limits financial risks / based on need > grow

share resources with others / store files elsewhere / all kinds of info and files

e.g. Netflix views all day long, spike in the evening > contracted with cloud vendors to add servers to keep response time below 0.5 seconds > cloud vendor will keep increasing its servers to maintain 0.5 response time > as demand falls, it will release excess servers and reallocate them at the end

dynamically allocate capacities to resize itself

Pooled - different organizations use the same physical hardware, but share that hardware through virtualization

Cloud vendors allocate virtual machines to physical hardware as customers needs increase / decrease
Economies of scale > avg. cost decreases as size operation increases

Over the Internet - cloud vendor may provision servers all over the world, nearly instantaneously > requesting and receiving services over the Internet

Why is the cloud preferred to in-house hosting?

POSITIVE:

Cloud - small capital requirements / speedy development / superior flexibility and adaptability to growing or fluctuating demand / known cost structure / possibly best-of-breed security or disaster preparedness / no obsolescence / industry-wide economies of scale, hence cheaper
In-house - control of data location / in-depth visibility of security and disaster preparedness

NEGATIVE:

Cloud - dependency on vendor / loss of control over data location / little visibility into true security and disaster preparedness capabilities
In-house - significant capital required / significant development required / annual maintenance cost / ongoing support costs / staff and train personnel / increased management requirements / difficult (impossible?) to accommodate fluctuating demand / cost uncertainties / obsolescence

Why now?

Cloud-based hosting is advantageous for three reasons:

processors, data communication, and data storage so cheap, nearly free; to and from data processor
Virtualization > enables near instantaneous creation of a new virtual machine
Internet-based standards enable cloud-hosting vendors to provide processing capabilities in flexible yet standardized ways

When does the cloud not make sense?

When law or industry requires the organization to have physical possession or control over their data

Q6-2: What network technology supports the cloud?

Network - computers that communicate with each other wirelessly or through transmission lines; four basic types:

Personal area network (PAN) - single person, devices are connected around; most within 10 meters
Local area network (LAN) - single physical site/geographic location, computers are connected at; range from 2 to several hundred computers & located within a half-mile or so of each other
Wide area network (WAN) - two or more separated sites computers are connected to; different geographic locations
The internet - networks or networks; send email address/access website; private = internets
Intranet - organization's exclusive, privately used Internet
Protocol - communication organization rules and data structures

What are the components of a LAN?

Small office or home office (SOHO) - less than a dozen computers/printers; wired & wireless connections (printer vs. laptop/phone)
IEEE 802.3 protocol (Ethernet) - wired LAN connection use; specifies characteristics of hardware > which signals are carried by which wires & how are messages packaged and processed

10/100/1000 Ethernet - 802.3 specification + allow transmission rate of 10/100/1000 mbps (megabits per second)
Communication measured in bits; while memory size is bytes
K = 1,000 / M = 1,000,000 / G = 1,000,000,000
100 Mbps = 100 x 1,000,000 = 100,000,000 bits per second

IEEE 802.11 protocol - used by wireless LAN connections

Several versions, most current = IEEE 802.11ac
Allows speeds up to 1.3 Gbps; few could take advantage of full speed

Bluetooth - PAN connection made through this wireless protocol

Replaces cables & transmits data over short distances
e.g. bluetooth mouse connecting to computer through bluetooth

Connecting your LAN to the Internet

Connecting SOHO LAN & devices to Internet = WAN, you are connecting to service provider
Internet service provider (ISP) - provides legit internet address; gateway to the Internet (communications from computer passed on to Internet & process reverse back to you); also pays for the Internet
Digital subscriber line (DSL) - operated on same voice telephone lines, but doesn't interfere with VT service (WAN connection)
Cable Line - transmitting high-speed data through cable tv lines; installed in each neighborhood served & no interference with TV signals
WAN Wireless - e.g. Kindle uses Sprint wireless network for data connections; LAN wireless (50 Mbps) >>> WAN wireless (1-3 Mbps)

Q6-3: How does the cloud work?

An Internet Example - Minneapolis > LAN > ISP > Cloud (The Internet, 4+ Networks) < ISP < Hotel LAN < New Zealand Hotel

Hop - one network to another movement

Carriers and Net Neutrality

Packet (message) > moves across Internet through carriers (networks owned by large telecommunication providers)
Peering agreements - not paying access fees when carriers are freely exchanging access amongst themselves
Net neutrality - all data is treated equally

Internet Addressing

IP address - Internet address, identifying a particular device with a number
Public IP addresses - public Internet, identifying particular device

ICANN (Internet Corporation for Assigned Names and Numbers) - public agency that controls the assignment of unique, worldwide, public IP addresses / names to IP addresses
Two formats of IP Addresses:

IPv4 - four-decimal notation (165.193.123.253)
IPv6 - longer format (http://165.193.140.14)
Domain name - unique, worldwide name assigned to a public IP address
URL (Uniform Resource Locator) - internet address (http:// or ftp://)

Private IP addresses - private network, usually LAN, identifying particular device; e.g. coffee shop > private IP > gets to LAN > private IP to public IP address > sends traffic out to public Internet

Processing on a web server

Three-tier architecture:

User tier - devices that have browsers requesting and processing webpages; e.g. computers, phones, etc. > web browsers
Server tier - computers processing applications and running Web servers
Database tier - computers running DBMS > processes request to retrieve and store data

Web page - html coded document
Web servers - manages traffic (sending & receiving web pages to and from clients) + program run on server-tier computers
Commerce server - database > manage shopping cart > coordinate checkout process

Service-Oriented Architecture (SOA) - all interactions are formal, standardized services among computing devices
Protocols supporting web services

TCP/IP Protocol Architecture - has five layers, and each layer defines one or more protocols
Internet Protocols: http, https, smtp, and ftp

Hypertext transfer protocol (http) - used by web servers and browsers
Https - secure version of http; transmit/send sensitive data safely; e.g. credit card numbers
Simple Mail Transfer Protocol (smtp) - email transmissions
File Transfer Protocol (ftp) - moving/transmit files; over Internet > from cloud servers to computer

Web service and cloud protocols

WSDL, SOAP, XML, and JSON

Q6-4: How do organizations use the cloud?

Cloud services from cloud vendors

Software as a service (SaaS) - operating system + application programs + hardware infrastructure provided by an organization
Platform as a service (PaaS) - vendors use cloud hosting to provide computers with operating system + DBMS (maybe)
Infrastructure as a service (IaaS) - data storage or bare server computer cloud hosting; most basic

Content Delivery Network (CDN) - storing and making user data in geographical locations available on demand, through hardware and software

Store and deliver content / minimizes latency
Benefits: decreased loadtime / origin server reduced load / reliability increase / DOS attack protection / mobile users get reduced delivery costs / "pay-as-you-go"

Q6-6: How can organizations use cloud services securely?

Virtual Private Networks (VPNs) - the appearance creation of private, secure connections through the Internet

A Typical VPN

Tunnel - secure connection; public or shared network between VPN client and VPN server = private, virtual pathway
VPN server > tunnel > VPN client
Protect messages by encrypting/coding

Private cloud - organization owns and operates this cloud for own benefit
Virtual private cloud - secure access to highly-restricted subset of a public cloud

Q6-7: 2026?

Cloud services cheaper, faster, easier to use, more secure
Fewer organizations own their own computing infrastructure
Individuals, small businesses, large organizations obtain elastic resources at very low cost
Net neutrality enabled

All users and content providers treated equally > no "fast" or "slow" lanes
ISPs not allowed to block/slow competitor's content / can't charge additional fees or taxes to heavy internet users