ITM 102 – Business Information Systems (part 2)
Chapter 8: Securing Information Systems
Chapter 8: Key Questions
1. Why are information systems vulnerable to destruction, error, and abuse?
2. What is the business value of security and control?
o What are some of the main security problems?
3. What are the components of an organizational framework for security and control?
4. What are the most important tools and technologies for safeguarding information resources?
Why systems are vulnerable?
Accessibility of networks
Hardware problems (breakdowns, configuration errors, damage from improper use or crime)
Software problems (programming errors, installation errors, unauthorized changes)
Disaster, e.g. …?
Use of networks/computers outside of firm’s control
Loss and theft of portable devices
Loss and theft of personal devices
What are the potential impacts?
How can you prevent or reduce danger?
System vulnerabilities and abuses Internet vulnerabilities
Network open to anyone
Size of internet means abuses can have wide impact
Use of fixed internet addresses with cable or DSL modems creates fixed targets for hackers (this is
not the default with Canadian ISPs)
E-mail, P2P, IM
o Attachments with malicious software
o Transmitting trade secrets
Wireless security challenges
Radio frequency bands easy to scan
SSIDs (service set identifiers)
o Identify access points
o Broadcast multiple times (but you can turn off broadcast)
o Evil twins
o War driving (and more)
Eavesdroppers drive by buildings and try to detect SSID and gain access to
network and resources
Wired Equivalent Privacy (WEP)
o Security standard for 802.11; use is optional
o Uses shared password for both users and access point
o Users often fail to implement WEP or stronger systems
Viruses, Trojan Horses, Worms, etc.
Symantec guides to scary internet stuff:
o Denial of service
o Pests on your PC: Viruses, Trojans and Worms
Viruses, Worms, Trojans Oh My!
Viruses, Worms and Botnet explained
Rogue software programs that attach to other programs in order to be executed, usually without
user knowledge or permission
Deliver a “payload”
Can spread by email attachments
A software program that appears to be benign, but then does something unexpected
Often “transports” a virus into a computer system
Name is based on Greek ruse during Trojan war
Programs that copy themselves from one computer to another over networks
Can destroy data, programs, and halt operation of computer networks Rules for protecting your computer
Anti-virus software, update regularly
Latest security updates
Don’t open email attachments you don’t trust (or follow Twitter spam)
Check your sharing settings, Bluetooth visibility (also on your mobile devices)
Get free anti-virus software from Ryerson Activate the firewall on your computer What information are you sharing?
Hackers and computer crime
Backers: individuals who attempt to gain unauthorized access to a computer system
o Cracker: a hacker with criminal intent
Cybervandalism: intentional disruption, defacement, or destruction of a Web site or system
Both can lead to data breaches
Denial of Service (DoS) Attacks
Hackers flood a server with false communications in order to crash the system
Distributed DoS: uses numerous computers to crash the network
o Cast to company is downtime, but data is not compromised
Often use botnets
Other types of crimes
o Masquerading as someone else, or redirecting a Web link to an unintended address
o On eavesdropping program that monitors information travelling over a network
More computer crimes
o A crime in which the imposter obtains key pieces of personal information
o Setting up fake Web sites or sending email messages that look legitimate, and using them
to ask for confidential data Pharming
o Redirects users to a bogus web site
o Bogus clicks to drive up pay-per-clicks
Even more security problems
Global Threats: Cyberterrorism and Cyberwarfare
o Exploitation of systems by terrorists
Internal threats: employees
o This is an important one
o Intentional and unintentional impacts
Business Value of Security, Control
Failed computer systems can lead to significant or total loss of business function
Firms now more vulnerable than ever
o Confidential personal and financial data
o Trade secrets, new products, strategies
A security breach may cut into firm’s market value almost immediately
Inadequate security and controls also bring forth issues of liability
Output controls Steps to securing systems
o Determine level of risk to the firm in the case of improper controls
o Risk management and planning video
o Protect your company from verbal hackers
o Acceptable Use Policy (AUP)
o Authorization policies
o Authorization Management Systems
Disaster recovery/business continuity
The role of auditing
o Find small (“salami slicing”) as well as large problems
Fault-tolerant computer systems
Sample audit report Authentication
Tokens, also two-step processes
Hardware and software controlling flow of incoming and outgoing network traffic
o Packet filtering
o Network Address Translation (NAT)
o Application proxy filtering
More security measures
Intrusion Detection Systems
o Full-time monitoring tools placed at the most vulnerable points of the corporate networks
to detect and deter intruders
Antivirus and Antispyware
o Checks computer systems for viruses
Unified Threat Management Systems
o Includes firewall, VPN, antispam, intrusion detection etc.
Ensuring System Availability
Online transaction processing
Controlling Network Traffic
o Deep packet inspection
Chapter 9: Enterprise Applications: Supply Chain Management & CRM
Chapter 9: Key Questions
1. How do enterprise systems help businesses achieve operational excellence?
2. How do supply chain management systems coordinate planning, production, and logistics with
3. How do customer relationship management systems achieve customer intimacy?
4. What are the challenges posed by enterprise applications?
5. How are enterprise applications used in platforms for new cross-functional services?
What are enterprise systems?
Suite of integrated software modules and a common central database
The database collects data from many different divisions and departments in a firm and from a
large number of business processes
Information collected from one process can be accessed and used by other process in the firm What is ERP?
Enterprise Resource Planning
Electric Data Interchange
Enterprise software is:
Built around thousands of predefined business processes that reflect best practices
o Finance/accounting: General ledger, accounts payable, etc.
o Human resources: Personnel administration, payroll, etc.
o Manufacturing/production: Purchasing, shipping, etc.
o Sales/marketing: order processing, billing, sales planning, etc.
Enterprise systems overview
Allows for real-time queries
Business Value of Enterprise software
A more uniform organization
More efficient operations and customer-driven business processes
Firm-wide information for improved decision making
The supply chain
A network of organizations and business processes for procuring raw materials, transforming these
materials into intermediate and finished products and distributing them to customers Nike’s supply chain
Supply chain management
Inefficiencies cut into a company’s operating costs
o Can waste up to 25% of operating expenses
o Components arrive as they are needed
o Finished goods shipped after leaving assembly line
o Buffer for lack of flexibility in supply chain
o Information about product demand gets distorted as it passes from one entity to next across
Supply chain planning systems
o Model existing supply chain
o Demand planning
o Optimize sourcing, manufacturing plans
o Establish inventory levels
o Identifying transportation modes
Supply chain execution systems
o Manage flow of products through distribution centers and warehouses Push vs. Pull supply chain models
Global Supply Chains & he Internet
Before internet, supply chain coordination hampered by difficulties of using disparate internal
supply chain systems
o Enterprise systems supply some integration of internal supply chain processes but not
designed to deal with external supply chain processes
Business Value of SCM systems
Match supply to demand
Reduce inventory levels
Improve delivery service
Speed product time to market
Use assets more effectively
Reduced supply chain costs
Customer Relationship Management Systems
Capture and integrate customer data from across the organization
Consolidate the data
Analyze the data
Distribute the results to various systems and customer touch points across the enterprise
Touch Point: a method of interaction with the customer (aka “contact point”) CRM software
Most packages have modules for
o Sales force automation (SFA): Sales prospect and contact information, and sales quote
generation capabilities; etc.
o Customer service: Assigning and managing customer service requests; Web-based self-
service capabilities; etc.
o Marketing: Capturing prospect and customer data, scheduling and tracking direct-
marketing mailings or e-mail; etc.
Business Value of CRM Systems
Increased customer satisfaction
Reduced direct-marketing costs
More effective marketing
Lower costs for customer acquisition/retention
Increased sales revenue
Reduced churn rate
o Churn rate: Number of customers who stop using or purchasing products or services from a
Indicator of growth or decline of firm’s customer base
But why can CRM fall?
Next generation enterprise applications
o Replacing stand-alone enterprise, CRM, SCM systems
o Make these applications more flexible, Web-enabled, integrated with other systems
Open-source and on-demand applications
o SaaS, Salesforce.com
Service platform: Integrates multiple applications to deliver a seamless experience for all parties
o Order-to-cash process
o Increasingly, new services delivered through portals
Enterprise Application Challenges
Highly expensive to purchase and implement enterprise applications – total cost may be 4 to 5
times the price of software
Requires fundamental changes
o Technology changes
o Business processes changes
o Organizational changes
Incurs switching costs, dependence on software vendors
Requires data standardization, management, cleansing
Chapter 10: E-Commerce: Digital Markets & Digital Goods
Chapter 10: Key Questions
1. What are the unique features of e-commerce, digital markets, and digital goods?
2. What are the principal e-commerce business and revenue models?
3. How has e-commerce transformed marketing?
4. How has e-commerce affected business-to-business transactions?
5. What is the role of mobile commerce in business, and what are the most important m-commerce
6. What issues must be addressed when building an e-commerce Web site?
The use of the Internet and the Web to transact business
Digitally enabled transactions
Began in 1995 when advertisements were allowed
E-commerce continues to grow To understand potential market
Look for stats on Internet users, demographics of users
o http://pewinternet.org/Data-Tools/Get-The-Latest-Statistics.aspx (US data, Canadian data
is not so easily available)
Stats on mobile phone users
Why E-commerce is different
o Internet/Web technology available everywhere: work, home, etc., and anytime
o The technology reaches across national boundaries, around Earth
o One set of technology standards: Internet standards
o Supports video, audio, and text messages
o The technology works through interaction with the user
o Vast increases in information density – the total amount and quality of information
available to all market participants
o Technology permits modification of messages, goods
o The technology promotes user content generation and social networking Unique features of e-commerce technology
Impacts of e-commerce
Reduces information asymmetry
Lowers Menu Costs (cost of changing prices)
Dynamic Pricing Priceline
Digital goods Disintermediation
Types of e-commerce
Business-to-customer (B2C): Retailing of products and services directly to individual customers
Business-to-business (B2B): Sales of goods and services to other businesses Consumer-to-consumer (C2C): Individuals using the Web for private sales or exchange
E-commerce business models
Portal (ex. Yahoo)
E-tailer (ex. GAP)
Content provider (ex. thestar.com)
Transaction broker (ex. Questrade)
Market creator (ex. eBay)
Service provider (ex. Google: apps for business)
Community provider (ex. facebook, LinkedIn)
Bricks and clicks
Marketing: use internet to bring customers to physical stores
Visit physical stores to see merchandise, then buy online or
Research products online and then buy in-store (or pick up in store)
E-commerce revenue models
Web 2.0: Social networking
Most populart Web 2.0 service: social networking
o Social networking sites sell banner ads, user preference information, and music videos and
Social shopping sites
o Swap shopping ideas with friends (Kaboodle, ThisNext, Pinterest, Want button)
Web 2.0: Wisdom of crowds
Wisdom of crowds/crowdsourcing
o Large numbers of people can make better decisions about topics and products than a single
o Peer-to-peer betting markets on specific outcomes (elections, sales figures, designs for new
Long Tail Marketing
o E.g. Facebook ads
o Privacy issues
o Builds on databases, tracking Personalization
Electronic data interchange (EDI)
Private industrial networks (private exchanges)
Banking and financial services
Wireless advertising and retailing
Games and entertainment
M-commerce trends infographic
Social e-commerce + conversion + mobile
Building a web store
Business idea/business model
Register domain name (yourbusiness.com)
Select a web hosting company
Design your web site
o What do you want the site to do for your business?
o Think about mobile access o Interactivity, “stickiness”
Establish payment mechanisms
Build or buy…?
Costs? Chapter 12: Enhancing Decision Making
Chapter 12: Key Questions
1. What are the different types of decisions and how does the decision-making process work?
2. How do information systems support the activities of managers and management decision making?
3. How do business intelligence and business analytics support decision making?
4. How do different decision-making constituencies in an organization use business intelligence?
5. What is the role of information systems in helping people working in a group make decisions
Why is better decision making needed?
Improved financial outcomes for firms
Better products or services for customers
Types of Decisions
o Novel, non-routine decisions requiring judgement and insights
o Examples: approve capital budget; decide corporate objectives
o Routine decisions with definite procedures
o Examples: restock inventory; determine special offers to customers