BS 106-Weekly Question 4

Ethics and Information Security

1. Explain the ethical issues surrounding information technology.

• There are five main issues surrounding the use of information technology:

 Intellectual Property-rights which attempt to protect any form of creative or intellectual effort.

 Copyright –exclusive rights of a creator to do certain acts or omit to do certain acts with property such as a song, video game or toher types of documents. These rights can be licensed, transferred or assigned to another.

 Fair use doctrine-certain situations in which it is legal to use copyright material.

 Pirated Software-using, distributing and duplicating of copyright software without given permission.

 Counterfeit Software- creating software to pose as or represent other software and sold under false terms to be the software.

2. Describe the relationship between an ‘email privacy policy’ and an ‘Internet use policy’.

• Both the internet and the email privacy policy set out adequate guidelines to how both of these applications should be used. The ‘email privacy policy’ is a guideline to how employees are required to use their given email and the appropriate use for the internet in both work and private, non employment related activities. It will address the activities which can be viewed and the type information stored and viewed by the employers. The ‘internet use policy is a guide for the approporate use of the internet which will address the available sites and the attitude taken by the organization towards the purpose of internet. The ‘email privacy policy’ can be covered in the ‘internet use policy’ as one area of internet use.

3. Summarize the five steps to creating an information security plan.

• The five steps involved with creation an Information Security Plan are:

1. Develop Information Security Policies-an organization must nominate or hire someone who is responsible for writing a security plan to suit the organization and bringing this into force. These policies may include simple enforceable tasks such as passwords for employees to log into their work space and regularly updating passwords to ensure they remain unknown.

2. Communicate the information policies-ensure that all employees understand the guidelines and enforce strict adherence to the policy to ensure that it is followed through.

3. Identify critical information assets and risks-eliminate possible risks by safeguarding any information which can be sourced by outside networks, and incorporate the use of passwords and IDs and anti-virus software.

4. Test and re-evaluate risks-to ensure that the policy is performing to a high standard continually assess the use of security, run background checks and perform audits.

5. Obtain stakeholder support-to ensure the policies are enforced gain the support of the origination executives.

4. What do the terms; authentication and authorization mean, how do they differ, provide some examples of each term.

• Authentication-involves confirming a person’s identity and following this authorisation involves determining which areas of information they have access to. In terms of authorisation organisations can employ methods such as passwords or ID, smartcards or tokens and fingerprints and voice signature. The authorisation may restrict the time limit or the area in which an employee has access.

5. What are the five main types of Security Risks, suggest one method to prevent the severity of risk?

1. Human Error-this can be overcome through policies to ensure that employees are aware of what is acceptable and enforced with consequences. These policies such as an Information Security Plan, Information, Privacy Policy, Internet Use policy or Email privacy policy which also ensures that employees are educated and understand possible security risks.

2. Technical Failure-if an organization is prepared in the event of technical failure this will reduce the extent of the security risk. Such methods as obtaining a backup of information and introducing fault tolerance ensures that the recovery of the technical failure is quick and ensures as little as possible damage to the organization.

3. Natural Disaster-if a natural disaster occurs an organization can reduce the severity through a hot or cold site in which employees are able to continue work and restore data assuming that the initial site is damaged. A hot site is a separate facility equipped so that the business can resume almost instanteously whereas a cold site does not contain the computer equipment but will provide a site to work.
Data Security: From Paranoia to Necessity

4. Deliberate Acts-an organization should incorporate appropriate anti-virus programs, anti-spam software, anti-spyware and phishing filters which detect and respond deliberate acts which will pose a security risk.
A deliberate attack on Computers

5. Management Failure-ensure that management is trained in understanding the security risks and methods to prevent these, an organization must have high standards in protecting their information which must include the management. If employees to understand security risk management they must also be instructed by management who follow the correct procedures. The Chief Security Officer should ensure that management have an understanding and keep in constant contact to update any potential security risks.
Image 1:http://www.seoco.co.uk/blog/wp-content/uploads/2008/03/copyright.jpg

BS 106-Weekly Questions 2

Strategic Decision making

1. Define TPS and DSS, and explain how an organisation can use these systems to make decisions and gain competitive advantages.

• A Transactional Processing System(TPS) is system which supports the transactions carried out by the organisation allowing customer needs to be met. The system collects stores and modifies the data from the transactions to serve the operation of the business. Some Transaction Processing Systems include reservation systems, operational accounting systems such as payroll and EFTPOS.

• A decision Support System(DSS) provide support for the business professionals undertaking decision making by providing to information and analysis tools. With the aid of models the information is easily accessible as a guide for the decision making process.

• Each of the systems Transactional Processing Systems and Decision Support Systems allow organisation to make informed decisions. Business Professionals are able to with Decision Support Systems evaluate the effect of changes within the information modelled, asses the impact of assumptions on the model or understand the input required to achieve specific goals in order to make positive decisions. The information collected from Transaction Processing Systems can be incorporated in making strategic decisions to gain a competitive advantage with the input of the data in a DSS. These systems allow decisions to be made with a wealth of information therefore organisations are able to gain a competitive advantage.

2. Describe the three quantitative models typically used by decision support systems.

• The sensitivity Analysis observes the effect of adapting one or more areas of the information modelled on the other areas within the model. The organisation can incorporate this model to assess the effect of small changes within the mode and how these will affect the model as a whole. This allows an organisation to weigh up decisions in terms of providing the best outcome.

• The what-if analysis is used to assess the impact on a solution if changes are made to assumptions in the model. This model can observe the outcomes to what is suspected to occur and allows the organisation to interpret possible outcomes on the proposed solution and make a decision which will provide the best solution.

• The Goal-seeking Analysis model functions to ensure the organisation can fulfil a goal such as increase in annual revenue. Organisations can interpret what is the required input to achieve a certain goal allowing specific decisions to be made to ensure this happens.

3. Describe a business processes and their importance to an organisation.

• A Business Process is a set of ordered activities or tasks to produce a particular service or product. These Business Processes fulfil a customer’s needs and are important to the overall success of the business. There is a direct relationship between the performance of the business processes and the overall performance of the business and therefore they are vital to an organisation.

4. Compare business process improvement and business process re-engineering.

• Business Process Improvement attempts to evaluate the business process in an attempt to make performance improvements in order to offer better products and services. The improvement is done through a continuous improvement model which involves documenting the current process, establishing a measurement of the process, following the process, measuring the performance in order to identify an improvement. In comparison to BPR, Business Process Re-engineering attempts to re-create the workflow rather than improve what already exists. Business Process engineering assumes the initial system is damaged or no longer relevant allowing designers to initiate a new process moving towards the future.

5. Describe the importance of business process modelling (or mapping) and business process models.

• Business Process Modelling creates a visual map of the business process identifying all aspects in a sequential and ordered diagram which is easy to understand. A model describes the specific activities in a concise and accurate manner. Through modelling the current model and possible solutions the most efficient and effective operation can be devised. This allows an organisation to achieve the greatest profit through providing an efficient process in offering products or services.

Image:Figure 2.20 Customer service As-Is process model, Business Driven Information systems

BS 106-Weekly Questions 3

E-Business

1. What is an IP Address? What is it’s main function?

• The Internet Protocol (IP) is the unique number which any computer is assigned when connected to the internet. This number may be public or private but functions as the communication language or protocol of the internet.

2. What is Web 2.0, how does it differ from 1.0?

• Web 2.0 is the network applications in which users are able to contribute to the content allowing interactive use of the application. This allows users to participate through adding any data as opposed to Web 1.0 in which users are limited to passive viewing of the information. The difference refers to the way in which the web is used in an economic, social and technological sense. Some examples of Web 2.0 applications include social networking sites, blogs and video network sharing devices.

3. What is Web 3.0?

• Web 3.0 uses the concept of tagging to build personal information, creating an intelligence transforming the web into a database. Semantic web involves using software agents to scan, interpret and automatically organise information to learn about users specific interests and further make recommendations. The web 3.0 is largely a theory and not a reality however involves evolution towards 3D, and evolutionary path to artificial intelligence and realisation of semantic web and service orientated architecture.

4. Describe the different methods an organisation can use to access information.

• Intranet-information or software is shared only within an organisation to provide information such as benefits, entitlements, schedules, strategic directions and employee directories.

• Extranet-an intranet that is also available to a wider audience such as customers, suppliers and partners. This is more common and organisations have a realisation of the benefits of incorporating other individuals in the shared information.

• Portal-website which offers access to a number of sources including email, discussion groups, search engines and online shopping malls. There is both general portals such as Google and Netscape as well as niche portals which offer access to resources of a specific interest.

• Kiosk-computer system which provides online access for public use, the system runs in a full screen mode with easily accessible navigation.

5. What is eBusiness, how does it differ from eCommerce?

• Ebusiness refers to utilizing of information and communication technology when conducting business activities. With ebusiness the internet is employed for electronic business and not only through buying and selling, but serving customers and collaborating with business partners. Ebusiness differs from ecommerce which is limited only to online transactions, the buying and selling of good online rather than entire business operations which constitutes ebusines.
eBusiness

6. List and describe the various eBusiness models? (Hint: B2B)

• B2B (Business to Business)- refers to the transaction between businesses, this relationship is more complex and requires higher security needs.

• B2C (Business to consumer)-refers to business transactions conducted over the internet from business to consumer. Through an online store customers can access services at any hour of the day.

• C2B (Consumer to Business)-refers to the transactions conducted over the internet in which a consumer sells a product or service to a business.

• C2C (Consumer to Consumer)-refers to a site which assists in consumers interacting with each other via email, discussion forums or chat rooms.

7. List 3 metrics would you use if you were hired to assess the effectiveness and the efficiency of an eBusiness web site?

• Cookies- file contained on a web site to record information about the customer and their use of the web.

• Click-through-records the number of people who view the site and further lick any advertisement within the page. This form is not always useful in that it does not ensure the viewer was positively affected by the advertisement.

• Banner ad-advertises the products or services of the business and can record how many customers click on the banner leading them to the website.

8. Outline 2 opportunities and 2 challenges faced by companies doing business online?

Opportunities

• With the internet provides the opportunity for Business’s to rapidly expand and possibly even extend to a global market. The internet provides a connection to consumers throughout the globe rather than just the limited local market who can access the business. There is also the opportunity to increase the local market through the ability for users to access products and services at all hours of the day. The business has the ability to become more efficient for users with limited time.
Some stastistics on the number of internet useds word wide.

• The opportunity to maintain and build a loyal customer base through an inexpensive way to constantly alert new developments to the business. Through a website and email, a business can keep customers aware of the development in the business keeping them interested and satisfied. By including a link on a website the company can promote the business in an exciting and eye catching manner through use of technology.

Challenges

• To maintain the security of the business and also the customers providing financial details when purchasing services or products. The company must overcome the challenge of ensuring customers trust the internet or they will be limited in the success. Without comprising efficiency or flexibility the business needs to safeguard against misuse of their own and customer information.

• Companies must manage the already strategic use of IT in their business to incorporate these systems into the ebusiness whilst ensuring not to comprise the overall performance and reliability of the business. The challenge for the company is too incorporate marketing, order management, billing, inventory, distribution and customer service into the internet business in a functional manner. Often customers rely on the efficiency of the internet and will quickly finder other suppliers if they company use of the internet is not reliable.

Image 1: Non Commercial-Sharealike 2.0 Germany, Web 2.0 Logos-http://www.flickr.com/photos/stabilo-boss/93136022/in/set-72057594060779001/

Image 2:

BS106-Weekly Questions 1

Information Systems in Business

Explain information technology’s role in business and describe how you measure success?

Information technology's functions as a support for the operation of the business through reducing costs of the processes, improving productivity and generating growth. Information technology aims to work within the strategic aims of the organisation to aid and improve the activities of the organisation.


As IT operates to the further the success of the business the evaluation of the overall effectiveness can be determined through keys questions which should be asked by executives. These underpin the maintenance of IT as well possible strategies to improve the use of IT including the need to outsource operations or identifying possible risk factors within IT projects. Other means of measuring success include the Efficiency Metric to determine the performance of the system and the Effectiveness Metric to determine the influence of IT systems on the business process. The Efficiency Metric solely focuses on the technology including the availability, throughput speed, response time and web traffic whereas Effectiveness Metrics is concerned with the influence of IT on the aims of the organisation such as customer satisfaction, usability, finance and conversion rates.

List and describe each of the forces in Porter’s Five Forces Model?

The forces in the Porter’s Five Forces Model are :


 Buyer Power


 Seller Power


 Threat of Substitute Products or Services


 Threat of new entrants


 Rivalry amongst existing competitors

Describe the relationship between business processes and value chains?

Within the business the activities involved in completing specific tasks are referred to as the business processes. The value chain is a succession of the processes compiled to form a chain which are involved in increasing the value of the product. The value chain can be separated into primary activities which are involved in the manufacture; distribution and customer support such as acquiring raw materials, buying, selling and after sales service and support value activities. Support value activities are those which provide a foundation for the primary activities such as administration technology development and human resource management. There is a direct relationship between the business processes and value chains as they both determine the profit for the product or service. The cost of the business processes must be lower than the cost which a customer is willing to pay.

Compare Porter’s three generic strategies?

Porter’s three generic strategies are an outline for competitors seeking to maintain a competitive advantage in a market. The strategies focus on the differentiation of the products, the cost at which the organisation produces their products or the scope of the market which the product is aimed.


The broad cost leadership strategy seeks to gain a competitive advantage by maintaining the lowest production rate. This strategies sole focus is on cost advantage through a low price product often ‘no frills’ to appeal to a wide market or the business may also produce quality products or services with effective marketing. This strategy often relies on constant evaluation in reducing production costs in order to achieve offer the lowest price with a considerable profit.


The differentiation strategy aims to produce a product that is unique through brand, design, technology, features or customer service whilst this may compromise price. The loyalty of customers separates those who choose not to spend above average price and seeks to bring about a higher than average return as the increased cost is passed onto the buyer.


The focus strategy seeks to forfeit a large number of possible customers in an attempt to better fulfil the needs of a smaller more concentrated market. In this strategy a business will attempt to further innovate products to suit a smaller secular market rather than produce products on efficiency.