Structured processes
Support operational and structured managerial decisions and activities, standardized, usually formally defined and documented, exceptions rare and not (well) tolerated, process structure changes slowly and with organizational agony (ex. customer returns, order entry, purchasing, payroll)
Dynamic Processes
Support strategic and less structured managerial decision and activities, less specific, fluid, usually informal, exceptions frequent and expected, adaptive processes that change structure rapidly and readily (collaboration, social networking, ill-defined, ambiguous situations)
Workgroup
Support one or more processes, 10-100 users, procedures often formalized, problem solutions within group, can duplicate data, somewhat difficult to change (doctor's office, medical practice)
Enterprise
Support one or more processes, 100-1,000+ users, procedures formalized, problem solutions within group, eliminate workgroup data duplication, difficult to change (hospital)
Inter-enterprise
Support one or more processes, 1,000+ users, systems procedures formalized, problem solutions affect multiple organizations, can resolve problems of duplicated enterprise data, very difficult to change
Change process structure, change process resources
How can we improve efficiency or effectiveness in a process?
Information systems
Performs activities (automation), augments a human performing an activity, controls data quality and process flow
Information silos
When data is isolated in separate systems, data is isolated in islands of automation, different department goals, different personal and workgroup needs, duplicate data as organization grows, results in data integrity problems, disjointed business process
Data duplication, data inconsistency, disjointed processes, limited information and lack of integrated information, isolated decisions lead to organizational inefficiencies, increased expense
Problems created by information silos
Business Process Reengineering
Enterprise systems enabled creation of more efficient or more effective processes, integrated data, enterprise systems create stronger, faster, more effective linkages in value chains, difficult, slow, exceedingly expensive
Standardization
Inherent processes with predesigned procedures for using software products based on "industry best practices"
Customer relationship management (CRM)
Suite of applications, database, and set of inherent processes that manage all interactions with customer through four phases of customer life cycle, supports customer-centric organization
Marketing, Customer acquisition, relationship management, loss/churn
4 phases of customer life cycle
Enterprise Resource Planning
Suite of applications, database, and inherent processes that consolidates business operations into a single, consistent computing platform, CRM plus accounting, manufacturing, inventory, and Human Resources applications, SAP offers industry-specific customized packages
Enterprise Application Integration
Connects system "islands," enables communicating and sharing data, provides integrated information, provides integrated layer on top of existing systems while leaving functional applications "as is", enables less expensive, gradual move to ERP
Careful planning, substantial training, senior management involvement
How to reduce challenges?
Employee resistance
Change requires effort and engenders fear, threat to self-efficacies, requirements gaps, expect it
New technology
The Cloud, mobile technology, risks and potential outside control of organization resources
Security concerns
IS design involves constant trade-offs, threat of focused attack, inter-enterprise system connects competitors, security in the cloud
Collaborative management, requirements gaps, transition problems, employee resistance, new technology
What are the challenges of integrating?
Section 230 of the Communications Decency Act
No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.
Social media (SM)
IT to support content sharing among networks of users, enables communities of practice (people related by common interest), content that is uploaded
Social media information system (SMIS), or Social Networking sites
IS for sharing content among networks of users
Providers, users, communities/sponsors
Three roles for Social Networking Sites
Application Providers
Costs to develop, implement, manage social networking procedures
Enterprise SNs
Internal networks using SharePoint for wikis, discussion board, photo sharing (Yammer, Slack)
Constantly changing balance of power with customers (dynamic), Users can build on each other (solve issues, complaints, reviews, market), employee recruitment/use
Benefits and Uses of Social Media
Sales and marketing
Outward to prospects, social CRM, peer-to-peer sales, loss of credibility, bad PR
Customer service
Outward to customers, peer-to-peer support, loss of control
Inbound logistics
Upstream supply chain providers, problem solving, privacy
Outbound logistics
Downstream supply chain shippers, problem solving, privacy
Manufacturing and operations
Outward for user design, inward to operations and manufacturing, user-guided design, industry relationships, operational efficiencies, efficiency/effectiveness
Human Resources
Employment candidates, employee communications, employee prospecting, recruiting, and evaluation SharePoint for employee-to-employee communication, error, loss of credibility
Hyper-social organization
Use SM to transform interactions with customers, employees, and partners into mutually satisfying relationships with them and their communities
You Are the Product
"If you're not paying, you're the product.", renting your eyeballs to an advertiser
Advertising, Freemium, Sales
Revenue Models for Social Media
Advertising
Pay-per-click, use increases value
Freemium
Offers users a basic service for free, then charges a premium for upgrades or advanced features
Sales
Apps and virtual goods, affiliate commissions, donations
Edward Tufte
"There are only two industries that call their customers 'users': illegal drugs and software"
12.3 billion
By 2022, number of mobile devices to reach ?
$141B, 75%
Mobile ad spending should reach ?, and account for ? of total digital ad spending
3.75%, 2.29%
Average click-through rate of smartphones is ?, but just ? on PCs
Conversion rate
Frequency someone clicks on ad makes a purchase, "likes" a site, or takes some other action desired by advertiser, on smartphones is 2.25%, but 4.84% on PCs
69%
Use of ad-blocking software is growing by ? per year.
User-generated content (UGC)
Content on your SM site that is contributed by users
Problems from external sources
Junk and crackpot contributions, inappropriate content, unfavorable reviews, mutinous movements
Leave it, respond to it, delete it
How to respond to social networking problems?
Never wrestle with a pig; you'll get dirty and the pig will enjoy it
General rule for responding to social networking problems?
Disclose, Protect, Use Common Sense
3 Rules of Engagement for Responding to Social Networking Problems
Disclose
Your presence in social media must be transparent
Protect
Take extra care to protect both Intel and yourself
Use Common Sense
Remember that professional, straightforward and appropriate communication is best
Review employee sites when hiring and after hired, don't post on sites about work
How to manage employees SN use?
Social capital
investment in social relations with the expectation of returns in the marketplace, people benefit from it through information, influence, social credentials, and personal reinforcement
Internal Risk
Can include threats to information security, increased organizational liability, and decreased employee productivity
Hardware
Desktops, laptops, mobile devices
Software
Browsers and clients applications, NoSQL
Data
Content (data and responses to data that are contributed by users) and connections (relationships)
Procedures
Informal, evolving and socially oriented
Organizational strategy
Social networking procedures are more formalized and aligned with the organization's strategy, develop procedures for creating content, managing user responses, removing obsolete or objectionable content, and extracting value from content, anyone who uses his or her position in a company to speak for an organization needs to be trained on both SMIS user procedures and the organization's social networking policy
People
users of social media do what they want to do depending on their goals and their personalities
To balance the trade-off
What is the goal of information systems security?
Human Error
mistakenly give out information, mistakes overwriting data
Computer crime
Intentional destruction of data, viruses
Natural disaster
fires, hurricanes
The Art of Deception by Mitnick and Simon
Lady wants a divorce, husband puts all money in a different account, wants to know where assets are, find out what information you need to know, call to get credit information
Pretexting, Spoofing, Phishing, Sniffing, Wardriving
Types of Security Loss (Unauthorized data disclosure)
Pretexting
Creating a scenario to get people to divulge
Spoofing
Pretending to be an authorized person
Phishing
Emailing purporting to be a reputable company
Sniffing
Intercepting through a wired connection
Wardriving
Driving around to connect to available Wi-Fi
Hacking
breaking into computers to steal data
Ransomware
Encrypts data until ransom paid
Incorrect data modification
Setup internal controls
Faulty service
System mistakes, sending wrong information somewhere
Loss of infrastructure
Loss of property, theft of intellectual property
Denial of service
Overloading servers with requests
Technical Safeguards
Identification and authorization, encryption, firewalls, malware protection, application design (hardware and software)
Data Safeguards
Data rights and responsibilities, passwords, encryption, backup and recovery, physical security (data), define data policies, rights enforced by user accounts authenticated by passwords
Human Safeguards
Hiring, Training, Education, Procedure Design, Administration, Assessment, Compliance, Accountability (Procedures and People), take security seriously, create strong passwords, use multiple passwords, send no valuable data via email or IM, use https at trusted, reputable vendors, remove high-value assets from computers, clear browsing history, temporary files, and cookies, regularly update antivirus software, demonstrate security concern to your fellow workers, follow organizational security directives and guidelines, consider security for all business initiatives
Viruses
Payload, Trojan horses, worms, spyware, adware (slow system startup, sluggish system performance, many pop-up advertisements, suspicious browser homepage changes, suspicious changes to the taskbar and other system interfaces, unusual hard-disk activity)
Malware Safeguards
Install antivirus and anti spyware software, scan your computer frequently, update malware definitions, open email attachments only from known sources, promptly install software updates from legitimate sources, browse only reputable web sites
Human Safeguards for Nonemployee Personnel
Temporary personnel, vendors, partner personnel (employees of business partners), and public, hardening to reduce vulnerabilities, require vendors and partners to perform appropriate screening and security training, contract specifies security responsibilities, least privilege accounts and passwords, remove accounts as soon as possible
Responding to Security Incidents
Have a plan in place, centralized reporting, specific responses (speed, preparation pays, don't make problem worse), practice
Human error, computer crime, natural events and disasters
Three sources of threats
Unauthorized data disclosure, incorrect data modification, faulty service, denial of service, and loss of infrastructure
5 types of security loss
Incorrect data modification
Incorrectly increasing a customer's discount or incorrectly modifying an employee's salary, earned days of vacation, or annual bonus
Identification
The process whereby an information system identifies a user by requiring the user to sign on with a username and password
Authentication
The process whereby an information system verifies (validates) a user
Smart card
Plastic cards similar to credit cards that have microchips. The microchip, which holds much more data than a magnetic strip, is loaded with identifying data. Normally requires a PIN.
Personal identification number (PIN)
A form of authentication whereby the user supplies a number that only he or she knows
biometric authentication
The use of personal physical characteristics, such as fingerprints, facial features, and retinal scans, to authenticate users
encryption
The process of transforming clear text into coded, unintelligible text for secure storage or communication
encryption algorithms
Algorithms used to transform clear text into coded, unintelligible text for secure storage or communication
key
A string of bits used to encrypt data. The encryption algorithm applies this to the original message to produce the coded message. Decoding (decrypting) is similar; this is applied to the coded message to recover the original text
symmetric encryption
An encryption method whereby the same key is used to encode and to decode the message
asymmetric encryption
An encryption method whereby different keys are used to encode and to decode the message; one key encodes the message, and the other key decodes the message, is slower and more complicated than symmetric encryption
public key encryption
A special version of asymmetric encryption that is popular on the Internet. With this method, each site has a public key for encoding messages and a private key for decoding them