chapter 13 information resource management the mcgraw-hill companies, inc. 2002. all rights...

19
Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw- Hill

Upload: joseph-perkins

Post on 03-Jan-2016

215 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill

Chapter 13

Information Resource Management

The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill

Page 2: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill

2

Chapter Objectives

• To fully appreciate the vulnerability organizations have to full or partial failure of their information systems.

• To understand the relevance of information systems and digital content as important corporate resources.

• To appreciate the role of information systems planning.

• To understand the importance of security and disaster recovery planning for protecting information resources.

Page 3: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill

3

Hershey’s Big Dud

• In 1999 Hershey implemented a $112 million dollar computer system.

• System was to automate and modernize everything.– Within 2 months serious problems developed.

– Orders were delayed and competitors benefited.

– Hershey used “big bang” approach.

– Vendors cited complexity of the situation as the reason for system failure.

Page 4: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill

4

Corporate Resources

• I/T should be viewed as a corporate resource.– Organizations need to invest in I/S.

– Organizations need to manage their I/S.

• Content should be viewed as a corporate resource.– Data needs to be

• Captured

• Processed

• Stored

• Communicated

Page 5: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill

5

Organizational Assets

• Employees

• Loyal Customers

• Capital (money)

• Physical Assets

• Information systems

• Content (data and knowledge)

Page 6: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill

6

Information Systems Planning

1. Business Strategy

2. I/T Strategy

3. I/T Portfolio– I/S Planning is an on-going activity.

• Environmental issues.

• Technological changes.

Page 7: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill

7

Questions for I/S Planning

• Where are we? What are we doing?

• Where do we want to go? What are our competitors doing? What are customers asking for?

• How do we get there; that is what is the role of I/T in enabling the necessary capabilities to delivery what customers want better than the competition?

• When will it be done?

• Who will do it; do we have the necessary skills and resources internally to deliver what we need?

• How much will it cost? Does it make economic sense?

Page 8: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill

8

Management and I/S

• Information Systems as perceived by management.– Infrastructure – Transactional – Informational – Strategic (Competitive)

Page 9: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill

9

Organization of the Information Services Department

• What are the information management functions that need to be performed?

– Centralized or decentralized

• What is the best way to organize the information systems specialist to perform these functions?

Page 10: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill

10

Cost and Resource Management

• Information Systems have – Tangible costs– Intangible costs

• Methods to control costs of I/S vary.– Chargeback allows the I/S department to

charge business units for services rendered.

Page 11: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill

11

Typical Responsibilities for an Information Services Department

• Developing a comprehensive I/T strategy.

• Documenting, operating, and maintaining the existing inventory of corporate hardware, software, and information systems.

• Setting standards for telecommunications and installing and maintaining local and wide area networks.

• Developing, maintaining, and protecting organizational databases and critical applications.

• Evaluating, acquiring, and integrating new hardware and software products.

Page 12: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill

12

Typical Responsibilities for an Information Services Department

• Training and supporting internal customers.

• Developing procedures to negotiate with and oversee outside information systems consultants and vendors in the acquisition and development of new information technology and systems.

• Facilitating the transfer of technology across organizational units.

• Initiating and managing outsourcing vendor and service provider relationships.

Page 13: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill

13

Disaster Recovery Planning

• Disaster recovery plans have become more of a management priority now that more industries are more dependant on data. – Includes all business systems.– Need to identify all critical systems.– Off-site storage is critical.

• Some businesses are pursuing business continuity planning, which covers all aspects needed to ensure that the business would be able to operate regardless of the disaster.

Page 14: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill

14

Process for Planning Off-Site Storage

1. Analyzing and classifying data.

2. Reviewing existing backup procedures.

3. Selecting a storage vendor.

4. Formalizing the schedules for routine removal of data to storage.

Page 15: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill

15

Sample Strategies for Backup & Recovery

Strategy Description

Replacement Suspend operations or revert to manual systems until new I/S is up and running.

Cold site An off-site facility without a computer, able to serve as an alternate processing site.

Reciprocal agreement

Two companies with similar systems agree to let the other share their facilities if necessary.

Hot site A free standing, fully equipped site used by multiple companies.

Redundant system An identical, fully operational data center, typically in a separate geographical location.

Page 16: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill

16

When Disaster Strikes

1. Assess damage.

2. Get communications and application systems operational as soon as possible.

3. Ensure appropriate employees are located and notified.

Page 17: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill

17

Systems Security

• Companies must protect themselves against natural disasters, vandalism, cyberterrorism, and internal sabotage.– Viruses are a major source of computer systems

failures.• Viruses are transmitted electronically.• Antiviral products are available.

• Human intelligence is a key component in system security.

Page 18: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill

18

Common Systems Vulnerabilities

Default software installations:

Operating systems and applications are often installed with extra features that users are unaware of and hence don’t monitor for security flaws.

Accounts with no passwords:

Computer passwords are easy to steal or guess using automate password testing procedures.

Inadequate backups: Many companies back up data but don’t test to see if the backups are adequate.

Too many open doors:

Computer systems exchange data using connection points known as ports: Some companies leave ports open, creating opportunities for hackers.

Page 19: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill

19

Common Systems Vulnerabilities

False addresses:

Attackers try to hide their tracks by spoofing the addresses contained in packets of data that they send.

Bad record keeping:

I/S can log most activities but sometimes the record keeping function is not turned on. Logs are critical to discovering what happened in an attack.

Vulnerable web programs:

Common gateway interface programs (CGI scripts) are common in web pages. CGI scripts make it possible for a hacker to manipulate the OS of the server.

E-mail attachments:

Common vulnerability is email attachments that are executable program files containing viruses.