chapter 13 information resource management the mcgraw-hill companies, inc. 2002. all rights...
TRANSCRIPT
![Page 1: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill](https://reader036.vdocuments.us/reader036/viewer/2022081515/56649ef25503460f94c04a71/html5/thumbnails/1.jpg)
Chapter 13
Information Resource Management
The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill
![Page 2: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill](https://reader036.vdocuments.us/reader036/viewer/2022081515/56649ef25503460f94c04a71/html5/thumbnails/2.jpg)
2
Chapter Objectives
• To fully appreciate the vulnerability organizations have to full or partial failure of their information systems.
• To understand the relevance of information systems and digital content as important corporate resources.
• To appreciate the role of information systems planning.
• To understand the importance of security and disaster recovery planning for protecting information resources.
![Page 3: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill](https://reader036.vdocuments.us/reader036/viewer/2022081515/56649ef25503460f94c04a71/html5/thumbnails/3.jpg)
3
Hershey’s Big Dud
• In 1999 Hershey implemented a $112 million dollar computer system.
• System was to automate and modernize everything.– Within 2 months serious problems developed.
– Orders were delayed and competitors benefited.
– Hershey used “big bang” approach.
– Vendors cited complexity of the situation as the reason for system failure.
![Page 4: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill](https://reader036.vdocuments.us/reader036/viewer/2022081515/56649ef25503460f94c04a71/html5/thumbnails/4.jpg)
4
Corporate Resources
• I/T should be viewed as a corporate resource.– Organizations need to invest in I/S.
– Organizations need to manage their I/S.
• Content should be viewed as a corporate resource.– Data needs to be
• Captured
• Processed
• Stored
• Communicated
![Page 5: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill](https://reader036.vdocuments.us/reader036/viewer/2022081515/56649ef25503460f94c04a71/html5/thumbnails/5.jpg)
5
Organizational Assets
• Employees
• Loyal Customers
• Capital (money)
• Physical Assets
• Information systems
• Content (data and knowledge)
![Page 6: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill](https://reader036.vdocuments.us/reader036/viewer/2022081515/56649ef25503460f94c04a71/html5/thumbnails/6.jpg)
6
Information Systems Planning
1. Business Strategy
2. I/T Strategy
3. I/T Portfolio– I/S Planning is an on-going activity.
• Environmental issues.
• Technological changes.
![Page 7: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill](https://reader036.vdocuments.us/reader036/viewer/2022081515/56649ef25503460f94c04a71/html5/thumbnails/7.jpg)
7
Questions for I/S Planning
• Where are we? What are we doing?
• Where do we want to go? What are our competitors doing? What are customers asking for?
• How do we get there; that is what is the role of I/T in enabling the necessary capabilities to delivery what customers want better than the competition?
• When will it be done?
• Who will do it; do we have the necessary skills and resources internally to deliver what we need?
• How much will it cost? Does it make economic sense?
![Page 8: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill](https://reader036.vdocuments.us/reader036/viewer/2022081515/56649ef25503460f94c04a71/html5/thumbnails/8.jpg)
8
Management and I/S
• Information Systems as perceived by management.– Infrastructure – Transactional – Informational – Strategic (Competitive)
![Page 9: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill](https://reader036.vdocuments.us/reader036/viewer/2022081515/56649ef25503460f94c04a71/html5/thumbnails/9.jpg)
9
Organization of the Information Services Department
• What are the information management functions that need to be performed?
– Centralized or decentralized
• What is the best way to organize the information systems specialist to perform these functions?
![Page 10: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill](https://reader036.vdocuments.us/reader036/viewer/2022081515/56649ef25503460f94c04a71/html5/thumbnails/10.jpg)
10
Cost and Resource Management
• Information Systems have – Tangible costs– Intangible costs
• Methods to control costs of I/S vary.– Chargeback allows the I/S department to
charge business units for services rendered.
![Page 11: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill](https://reader036.vdocuments.us/reader036/viewer/2022081515/56649ef25503460f94c04a71/html5/thumbnails/11.jpg)
11
Typical Responsibilities for an Information Services Department
• Developing a comprehensive I/T strategy.
• Documenting, operating, and maintaining the existing inventory of corporate hardware, software, and information systems.
• Setting standards for telecommunications and installing and maintaining local and wide area networks.
• Developing, maintaining, and protecting organizational databases and critical applications.
• Evaluating, acquiring, and integrating new hardware and software products.
![Page 12: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill](https://reader036.vdocuments.us/reader036/viewer/2022081515/56649ef25503460f94c04a71/html5/thumbnails/12.jpg)
12
Typical Responsibilities for an Information Services Department
• Training and supporting internal customers.
• Developing procedures to negotiate with and oversee outside information systems consultants and vendors in the acquisition and development of new information technology and systems.
• Facilitating the transfer of technology across organizational units.
• Initiating and managing outsourcing vendor and service provider relationships.
![Page 13: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill](https://reader036.vdocuments.us/reader036/viewer/2022081515/56649ef25503460f94c04a71/html5/thumbnails/13.jpg)
13
Disaster Recovery Planning
• Disaster recovery plans have become more of a management priority now that more industries are more dependant on data. – Includes all business systems.– Need to identify all critical systems.– Off-site storage is critical.
• Some businesses are pursuing business continuity planning, which covers all aspects needed to ensure that the business would be able to operate regardless of the disaster.
![Page 14: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill](https://reader036.vdocuments.us/reader036/viewer/2022081515/56649ef25503460f94c04a71/html5/thumbnails/14.jpg)
14
Process for Planning Off-Site Storage
1. Analyzing and classifying data.
2. Reviewing existing backup procedures.
3. Selecting a storage vendor.
4. Formalizing the schedules for routine removal of data to storage.
![Page 15: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill](https://reader036.vdocuments.us/reader036/viewer/2022081515/56649ef25503460f94c04a71/html5/thumbnails/15.jpg)
15
Sample Strategies for Backup & Recovery
Strategy Description
Replacement Suspend operations or revert to manual systems until new I/S is up and running.
Cold site An off-site facility without a computer, able to serve as an alternate processing site.
Reciprocal agreement
Two companies with similar systems agree to let the other share their facilities if necessary.
Hot site A free standing, fully equipped site used by multiple companies.
Redundant system An identical, fully operational data center, typically in a separate geographical location.
![Page 16: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill](https://reader036.vdocuments.us/reader036/viewer/2022081515/56649ef25503460f94c04a71/html5/thumbnails/16.jpg)
16
When Disaster Strikes
1. Assess damage.
2. Get communications and application systems operational as soon as possible.
3. Ensure appropriate employees are located and notified.
![Page 17: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill](https://reader036.vdocuments.us/reader036/viewer/2022081515/56649ef25503460f94c04a71/html5/thumbnails/17.jpg)
17
Systems Security
• Companies must protect themselves against natural disasters, vandalism, cyberterrorism, and internal sabotage.– Viruses are a major source of computer systems
failures.• Viruses are transmitted electronically.• Antiviral products are available.
• Human intelligence is a key component in system security.
![Page 18: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill](https://reader036.vdocuments.us/reader036/viewer/2022081515/56649ef25503460f94c04a71/html5/thumbnails/18.jpg)
18
Common Systems Vulnerabilities
Default software installations:
Operating systems and applications are often installed with extra features that users are unaware of and hence don’t monitor for security flaws.
Accounts with no passwords:
Computer passwords are easy to steal or guess using automate password testing procedures.
Inadequate backups: Many companies back up data but don’t test to see if the backups are adequate.
Too many open doors:
Computer systems exchange data using connection points known as ports: Some companies leave ports open, creating opportunities for hackers.
![Page 19: Chapter 13 Information Resource Management The McGraw-Hill Companies, Inc. 2002. All rights reserved. Irwin/McGraw-Hill](https://reader036.vdocuments.us/reader036/viewer/2022081515/56649ef25503460f94c04a71/html5/thumbnails/19.jpg)
19
Common Systems Vulnerabilities
False addresses:
Attackers try to hide their tracks by spoofing the addresses contained in packets of data that they send.
Bad record keeping:
I/S can log most activities but sometimes the record keeping function is not turned on. Logs are critical to discovering what happened in an attack.
Vulnerable web programs:
Common gateway interface programs (CGI scripts) are common in web pages. CGI scripts make it possible for a hacker to manipulate the OS of the server.
E-mail attachments:
Common vulnerability is email attachments that are executable program files containing viruses.