ism 6021 mis implementing is
DESCRIPTION
12. Chapter. ISM 6021 MIS Implementing IS. Essentials of Management Information Systems Chapter 12 Redesigning the Organization With information Systems. SYSTEMS AS PLANNED ORGANIZATIONAL CHANGE. Linking Information Systems to the Business Plan. Information systems plan - PowerPoint PPT PresentationTRANSCRIPT
12.1 © 2003 by Prentice Hall
1212
ISM 6021 MISISM 6021 MIS
Implementing ISImplementing IS
Chapter
12.2 © 2003 by Prentice Hall
Information systems planInformation systems plan
• What form of planning is correct for IS?What form of planning is correct for IS?• Should ISP be formal or informal?Should ISP be formal or informal?• How does environment affect the planning How does environment affect the planning
methodology for ISP?methodology for ISP?• Who should be involved in ISP?Who should be involved in ISP?
SYSTEMS AS PLANNED ORGANIZATIONAL CHANGE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
Linking Information Systems to the Business Plan
12.3 © 2003 by Prentice Hall
Enterprise Analysis (Business SystemsEnterprise Analysis (Business SystemsPlanning)Planning)
• Analysis of organization-wide information Analysis of organization-wide information requirementsrequirements
• Identifies key entities and attributesIdentifies key entities and attributes
SYSTEMS AS PLANNED ORGANIZATIONAL CHANGE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
Establishing Organizational Information Requirements
12.4 © 2003 by Prentice Hall
SYSTEMS AS PLANNED ORGANIZATIONAL CHANGE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
Process/Data Class Matrix
Figure 12-1
12.5 © 2003 by Prentice Hall
Strategic Analysis or Critical SuccessStrategic Analysis or Critical SuccessFactorsFactors
• Small number of easily identifiable Small number of easily identifiable operational goalsoperational goals
• Shaped by industry, firm, manager, and Shaped by industry, firm, manager, and broader environmentbroader environment
• Used to determine information requirements Used to determine information requirements of organizationof organization
SYSTEMS AS PLANNED ORGANIZATIONAL CHANGE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
Establishing Organizational Information Requirements
12.6 © 2003 by Prentice Hall
SYSTEMS AS PLANNED ORGANIZATIONAL CHANGE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
Using CSFs to Develop Systems
Figure 12-2
12.7 © 2003 by Prentice Hall
• AutomationAutomation:: Speeding up performance Speeding up performance
• Rationalization of procedures:Rationalization of procedures: Streamlining of operating proceduresStreamlining of operating procedures
• Business process reengineering:Business process reengineering: Radical design of business processesRadical design of business processes
• Paradigm shift:Paradigm shift: Radical reconceptualization Radical reconceptualization
SYSTEMS AS PLANNED ORGANIZATIONAL CHANGE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
Systems Development and Organizational Change
12.8 © 2003 by Prentice Hall
SYSTEMS AS PLANNED ORGANIZATIONAL CHANGE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
Organizational Change Carries Risks and Rewards
Figure 12-3
12.9 © 2003 by Prentice Hall
BUSINESS PROCESS REENGINEERING AND TOTAL QUALITY MANAGEMENT (TQM)
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
Redesigning Mortgage Processing in the United States
Figure 12-4a
12.10 © 2003 by Prentice Hall
BUSINESS PROCESS REENGINEERING AND TOTAL QUALITY MANAGEMENT (TQM)
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
Redesigning Mortgage Processing in the United States
Figure 12-4b
12.11 © 2003 by Prentice Hall
What steps should be taken in reengineering What steps should be taken in reengineering of business processes?of business processes?
• develop broad strategic vision develop broad strategic vision • measure performance of existing processes as baselinemeasure performance of existing processes as baseline• IT should be allowed to influence process design from startIT should be allowed to influence process design from start• IT infrastructure should be able to support business process IT infrastructure should be able to support business process changes changes
BUSINESS PROCESS REENGINEERING AND TOTAL QUALITY MANAGEMENT (TQM)
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
Steps in Effective Reengineering
12.12 © 2003 by Prentice Hall
What are -What are -
1.1. Systems developmentSystems development
2.2. Systems analysisSystems analysis
OVERVIEW OF SYSTEMS DEVELOPMENT
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
Overview
12.13 © 2003 by Prentice Hall
BUSINESS PROCESS REENGINEERING AND TOTAL QUALITY MANAGEMENT (TQM)
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
The Systems Development Process
Figure 12-5
12.14 © 2003 by Prentice Hall
Systems lifecycleSystems lifecycle
• Traditional methodology for developing Traditional methodology for developing information systeminformation system
• Partitions systems development process Partitions systems development process into formal stages that must be completed into formal stages that must be completed sequentiallysequentially
ALTERNATIVE SYSTEM-BUILDING APPROACHES
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
Traditional Systems Lifecycle
12.15 © 2003 by Prentice Hall
Prototyping Prototyping
• Process of building experimental system Process of building experimental system quickly and inexpensively for demonstration quickly and inexpensively for demonstration and evaluation and evaluation
Prototype Prototype
• Preliminary working version of information Preliminary working version of information system for demonstration and evaluation system for demonstration and evaluation
ALTERNATIVE SYSTEM-BUILDING APPROACHES
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
Prototyping
12.16 © 2003 by Prentice Hall
Application software packagesApplication software packages
• Set of prewritten, precoded application Set of prewritten, precoded application software programs commercially available software programs commercially available for sale or leasefor sale or lease
CustomizationCustomization
• Modification of software package to meet Modification of software package to meet organization’s unique requirements without organization’s unique requirements without destroying the software’s integritydestroying the software’s integrity
ALTERNATIVE SYSTEM-BUILDING APPROACHES
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
Application Software Packages
12.17 © 2003 by Prentice Hall
ALTERNATIVE SYSTEM-BUILDING APPROACHES
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
The Effects of Customizing a Software Package on Total Implementation Costs
Figure 12-8
12.18 © 2003 by Prentice Hall
Request for Proposal (RFP)Request for Proposal (RFP)
• Detailed list of questions submitted to Detailed list of questions submitted to vendors of software or other servicesvendors of software or other services
• Determines how well vendor’s product Determines how well vendor’s product can meet organization’s specific can meet organization’s specific requirementsrequirements
ALTERNATIVE SYSTEM-BUILDING APPROACHES
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
Application Software Packages
12.19 © 2003 by Prentice Hall
What is End-User Development?What is End-User Development?
• Development of information systems by end users with Development of information systems by end users with little or no formal assistance from technical specialistslittle or no formal assistance from technical specialists
• Allows users to specify their own business needs Allows users to specify their own business needs
ALTERNATIVE SYSTEM-BUILDING APPROACHES
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
End-User Development
12.20 © 2003 by Prentice Hall
ALTERNATIVE SYSTEM-BUILDING APPROACHES
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
End-User Versus System Lifecycle Development
Figure 12-9
12.21 © 2003 by Prentice Hall
What is Outsourcing?What is Outsourcing?
Under what conditions should IT be Under what conditions should IT be outsourced?outsourced?
What are advantages and limitations of What are advantages and limitations of outsourcing?outsourcing?
ALTERNATIVE SYSTEM-BUILDING APPROACHES
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
Outsourcing
12.22 © 2003 by Prentice Hall
What is Object-Oriented Development?What is Object-Oriented Development?
What are the advantages / disadvantages of What are the advantages / disadvantages of OOD and OOP?OOD and OOP?
• Approach for software developmentApproach for software development
• De-emphasizes procedures De-emphasizes procedures
• Shifts focus from modeling business processes and data Shifts focus from modeling business processes and data to combining data and procedures to create objectsto combining data and procedures to create objects
APPLICATION DEVELOPMENT FOR THE DIGITAL FIRM
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
Object-Oriented Software Development
12.23 © 2003 by Prentice Hall
What is RAD?What is RAD?
What are some approaches to RAD?What are some approaches to RAD?
• Process for developing systems in short time period Process for developing systems in short time period
• Uses prototyping, fourth-generation tools, and close Uses prototyping, fourth-generation tools, and close teamwork teamwork
APPLICATION DEVELOPMENT FOR THE DIGITAL FIRM
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 12 Redesigning the Organization With information SystemsChapter 12 Redesigning the Organization With information Systems
Rapid Application Development (RAD)
12.24 © 2003 by Prentice Hall
1313
Measuring the Value of Measuring the Value of SystemsSystems
Chapter
12.25 © 2003 by Prentice Hall
Measuring SystemsMeasuring Systems
What factors must be considered when What factors must be considered when measuring the value of systems?measuring the value of systems?
What methods are available for capital What methods are available for capital budgeting and investment analysis?budgeting and investment analysis?
12.26 © 2003 by Prentice Hall
The Payback MethodThe Payback Method
• Measure of time required to pay back the initial Measure of time required to pay back the initial investment on a projectinvestment on a project
Accounting Rate of Return on Investment Accounting Rate of Return on Investment
(ROI)(ROI)
• Approximates the accounting income earned Approximates the accounting income earned by the investmentby the investment
UNDERSTANDING THE BUSINESS VALUE OF INFORMATION SYSTEMS
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 13 Understanding the Business Value of Systems and Managing ChangeChapter 13 Understanding the Business Value of Systems and Managing Change
Case Example: Primrose, Mendelson, and Hansen
12.27 © 2003 by Prentice Hall
Present valuePresent value
• Value of a payment or stream of payments Value of a payment or stream of payments to be received in dollarsto be received in dollars
Net present valueNet present value
• Amount of money an investment is worth Amount of money an investment is worth
UNDERSTANDING THE BUSINESS VALUE OF INFORMATION SYSTEMS
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 13 Understanding the Business Value of Systems and Managing ChangeChapter 13 Understanding the Business Value of Systems and Managing Change
Case Example: Primrose, Mendelson, and Hansen
12.28 © 2003 by Prentice Hall
Cost-benefit ratioCost-benefit ratio
• Calculates returns from capital Calculates returns from capital expenditure expenditure
Profitability indexProfitability index
• Compares profitability of alternative Compares profitability of alternative investments by dividing the present value investments by dividing the present value of total cash inflow by initial costof total cash inflow by initial cost
UNDERSTANDING THE BUSINESS VALUE OF INFORMATION SYSTEMS
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 13 Understanding the Business Value of Systems and Managing ChangeChapter 13 Understanding the Business Value of Systems and Managing Change
Case Example: Primrose, Mendelson, and Hansen
12.29 © 2003 by Prentice Hall
Internal Rate of Return (IRR)Internal Rate of Return (IRR)
• Rate of return or profit an investment is Rate of return or profit an investment is expected to earnexpected to earn
Results of the Capital Budgeting Results of the Capital Budgeting
AnalysisAnalysis
• Cash flow positive over the time period Cash flow positive over the time period and returns more benefits than it costsand returns more benefits than it costs
UNDERSTANDING THE BUSINESS VALUE OF INFORMATION SYSTEMS
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 13 Understanding the Business Value of Systems and Managing ChangeChapter 13 Understanding the Business Value of Systems and Managing Change
Case Example: Primrose, Mendelson, and Hansen
12.30 © 2003 by Prentice Hall
Portfolio AnalysisPortfolio Analysis
• Analysis of portfolio of potential Analysis of portfolio of potential applications within a firm applications within a firm
• Determines risks and benefitsDetermines risks and benefits
• Selects among alternatives for information Selects among alternatives for information systemssystems
UNDERSTANDING THE BUSINESS VALUE OF INFORMATION SYSTEMS
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 13 Understanding the Business Value of Systems and Managing ChangeChapter 13 Understanding the Business Value of Systems and Managing Change
Strategic Considerations
12.31 © 2003 by Prentice Hall
Scoring ModelsScoring Models
• Method for deciding among alternative Method for deciding among alternative systems based on a system of ratings systems based on a system of ratings
Real Options Pricing ModelsReal Options Pricing Models
• Models for evaluating information Models for evaluating information technology investments with uncertain technology investments with uncertain returns returns
UNDERSTANDING THE BUSINESS VALUE OF INFORMATION SYSTEMS
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 13 Understanding the Business Value of Systems and Managing ChangeChapter 13 Understanding the Business Value of Systems and Managing Change
Strategic Considerations
12.32 © 2003 by Prentice Hall
UNDERSTANDING THE BUSINESS VALUE OF INFORMATION SYSTEMS
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 13 Understanding the Business Value of Systems and Managing ChangeChapter 13 Understanding the Business Value of Systems and Managing Change
A System Portfolio
Figure 13-3
12.33 © 2003 by Prentice Hall
Knowledge Value–Added ApproachKnowledge Value–Added Approach
• Focuses on knowledge input into a Focuses on knowledge input into a business process business process
• Determines costs and benefits of changes Determines costs and benefits of changes in business processes from new in business processes from new information systemsinformation systems
UNDERSTANDING THE BUSINESS VALUE OF INFORMATION SYSTEMS
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 13 Understanding the Business Value of Systems and Managing ChangeChapter 13 Understanding the Business Value of Systems and Managing Change
Strategic Considerations
12.34 © 2003 by Prentice Hall
Productivity Productivity
• Measure of firm’s efficiency in converting Measure of firm’s efficiency in converting inputs to outputsinputs to outputs
Information TechnologyInformation Technology
• Reduces costReduces cost
• Increases quality of products and servicesIncreases quality of products and services
UNDERSTANDING THE BUSINESS VALUE OF INFORMATION SYSTEMS
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 13 Understanding the Business Value of Systems and Managing ChangeChapter 13 Understanding the Business Value of Systems and Managing Change
Information Technology Investments and Productivity
12.35 © 2003 by Prentice Hall
System failureSystem failure
• Information system does not perform as Information system does not perform as expected, is not operational at a specified expected, is not operational at a specified timetime
• Poor design, inaccurate data, excessive Poor design, inaccurate data, excessive expenditure, breakdown in operationsexpenditure, breakdown in operations
IMPORTANCE OF CHANGE MANAGEMENT IN INFORMATION SYSTEM SUCCESS AND FAILURE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 13 Understanding the Business Value of Systems and Managing ChangeChapter 13 Understanding the Business Value of Systems and Managing Change
Information System Problem Areas
12.36 © 2003 by Prentice Hall
What are the causes of IS project What are the causes of IS project failures?failures?
What steps can management take to What steps can management take to insure success of IS projects?insure success of IS projects?
IMPORTANCE OF CHANGE MANAGEMENT IN INFORMATION SYSTEM SUCCESS AND FAILURE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 13 Understanding the Business Value of Systems and Managing ChangeChapter 13 Understanding the Business Value of Systems and Managing Change
Causes of Implementation Success and Failure
12.37 © 2003 by Prentice Hall
IMPORTANCE OF CHANGE MANAGEMENT IN INFORMATION SYSTEM SUCCESS AND FAILURE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 13 Understanding the Business Value of Systems and Managing ChangeChapter 13 Understanding the Business Value of Systems and Managing Change
Factors in Information System Success or Failure
Figure 13-5
12.38 © 2003 by Prentice Hall
• Project size:Project size: Larger project has greater Larger project has greater riskrisk
• Project structure:Project structure: Clear and Clear and straightforward requirements help define straightforward requirements help define outputs and processes outputs and processes
• Experience with technology:Experience with technology: Project Project risk rises if project team and information risk rises if project team and information system staff lack required technical system staff lack required technical expertiseexpertise
IMPORTANCE OF CHANGE MANAGEMENT IN INFORMATION SYSTEM SUCCESS AND FAILURE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 13 Understanding the Business Value of Systems and Managing ChangeChapter 13 Understanding the Business Value of Systems and Managing Change
Level of Complexity and Risk
12.39 © 2003 by Prentice Hall
IMPORTANCE OF CHANGE MANAGEMENT IN INFORMATION SYSTEM SUCCESS AND FAILURE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 13 Understanding the Business Value of Systems and Managing ChangeChapter 13 Understanding the Business Value of Systems and Managing Change
Consequences of Poor Project Management
Figure 13-6
12.40 © 2003 by Prentice Hall
System Challenges of Mergers and System Challenges of Mergers and
AcquisitionsAcquisitions
• Integrating systemsIntegrating systems
• Organizational characteristics Organizational characteristics
• Information technology infrastructuresInformation technology infrastructures
IMPORTANCE OF CHANGE MANAGEMENT IN INFORMATION SYSTEM SUCCESS AND FAILURE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 13 Understanding the Business Value of Systems and Managing ChangeChapter 13 Understanding the Business Value of Systems and Managing Change
Change Management Challenges for Enterprise Applications, Business Process Reengineering (BPR), and Mergers and Acquisitions
12.41 © 2003 by Prentice Hall
How are global IS problems different? How are global IS problems different?
Identify some global problems Identify some global problems impacting the use of IS.impacting the use of IS.
• Transborder data flow:Transborder data flow: Movement of Movement of information across international information across international boundaries in any formboundaries in any form
• Technology Hurdles:Technology Hurdles: Lack of standards Lack of standards and connectivity in hardware, software, and connectivity in hardware, software, and telecommunications and telecommunications
IMPORTANCE OF CHANGE MANAGEMENT IN INFORMATION SYSTEM SUCCESS AND FAILURE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 13 Understanding the Business Value of Systems and Managing ChangeChapter 13 Understanding the Business Value of Systems and Managing Change
The Challenge of Implementing Global Systems
12.42 © 2003 by Prentice Hall
• Local User Resistance to Global Local User Resistance to Global Systems:Systems: Difficult to convince local Difficult to convince local managers to change their business managers to change their business processes processes
IMPORTANCE OF CHANGE MANAGEMENT IN INFORMATION SYSTEM SUCCESS AND FAILURE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 13 Understanding the Business Value of Systems and Managing ChangeChapter 13 Understanding the Business Value of Systems and Managing Change
The Challenge of Implementing Global Systems
12.43 © 2003 by Prentice Hall
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 13 Understanding the Business Value of Systems and Managing ChangeChapter 13 Understanding the Business Value of Systems and Managing Change
Formal planning and control tools help to manage information systems projects successfully
Figure 13-7
MANAGING IMPLEMENTATION
12.44 © 2003 by Prentice Hall
Creating a Global Technology Creating a Global Technology InfrastructureInfrastructure
• Build international private networkBuild international private network
• Rely on value added network serviceRely on value added network service
• Use Internet technologyUse Internet technology
• Build global intranets Build global intranets
• Use Virtual Private Networks Use Virtual Private Networks
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 13 Understanding the Business Value of Systems and Managing ChangeChapter 13 Understanding the Business Value of Systems and Managing Change
Managing Global Implementations
MANAGING IMPLEMENTATION
12.45 © 2003 by Prentice Hall
1414
IS Security & ControlIS Security & Control
Chapter
12.46 © 2003 by Prentice Hall
• Why are information systems so vulnerable to Why are information systems so vulnerable to destruction, error, abuse, and system quality destruction, error, abuse, and system quality problems?problems?
• What types of controls are available for What types of controls are available for information systems?information systems?
• What special measures must be taken to What special measures must be taken to ensure the reliability, availability and security ensure the reliability, availability and security of electronic commerce and digital business of electronic commerce and digital business processes?processes?
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
12.47 © 2003 by Prentice Hall
• Advances in telecommunications and Advances in telecommunications and computer softwarecomputer software
• Unauthorized access, abuse, or fraud Unauthorized access, abuse, or fraud
• Hackers Hackers
• Denial of service attackDenial of service attack
• Computer virusComputer virus
SYSTEM VULNERABILITY AND ABUSE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
Why Systems are Vulnerable
12.48 © 2003 by Prentice Hall
SYSTEM VULNERABILITY AND ABUSE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
Telecommunication Network Vulnerabilities
Figure 14-1
12.49 © 2003 by Prentice Hall
DisasterDisaster
• Destroys computer hardware, programs, Destroys computer hardware, programs, data files, and other equipment data files, and other equipment
SecuritySecurity
• Prevents unauthorized access, alteration, Prevents unauthorized access, alteration, theft, or physical damagetheft, or physical damage
SYSTEM VULNERABILITY AND ABUSE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
Concerns for System Builders and Users
12.50 © 2003 by Prentice Hall
BugsBugs
• Program code defects or errorsProgram code defects or errors
Maintenance NightmareMaintenance Nightmare
• Maintenance costs high due to Maintenance costs high due to organizational change, software organizational change, software complexity, and faulty system analysis complexity, and faulty system analysis and designand design
SYSTEM VULNERABILITY AND ABUSE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
System Quality Problems: Software and Data
12.51 © 2003 by Prentice Hall
SYSTEM VULNERABILITY AND ABUSE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
Points in the Processing Cycle where Errors can Occur
Figure 14-2
12.52 © 2003 by Prentice Hall
Data Quality ProblemsData Quality Problems
• Caused due to errors during data input or Caused due to errors during data input or faulty information system and database faulty information system and database designdesign
SYSTEM VULNERABILITY AND ABUSE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
System Quality Problems: Software and Data
12.53 © 2003 by Prentice Hall
SYSTEM VULNERABILITY AND ABUSE
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
The Cost of Errors over the Systems Development Cycle
Figure 14-3
12.54 © 2003 by Prentice Hall
ControlsControls
• Methods, policies, and procedures Methods, policies, and procedures
• Ensures protection of organization’s Ensures protection of organization’s assetsassets
• Ensures accuracy and reliability of Ensures accuracy and reliability of records, and operational adherence to records, and operational adherence to management standardsmanagement standards
CREATING A CONTROL ENVIRONMENT
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
Overview
12.55 © 2003 by Prentice Hall
• On-line transaction processing:On-line transaction processing: Transactions entered online are Transactions entered online are immediately processed by computerimmediately processed by computer
• Fault-tolerant computer systems:Fault-tolerant computer systems: Contain extra hardware, software, and Contain extra hardware, software, and power supply componentspower supply components
CREATING A CONTROL ENVIRONMENT
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
Protecting the Digital Firm
12.56 © 2003 by Prentice Hall
• High-availability computing:High-availability computing: Tools and Tools and technologies enabling system to recover technologies enabling system to recover from a crashfrom a crash
• Disaster recovery plan:Disaster recovery plan: Runs business Runs business in event of computer outagein event of computer outage
• Load balancing:Load balancing: Distributes large Distributes large number of requests for access among number of requests for access among multiple servers multiple servers
CREATING A CONTROL ENVIRONMENT
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
Protecting the Digital Firm
12.57 © 2003 by Prentice Hall
• Mirroring:Mirroring: Duplicating all processes and Duplicating all processes and transactions of server on backup server to transactions of server on backup server to prevent any interruptionprevent any interruption
• Clustering:Clustering: Linking two computers Linking two computers together so that a second computer can together so that a second computer can act as a backup to the primary computer act as a backup to the primary computer or speed up processingor speed up processing
CREATING A CONTROL ENVIRONMENT
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
Protecting the Digital Firm
12.58 © 2003 by Prentice Hall
FirewallsFirewalls
• Prevent unauthorized users from Prevent unauthorized users from accessing private networksaccessing private networks
• Two types: proxies and stateful inspectionTwo types: proxies and stateful inspection
Intrusion Detection SystemIntrusion Detection System
• Monitors vulnerable points in network to Monitors vulnerable points in network to detect and deter unauthorized intrudersdetect and deter unauthorized intruders
CREATING A CONTROL ENVIRONMENT
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
Internet Security Challenges
12.59 © 2003 by Prentice Hall
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
Figure 14-5
CREATING A CONTROL ENVIRONMENT
Internet Security Challenges
12.60 © 2003 by Prentice Hall
• Encryption:Encryption: Coding and scrambling of Coding and scrambling of messages to prevent their access without messages to prevent their access without authorizationauthorization
• Authentication:Authentication: Ability of each party in a Ability of each party in a transaction to ascertain identity of other transaction to ascertain identity of other partyparty
• Message integrity:Message integrity: Ability to ascertain Ability to ascertain that transmitted message has not been that transmitted message has not been copied or alteredcopied or altered
CREATING A CONTROL ENVIRONMENT
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
Security and Electronic Commerce
12.61 © 2003 by Prentice Hall
• Digital signature:Digital signature: Digital code attached Digital code attached to electronically transmitted message to to electronically transmitted message to uniquely identify contents and senderuniquely identify contents and sender
• Digital certificate:Digital certificate: Attachment to Attachment to electronic message to verify the sender electronic message to verify the sender and to provide receiver with means to and to provide receiver with means to encode replyencode reply
CREATING A CONTROL ENVIRONMENT
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
Security and Electronic Commerce
12.62 © 2003 by Prentice Hall
• Secure Electronic Transaction (SET):Secure Electronic Transaction (SET): Standard for securing credit card Standard for securing credit card transactions over Internet and other transactions over Internet and other networksnetworks
CREATING A CONTROL ENVIRONMENT
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
Security and Electronic Commerce
12.63 © 2003 by Prentice Hall
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
Public Key Encryption
CREATING A CONTROL ENVIRONMENT
Figure 14-6
12.64 © 2003 by Prentice Hall
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
Digital Certificates
CREATING A CONTROL ENVIRONMENT
Figure 14-7
12.65 © 2003 by Prentice Hall
Criteria for determining control Criteria for determining control
structurestructure
• Importance of dataImportance of data
• Efficiency, complexity, and expense of Efficiency, complexity, and expense of each control techniqueeach control technique
• Level of risk if a specific activity or Level of risk if a specific activity or process is not properly controlledprocess is not properly controlled
CREATING A CONTROL ENVIRONMENT
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
Developing a Control Structure: Costs and Benefits
12.66 © 2003 by Prentice Hall
MIS auditMIS audit
• Identifies all controls that govern Identifies all controls that govern individual information systems and individual information systems and assesses their effectivenessassesses their effectiveness
CREATING A CONTROL ENVIRONMENT
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
The Role of Auditing in the Control Process
12.67 © 2003 by Prentice Hall
ENSURING SYSTEM QUALITY
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
Sample Auditor’s List of Control Weaknesses
Figure 14-8
12.68 © 2003 by Prentice Hall
ENSURING SYSTEM QUALITY
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
System Flow-Chart for a Payroll System
Figure 14-12
12.69 © 2003 by Prentice Hall
• Walkthrough:Walkthrough: Review of specification or Review of specification or design document by small group of people design document by small group of people
• Debugging:Debugging: Process of discovering and Process of discovering and eliminating errors and defects in program eliminating errors and defects in program codecode
• Local, System, and Acceptance TestingLocal, System, and Acceptance Testing
ENSURING SYSTEM QUALITY
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
Testing
12.70 © 2003 by Prentice Hall
Data quality auditData quality audit
• Survey and/or sample of files Survey and/or sample of files
• Determines accuracy and completeness of Determines accuracy and completeness of data data
Data cleansingData cleansing
• Correcting errors and inconsistencies in Correcting errors and inconsistencies in data to increase accuracy data to increase accuracy
ENSURING SYSTEM QUALITY
Essentials of Management Information SystemsEssentials of Management Information SystemsChapter 14 Information Systems Security and ControlChapter 14 Information Systems Security and Control
Data Quality Audit and Data Cleansing
12.71 © 2003 by Prentice Hall
What are the organizational challenges What are the organizational challenges to IT-enabled change?to IT-enabled change?
12.72 © 2003 by Prentice Hall
What are the major barriers to B2B?What are the major barriers to B2B?
What are the major barriers to B2C?What are the major barriers to B2C?
Will e-commerce continue to grow? Will e-commerce continue to grow? What areas will benefit?What areas will benefit?
12.73 © 2003 by Prentice Hall
1414
End Chapters 12-14End Chapters 12-14
Is it ten o’clock yet?Is it ten o’clock yet?
Chapter