Sie sind auf Seite 1von 161

Introduction to

Information Systems

Dr Riktesh Srivastava

Module I: Chapter 1+Chapter 2

Chapter 1: Foundations of Information Systems in Business

What is an Information System?
An Information System (IS) can be any organized combination
of people, hardware, software, communication networks, data
resources, policies and procedures that stores, retrieves,
transforms and disseminates information in an organization.

What is Information Technology?

Although the terms IT and IS are interchangeably, they are
quite a different terms.
IT is hardware, software, networking and data management
whereas, IS is all the components and resources necessary to
deliver information and functions to the organization.

Fundamental Role of IS in Business

Consider the Figure given below

Types of Information System

Information required at different management levels

Strategic management
Executives develop organizational goals, strategies,
policies, and objectives
As part of a strategic planning process

Tactical management
Managers and business professionals in self-directed
Develop short- and medium-range plans, schedules
and budgets
Specify the policies, procedures and business
objectives for their subunits

Operational management
Managers or members of self-directed teams
Develop short-range plans such as weekly
production schedules

Information Quality
Information products whose characteristics, attributes, or qualities make the information more value.
Information has 3 dimensions:

Decision Structure
Structured situations where the procedures to follow when a decision is needed can be specified in
Unstructured decision situations where it is not possible to specify in advance most of the decision
procedures to follow
Semi-structured - decision procedures that can be prespecified, but not enough to lead to a definite
recommended decision

Business Intelligence
DSS: Provide interactive information support to
managers and business professionals during the
decision-making process
Analytical models
Specialized databases
A decision makers own insights and
Interactive computer-based modeling
To support semi-structured business decisions
MIS: Produces information products that support many of the day-to-day decision-making
needs of managers and business professionals
Prespecified reports, displays and responses
Support more structured decisions
MIS Reporting Alternatives:
Periodic Scheduled Reports: Pre-specified format on a regular basis
Exception Reports: Reports about exceptional conditions, May be produced regularly or when
exception occurs
Demand Reports and Responses: Information available when demanded
Push Reporting: Information pushed to manager

Enables mangers and analysts to examine and manipulate large amounts of
detailed and consolidated data from many perspectives
Done interactively in real time with rapid response
Data Mining: Main purpose is to provide decision support to managers and business
professionals through knowledge discovery
Analyzes vast store of historical business data
Tries to discover patterns, trends, and correlations hidden in the data that can help
a company improve its business performance
Use regression, decision tree, neural network, cluster analysis, or market basket

Market Basket Analysis

One of most common data mining for marketing
The purpose is to determine what products customers purchase together with
other products
Knowledge Management Systems:
The use of information technology to help gather, organize, and share business
knowledge within an organization
Enterprise Knowledge Portals
EIPs that are the entry to corporate intranets that serve as knowledge
management systems

In Chapter 1, we studied about different types of

Information System and how important it is for
organizations, to use Information Systems in there
business process and operations.
In nutshell, a point was put forward that Information
System is needed today to gain Competitive Advantage
and to make Strategic decisions. Chapter 2, will elaborate
this point in a much detailed way.
Chapter 2: Competing with Information Technology

A strategic information system is a kind of information

system that uses IT to help an organization to:
Gain a competitive advantageChapter 2
Reduce a competitive disadvantage
Or meet other strategic enterprise objectives
According to Michael Porters classic model of
competition, any business that wants to succeed must
develop strategies to counter these 5 forces
Bargaining power of suppliers
Bargaining power of Buyers
Threat of new entrants
Threat of substitute products/services
Rivalry among existing competitors

Maintain list of Suppliers

and Select the suppliers
which gives the best deal


Keep the customers

HOOKED by providing the
added services by using IS



Provide entry barriers

which are tough/hard to
emulate, thereby providing
Expensive and Time
consuming alternative for



Less Expensive
Value Added Features

Spawn new business by

creating new products


Brief History of Computer Hardware

Chapter 3: Computer Hardware
Earlier counting on fingers
Abacus: manipulating stones or beads to count
The word calculate comes from calculus, the Latin word for small stone
First mechanical adding machine was invented by Blaise Pascal in 1642.
Charles Babbage and the Analytical Engine
Came into existence in 19th century
Machine that calculated, stored values in memory and perform logical comparisons
Mechanical rather than electronics
Herman Hollerith and the 1890 census
Punched cards to record census data
Cards read in a tabulating machine
Holleriths company went onto become IBM
Electronic Computers (History)
ENIAC (Electronic Numerical Integrator And Computer): Invented in 1946, ENIAC is considered to be first
electronic and digital computer. ENIAC was programmable and used to 5000 calculations per second.
Drawback: Only one program can be executed at a time.
Next Wave of Computing
Second generation, late 1950s: 200,000 to 250,000 calculations per second
Third generation, mid 1960s: Integrated circuitry was used
Fourth generation, 1971: Highly Integrated circuitry was used , Multiprogramming and virtual storage
Fifth generation, 1980s: Millions of calculations per second

Computer System Categories

Microcomputer Systems

Midrange Systems

Mainframe Systems

Microcomputer Systems
Microcomputer are the most important category of computer systems for both businesses and consumers.
Generally, Microcomputer consists of following three systems:
Personal Computer (PC) microcomputer for use by an individual
Desktop fit on an office desk
Laptop small, portable PC
Midrange Systems
Midrange systems are high-end network servers and other types of servers that can handle the large-scale processing of
many business applications.
Mainframe Systems
Mainframe Systems are Large and fast powerful computer systems with large primary storage capacity and High
transaction processing. They are generally used for complex transactions and can be used as superservers for large

Computer hardware functions

Input: Convert data into electronic form
Central Processing Unit (CPU)
Arithmetic-logic unit performs the arithmetic functions
Control unit
Output: Convert electronic information into human-intelligible form
Primary Storage Unit or memory
Secondary Storage
Magnetic disks and Optical disks
Control unit of the CPU
Controls the other components of the computer


Computer Processing Speeds

Millisecond thousandth of a second
Microsecond millionth of a second
Nanosecond billionth of a second

If a person took one step per nanosecond, they would circle the earth 20 times in one second

Picosecond trillionth of a second

MIPS million instructions per second
Teraflops trillions of floating point operations per second (Supercomputer)
Clock speed of the computer:
Megahertz (MHz) millions of cycles per second
Gigahertz (GHz) billions of cycles per second


Input technologies
Pointing Devices
Electronic Mouse
Trackball Stationary device like a mouse with a roller ball used to move cursor on screen.
Pointing Stick Small eraser head-like device in keypad that moves cursor in direction of pressure placed on
Touchpad Small rectangular touch-sensitive surface that moves the cursor in the direction of finger moves on
the pad

Touch Screen use computer by touching screen

Speech Recognition Systems: System compares your speech patterns to library of sound patterns
Optical Scanning: Read text or graphics and convert them into digital input
Magnetic stripe: Read magnetic stripe on credit cards

Smart cards : Microprocessor chip and memory on credit card

Magnetic Ink Character Recognition (MICR): Identification numbers of bank and account printed in magnetic ink
on bottom of check

Output Technologies
Video displays
Cathode ray tube (CRT) like a television
Most desktop PC screens
Liquid crystal displays (LCDs)
Laptop and PDAs, some PCs
Printed Output
Inkjet printer
Spray ink on page
Laser printer
Electrostatic process like photocopying machine
Voice response systems (VRS)


Computer Storage Fundamentals

Binary representation
Data are processed and stored in computer system through the presence or absence of signals
Either ON or OFF

ON = number 1, OFF = number 0

Bit (short for binary digit)
Smallest element of data
Either zero or one
Group of eight bits which operate as a single unit
Represents one character or number
Measuring storage capacities
Kilobyte (KB): one thousand bytes
Megabyte (MB): one million bytes
Gigabyte (GB): one billion bytes
Terabyte (TB): one trillion bytes
Petabyte (PB): one quadrillion bytes


Sequential and Direct Access

Sequential Access
Data is stored and retrieved in a sequential process
Must be accessed in sequence by searching through prior data
Magnetic tape
Direct Access or Random Access
Directly store and retrieve data
Each storage position has unique address and can be accessed in same length of time
Semiconductor memory chips, magnetic disks


Magnetic Tapes

Magnetic Disks

Secondary storage

Floppy disks
Magnetic disk inside a plastic jacket

Used in robotic automated drive assemblies

Archival storage and backup storage

Hard disk drives

Magnetic disk, access arms, and read/write
heads in sealed module
RAID (Redundant arrays of independent disks)
Disk arrays of interconnected hard disk drives
Fault tolerant with multiple copies on several

Chapter 4: Computer Software

Types of software


Software types
Application software

Performs information processing

tasks for end users

System software

Manages and supports operations

of computer systems and


Application software
General purpose

Programs that perform common information processing

jobs for end users
E.g., word processing, spreadsheet, etc.
Also called productivity packages


Programs that support specific applications of end users

E.g., electronic commerce, customer relationship
management, etc.


General Purpose Application Software's

1) Software Suites: Software suites integrate software packages
Cost less than buying individual packages
All have a similar GUI
Work together well
Features not used by all users
Take a lot of disk space
2) Web Browsers:
Software applications that support navigation through the
point-and-click resources of the Web
Surfing the web
Becoming a universal software platform for Internet-based
3) E-mail: Software to communicate by sending and receiving
messages and attachments via the Internet, intranet or extranet
4) Instant messaging (IM): Receive electronic messages instantly
5) Weblog or blog
A personal website in dated log format
Updated with new information about a subject or range of


Word processing
Create, edit, revise and print documents
E.g., Microsoft Word, Lotus WordPro and Corel WordPerfect
Desktop Publishing
Produce printed materials that look professionally published
E.g., Adobe PageMaker, Microsoft Publisher and QuarkXPress

Electronic Spreadsheets
Worksheet of rows and columns
Used for calculations and charts
E.g., Lotus 1-2-3, Microsoft Excel, Corel QuattroPro
Presentation Graphics
Prepare multimedia presentations including graphics, photos,
animation, and video clips
E.g., Microsoft PowerPoint, Lotus Freelance, Corel Presentations
Personal Information Manager (PIM)
Software that stores information about clients, schedules, manage
appointments, manage tasks
E.g., Lotus Organizer, Microsoft Outlook
Software that helps workgroups collaborate on group assignments
E-mail, discussion groups, databases, videoconferencing
E.g., Lotus Notes, Novell GroupWise, Microsoft Exchange


System software
Software that manages and supports a computer system
System management programs
Programs that manage hardware, software, network, and data
E.g., operating systems, network management programs,
database management systems, systems utilities
Systems development programs
Programs that help users develop information system programs


Operating System
Integrated system of programs that

Manages the operations of the CPU

Controls the input/output and storage resources and
activities of the computer system
Provides support services as computer executes
applications programs


Popular Operating Systems


GUI, multitasking, networking, multimedia

Different versions manage servers
Microsofts operating system


Multitasking, multiuser, network-managing

Portable can run on mainframes, midrange and PCs


Low-cost, powerful reliable Unix-like operating system



Apple operating system for the iMac

GUI, multitasking, multimedia

Programming Languages


Web Services
Software components
based on a framework of Web and object-oriented
standards and technologies
for using the Web
to electronically link the applications of different
users and different computing platforms


How web services work


Chapter 5: Data Resource Management

Fundamental Data Concepts
Field or data item: a grouping of related characters
Represents an attribute (a characteristic or quality) of some
entity (object, person, place or event)
Example: salary
Record: grouping of all the fields used to describe the attributes
of an entity
Example: payroll record with name, SSN and rate of pay
File or table: a group of related records
an integrated collection of logically related data


Database Structures


Hierarchical Structure
Hierarchical Structure uses pointers to represent the
data and the relationship among the data. In
Hierarchical Structure the records are organized in
terms of trees . The hierarchical model relates data
by using inverted tree structure, in which records
contain two elements:
A single root often called a key, which identifies
the type, location or ordering of the records.
A variable name of subordinate fields that defines
the rest of the data within a record.
All fields have only one parent and each parent may
have many children. The hierarchical database
model is shown in the next slide

Hierarchical Structure


Network Structure
Used in some mainframe DBMS packages
The network model creates relationships
among data by which members can be
linked to more than one parent. In the
network data model also, the data is
represented as the pointers and the
relationship between records is called a set.
In this data model, we can represent the
records of the database with the help of
arbitrary graph instead of trees.

Network Structure


Relational Structure
Most widely used structure
Data elements are viewed as being stored in tables
Row represents record
Column represents field
Can relate data in one file with data in another file if
both files share a common data element


Relational Structure


Relational Operations

Three basic operations on relational databases


Create a subset of records that meet a stated criterion

Example, select employees who make more than $30,000


Combine two or more tables temporarily

Looks like one big table


Create a subset of columns in a table


Multidimensional Structure
Variation of relational model
Uses multidimensional structures to organize data
Data elements are viewed as being in cubes
Popular for analytical databases that support Online Analytical
Processing (OLAP)


Multidimensional Model

Evaluation of Database Structures

Hierarchical NetworkRelational
Worked for structured routine transaction processing
Cant handle many-to-many relationships

More flexible than hierarchical
Unable to handle ad hoc requests

Easily respond to ad hoc requests
Easier to work with and maintain
Not as efficient or quick as hierarchical or network

Types of databases


Operational Databases
Store detailed data to support business processes
Examples, customer database, inventory database


Distributed Databases
Copies or parts of databases on servers at a variety of locations
Challenge: any data change in one location must be made in all other locations
Look at each distributed database and find changes
Apply changes to each distributed database
Very complex

One database is master
Duplicate that database after hours in all locations


External Databases
Databases available for a fee from commercial online services or
For free from World Wide Web
Examples, statistical databanks, bibliographic and full text databases


Hypermedia Database
Website database
Consists of hyperlinked pages of multimedia (text, graphics, video
clips, audio segments)


Data Warehouse
Stores data that has been extracted from the operational, external and other

Data has been cleaned, transformed and cataloged

Used by managers and professionals for

Data mining,
Online analytical processing,
Business analysis,
Market research,
Decision support

Data mart is subset of warehouse for specific use of department


Data Warehouse

Source: Adapted courtesy of Hewlett-Packard.


Data Mining
Data in data warehouse are analyzed to reveal hidden patterns and

Perform market-basket analysis to identify new business processes

Find root causes to quality problems
Cross sell to existing customers
Profile customers with more accuracy


Chapter 6:Telecommunications and Networks

Network Concepts
An interconnected chain, group or system
Number of possible connections on a network is N * (N-1)
Where N = number of nodes (points of connections on the
Example, if there are 10 computers on a network, there are
10 * 9 = 90 possible connections.
Metcalfes Law
The usefulness of a network equals the square of the number
of users (If there are only 2 users on the network, its not
very useful; if there are 200 its much more useful. So the
Internet with millions of computers is incredibly useful).
On a small network, a change in technology affects
technology only
On a large network like the Internet, a change in technology
affects social, political and economic systems


Digital Network Technologies

Rapid change from analog to digital

network technologies
Analog: voice-oriented transmission,
sound waves
Digital: discrete pulse transmission
Digital allows:

Higher transmission speed

Larger amounts of information
Greater economy
Lower error rates
Multiple forms of communications on same


Next generation of the Internet
High-performance network
In use at 200 universities, scientific institutions, communications


The Internet
Over 46 million servers (2004)
710 945 million users (2004)
No central computer system
No governing body
No one owns it


Internet Service Provider

A company that specializes in providing easy access to the Internet
For a monthly fee, you get software, user name, password and access

ISPs are connect to one another through network access points


Using the Internet for business


An Intranet
A network inside an organization
That uses Internet technologies (such as Web browsers and servers, TCP/IP
protocols, HTML, etc.)
To provide an Internet-like environment within the organization
For information sharing, communications, collaboration and support of
business processes
Protected by security measures
Can be accessed by authorized users through the Internet


Network links that use Internet technologies
To connect the Intranet of a business
With the Intranets of its customers, suppliers or other business partners


Extranet Uses


Wide Area Network (WAN)

Telecommunications network that covers a large
geographic area

Source: Courtesy of Cisco Systems Inc.

Local Area Network (LAN)

Connect computers within a limited physical area
such as an office, classroom, or building

Virtual Private Networks (VPN)

A secure network that uses the Internet as its backbone
but relies on firewalls, encryption and other security
A pipe traveling through the Internet




Wireless Technologies
Terrestrial microwave
Earthbound microwave systems that transmit high-speed radio signals in a
line-of-sight path
Between relay systems spaced approximately 30-miles apart

Communications satellites
Satellite serves as relay stations for communications signals
Uses microwave radio signals


Wireless Technologies
Cellular and PCS telephone and pager systems
Divide the geographic area into small areas or cells
Each cell has transmitter or radio relay antenna to send message from one
cell to another

Wireless LANs
Radio signals within an office or building
Connect PCs to networks

Short-range wireless technology
To connect PC to peripherals such as printer

Internet Telephony
Using an Internet connection to pass voice data using IP
Voice over IP (VoIP)
Skips standard long-distance phone charges


Chapter 7
Electronic Business Systems

Cross-functional Systems
Cross the boundaries of traditional
business functions

Customer Relationship Management (CRM)

CRM uses technology to

Create a cross-functional enterprise system

That integrates and automates many of the processes in
sales, marketing and customer service that interact with
Create a framework of web-enabled software and
databases that integrate these processes with the rest of the
companys processes

CRM Applications
Contract and Account Management
Helps sales, marketing and service professionals
Capture and track data about past and
planned contacts with customers and prospects
Provides sales reps with software tools and data
they need to support and manage sales
Cross-selling is trying to sell a
customer of one product with
a related product
Up-selling is trying to sell
customer a better product
than they are currently

CRM applications
Marketing and Fulfillment

Help marketing professionals accomplish direct

marketing campaigns by tasks such as targeted
marketing and scheduling and tracking direct
marketing mailings

Customer Service and Support

Provides sales reps with software tools and database

access to customer database shared by sales and
marketing professions
Helps create, assign and manage requests for service
Call center software routes calls to customer support
agents based upon their skills and type of call
Help desk software provides relevant service data
and suggestions for resolving problems for customer
service reps helping customers with problems

CRM applications
Retention and Loyalty Programs

Try to help a company identify, reward, and market to

their most loyal and profitable customers by using certain
data mining software tools

Enterprise Resource Planning (ERP)

Cross-functional enterprise system
with an integrated suite of software modules
that support the basic internal business processes of a company

Business benefits of ERP

Quality and efficiency
Decreased costs
Decision support
Enterprise agility

Supply Chain Management (SCM)

A cross-functional enterprise system
To help support and manage the links between a companys
key business processes
And those of its suppliers, customers and business partners
A supply chain:
Interrelationships with suppliers, customers, distributors,
and other businesses that are needed to design, build and
sell a product

Enterprise Application Integration (EAI)

EAI connects cross-functional systems
Serves as middleware to
Provide data conversion
Communication between systems
Access to system interfaces

Enterprise Collaboration Systems

coordination and collaboration among the members of
business teams and workgroups
ECS Goals
Communicate: share information with each other

Coordinate: coordinate individual work efforts and use of

resources with each other

work together cooperatively on joint projects and

Functional Business Systems

A variety of information systems (transaction processing,
management information systems, decision support, etc.)
That support the business functions of
Accounting, finance, marketing, operations management and human resource

Marketing Information Systems

Interactive marketing:

A customer-focused marketing process

Using the Internet, intranets, and extranets
To establish two-transactions
Between a company and its customers or potential

to profitably attract and keep customers
who will become partners with the business
in creating, purchasing and improving products and

Targeted Marketing
An advertising and promotion management concept
that includes five targeting components

Targeted Marketing Components

Community customize advertising to appeal to people of specific virtual

Content advertising placed on a variety of selected websites aimed at a specific

Context advertising placed on web pages that are relevant to the content of a
product or service
Demographic/Psychographic web marketing efforts aimed at specific types or
classes or people
Online Behavior promotion efforts tailored to each visit to a site by an
individual, e.g., using cookies files

Sales Force Automation

Outfit sales force with notebook computers, web browsers and sales
contract management software
Connect them to marketing websites and company intranet
Increase personal productivity
Speeds up capture and analysis of sales data from the field to marketing
Gain strategic advantage

Manufacturing Information
Support the production/operations function
Includes all activities concerned with planning and control of producing
goods or services
Simplify production processes, product designs, and factory organization as
a vital foundation to automation and integration
Automate production processes and the business functions that support
them with computers, machines, and robots
Integrate all production and support processes using computer networks,
cross-functional business software, and other information technologies

Human Resource Management (HRM)

Information systems designed to support
Planning to meet the personnel needs of the business
Development of employees to their full potential
Control of all personnel policies and programs

HRM and the Internet

Recruiting employees using the corporate website and commercial
recruiting services
Posting messages in selected Internet newsgroups
Communicating with job applicants via e-mail

Accounting Information Systems

Record and report the flow of funds through an organization
Produce financial statements
Forecasts of future conditions

Oldest and most widely used information systems

Six essential Accounting Information

Order Processing Captures and processes customer orders and
produces data for inventory control and accounts receivable
Inventory Control Processes data reflecting changes in inventory
and provides shipping and reorder information
Accounts Receivable Records amounts owed by customers and
produces customer invoices, monthly customer statements, and
credit management reports

Six essential Accounting Information

Accounts Payable Records purchases from, amounts owed to, and
payments to suppliers, and produces cash management reports
Payroll Records employee work and compensation data and
produces paychecks and other payroll documents and reports
General Ledger Consolidates data from other accounting systems
and produces the periodic financial statements and reports of the

Financial Management Systems

Support business managers and professionals in decisions concerning
The financing of a business
The allocation and control of financial resources within a business

Financial Management System Examples

Chapter 8: Electronic Commerce Systems

More than just buying and selling products online

Includes the entire online process of
Developing, marketing, selling, delivering, servicing and paying for products and services
Transacted on the internetworked global marketplaces of customers
With the support of a worldwide network of business partners

Types of Electronic Commerce

Business-to-Consumer (B2C) businesses develop attractive electronic marketplaces to sell

products and services to consumers
Business-to-Business (B2B) involves both electronic business marketplaces and direct market
links between businesses
Consumer-to-Consumer (C2C) online auctions where consumers can buy and sell with each other

Electronic Payment Processes

Web Payment Processes
Shopping cart process
Credit card payment process
Other more complex payment processes
Electronic Funds Transfer (EFT)
Capture and process money and credit transfers between banks and businesses and their customers

Types of Payment Systems

Credit Card
Stored Value
Accumulating Balance

Dr Riktesh Srivastava

Slide 6-97

Credit Card
Represents an account that extends credit to consumers,
permitting consumers to purchase items while deferring
payment, and allows consumers to make payments to
multiple vendors at one time
Credit card associations Nonprofit associations (Visa,
MasterCard) that set standards for issuing banks
Issuing banks Issue cards and process transactions
Processing centers (clearinghouses) Handle verification of
accounts and balances

Dr Riktesh Srivastava

Slide 6-98

Stored Value
Accounts created by depositing funds into an
account and from which funds are paid out or
withdrawn as needed
Examples: Debit cards, gift certificates, prepaid
cards, smart cards
Debit cards: Immediately debit a checking or other
demand-deposit account
Peer-to-peer payment systems such as PayPal a
Dr Riktesh Srivastava

Slide 6-99

Accumulating Balance
Accounts that accumulate expenditures and to
which consumers make period payments
Examples: utility, phone, American Express

Dr Riktesh Srivastava

Slide 6-100

Current Online Payment Systems

Credit cards are dominant form of online payment,
accounting for around 80% of online payments in 2002
New forms of electronic payment include:
Digital cash
Online stored value systems
Digital accumulating balance payment systems
Digital credit accounts
Digital checking

Dr Riktesh Srivastava

Slide 6-101

How an Online Credit Card

Transaction Works
Processed in much the same way that in-store
purchases are
Major difference is that online merchants do not
see or take impression of card, and no signature is
available (CNP transactions)
Participants include consumer, merchant,
clearinghouse, merchant bank (acquiring bank)
and consumers card issuing bank

Dr Riktesh Srivastava

Slide 6-102

How an Online Credit Transaction


Dr Riktesh Srivastava

Slide 6-103

The SET (Secure Electronic

Transaction) Protocol

Authenticates cardholder and merchant identity through use of digital certificates

An open standard developed by MasterCard and Visa
Transaction process similar to standard online credit card transaction, with more
identity verification
Thus far, has not caught on much, due to costs involved in integrating SET into
existing systems, and lack of interest among consumers

Dr Riktesh Srivastava

Slide 6-104

How SET Transactions Work

Dr Riktesh Srivastava

Slide 6-105

Online Stored Value Systems

Permit consumers to make instant, online payments to merchants
and other individuals based on value stored in an online account
Rely on value stored in a consumers bank, checking or credit card

Dr Riktesh Srivastava

Slide 6-106

Stored Value System

Dr Riktesh Srivastava

Slide 6-107

Secure Electronic Payment Example


Securing Electronic Payments

Network sniffers
Software that recognizes and intercepts credit card number formats

Security measures to combat

Encrypt (code and scramble) data between customer and merchant
Encrypt credit card authorizations
Take sensitive information off-line

Security Threats in the Ecommerce Environment

Three key points of vulnerability:
Communications channel
Most common threats:
Malicious code
Hacking and cybervandalism
Credit card fraud/theft
Denial of service attacks
Insider jobs
Dr Riktesh Srivastava

Slide 5-110

A Typical E-commerce Transaction

Dr Riktesh Srivastava

Slide 5-111

Vulnerable Points in an Ecommerce Environment

Dr Riktesh Srivastava

Slide 5-112

Malicious Code
Viruses: computer program that as ability to replicate and
spread to other files; most also deliver a payload of some
sort (may be destructive or benign); include macro viruses,
file-infecting viruses and script viruses
Worms: designed to spread from computer to computer
Trojan horse: appears to be benign, but then does
something other than expected
Bad applets (malicious mobile code): malicious Java applets
or ActiveX controls that may be downloaded onto client
and activated merely by surfing to a Web site

Dr Riktesh Srivastava

Slide 5-113

Hacking and Cybervandalism

Hacker: Individual who intends to gain unauthorized access to a
computer systems
Cracker: Used to denote hacker with criminal intent (two terms often
used interchangeably)
Cybervandalism: Intentionally disrupting, defacing or destroying a
Web site
Types of hackers include:
White hats Members of tiger teams used by corporate
security departments to test their own security measures
Black hats Act with the intention of causing harm
Grey hats Believe they are pursuing some greater good by
breaking in and revealing system flaws

Dr Riktesh Srivastava

Slide 5-114

Spoofing, DoS and dDoS Attacks, Sniffing

Spoofing: Misrepresenting oneself by using fake e-mail
addresses or masquerading as someone else
Denial of service (DoS) attack: Hackers flood Web site with
useless traffic to inundate and overwhelm network
Distributed denial of service (dDoS) attack: hackers use
numerous computers to attack target network from
numerous launch points
Sniffing: type of eavesdropping program that monitors
information traveling over a network; enables hackers to
steal proprietary information from anywhere on a network

Dr Riktesh Srivastava

Slide 5-115

Protecting Internet
Communications: Encryption

Encryption: The process of transforming plain text or data into cipher text that
cannot be read by anyone other than the sender and receiver

Secure stored information
Secure information transmission
Message integrity
Dr Riktesh Srivastava

Slide 5-116

Symmetric Key Encryption

Also known as secret key encryption
Both the sender and receiver use the same digital
key to encrypt and decrypt message
Requires a different set of keys for each
Data Encryption Standard (DES): Most widely used
symmetric key encryption today; uses 56-bit
encryption key; other types use 128-bit keys up
through 2048 bits
Dr Riktesh Srivastava

Slide 5-117

Public Key Encryption

Public key cryptography solves symmetric key encryption problem of having to
exchange secret key

Uses two mathematically related digital keys public key (widely disseminated)
and private key (kept secret by owner)
Both keys are used to encrypt and decrypt message
Once key is used to encrypt message, same key cannot be used to decrypt
For example, sender uses recipients public key to encrypt message; recipient
uses his/her private key to decrypt it

Dr Riktesh Srivastava

Slide 5-118

Public Key Cryptography A

Simple Case

Dr Riktesh Srivastava

Slide 5-119

Public Key Encryption using Digital

Signatures and Hash Digests
Application of hash function (mathematical algorithm) by sender
prior to encryption produces hash digest that recipient can use to
verify integrity of data
Double encryption with senders private key (digital signature) helps
ensure authenticity and nonrepudiation

Dr Riktesh Srivastava

Slide 5-120

Public Key Cryptography with

Digital Signatures

Dr Riktesh Srivastava

Slide 5-121

Digital Envelopes
Addresses weaknesses of public key encryption
(computationally slow, decreases transmission
speed, increases processing time) and symmetric
key encryption (faster, but more secure)
Uses symmetric key encryption to encrypt
document but public key encryption to encrypt
and send symmetric key

Dr Riktesh Srivastava

Slide 5-122

Public Key Cryptography:

Creating a Digital Envelope

Dr Riktesh Srivastava

Slide 5-123

Digital Certificates and Public Key

Infrastructure (PKI)
Digital certificate: Digital document that includes:
Name of subject or company
Subjects public key
Digital certificate serial number
Expiration date
Issuance date
Digital signature of certification authority (trusted third
party (institution) that issues certificate
Other identifying information
Public Key Infrastructure (PKI): refers to the CAs and digital
certificate procedures that are accepted by all parties

Dr Riktesh Srivastava

Slide 5-124

Digital Certificates and

Certification Authorities

Dr Riktesh Srivastava

Slide 5-125

Securing Channels of Communication

Secure Sockets Layer (SSL): Most common form of securing
channels of communication; used to establish a secure
negotiated session (client-server session in which URL of
requested document, along with contents, is encrypted)
S-HTTP: Alternative method; provides a secure messageoriented communications protocol designed for use in
conjunction with HTTP
Virtual Private Networks (VPNs): Allow remote users to
securely access internal networks via the Internet, using
Point-to-Point Tunneling Protocol (PPTP)

Dr Riktesh Srivastava

Slide 5-126

Secure Negotiated Sessions Using SSL

Dr Riktesh Srivastava

Slide 5-127

Protecting Networks: Firewalls

and Proxy Servers

Firewall: Software application that acts as a filter between a companys private

network and the Internet

Firewall methods include:

Packet filters
Application gateways
Proxy servers: Software servers that handle all communications originating from
for being sent to the Internet (act as spokesperson or bodyguard for the

Dr Riktesh Srivastava

Slide 5-128

Firewalls and Proxy Servers

Dr Riktesh Srivastava

Slide 5-129

e-Commerce Success Factors

Selection and Value
Attractive product selections, competitive prices, satisfaction guarantees, and
customer support after the sale

Performance and Service

Fast, easy navigation, shopping, and purchasing, and prompt shipping and

Look and Feel

Attractive web storefront, website shipping areas, multimedia product catalog
pages, and shopping features

e-Commerce Success Factors

Personal Attention
Personal web pages, personalized product recommendations, Web
advertising and e-mail notices, and interactive support for all customers

Community Relationships
Virtual communities of customers, suppliers, company representatives, and
others via newsgroups, chat rooms, and links to related sites

Security and Reliability

Security of customer information and website transactions, trustworthy
product information, and reliable order fulfillment

Chapter 10
Developing Business/IT Solutions

The Systems Approach

A problem solving technique that uses a systems orientation to

define problems and opportunities and develop appropriate
and feasible solutions.
Analyzing a problem and formulating a solution involves the
following interrelated activities:

1. Recognize and define a problem or opportunity using systems

2. Develop and evaluate alternative system solutions
3. Select the system solution that best meets your requirements
4. Design the selected system solution
5. Implement and evaluate the success of the designed system

What is Systems Thinking?

Seeing the forest and the trees in any situation by:
Seeing interrelationships among systems
Seeing processes of change among systems

See the system in any situation:

Find the input, processing, output, feedback and control


Systems Analysis and Design

SA & D
Overall process by which IS are designed and implemented within

Two most common approaches to SA & D

Object-oriented analysis and design
Systems Development Life Cycle

Systems Development Lifecycle (SDLC)

Systems Investigation Stage

Do we have business opportunities?
What are our business priorities?
How can information technologies provide information systems
solutions that address our business priorities?

Feasibility Study
A preliminary study where
the information needs of prospective users
the resource requirements, costs, benefits,
and feasibility of a proposed project

are determined

Feasibility Categories
Operational Feasibility
Economic Feasibility
Technical Feasibility
Human Factors Feasibility
Legal/Political Feasibility

Operational Feasibility
How well the proposed system
supports the business priorities of the organization.
solves the identified problem.
fits within the existing organizational structure.

Schedule feasibility can we solve the problem in a reasonable


Economic Feasibility

Cost savings
Increased revenue
Decreased investment requirements
Increased profits

Cost/benefit analysis

Cost/Benefit Analysis
Costs versus Benefits
Tangible costs and benefits can be quantified with a high degree of
Example: decrease in operating costs

Intangible costs and benefits are harder to estimate

Example: improved customer service

Technical Feasibility
Determine if reliable hardware and software capable of meeting the
needs of a proposed system can be acquired or developed by the
business in the required time

Human Factors Feasibility

Employee, customer, supplier acceptance
Management support
The right people for the various new or revised roles

Legal/Political Feasibility

Possible patent or copyright violations

Software licensing for developer side only
Governmental restrictions
Changes to existing reporting structure

Systems Analysis
An in-depth study of end user information needs
That produces functional requirements that are used as the basis for
the design of a new information system
Detailed study of
The information needs of a company and end users.
The activities, resources, and products of one or more of the present
information systems being used.
The information system capabilities required to meet information needs of
users and stakeholders

End users are important members of the development team

Functional Requirements Analysis and Determination

Determine specific business information needs

1. Determine what type of information each business activity requires.
2. Determine the information processing each system activity is needed to
meet these needs.

Systems Design
Modify the logical model until it represents a blueprint for
what the new system will do
Physical design:
How the system will accomplish its objectives

Systems Implementation
Hardware and software acquisition
Software development
Testing of programs and procedures
Conversion of data resources
Conversion alternatives
Education and training of end users and specialists who will operate a
new system

Implementation Process

Data Conversion
Converting data elements from old database to new database
Correcting incorrect data
Filtering out unwanted data
Consolidating data from several databases
Organizing data into new data subsets

End users must be trained to operate new system
Educate managers and end users in how the new technology impacts
the companys business operations and management

Conversion from use of present system to operation of new system

Four major forms of conversion

Direct Conversion
Turn off old system
Turn on new system
Direct is least expensive method, but, riskiest method

Parallel Conversion
New and old systems run simultaneously
until end users and project coordinators are satisfied that the new
system is functioning correctly
Low risk
Highest cost method: perform all functions with both systems

Pilot Conversion
When new system is installed in multiple locations
Convert to new system in single location
Once complete in pilot location,
Evaluate and make any necessary changes

Phased Conversion
Incremental approach to conversion
Bring in new system as a series of functional components
Lower risk
Takes the most time

Systems maintenance
Corrective: fix bugs and logical errors
Adaptive: add new functionality to accommodate changes in business
or environment
Perfective: improve performance
Preventive: reduce chances of failure

Post-implementation review
Ensure new system meets the business objectives
Periodic review or audit

Implementation Challenges
New system involves major organizational change
Manage changes to

Business processes
Organizational structures
Managerial roles
Work assignments
Stakeholder relationships

User Resistance
New way of doing things generates resistance
Key to solving is
User involvement in organizational changes and development of new systems

User involvement
End users on systems development teams
End user ownership of new system

The highest reasons for user resistance to knowledge management systems

is the resistance of sharing knowledge