IT - The Organization IT - The Organization and the Individualand the Individual

Learning ObjectivesLearning Objectives

Recognize the difficulties in managing Recognize the difficulties in managing information resources.information resources.

Recognize information systems’ vulnerability and Recognize information systems’ vulnerability and manage risk.manage risk.

Discuss the security issues of the Web and Discuss the security issues of the Web and electronic commerce.electronic commerce.

Identify the major aspects of the economics of Identify the major aspects of the economics of information technology.information technology.

Demonstrate how to define and measure tangible Demonstrate how to define and measure tangible information technology benefits.information technology benefits.

Show how to evaluate intangible information Show how to evaluate intangible information technology benefitstechnology benefits..

God is on the Small StuffGod is on the Small Stuffand it all mattersand it all matters

““Leadership is an Art”Leadership is an Art”

Bruce Bickel & Stan JantzBruce Bickel & Stan Jantz

…….In the Small Stuff.In the Small Stuff

Empowering is Empowering is more than more than delegatingdelegating

Have the courage Have the courage to hold people to hold people accountableaccountable

Associate with Associate with leaders as often as leaders as often as you canyou can

Being a good Being a good example is better example is better than giving good than giving good adviceadvice

There are born There are born leaders and there leaders and there are leaders who are leaders who are made. And are made. And then there arte then there arte those who become those who become leaders out of leaders out of necessitynecessity

Small Stuff (cont.)Small Stuff (cont.)

An exceptional leader An exceptional leader is one who gets is one who gets average people to do average people to do superior worksuperior work

If you want to lead, If you want to lead, readread

Use your influence Use your influence sparingly. It will last sparingly. It will last longerlonger

When you find a When you find a leader, followleader, follow

When you identify a When you identify a follower, leadfollower, lead

Be available to take Be available to take someone’s place in an someone’s place in an emergencyemergency

Power begins to Power begins to corrupt the moment corrupt the moment you begin to seek ityou begin to seek it

Small Stuff (cont.)Small Stuff (cont.)

A signpost like a peer, only warns you A signpost like a peer, only warns you about the road ahead. But a map, like a about the road ahead. But a map, like a mentor can show you hoe to get where mentor can show you hoe to get where you want to goyou want to go

Find a mentorFind a mentor Managing people begins with caring for Managing people begins with caring for

themthem One of the sobering characteristics of One of the sobering characteristics of

leadership is that leaders are judged to a leadership is that leaders are judged to a greater than followers.greater than followers.

Evaluating TrendsEvaluating Trends

Technology & OrganizationsTechnology & Organizations

Impact of new technologies on organizations:Impact of new technologies on organizations:• First, most organizations will perform existing First, most organizations will perform existing

functions at decreasing costs over time and thus functions at decreasing costs over time and thus become more efficient.become more efficient.

• Second, creative organizations will find new uses for Second, creative organizations will find new uses for information technology—based on the improving price-information technology—based on the improving price-to-performance ratio—and thus become more to-performance ratio—and thus become more effective. effective.

• New and enhanced products and services will provide New and enhanced products and services will provide competitive advantage to organizations that have the competitive advantage to organizations that have the creativity to exploit the increasing power of creativity to exploit the increasing power of information technology. information technology.

Trend --Trend --Information -> CollaborationInformation -> Collaboration

Today’s Internet focuses on access to and Today’s Internet focuses on access to and delivery of informationdelivery of information

Tomorrow’s Internet will support human Tomorrow’s Internet will support human collaboration in an information-rich collaboration in an information-rich environmentenvironment

The Internet is global, and is creating a The Internet is global, and is creating a global capability to build knowledge-based global capability to build knowledge-based communitiescommunities

Examples of readingExamples of reading

Technological & Financial TrendsTechnological & Financial Trends

Moore’s LawMoore’s Law• Moore suggested in 1965 that the number of Moore suggested in 1965 that the number of

transistors, and thus the power, of an integrated transistors, and thus the power, of an integrated circuit (computer chip) would double every year circuit (computer chip) would double every year while the cost remained the same.while the cost remained the same.

• He later revised this estimate to a slightly less He later revised this estimate to a slightly less

rapid pace: doubling every 18 months.rapid pace: doubling every 18 months. Price-to-performance ratioPrice-to-performance ratio

• Organizations will have the opportunity to buy, Organizations will have the opportunity to buy, for the same price, twice the processing power for the same price, twice the processing power in 1½ years, four times the power in 3 years, in 1½ years, four times the power in 3 years, eight times the power in 4½ years, etc. eight times the power in 4½ years, etc.

Moore’s LawMoore’s Law

Nolan’s StagesNolan’s Stages Theory of IT Adoption and Org. Learning Theory of IT Adoption and Org. Learning

(Pg 528-530)(Pg 528-530)

InitiationInitiation ExpansionExpansion ControlControl IntegrationIntegration Data administrationData administration MaturityMaturity

Research andDevelopment

Commercialization

Partnerships

Privatization

NSFNET

Internet2, Abilene, vBNSAdvanced US Govt Networks

ARPAnet

gigabittestbeds

ActiveNets

wirelessWDM

SprintLinkInternetMCI US Govt

NetworksANS

InteroperableHigh PerformanceResearch &EducationNetworks

21st CenturyNetworking

Quality of Service(QoS)

The Productivity ParadoxThe Productivity Paradox Over the last 50 years, organizations have Over the last 50 years, organizations have

invested trillions of dollars in information invested trillions of dollars in information

technology.technology. • Total worldwide annual spending on IT in 2000 was two Total worldwide annual spending on IT in 2000 was two

trillion dollars, and is expected to be over three trillion trillion dollars, and is expected to be over three trillion dollars by 2004. dollars by 2004.

Yet it is very hard to demonstrate that IT Yet it is very hard to demonstrate that IT investments really have increased outputs or investments really have increased outputs or wages.wages.

The discrepancy between measures of The discrepancy between measures of investment in information technology and investment in information technology and measures of output at the national level is measures of output at the national level is described as the described as the PProductivity roductivity PParadoxaradox..

ProductivityProductivity

Economists define Economists define productivityproductivity as outputs as outputs

divided by inputs.divided by inputs. • Outputs are calculated by multiplying units produced, Outputs are calculated by multiplying units produced,

for example, number of automobiles, by their average for example, number of automobiles, by their average value.value.

If inputs are measured simply as hours of work, If inputs are measured simply as hours of work,

the resulting ratio of outputs to inputs is the resulting ratio of outputs to inputs is labor labor

productivityproductivity..

If other inputs—investments and materials—are If other inputs—investments and materials—are

included, the ratio is known as included, the ratio is known as multifactor multifactor

productivity.productivity.

Risk ManagementRisk Management

Value of Information to Decision MakingValue of Information to Decision Making

The value of information to decision The value of information to decision making is the difference between the net making is the difference between the net benefits—benefits adjusted for costs—of benefits—benefits adjusted for costs—of decisions made using the information and decisions made using the information and decisions without the information.decisions without the information.

Value of Information =

Net benefits with information – Net benefits without information

Total Cost of OwnershipTotal Cost of Ownership

An interesting approach for evaluating the An interesting approach for evaluating the value of IT is the value of IT is the total cost of ownership (TCO).total cost of ownership (TCO). • TCO is a formula for calculating the cost of owning TCO is a formula for calculating the cost of owning

and operating a PC. and operating a PC. • The cost includes hardware, technical support, The cost includes hardware, technical support,

maintenance, software upgrades, and help-desk and maintenance, software upgrades, and help-desk and peer support. peer support.

• By identifying such costs, organizations get more By identifying such costs, organizations get more accurate cost-benefit analyses and also reduce the accurate cost-benefit analyses and also reduce the TCO.TCO.

• It is possible to reduce TCO of workstations in It is possible to reduce TCO of workstations in networked environments by as much as 26 percent networked environments by as much as 26 percent by adopting best practices in workstation by adopting best practices in workstation management (Kirwin et al., 1997). management (Kirwin et al., 1997).

Assessing Intangible BenefitsAssessing Intangible Benefits

There are 4 main methodologies of assessing There are 4 main methodologies of assessing intangible benefits: intangible benefits:

Value analysisValue analysis allows users to evaluate intangible allows users to evaluate intangible benefits on a low-cost, trial basis before deciding benefits on a low-cost, trial basis before deciding whether to commit to a larger investment.whether to commit to a larger investment.

Information economicsInformation economics focuses on the application of focuses on the application of IT in areas where its intangible benefits contribute to IT in areas where its intangible benefits contribute to performance on key aspects of organizational strategies performance on key aspects of organizational strategies and activities.and activities.

Management by maximManagement by maxim provides a means of provides a means of rationalizing IT infrastructure investments.rationalizing IT infrastructure investments.

Option valuationOption valuation takes into account potential future takes into account potential future benefits that current IT investments could produce.benefits that current IT investments could produce.

Disaster Recovery PlanDisaster Recovery Plan A disaster recovery plan A disaster recovery plan is essential to any security is essential to any security

system.system. HereHere are are some some key thoughts about disaster key thoughts about disaster

recovery by Knoll (1986):recovery by Knoll (1986):

• The purpose of a recovery plan is to keep the The purpose of a recovery plan is to keep the business running after a disaster occurs. business running after a disaster occurs.

• Recovery planning is part of Recovery planning is part of asset protection.asset protection. • Planning should focus first on recovery from a total Planning should focus first on recovery from a total

loss of all capabilities.loss of all capabilities.• Proof of capability usually involves some kind of Proof of capability usually involves some kind of

what-if analysis that shows that the recovery plan is what-if analysis that shows that the recovery plan is current.current.

• All critical applications must be identified and their All critical applications must be identified and their recovery procedures addressed in the plan.recovery procedures addressed in the plan.

EthicsEthics

Where does work end and Where does work end and private life begin?private life begin?

ChangeChange

Portfolio Career – HandyPortfolio Career – Handy TelecommutingTelecommuting Smart Work – 80% Smart Work – 80%

cerebral/20%manualcerebral/20%manual Virtual CorporationsVirtual Corporations Intellectual CapitalIntellectual Capital

VideoVideo

EthicsEthics

PrivacyPrivacy Intellectual PropertyIntellectual Property

• CopyrightCopyright• Trade SecretsTrade Secrets• PatentPatent

Quality of LifeQuality of Life Social ResponsibilitySocial Responsibility

Case: Cyber Crime Case: Cyber Crime On On FebFeb. 6, . 6, 2000 2000 - - the biggest the biggest ECEC sites were sites were hit by hit by

cyber crimecyber crime.. • Yahoo!, eBay, Amazon.com, E*TradeYahoo!, eBay, Amazon.com, E*Trade

The attacker(s) used a method called denial of The attacker(s) used a method called denial of service (DOS). service (DOS). • Clog a system by hammering a Web site’s equipment Clog a system by hammering a Web site’s equipment

with too many requests for informationwith too many requests for information The total damage worldwide was estimated at $5-10 The total damage worldwide was estimated at $5-10

billion (U.S.).billion (U.S.).• TThe alleged attacker, from the Philippines, was not he alleged attacker, from the Philippines, was not

prosecuted because he did not break any law in the prosecuted because he did not break any law in the Philippines.Philippines.

Lessons Learned from the CaseLessons Learned from the Case

Information resources that include computers, networks, Information resources that include computers, networks, programs, and data are vulnerable to unforeseen attacks.programs, and data are vulnerable to unforeseen attacks.

Many countries do not have sufficient laws to deal with Many countries do not have sufficient laws to deal with computer criminals.computer criminals.

Protection of networked systems can be a complex issue.Protection of networked systems can be a complex issue.

Attackers can zero on a single company, or can attack Attackers can zero on a single company, or can attack many companies, without discrimination.many companies, without discrimination.

Attackers use different attack methods.Attackers use different attack methods.

Although variations of the attack methods are known, the Although variations of the attack methods are known, the defence against them is difficult and/or expensive.defence against them is difficult and/or expensive.

U.S. Federal StatutesU.S. Federal Statutes

According to the FBI, an average white-collar According to the FBI, an average white-collar crime involves $23,000; but an average crime involves $23,000; but an average computer crime involves about $600,000. computer crime involves about $600,000.

The following U.S. federal statutes dealThe following U.S. federal statutes deal wit with h computer crimecomputer crime;;

• Counterfeit Access Device and Computer Fraud Act Counterfeit Access Device and Computer Fraud Act of of 19841984

• Computer Fraud and Abuse Act Computer Fraud and Abuse Act of of 19861986• Computer Abuse Amendment Act of 1994 (prohibits Computer Abuse Amendment Act of 1994 (prohibits

transmission of viruses)transmission of viruses)• Computer Security Act of 1987Computer Security Act of 1987• Electronic Communications Privacy Act of 1986Electronic Communications Privacy Act of 1986• Electronic Funds Transfer Act of 1980Electronic Funds Transfer Act of 1980• Video privacy protection act of 1988Video privacy protection act of 1988

IT Security in the 21IT Security in the 21stst Century Century

Increasing the Reliability of Systems. Increasing the Reliability of Systems. 

The objective relating to reliability is to use The objective relating to reliability is to use fault fault tolerancetolerance to keep the information systems working, to keep the information systems working, even if some parts fail. even if some parts fail.

Intelligent Systems for Early Detection. Intelligent Systems for Early Detection. 

Detecting intrusion in its beginning is extremely Detecting intrusion in its beginning is extremely important, especially for classified information and important, especially for classified information and financial data.financial data.

Intelligent Systems in Auditing. Intelligent Systems in Auditing. 

Intelligent systems are used to enhance the task of Intelligent systems are used to enhance the task of IS auditing.IS auditing.

IT Security in the 21IT Security in the 21stst Century Century (cont.)(cont.)

Artificial Intelligence in Biometrics. Artificial Intelligence in Biometrics. 

Expert systems, neural computing, voice recognition, and Expert systems, neural computing, voice recognition, and fuzzy logic can be used to enhance the capabilities of fuzzy logic can be used to enhance the capabilities of several biometric systems.several biometric systems.

Expert Systems for Diagnosis, Prognosis, and Disaster Expert Systems for Diagnosis, Prognosis, and Disaster Planning.Planning.  Expert systems can be used to diagnose Expert systems can be used to diagnose troubles in computer systems and to suggest solutions. troubles in computer systems and to suggest solutions.

Smart Cards.Smart Cards.  Smart card technology can be used to Smart card technology can be used to protect PCs on LANs. protect PCs on LANs.

Fighting Hackers.Fighting Hackers. Several new products are available for Several new products are available for fighting hackers.fighting hackers.

National SecurityNational Security

Loss of individual privacyLoss of individual privacy WiretapsWiretaps Library ExampleLibrary Example Right’s at WorkRight’s at Work

Merry Christmas!!Merry Christmas!!

See you January 6See you January 6thth, 2003, 2003