PRELIM

TOPI

CS

IS operations management is concerned with the use of hardware, software, network, and personnel resources in data centers

Operational activities that must be managed

Computer system operationsNetwork managementProduction controlProduction support

MANAGING IS OPERATIONS

14-2

Recruiting, training and retaining qualified IS personnel

Evaluating employee job performance and rewarding outstanding performance with salary increases and promotions

Setting salary and wage levels

Designing career paths

IT STAFF PLANNING

14-3

Chief Information Officer (CIO)Oversees all uses of information technology in many companies, and brings them into alignment with strategic business goals

Chief Technology Officer (CTO) In charge of all information technology planning and deployment

Manages the IT platformSecond in command

IT EXECUTIVES

14-4

MIDTE

RM TOPI

CS

GLOBAL BUSINESS DRIVERS

Business requirements caused by the nature of the industry and its competitive or environmental forces

Examples of global drivers:CustomersProductsOperationsResourcesCollaboration

14-6

GLOBAL IT PLATFORMS

Hardware DifficultiesHigh pricesHigh tariffs Import restrictionsLong lead times for government approvalsLack of local service or spare partsLack of documentation tailored to local conditions

14-7

GLOBAL IT PLATFORMS

Software DifficultiesPackages developed in Europe may be incompatible with American or Asian versions

The software publisher may refuse to supply markets that disregard software licensing and copyright agreements

14-8

FINAL T

ERM

TOPI

CS

IT SECURITY, ETHICS, AND SOCIETY

Information technology has both beneficial and detrimental effects on society and people

Manage work activities to minimize the detrimental effects of information technology

Optimize the beneficial effects

13-10

BUSINESS ETHICS

Ethics questions that managers confront as part of their daily business decision making include

EquityRightsHonestyExercise of corporate power

13-11

CATEGORIES OF ETHICAL BUSINESS ISSUES

13-12

CORPORATE SOCIAL RESPONSIBILITY THEORIES

Stockholder TheoryManagers are agents of the stockholdersTheir only ethical responsibility is to increase the profits of the business without violating the law or engaging in fraudulent practices

Social Contract TheoryCompanies have ethical responsibilities to all members of society, who allow corporations to exist

Stakeholder TheoryManagers have an ethical responsibility to manage a firm for the benefit of all its stakeholders

Stakeholders are all individuals and groups that have a stake in, or claim on, a company

13-13

PRINCIPLES OF TECHNOLOGY ETHICSProportionality - The good achieved by the

technology must outweigh the harm or risk; there must be no alternative that achieves the same or comparable benefits with less harm or risk

Informed Consent - Those affected by the technology should understand and accept the risks

JusticeThe benefits and burdens of the technology should be distributed fairly

Those who benefit should bear their fair share of the risks, and those who do not benefit should not suffer a significant increase in risk

Minimized Risk - Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk 13-14

AITP STANDARDS OF PROFESSIONAL CONDUCT

13-15

RESPONSIBLE PROFESSIONAL GUIDELINES

A responsible professionalActs with integrity Increases personal competenceSets high standards of personal performance

Accepts responsibility for his/her workAdvances the health, privacy, and general welfare of the public

13-16

COMPUTER CRIME

Computer crime includesUnauthorized use, access, modification, or destruction of hardware, software, data, or network resources

The unauthorized release of informationThe unauthorized copying of softwareDenying an end user access to his/her own hardware, software, data, or network resources

Using or conspiring to use computer or network resources illegally to obtain information or tangible property

13-17

HACKING

Hacking is The obsessive use of computersThe unauthorized access and use of networked computer systems

Electronic Breaking and EnteringHacking into a computer system and reading files, but neither stealing nor damaging anything

CrackerA malicious or criminal hacker who maintains knowledge of the vulnerabilities found for private advantage

13-18

COMMON HACKING TACTICS

Denial of Service Hammering a website’s equipment with too many

requests for information Clogging the system, slowing performance, or crashing

the siteScans Widespread probes of the Internet to determine types of

computers, services, and connections Looking for weaknessesSniffer Programs that search individual packets of data as they

pass through the Internet Capturing passwords or entire contents

13-19

COMMON HACKING TACTICS

Spoofing - Faking an e-mail address or Web page to trick users into passing along critical information like passwords or credit card numbers

Trojan House - A program that, unknown to the user, contains instructions that exploit a known vulnerability in some software

Back Doors - A hidden point of entry to be used in case the original entry point is detected or blocked

Malicious Applets - Tiny Java programs that misuse your computer’s resources, modify files on the hard disk, send fake email, or steal passwords

13-20

COMMON HACKING TACTICS

War Dialing - Programs that automatically dial thousands of telephone numbers in search of a way in through a modem connection

Logic Bombs - An instruction in a computer program that triggers a malicious act

Buffer Overflow - Crashing or gaining control of a computer by sending too much data to buffer memory

Password Crackers - Software that can guess passwords

Social Engineering - Gaining access to computer systems by talking unsuspecting company employees out of valuable information, such as passwords

Dumpster Diving - Sifting through a company’s garbage to find information to help break into their computers

13-21

UNAUTHORIZED USE AT WORK

Unauthorized use of computer systems and networks is time and resource theft

Doing private consultingDoing personal financesPlaying video gamesUnauthorized use of the Internet or company networks

SniffersUsed to monitor network traffic or capacityFind evidence of improper use

13-22

INTERNET ABUSES IN THE WORKPLACE

General email abusesUnauthorized usage and accessCopyright infringement/plagiarismNewsgroup postingsTransmission of confidential dataPornographyHackingNon-work-related download/uploadLeisure use of the InternetUse of external ISPsMoonlighting

13-23

SOFTWARE PIRACY

Software PiracyUnauthorized copying of computer programs

LicensingPurchasing software is really a payment for a license for fair use

Site license allows a certain number of copies

A third of the software industry’s revenues are lost to piracy

13-24

THEFT OF INTELLECTUAL PROPERTY

Intellectual PropertyCopyrighted material Includes such things as music, videos, images, articles, books, and software

Copyright Infringement is IllegalPeer-to-peer networking techniques have made it easy to trade pirated intellectual property

Publishers Offer Inexpensive Online Music

Illegal downloading of music and video is down and continues to drop

13-25

VIRUSES AND WORMS

A virus is a program that cannot work without being inserted into another program

A worm can run unaided

These programs copy annoying or destructive routines into networked computers

Copy routines spread the virus

Commonly transmitted throughThe Internet and online servicesEmail and file attachmentsDisks from contaminated computersShareware

13-26

ADWARE AND SPYWARE

AdwareSoftware that purports to serve a useful purpose, and often does

Allows advertisers to display pop-up and banner ads without the consent of the computer users

SpywareAdware that uses an Internet connection in the background, without the user’s permission or knowledge

Captures information about the user and sends it over the Internet

13-27

SPYWARE PROBLEMS

Spyware can steal private information and also

Add advertising links to Web pagesRedirect affiliate paymentsChange a users home page and search settingsMake a modem randomly call premium-rate phone numbers

Leave security holes that let Trojans inDegrade system performance

Removal programs are often not completely successful in eliminating spyware

13-28

PRIVACY ISSUES

The power of information technology to store and retrieve information can have a negative effect on every individual’s right to privacy

Personal information is collected with every

visit to a Web siteConfidential information stored by credit bureaus, credit card companies, and the government has been stolen or misused

13-29

PRIVACY ISSUES

Violation of Privacy Accessing individuals’ private email conversations and

computer records Collecting and sharing information about individuals

gained from their visits to Internet websitesComputer Monitoring Always knowing where a person is Mobile and paging

services are becoming more closely associated with people than with places

Computer Matching Using customer information gained from many sources to

market additional business servicesUnauthorized Access of Personal Files Collecting telephone numbers, email addresses, credit

card numbers, and other information to build customer profiles

13-30

PROTECTING YOUR PRIVACY ON THE INTERNET

There are multiple ways to protect your privacy

Encrypt e-mailSend newsgroup postings through anonymous remailers

Ask your ISP not to sell your name and information to mailing list providers and other marketers

Don’t reveal personal data and interests on

online service and website user profiles

13-31

ERGONOMICS

Designing healthy work environments

Safe, comfortable, and pleasant for people to work in

Increases employee morale and productivityAlso called human factors engineering

13-32

ERGONOMICS FACTORS

13-33

SOCIETAL SOLUTIONS

Using information technologies to solve human and social problems

Medical diagnosisComputer-assisted instructionGovernmental program planningEnvironmental quality controlLaw enforcement Job placement

13-34

SECURITY MANAGEMENT OF IT

The Internet was developed for inter-operability, not impenetrability

Business managers and professionals alike are responsible for the security, quality, and performance of business information systems

Hardware, software, networks, and data resources must be protected by a variety of security measures

13-35

INTERNETWORKED SECURITY DEFENSESEncryptionData is transmitted in scrambled form It is unscrambled by computer systems for authorized users only

The most widely used method uses a pair of public and private keys unique to each individual

13-36

PUBLIC/PRIVATE KEY ENCRYPTION

13-37

INTERNETWORKED SECURITY DEFENSESFirewallsA gatekeeper system that protects a company’s intranets and other computer networks from intrusion

Provides a filter and safe transfer point for access to/from the Internet and other networks

Important for individuals who connect to the Internet with DSL or cable modems

Can deter hacking, but cannot prevent it

13-38

INTERNET AND INTRANET FIREWALLS

13-39

INTERNETWORKED SECURITY DEFENSES

Email MonitoringUse of content monitoring software that scans for troublesome words that might compromise corporate security

Virus DefensesCentralize the updating and distribution of antivirus software

Use a security suite that integrates virus protection with firewalls, Web security, and content blocking features

13-40

OTHER SECURITY MEASURES

Security CodesMultilevel password systemEncrypted passwordsSmart cards with microprocessors

Backup FilesDuplicate files of data or programs

Security MonitorsMonitor the use of computers and networksProtects them from unauthorized use, fraud, and destruction

13-41

OTHER SECURITY MEASURES

BiometricsComputer devices measure physical traits that make each individual unique Voice recognition, fingerprints, retina scan

Computer Failure ControlsPrevents computer failures or minimizes its effects

Preventive maintenanceArrange backups with a disaster recovery organization

13-42

OTHER SECURITY MEASURES

In the event of a system failure, fault-tolerant systems have redundant processors, peripherals, and software that provide

Fail-over capability: shifts to back up components

Fail-save capability: the system continues to operate at the same level

Fail-soft capability: the system continues to operate at a reduced but acceptable level

13-43

OTHER SECURITY MEASURES

A disaster recovery plan contains formalized procedures to follow in the event of a disaster

Which employees will participateWhat their duties will beWhat hardware, software, and facilities will be used

Priority of applications that will be processedUse of alternative facilitiesOffsite storage of databases

13-44

PROTECTING YOURSELF FROM CYBERCRIME

13-45

MARKS DISTRIBUTION

Prelim Period 5 Marks

Midterm Period 5 Marks

Final Term Period 40 Marks

Total 50 Marks

Thank you