prelim topics. is operations management is concerned with the use of hardware, software, network,...
TRANSCRIPT
IS operations management is concerned with the use of hardware, software, network, and personnel resources in data centers
Operational activities that must be managed
Computer system operationsNetwork managementProduction controlProduction support
MANAGING IS OPERATIONS
14-2
Recruiting, training and retaining qualified IS personnel
Evaluating employee job performance and rewarding outstanding performance with salary increases and promotions
Setting salary and wage levels
Designing career paths
IT STAFF PLANNING
14-3
Chief Information Officer (CIO)Oversees all uses of information technology in many companies, and brings them into alignment with strategic business goals
Chief Technology Officer (CTO) In charge of all information technology planning and deployment
Manages the IT platformSecond in command
IT EXECUTIVES
14-4
GLOBAL BUSINESS DRIVERS
Business requirements caused by the nature of the industry and its competitive or environmental forces
Examples of global drivers:CustomersProductsOperationsResourcesCollaboration
14-6
GLOBAL IT PLATFORMS
Hardware DifficultiesHigh pricesHigh tariffs Import restrictionsLong lead times for government approvalsLack of local service or spare partsLack of documentation tailored to local conditions
14-7
GLOBAL IT PLATFORMS
Software DifficultiesPackages developed in Europe may be incompatible with American or Asian versions
The software publisher may refuse to supply markets that disregard software licensing and copyright agreements
14-8
IT SECURITY, ETHICS, AND SOCIETY
Information technology has both beneficial and detrimental effects on society and people
Manage work activities to minimize the detrimental effects of information technology
Optimize the beneficial effects
13-10
BUSINESS ETHICS
Ethics questions that managers confront as part of their daily business decision making include
EquityRightsHonestyExercise of corporate power
13-11
CORPORATE SOCIAL RESPONSIBILITY THEORIES
Stockholder TheoryManagers are agents of the stockholdersTheir only ethical responsibility is to increase the profits of the business without violating the law or engaging in fraudulent practices
Social Contract TheoryCompanies have ethical responsibilities to all members of society, who allow corporations to exist
Stakeholder TheoryManagers have an ethical responsibility to manage a firm for the benefit of all its stakeholders
Stakeholders are all individuals and groups that have a stake in, or claim on, a company
13-13
PRINCIPLES OF TECHNOLOGY ETHICSProportionality - The good achieved by the
technology must outweigh the harm or risk; there must be no alternative that achieves the same or comparable benefits with less harm or risk
Informed Consent - Those affected by the technology should understand and accept the risks
JusticeThe benefits and burdens of the technology should be distributed fairly
Those who benefit should bear their fair share of the risks, and those who do not benefit should not suffer a significant increase in risk
Minimized Risk - Even if judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all unnecessary risk 13-14
RESPONSIBLE PROFESSIONAL GUIDELINES
A responsible professionalActs with integrity Increases personal competenceSets high standards of personal performance
Accepts responsibility for his/her workAdvances the health, privacy, and general welfare of the public
13-16
COMPUTER CRIME
Computer crime includesUnauthorized use, access, modification, or destruction of hardware, software, data, or network resources
The unauthorized release of informationThe unauthorized copying of softwareDenying an end user access to his/her own hardware, software, data, or network resources
Using or conspiring to use computer or network resources illegally to obtain information or tangible property
13-17
HACKING
Hacking is The obsessive use of computersThe unauthorized access and use of networked computer systems
Electronic Breaking and EnteringHacking into a computer system and reading files, but neither stealing nor damaging anything
CrackerA malicious or criminal hacker who maintains knowledge of the vulnerabilities found for private advantage
13-18
COMMON HACKING TACTICS
Denial of Service Hammering a website’s equipment with too many
requests for information Clogging the system, slowing performance, or crashing
the siteScans Widespread probes of the Internet to determine types of
computers, services, and connections Looking for weaknessesSniffer Programs that search individual packets of data as they
pass through the Internet Capturing passwords or entire contents
13-19
COMMON HACKING TACTICS
Spoofing - Faking an e-mail address or Web page to trick users into passing along critical information like passwords or credit card numbers
Trojan House - A program that, unknown to the user, contains instructions that exploit a known vulnerability in some software
Back Doors - A hidden point of entry to be used in case the original entry point is detected or blocked
Malicious Applets - Tiny Java programs that misuse your computer’s resources, modify files on the hard disk, send fake email, or steal passwords
13-20
COMMON HACKING TACTICS
War Dialing - Programs that automatically dial thousands of telephone numbers in search of a way in through a modem connection
Logic Bombs - An instruction in a computer program that triggers a malicious act
Buffer Overflow - Crashing or gaining control of a computer by sending too much data to buffer memory
Password Crackers - Software that can guess passwords
Social Engineering - Gaining access to computer systems by talking unsuspecting company employees out of valuable information, such as passwords
Dumpster Diving - Sifting through a company’s garbage to find information to help break into their computers
13-21
UNAUTHORIZED USE AT WORK
Unauthorized use of computer systems and networks is time and resource theft
Doing private consultingDoing personal financesPlaying video gamesUnauthorized use of the Internet or company networks
SniffersUsed to monitor network traffic or capacityFind evidence of improper use
13-22
INTERNET ABUSES IN THE WORKPLACE
General email abusesUnauthorized usage and accessCopyright infringement/plagiarismNewsgroup postingsTransmission of confidential dataPornographyHackingNon-work-related download/uploadLeisure use of the InternetUse of external ISPsMoonlighting
13-23
SOFTWARE PIRACY
Software PiracyUnauthorized copying of computer programs
LicensingPurchasing software is really a payment for a license for fair use
Site license allows a certain number of copies
A third of the software industry’s revenues are lost to piracy
13-24
THEFT OF INTELLECTUAL PROPERTY
Intellectual PropertyCopyrighted material Includes such things as music, videos, images, articles, books, and software
Copyright Infringement is IllegalPeer-to-peer networking techniques have made it easy to trade pirated intellectual property
Publishers Offer Inexpensive Online Music
Illegal downloading of music and video is down and continues to drop
13-25
VIRUSES AND WORMS
A virus is a program that cannot work without being inserted into another program
A worm can run unaided
These programs copy annoying or destructive routines into networked computers
Copy routines spread the virus
Commonly transmitted throughThe Internet and online servicesEmail and file attachmentsDisks from contaminated computersShareware
13-26
ADWARE AND SPYWARE
AdwareSoftware that purports to serve a useful purpose, and often does
Allows advertisers to display pop-up and banner ads without the consent of the computer users
SpywareAdware that uses an Internet connection in the background, without the user’s permission or knowledge
Captures information about the user and sends it over the Internet
13-27
SPYWARE PROBLEMS
Spyware can steal private information and also
Add advertising links to Web pagesRedirect affiliate paymentsChange a users home page and search settingsMake a modem randomly call premium-rate phone numbers
Leave security holes that let Trojans inDegrade system performance
Removal programs are often not completely successful in eliminating spyware
13-28
PRIVACY ISSUES
The power of information technology to store and retrieve information can have a negative effect on every individual’s right to privacy
Personal information is collected with every
visit to a Web siteConfidential information stored by credit bureaus, credit card companies, and the government has been stolen or misused
13-29
PRIVACY ISSUES
Violation of Privacy Accessing individuals’ private email conversations and
computer records Collecting and sharing information about individuals
gained from their visits to Internet websitesComputer Monitoring Always knowing where a person is Mobile and paging
services are becoming more closely associated with people than with places
Computer Matching Using customer information gained from many sources to
market additional business servicesUnauthorized Access of Personal Files Collecting telephone numbers, email addresses, credit
card numbers, and other information to build customer profiles
13-30
PROTECTING YOUR PRIVACY ON THE INTERNET
There are multiple ways to protect your privacy
Encrypt e-mailSend newsgroup postings through anonymous remailers
Ask your ISP not to sell your name and information to mailing list providers and other marketers
Don’t reveal personal data and interests on
online service and website user profiles
13-31
ERGONOMICS
Designing healthy work environments
Safe, comfortable, and pleasant for people to work in
Increases employee morale and productivityAlso called human factors engineering
13-32
SOCIETAL SOLUTIONS
Using information technologies to solve human and social problems
Medical diagnosisComputer-assisted instructionGovernmental program planningEnvironmental quality controlLaw enforcement Job placement
13-34
SECURITY MANAGEMENT OF IT
The Internet was developed for inter-operability, not impenetrability
Business managers and professionals alike are responsible for the security, quality, and performance of business information systems
Hardware, software, networks, and data resources must be protected by a variety of security measures
13-35
INTERNETWORKED SECURITY DEFENSESEncryptionData is transmitted in scrambled form It is unscrambled by computer systems for authorized users only
The most widely used method uses a pair of public and private keys unique to each individual
13-36
INTERNETWORKED SECURITY DEFENSESFirewallsA gatekeeper system that protects a company’s intranets and other computer networks from intrusion
Provides a filter and safe transfer point for access to/from the Internet and other networks
Important for individuals who connect to the Internet with DSL or cable modems
Can deter hacking, but cannot prevent it
13-38
INTERNETWORKED SECURITY DEFENSES
Email MonitoringUse of content monitoring software that scans for troublesome words that might compromise corporate security
Virus DefensesCentralize the updating and distribution of antivirus software
Use a security suite that integrates virus protection with firewalls, Web security, and content blocking features
13-40
OTHER SECURITY MEASURES
Security CodesMultilevel password systemEncrypted passwordsSmart cards with microprocessors
Backup FilesDuplicate files of data or programs
Security MonitorsMonitor the use of computers and networksProtects them from unauthorized use, fraud, and destruction
13-41
OTHER SECURITY MEASURES
BiometricsComputer devices measure physical traits that make each individual unique Voice recognition, fingerprints, retina scan
Computer Failure ControlsPrevents computer failures or minimizes its effects
Preventive maintenanceArrange backups with a disaster recovery organization
13-42
OTHER SECURITY MEASURES
In the event of a system failure, fault-tolerant systems have redundant processors, peripherals, and software that provide
Fail-over capability: shifts to back up components
Fail-save capability: the system continues to operate at the same level
Fail-soft capability: the system continues to operate at a reduced but acceptable level
13-43
OTHER SECURITY MEASURES
A disaster recovery plan contains formalized procedures to follow in the event of a disaster
Which employees will participateWhat their duties will beWhat hardware, software, and facilities will be used
Priority of applications that will be processedUse of alternative facilitiesOffsite storage of databases
13-44