Download bachelor of commerce in information and technology

IT Management 2B
BACHELOR OF COMMERCE IN INFORMATION AND
TECHNOLOGY MANAGEMENT
(YEAR 2)
MODULE 2
IT MANAGEMENT 2B
Study Guide
Yasean Khan
Copyright© 2012
MANAGEMENT COLLEGE OF SOUTHERN AFRICA
All rights reserved, no part of this book may be reproduced in any form or by any means, including photocopying
machines, without the written permission of the publisher
REF: BCOM-ITM-2B
Page | 1
IT Management 2B
CONTENTS:
CONTENTS: ...................................................................................................................................................... 2
INTRODUCTION TO THIS MODULE ................................................................................................................... 6
INTRODUCTION ....................................................................................................................................................... 6
CONTENTS AND STRUCTURE ...................................................................................................................................... 7
SECTION 1:
INFORMATION TECHNOLOGY FUNDAMENTALS ........................................................................................ 7
SECTION 2:
IMPACT OF INFORMATION TECHNOLOGY ................................................................................................ 7
SECTION 3:
INFORMATION TECHNOLOGY INVESTMENTS ........................................................................................... 7
SECTION 4:
BUSINESS INTELLIGENCE...................................................................................................................... 7
SECTION 5:
DATA WAREHOUSING AND DATA MINING.............................................................................................. 8
SECTION 6:
PRINCIPLES OF INFORMATION SECURITY ................................................................................................. 8
SECTION 7:
CONCLUSION ...................................................................................... ERROR! BOOKMARK NOT DEFINED.
SECTION ONE: INTRODUCTION TO INFORMATION TECHNOLOGY .................................................................. 15
1.1 LEARNING OUTCOMES ............................................................................................................................... 17
1.2 READING ..................................................................................................................................................... 18
1.3 INFORMATION TECHNOLOGY DEFINITION ............................................................................................................. 19
1.4 TIMELINE OF INFORMATION TECHNOLOGY THROUGH THE AGES: ............................................................................... 20
1.5 THE FOUR GENERATIONS OF DIGITAL COMPUTING................................................................................................. 27
1.6 INFORMATION AND COMMUNICATION TECHNOLOGY AND THE FUTURE ...................................................................... 29
1.7 CONCLUSION .................................................................................................................................................. 39
SECTION TWO: IMPACT OF INFORMATION TECHNOLOGY ............................................................................. 40
2.1 LEARNING OUTCOMES ............................................................................................................................... 42
2.2 READING ..................................................................................................................................................... 43
2.3 INTRODUCTION .......................................................................................................................................... 44
2.4 NEGATIVE IMPACT OF TECHNOLOGY ON THE ORGANISATION, INDIVIDUAL AND SOCIETY........................ 44
2. 5 POSITIVE IMPACT OF TECHNOLOGY ON THE ORGANISATION, INDIVIDUAL AND SOCIETY ......................... 46
2.6 CONCLUSION .............................................................................................................................................. 50
SECTION THREE: INFORMATION TECHNOLOGY INVESTMENTS ...................................................................... 56
3.1 LEARNING OUTCOMES ............................................................................................................................... 58
3.2 READING ..................................................................................................................................................... 59
3.3 INTRODUCTION .......................................................................................................................................... 60
3.4 TYPES OF INFORMATION TECHNOLOGY INVESTMENT DECISION MAKING PROBLEMS ...................................................... 61
3.5 INVESTIGATE THE FOLLOWING METHODOLOGIES. .................................................................................... 83
3.6 STRATEGIES FOR MAKING THE RIGHT IT INVESTMENT DECISIONS AND AVOIDING IT COSTS ............................................ 90
3.7 CONCLUSION .................................................................................................................................................. 91
SECTION FOUR: BUSINESS INTELLIGENCE ....................................................................................................... 92
4.1 LEARNING OUTCOMES ............................................................................................................................... 94
4.2 READING ..................................................................................................................................................... 95
4.3 INTRODUCTION ............................................................................................................................................... 96
4.4 WHAT IS BI? ................................................................................................................................................ 97
4. 5 REASONS FOR BUSINESS INTELLIGENCE................................................................................................................ 98
4.6 BENEFITS OF BUSINESS INTELLIGENCE .................................................................................................................. 99
4.7 FACTORS INFLUENCING BUSINESS INTELLIGENCE .................................................................................................... 99
Page | 2
IT Management 2B
4.8 FUTURE OF BUSINESS INTELLIGENCE .................................................................................................................. 103
4.9 CONCLUSION ................................................................................................................................................ 109
GROUP WORK .................................................................................................................................................... 110
SECTION FIVE: DATA WAREHOUSING AND DATA MINING ........................................................................... 112
5.1 LEARNING OUTCOMES ............................................................................................................................. 114
5.2 READING ................................................................................................................................................... 115
5.3 YOU NEED A DATA WAREHOUSE TO DO ANY DATA MINING ................................................................................... 116
5.4 DEFINITION OF DATA MINING (DM) ................................................................................................................. 118
5.5 PURPOSE OF DATA MINING(DM)..................................................................................................................... 118
5.6 PROCESS OF DATA MINING ............................................................................................................................. 118
5.7 WHAT IS DATA MINING AND PREDICTIVE ANALYTICS USED FOR? .............................................................................. 119
5.8 CONCLUSION AND SUMMARY .......................................................................................................................... 120
SECTION SIX: PRINCIPLES OF INFORMATION SECURITY ................................................................................ 125
6.1 LEARNING OUTCOMES ............................................................................................................................. 127
6.2 READING ................................................................................................................................................... 128
6.3 WHAT IS INFORMATION SECURITY ........................................................................................................... 129
6.4 IS IT JUST THE INFORMATION TECHNOLOGY DEPARTMENT WHO SHOULD BE INVOLVED IN SECURITY? . 129
6.5 KEY INFORMATION SECURITY TERMS AND CONCEPTS ............................................................................. 131
6.6 DATA .......................................................................................................................................................... 134
6.7 PEOPLE........................................................................................................................................................ 134
6.8 PROCEDURES ................................................................................................................................................ 134
6.9 NETWORKS .................................................................................................................................................. 135
6.10 BALANCING INFORMATION SECURITY AND ACCESS ............................................................................................. 135
6.11 INFORMATION SECURITY PROJECT TEAM............................................................................................... 137
6.12 DATA RESPONSIBILITIES .......................................................................................................................... 137
6.13 CONCLUSION .......................................................................................................................................... 138
SECTION SEVEN: CONCLUSION ..................................................................................................................... 152
WORKS CITED ............................................................................................. ERROR! BOOKMARK NOT DEFINED.
Page | 3
IT Management 2B
Page | 4
IT Management 2B
Figure 1 - IT covered in Module 2A ......................................................................................................... 9
Figure 2 - IT Covered in this Module 2B ..................................................................................................... 10
Figure 3 - The Abacus : One of the very first information processors. ............................................................ 20
Figure 4 - The Slide Rule : Early 1600s, William Oughtred, an English clergyman, invented the slide rule......... 21
Figure 5 - The Pascaline : The Pascaline. Invented by Blaise Pascal (1623-62). ............................................ 21
Figure 6 - The Pascaline Interior : One of the first mechanical computing machines, around 1642. .................. 22
Figure 7 - Charles Babbage (1792-1871), eccentric English mathematician - The Difference Engine................ 22
Figure 8 - The Analytical Engine. ............................................................................................................... 23
Figure 9 - Joseph Marie Jacquard's loom. Parts are remarkably similar to modern-day computers, designed in
the 1830's, inspired binary logic. ................................................................................................................ 23
Figure 10- Census Machine, used punch cards. .......................................................................................... 24
Figure 11- 1890 : International Business Machines Corporation (IBM). The first logo, still a very big player in
modern day computing. ............................................................................................................................ 25
Figure 12- Howard Aiken, a Ph.D. student at Harvard University Built the Mark I, which was completed January
1942 8 feet tall, 51 feet long, 2 feet thick, weighed 5 tons, used about 750,000 parts ...................................... 25
Figure 13 - Electronic Numerical Integrator and Computer (ENIAC) - 1946 .................................................... 25
Figure 14 - Electronic Numerical Integrator and Computer (ENIAC) - 1946 : Rear View - Note vaccum tubes. .. 26
Figure 15- The Manchester University Mark I (prototype). First stored program computer ............................... 26
Figure 16- The First Generation (1951-1958). ............................................................................................. 27
Figure 17 - The Second Generation (1959-1963). ....................................................................................... 27
Figure 18- The Third Generation................................................................................................................ 28
Figure 19- MIS Hierarchical planning stages (Schniederjans, 2004, p.16) ..................................................... 64
Figure 20- Complicated dimensions of sub choices ..................................................................................... 67
Figure 21- A Management Information System - Allocating all resources to this can be considered to be an IT
investment (Schniederjans, 2004) .............................................................................................................. 67
Figure 22- Basic Understanding of Business Intelligence (BI) ............................................................ 105
Figure 23- BI Strategic, Tactical and Operational....................................................................................... 107
Figure 24 - Operational Tactical and Strategic BI ...................................................................................... 108
Figure 25- The three forms of BI must work according towards a common goal............................................ 108
Figure 26 - The Latency between a business event and an action Taken from Richard Hackathorn, Bolder
Technologies. ........................................................................................................................................ 109
Figure 27- Data Warehouse (Wikimedia Commons) .................................................................................. 117
Figure 28 - Components of Information Security (Whitman & Mattford, 2012)................................ 130
Figure 29- Components of an Information System (Whitman & Mattford, 2012) ............................................ 133
Figure 30- Balancing Security and Access to information (Whitman & Mattford, 2012, p.19) .......................... 136
Figure 31- SLS Organisation ................................................................................................................ 142
Page | 5
IT Management 2B
INTRODUCTION TO THIS MODULE
The broad aims of this module are to:

Expose learners to information technology and processes that will facilitate management and
decision making in organisations.

Understand the impact of information technology on the organisation, individual and society.

Evaluate the benefits and drawbacks of information technology investments.

Understand and apply the principles of data warehousing and data mining.

Understand and apply the basic principles of information security.
Introduction
This module, IT Management, forms an integral part of the MANCOSA qualification and serves to introduce the
student to the fundamentals of Information Technology (IT) Management together with the methods and theories
that support the integration of these technologies within business objectives. In doing so, the module expands
on the building blocks of Information Technology and their integration and application in the world and how it
impacts on the individual, the organisation and on society. After exploring Information Technology in terms of
those impact areas, we consider how strategy is key to investing in IT. Part of any organisation strategy should
be to gather business intelligence from the information it holds. This will lead to an in-depth discussion on Data
Warehousing and Data Mining. We will conclude this module with look at the principles of Information Security.
Thus this module will provide you with a holistic understanding of the impacts of Technology and contextualizing
this information. It will firm up your understanding of Business Intelligence and will finally look at the process and
principles of protecting your data and using your data with business intelligence.
Page | 6
IT Management 2B
Contents and Structure
Section 1: Information Technology Fundamentals
This first section revisits the concepts of Information Technology (ICT). In this section the nature and definition of
Information Technology are reviewed bearing in mind the information we have covered in the previous module.
The idea in this section is to provide the framework and context for the rest of the module within which we will
operate.
Section 2: Impact of Information Technology
In this section we will review some of the ways in which Information Technology has impacted the
organisation, individual and society.
Section 3: Information Technology Investments
Bearing the previous section in mind, section three puts the student in touch with understanding how
the strategies that one adopts in respect to Information Technologies affect the investments in
Information Technology. We consider the trends in Technology and the strategies and then the
investments one should make.
Section 4: Business Intelligence
We will realize that it is imperative to understand and prepare for ICT so that your organisation is ready
to embrace these changes and then to capitalize on these Investments. However we will also see that
one needs to evaluate current trends and patterns within an organisation by making use of Business
Intelligence methods to help the decision making process. The use or lack of use of Business
Intelligence can often spell the difference between, organisations becoming insolvent and just surviving
to the ones that are thriving through innovation that their customers are craving, ultimately this is where
the larger profit margins are!
Page | 7
IT Management 2B
We challenge you to identify opportunities and risks within your organisation together with some case
studies for review and will lay the basis for section 5 which deals with Data Warehousing and Data
Mining
Section 5: Data Warehousing and Data Mining
Data warehousing often happens without any conscious intention, however when that happens the
organisation is usually not prepared to harvest and analyze the information they are collecting so that
they can make business decisions based on factual data which they would get through analyzing the
data (data mining) they own. The key is to identify how we mine the data we have obtained in order to
take the organisation forward by using the information we have to draw conclusions based on trends so
we can innovate and meet customers' needs or be disruptive in our innovation so that we can be
leaders in that new area.
Section 6: Principles of Information Security
Data of individuals and the company have value and needs to be protected from abuse or from being
compromised. In a very real sense we will discover that data and business intelligence data is almost a
currency of its own and commands the need for security.
Page | 8
IT Management 2B
What have we learnt about Information Technology in the previous module?
Figure 1 - IT covered in Module 2A
Remembering the information in the previous module regarding Information Technology, we will look at
Information Technology in the light of how this knowledge will facilitate management and decision making in an
organisation. The organisation can only benefit from understanding intelligently the facts and trends that are
presented by the data the organisation has gleaned from its customers. This business intelligence can tip the
scale for the future of the organisation.
Let us look closer at the way this module is set out?
Page | 9
IT Management 2B
What we will learn about Information Technology in this module?
Figure 2 - IT Covered in this Module 2B
In a nutshell this module will recap the Information Technology fundamentals that we have learnt and
will then tackle the impact of Information Technology. Knowing the impact of Information Technology in
the various areas will assist us in understanding the benefits and drawbacks of Information Technology
investments and ways in which managers can tackle this contentious area. We take an in-depth look at
Business Intelligence as a tool to be leveraged in making the organisations future more than just
survival but also of profitability. We cover the cornerstone of Business Intelligence being Data
Warehousing and Data Mining
Page | 10
IT Management 2B
How to use the Manual
Don’t try to complete the manual in a few long sessions. You will study more effectively if you divide
your study into two-hour sessions.
If you want to take a break it would be a good idea to stop at the end of a section.
As you work through the manual you will come across questions that will test your knowledge, or
require you to do more reading and research or work in groups. These are designed to help you study
and prepare for the assignments and examinations. Good Luck!
Page | 11
IT Management 2B
The following are important Course Book Notations.
Refer to the prescribed text book
Attempt the following questions and
chapters and pages specified.
research further if you could not
answer the questions.
Learning Outcomes
Read/Research and write additional
notes. Make sure you use the
prescribed
textbook
and
useful
Internet websites to write additional
notes.
Important Concepts
Solution to Test Your Knowledge
Questions
Case Study
Test Your Knowledge
Think point
Group Work
Page | 12
IT Management 2B
READING
This manual has been designed to be read in conjunction with the following textbooks:
Prescribed Reading:

Reynolds, George W. (2010) Information Technology for Managers, International Edition.
United States of America: Cengage Learning

Schniederjans, M.J., 2004. Information Technology Investment: Decision-Making
Methodology.

World Scientific Pub Co Inc.
Williams, B and Sawyer,S. (2010) Using Information Technology, 8th Edition. USA, New
York: Mcgraw-Hill
Recommended Reading:

Bidgoli, H. (2012) MIS2. Boston: Cengage Learning

Whitman, Michael E. (2011) Principles of Information Security. 4 Edition. Course
Technology.

Paige Baltzan, A.P., 2009. Business Driven Information Systems. New York: McGraw-Hill.
Web Resources:

See (Case Sensitive) https://docs.google.com/open?id=0B1ZF9spPlWD-Z2VjbVM4UExtYWs
Page | 13
IT Management 2B
Page | 14
IT Management 2B
Section One: Introduction to Information
Technology
Contents
SECTION ONE: INTRODUCTION TO INFORMATION TECHNOLOGY ............... ERROR! BOOKMARK NOT DEFINED.
1.1 LEARNING OUTCOMES ................................................................................... ERROR! BOOKMARK NOT DEFINED.
1.2 READING ......................................................................................................... ERROR! BOOKMARK NOT DEFINED.
1.3 INFORMATION TECHNOLOGY DEFINITION ................................................................. ERROR! BOOKMARK NOT DEFINED.
1.4 TIMELINE OF INFORMATION TECHNOLOGY THROUGH THE AGES: ................................... ERROR! BOOKMARK NOT DEFINED.
1.5 THE FOUR GENERATIONS OF DIGITAL COMPUTING..................................................... ERROR! BOOKMARK NOT DEFINED.
1.6 INFORMATION AND COMMUNICATION TECHNOLOGY AND THE FUTURE .......................... ERROR! BOOKMARK NOT DEFINED.
1.7 CONCLUSION ...................................................................................................... ERROR! BOOKMARK NOT DEFINED.
Page | 15
IT Management 2B
Think point




What is Information Technology ?
Do we embrace or resist Information Technology ?
Has Information Technology already infiltrated our lives?
How has information technology developed over time and where is it heading to?
Page | 16
IT Management 2B
1.1 LEARNING OUTCOMES
In this chapter we will be reviewing what we have learnt about Information Technology in the previous module
and use this as the basis for the next chapter on the Impact of Information Technology on ourselves, the
organisation and society.
1. A student will be able to define Information Technology
2. A student will be able to understand the history of computers and how it changed the world and grasp
that these changes need to be spotted so that a company can adopt disruptive technologies in time to
ensure their sustainability for the future and perhaps become market leaders themselves.
Page | 17
IT Management 2B
1.2 READING
Prescribed Reading:
Reynolds, George W. (2010) Information Technology for Managers, International Edition. United
States of America: Cengage Learning
DETAILS: Chapter of Book that should be read.
Chapter 1: Managers: Key to Information Technology Results.
Chapter 2: Strategic Planning.
Williams, B and Sawyer,S. (2010) Using Information Technology, 8th Edition. USA, New York:
Mcgraw-Hill
DETAILS: Chapter of Book that should be read.
Chapter 1 INTRODUCTION TO INFORMATION TECHNOLOGY: Your Digital World (should have
been read from previous module)
Chapter 9 THE CHALLENGES OF THE DIGITAL AGE: Society & Information Technology Today
SUGGESTED READING:
Chapter 3 SOFTWARE: Tools for Productivity & Creativity
Chapter 4 HARDWARE: THE CPU & STORAGE: How to Choose a Multimedia Computer System
Chapter 5 HARDWARE: INPUT & OUTPUT: Taking Charge of Computing & Communications
Chapter 6 COMMUNICATIONS, NETWORKS, & SAFEGUARDS: The Wired & Wireless World
Chapter 7 PERSONAL TECHNOLOGY: The Future Is You
Chapter 8 DATABASES & INFORMATION SYSTEMS: Digital Engines for Today’s Economy
Chapter 10 SYSTEMS ANALYSIS & PROGRAMMING: Software Development, Programming, &
Languages
Page | 18
IT Management 2B
1.3 Information Technology Definition
Information and communication technology (ICT) can be defined as - "ways of finding, gathering, and
manipulating information and then presenting or communicating it. ICT includes making computers and providing
software, programming and communication services such as email and the Internet"1.
"ICT (information and communications technology - or technologies) is an umbrella term that includes any
communication device or application, encompassing: radio, television,
cellular phones, computer and network hardware and software, satellite
systems and so on, as well as the various services and applications
associated with them, such as videoconferencing and distance
learning."2
"ICT consists of all technical means used to handle information and aid
communication, including computer and network hardware,
communication middleware as well as necessary software. In other
words, ICT consists of IT as well as telephony, broadcast media, all
types of audio and video processing and transmission and network
based control and monitoring functions."3
Using these definitions we can see that we have quite a wide and
diverse area that is classified as Information Technology.
REMEMBER:
Information
Technology:
Ways of finding,
gathering,
manipulating
information and
then presenting or
communicating it
1
Poverty Reduction Dictionary. 2011. Poverty Reduction Dictionary. [ONLINE] Available at:
http://www.srds.co.uk/mdg/dictionary.htm. [Accessed 15 October 2011].
2 What is ICT (information and communications technology - or technologies)? - Definition from
Whatis.com. 2011. What is ICT (information and communications technology - or technologies)? Definition from Whatis.com. [ONLINE] Available at: http://searchciomidmarket.techtarget.com/definition/ICT. [Accessed 15 October 2011].
3 http://foldoc.org/Information+and+Communication+Technology
Page | 19
IT Management 2B
1.4 Timeline of Information Technology through the ages:
Four basic periods
"Each of these periods are characterized by a principal technology used to solve the input,
processing, output and communication problems of the time:
A.
B.
C.
D.
Premechanical,
Mechanical,
Electromechanical, and
Electronic
A. The Pre-mechanical Age: 3000 B.C. - 1450 A.D.
We can attribute the following in the pre-mechanical age, towards being among the key technological
steps towards our current technologies,
1. Books and Libraries--output technologies (permanent storage devices).
1. Religious leaders in Mesopotamia kept the earliest "books"
2. The Egyptians kept scrolls.
3. Around 600 B.C., the Greeks began to fold sheets of papyrus vertically into leaves and
bind them together.
2. The First Numbering Systems.
1. Egyptian system:
 The numbers 1-9 as vertical lines, the number 10 as a U or circle, the number
100 as a coiled rope, and the number 1,000 as a lotus blossom.
2. The first numbering systems similar to those in use today were invented between 100
and 200 A.D. by Hindus in India who created a nine-digit numbering system.
3. Around 875 A.D., the concept of zero was developed.
3. The First Calculators: The Abacus.
4.
Figure 3 - The Abacus : One of the very first information processors.
Page | 20
IT Management 2B
B. The Mechanical Age: 1450 - 1840
1. The First Information Explosion.
o Johann Gutenberg (Mainz, Germany; c. 1387-1468)
 Invented the movable metal-type printing process in 1450.
o The development of book indexes and the widespread use of page numbers.
2. The first general purpose "computers"
o Actually people who held the job title "computer: one who works with numbers."
3. Slide Rules, the Pascaline and Leibniz's Machine.
Figure 4 - The Slide Rule : Early 1600s, William Oughtred, an English clergyman, invented the
slide rule
4. Early example of an analog computer.
Figure 5 - The Pascaline : The Pascaline. Invented by Blaise Pascal (1623-62).
Page | 21
IT Management 2B
Figure 6 - The Pascaline Interior : One of the first mechanical computing machines, around 1642.
5. Babbage's
Engines
Figure 7 - Charles Babbage (1792-1871), eccentric English mathematician - The Difference
Engine.
Page | 22
IT Management 2B
Figure 8 - The Analytical Engine.
Figure 9 - Joseph Marie Jacquard's loom. Parts are remarkably similar to modern-day
computers, designed in the 1830's, inspired binary logic.
Page | 23
IT Management 2B
C. The Electromechanical Age: 1840 - 1940.
The discovery of ways to harness electricity was the key advance made during this period.
Knowledge and information could now be converted into electrical impulses.
1. The Beginnings of Telecommunication.
1. Voltaic Battery.
 Late 18th century.
2. Telegraph.
 Early 1800s.
3. Morse Code.
 Developed in1835 by Samuel Morse
 Dots and dashes.
4. Telephone and Radio.
 Alexander Graham Bell.
 1876
5. Followed by the discovery that electrical waves travel through space and can produce
an effect far from the point at which they originated.
6. The invention of the radio
 Guglielmo Marconi
 1894
2. Electromechanical Computing
1. Herman Hollerith and IBM.
Herman Hollerith (1860-1929) in 1880.
Figure 10- Census Machine, used punch cards.
Page | 24
IT Management 2B
Figure 11- 1890 : International Business Machines Corporation (IBM). The first logo, still a very
big player in modern day computing.
Figure 12- Howard Aiken, a Ph.D. student at Harvard University Built the Mark I, which was
completed January 1942 8 feet tall, 51 feet long, 2 feet thick, weighed 5 tons, used about 750,000
parts
D. The Electronic Age: 1940 - Present.
1. First Tries.
o Early 1940s
o Electronic vacuum tubes.
o Eckert and Mauchly. The First High-Speed, General-Purpose Computer Using
Vacuum Tubes:
Electronic Numerical Integrator and Computer (ENIAC)
Figure 13 - Electronic Numerical Integrator and Computer (ENIAC) - 1946
Page | 25
IT Management 2B
Figure 14 - Electronic Numerical Integrator and Computer (ENIAC) - 1946 : Rear View - Note
vaccum tubes.

Used vacuum tubes (not mechanical devices) to do its calculations. Hence, first electronic
computer.
Figure 15- The Manchester University Mark I (prototype). First stored program computer

The First General-Purpose Computer for Commercial Use: Universal Automatic
Computer (UNIVAC). First UNIVAC delivered to Census Bureau in 1951. A machine called
LEO (Lyons Electronic Office) went into action a few months before UNIVAC and became the
world's first commercial computer.
Page | 26
IT Management 2B
1.5 The Four Generations of Digital Computing.
The First Generation (1951-1958)
Figure 16- The First Generation (1951-1958).
1.
2.
3.
4.
5.
Vacuum tubes as their main logic elements.
Punch cards to input and externally store data.
Rotating magnetic drums for internal storage of data and programs
Programs written in Machine language
Assembly language requires a compiler.
The Second Generation (1959-1963).
Figure 17 - The Second Generation (1959-1963).
Page | 27
IT Management 2B
1. Vacuum tubes replaced by transistors as main logic element.
2. Crystalline mineral materials called semiconductors could be used in the design of a
device called a transistor
3. Magnetic tape and disks began to replace punched cards as external storage devices.
4. Magnetic cores (very small donut-shaped magnets that could be polarized in one of two
directions to represent data) strung on wire within the computer became the primary internal
storage technology.
5. High-level programming languages
6. E.g., FORTRAN and COBOL
1. The Third Generation (1964-1979).
REMEMBER:
4 BASIC PERIODS
Pre-Mechanical,
Mechanical,
Electromechanical,
A. Electronic
Figure 18- The Third Generation
1. Individual transistors were replaced by integrated circuits.
2. Magnetic tape and disks completely replace punch cards as external storage devices.
3. Magnetic core internal memories began to give way to a new form, metal oxide semiconductor
(MOS) memory, which, like integrated circuits, used silicon-backed chips.
Operating systems
Advanced programming languages like BASIC developed. This is where Bill Gates and
Microsoft got their start in 1975.
Page | 28
IT Management 2B
2. The Fourth Generation (1979- Present).
1. Large-scale and very large-scale integrated circuits (LSIs and VLSICs)
2. Microprocessors that contained memory, logic, and control circuits (an entire CPU =
Central Processing Unit) on a single chip.
 Which allowed for home-use personal computers or PCs, like the Apple (II
and Mac) and IBM PC.
 Apple II released to public in 1977, by Stephen Wozniak and Steven Jobs.
 Initially sold for $1,195 (R9 560) (without a monitor); had 16k RAM.
 First Apple Mac released in 1984.
 IBM PC introduced in 1981.
 Debuts with MS-DOS (Microsoft Disk Operating System)
 Fourth generation language software products E.g., Visicalc, Lotus 1-2-3,
dBase, Microsoft Word, and many others.
 Graphical User Interfaces (GUI) for PCs arrive in early 1980s
1. MS Windows debuts in 1983, but is quite a clunker.
Windows wouldn't take off until version 3 was released in 1990
Source : Information Technology History - Outline.
4
1.6 Information and Communication Technology and the Future
Computer Development
When we look back at the rapid pace of technology and the change we make in our own
lives to embrace technology, we realize that more change is a certainty. According to
Invalid source specified. Page 34, the exciting changes that lie ahead in computer
development are speed, miniaturization and affordability. History is showing us that this is
exactly the direction we have always being heading.
Information Technology History - Outline. 2012. Information Technology History - Outline.
[ONLINE] Available at: http://www.tcf.ua.edu/Classes/Jbutler/T389/ITHistoryOutline.htm. [Accessed
27 April 2012].
4
Page | 29
IT Management 2B
Miniaturization
Radio-style vacuum tubes have given away to transistors, which enabled the development
of integrated circuits, which are now smaller than your thumbnail. In the past the
processing power of the processer (CPU) found on a desktop PC was equivalent to the
size of one that filled a room.
Speed
Due to the advancements made in miniaturization and the research into new materials to
make computer components, we have seen that both speed and data storage rise
significantly.
Affordability
Imagine that a processor that costs around R7000 today in terms of its processing power
cost around 7 Million Rand back then.
Connectivity
Because of the expansion in computer networks, e-mail and online shopping became more
viable. This interconnected network created the infrastructure for growth.
Interactivity
Without interaction a computer program such as backing up the system will perform its task
until completion or error. In our normal computer use, we interact with ICT, and it is very
much like a dialogue between people, except that you can simply continue a dialogue with
a computer at exactly the same point you left off. This interaction when the computer
responds to our requests makes them useful.
We are seeing changes in interactivity, for instance it is now possible to give a vehicle
verbal instructions or voice commands, or you can go online after a news broadcast and
respond to what you saw. Quite often you will hear on the radio, what people have sms'ed
or e-mailed about a topic being discussed.
Multimedia
The World Wide Web transformed how multimedia was presented and accessed, and thus
resulted in such a widespread adoption. Even modern vehicles now, have visual and
audiovisual devices that enable navigation, movies and music.
Page | 30
IT Management 2B
The future where computers and communications combine will create even more exciting
possibilities. Possibilities in Convergence, Portability and Personalization are in the future
and already rearing its head into the consumer markets at the time of writing this module.
Convergence
People smirked when the concepts of phones combined with camera's were introduced,
today that has become the standard for a cellphone. Convergence is when you combine
various industry needs into one device or product, such as the TV watch, or lately the IPAD
2/3 or the other android devices that have more processing power than the space shuttle in
1981 which was "The IBM AP-101 which had about 424 kilobytes of magnetic core memory
each. The CPU could process about 400,000 instructions per second. They had no hard
disk drive, and load software from magnetic tape cartridges." 5
Portability
The beauty and convenience of Andriod, Blackberry, and Iphones have left no doubt to the
power of handheld power and portability. There is however the downside that, we now
have our personal time often invaded with business.
1. Personalization
The key to contentment is personalization. This is from covers to themes- to gadgets. The
more you can tailor it to your own needs, the more you love the item you can personalize.
2. Collaboration
Action towards common goals, is what collaboration is all about. Collaboration has become
a very powerful force, especially with the power of communication mediums that are
becoming easier to access and cheaper to use. Collaboration via these mediums, bypass
many human conceived barriers of race, religion, physical appearance. Collaboration
software together with these communication mediums have created giants like skype and
facebook and will continue to grow. We will learn more about collaboration in Section 4.
3. Cloud Computing: The Global Computer
Previously called grid computing, cloud computing is simply using computer resources from
a network of computers that are physically separate from your business and are usually
stored in a secure data warehouse. Cloud computing displaces the usual concerns that
come with disaster recovery and management. Cloud computing has really started taking
off as a service and is becoming more the norm, rather than the exception.
Please read the table on the next few pages to understand more about the History of Computers
adapted from: Computer Timeline.
5
Space Shuttle - Wikipedia, the free encyclopedia. 2011. Space Shuttle - Wikipedia, the free
encyclopedia. [ONLINE] Available at: http://en.wikipedia.org/wiki/Space_Shuttle. [Accessed 04
October 2011].
Page | 31
IT Management 2B
TIME LINE OF COMPUTER EVENTS
YEAR
EVENT
2400 BC
Abacus: The abacus, the first known calculator, was invented in Babylonia
500 BC
Panini: Introduced the forerunner to modern formal language theory
300 BC
Pingala: Pingala invented the binary number system
87 BC
Antikythera Mechanism: Built in Rhodes to track movement of the stars
60 AD
Heron of Alexandria: Heron of Alexandria invents machines which follow a series of
instructions
Liang Ling-Can: Liang Ling-Can invents the first fully mechanical clock
724
1492
Leonardo da Vinci: Drawings by Leonardo da Vinci depict inventions such as flying
machines, including a helicopter, the first mechanical calculator and one of the first
programmable robots
1614
John Napier: John Napier invents a system of moveable rods (Napier's Rods) based
on logarithms which was able to multiply, divide and calculate square and cube
roots
1622
William Oughtred: William Oughtred develops slide rules
1623
Calculating Clock: Invented by Wilhelm Schickard
1642
Blaise Pascal: Blaise Pascal invents the the "Pascaline", a mechanical adding
machine
Gottfried Leibniz: Gottfried Leibniz is known as one of the founding fathers of
calculus
Joseph-Marie Jacquard: Joseph-Marie Jacquard invents an automatic loom
controlled by punched cards
1671
1801
1820
Arithmometer: The Arithmometer was the first mass-produced calculator invented
by Charles Xavier Thomas de Colmar
1822
Charles Babbage: Charles Babbage designs his first mechanical computer
1834
Analytical Engine: The Analytical Engine was invented by Charles Babbage
1835
Morse code: Samuel Morse invents Morse code
1848
Boolean algebra: Boolean algebra is invented by George Boole
1853
Tabulating Machine: Per Georg Scheutz and his son Edvard invent the Tabulating
Machine
Page | 32
IT Management 2B
1869
William Stanley Jevons: William Stanley Jevons designs a practical logic machine
1878
Ramon Verea: Ramon Verea invents a fast calculator with an internal multiplication
table
Alexander Graham Bell: Alexander Graham Bell invents the telephone called the
Photophone
Comptometer: The Comptometer is an invention of Dorr E. Felt which is operated by
pressing keys
1880
1884
1890
Herman Hollerith: Herman Hollerith invents a counting machine which increment
mechanical counters
1895
Guglielmo Marconi: Radio signals were invented by Guglielmo Marconi
1896
Tabulating Machine Company: Herman Hollerith forms the Tabulating Machine
Company which later becomes IBM
1898
Nikola Tesla: Remote control was invented by Nikola Tesla
1906
Lee De Forest: Lee De Forest invents the electronic tube
1911
IBM: IBM is formed on June 15, 1911
1923
Philo Farnsworth: Television Electronic was invented by Philo Farnsworth
1924
John Logie Baird: Electro Mechanical television system was invented by John Logie
Baird
Walther Bothe: Walther Bothe develops the logic gate
1930
Vannevar Bush: Vannevar Bush develops a partly electronic Difference Engine
1931
Kurt Godel: Kurt Godel publishes a paper on the use of a universal formal language
1937
Alan Turing: Alan Turing develops the concept of a theoretical computing machine
1938
Konrad Zuse: Konrad Zuse creates the Z1 Computer a binary digital computer using
punch tape
1939



George Stibitz: George Stibitz develops the Complex Number Calculator - a
foundation for digital computers
Hewlett Packard: William Hewlett and David Packard start Hewlett Packard
John Vincent Atanasoff and Clifford Berry: John Vincent Atanasoff and
Clifford Berry develop the ABC (Atanasoft-Berry Computer) prototype
1943
Enigma: Adolf Hitler uses the Enigma encryption machine
Colossus: Alan Turing develops the the code-breaking machine Colossus
1944
Howard Aiken & Grace Hopper: Howard Aiken and Grace Hopper designed the
MARK series of computers at Harvard University
Page | 33
IT Management 2B
1945
ENIAC: John Presper Eckert & John W. Mauchly: John Presper Eckert & John W.
Mauchly develop the ENIAC ( Electronic Numerical Integrator and Computer)
Computer Bug: The term computer ‘bug’ as computer bug was first used by Grace
Hopper
1946
F.C. Williams: F.C. Williams develops his cathode-ray tube (CRT) storing device the
forerunner to random-access memory (RAM)
1947



Pilot ACE: Donald Watts Davies joins Alan Turing to build the fastest digital
computer in England at the time, the Pilot ACE
William Shockley: William Shockley invents the transistor at Bell Labs
Douglas Engelbart: Douglas Engelbart theorises on interactive computing
with keyboard and screen display instead of on punchcards
1948
Andrew Donald Booth: Andrew Donald Booth invents magnetic drum memory
Frederic Calland Williams & Tom Kilburn: Frederic Calland Williams & Tom Kilburn
develop the SSEM "Small Scale Experimental Machine" digital CRT storage which
was soon nicknamed the "Baby"
1949
Claude Shannon: Claude Shannon builds the first machine that plays chess
Howard Aiken: Howard Aiken develops the Harvard-MARK III
1950
Hideo Yamachito: The first electronic computer is created in Japan by Hideo
Yamachito.
Alan Turing: Alan Turing publishes his paper Computing Machinery and Intelligence
which helps create the Turing Test.
1951
LEO: T. Raymond Thompson and John Simmons develop the first business
computer, the Lyons Electronic Office (LEO) at Lyons Co.
UNIVAC: UNIVAC I (UNIVersal Automatic Computer I) was introduced - the first
commercial computer made in the United States and designed principally by John
Presper Eckert & John W. Mauchly
EDVAC: The EDVAC (Electronic Discrete Variable Automatic Computer) begins
performing basic tasks. Unlike the ENIAC, it was binary rather than decimal
1953
The IBM 701 becomes available and a total of 19 are sold to the scientific
community.
1954
John Backus & IBM: John Backus & IBM develop the FORTRAN Computer
Programming Language
1955
Bell Labs introduces its first transistor computer.
1956
Optical fiber was invented by Basil Hirschowitz, C. Wilbur Peters, and Lawrence E.
Curtiss
Page | 34
IT Management 2B
1957
Sputnik I and Sputnik II: Sputnik I and Sputnik II are launched by the Russians
1958
ARPA (Advanced Research Projects Agency) and NASA is formed
Silicon chip: The first integrated circuit, or silicon chip, is produced by the US Jack
Kilby & Robert Noyce
1959
Paul Baran: Paul Baran theorises on the "survivability of communication systems
under nuclear attack", digital technology and symbiosis between humans and
machines
1960
COBOL: The Common Business-Oriented Language (COBOL) programming
language is invented.
1961
Unimate: General Motors puts the first industrial robot, Unimate, to work in a New
Jersey factory.
1962
The first computer game: The first computer game Spacewar Computer Game
invented BY Steve Russell & MIT
1963
The Computer Mouse: Douglas Engelbart invents and patents the first computer
mouse (nicknamed the mouse because the tail came out the end)
The American Standard Code for Information Interchange (ASCII) is developed to
standardize data exchange among computers.
1964
Word processor: IBM introduces the first word processor
BASIC: John Kemeny and Thomas Kurtz develop Beginner’s All-purpose Symbolic
Instruction Language (BASIC)
1965
Hypertext: Andries van Dam and Ted Nelson coin the term "hypertext"
1967
Floppy Disk: IBM creates the first floppy disk
1969
Seymour Cray: Seymour Cray develops the CDC 7600, the first supercomputer
Gary Starkweather: Gary Starkweather invents the laser printer whilst working with
Xerox
ARPANET: The U.S. Department of Defense sets up the Advanced Research
Projects Agency Network (ARPANET ) this network was the first building blocks to
what the internet is today but originally with the intention of creating a computer
network that could withstand any type of disaster.
1970
RAM: Intel introduces the world's first available dynamic RAM ( random-access
memory) chip and the first microprocessor, the Intel 4004.
1971
E-mail: E-mail was invented by Ray Tomlinson
Liquid Crystal Display ( LCD ): Liquid Crystal Display ( LCD ) was invented by
James Fergason
Pocket calculator: Pocket calculator was invented by Sharp Corporation
Floppy Disk: Floppy Disk was invented by David Noble with IBM - Nicknamed the
"Floppy" for its flexibility.
Page | 35
IT Management 2B
1972
First Video Game: Atari releases Pong, the first commercial video game
The CD: The compact disc is invented in the United States.
1973
Robert Metcalfe and David Boggs: Robert Metcalfe creates the Ethernet, a local-area
network (LAN) protocol
Personal computer: The minicomputer Xerox Alto (1973) was a landmark step in the
development of personal computers
Gateways: Vint Cerf and Bob Kahn develop gateway routing computers to negotiate
between the various national networks
1974
SQL: IBM develops SEQUEL (Structured English Query Language ) now known as
SQL
WYSIWYG: Charles Simonyi coins the term WYSIWYG (What You See Is What You
Get) to describe the ability of being able to display a file or document exactly how it
is going to be printed or viewed
1975
Portable computers: Altair produces the first portable computer
Microsoft Corporation: The Microsoft Corporation was founded April 4, 1975 by Bill
Gates and Paul Allen to develop and sell BASIC interpreters for the Altair 8800
1976
Apple: Apple Computers was founded Steve Wozniak and Steve Jobs
1977
Apple Computer’s Apple II, the first personal computer with color graphics, is
demonstrated
MODEM: Ward Christensen writes the programme "MODEM" allowing two
microcomputers to exchange files with each other over a phone line
1978
Magnetic tape: The first magnetic tape is developed in the US
1979
Over half a million computers are in use in the United States.
1980
Paul Allen and Bill Gates: IBM hires Paul Allen and Bill Gates to create an operating
system for a new PC. They buy the rights to a simple operating system
manufactured by Seattle Computer Products and use it as a template to develop
DOS.
1981
Microsoft: MS-DOS Computer Operating System increases its success
1982
WordPerfect: WordPerfect Corporation introduces WordPerfect 1.0 a word
processing program
Commodore 64: The Commodore 64 becomes the best-selling computer of all time.
SMTP: SMTP (Simple Mail Transfer Protocol) is introduced
1983
More than 10 million computers are in use in the United States
Domain Name System (DNS): Domain Name System (DNS) pioneered by Jon Postel,
Paul Mockapetris and Craig Partridge. Seven 'top-level' domain names are initially
introduced: edu, com, gov, mil, net, org and int.
Page | 36
IT Management 2B
Windows: Microsoft Windows introduced eliminating the need for a user to have to
type each command, like MS-DOS, by using a mouse to navigate through drop-down
menus, tabs and icons
1984
Apple Macintosh: Apple introduces the Macintosh with mouse and window interface
Cyberspace: William Gibson coins the word cyberspace when he publishes
Neuromancer
1985
Paul Brainard: Paul Brainard introduces Pagemaker for the Macintosh creating the
desktop publishing field.
Nintendo: The Nintendo Entertainment System makes its debut.
1986
More than 30 million computers are in use in the United States.
1987
Microsoft introduces Microsoft Works
Perl: Larry Wall introduces Perl 1.0
1988
Over 45 million PCs are in use in the United States.
1990
The Internet, World Wide Web & Tim Berners-Lee: Tim Berners-Lee and Robert
Cailliau propose a 'hypertext' system starting the modern Internet
Microsoft and IBM stop working together to develop operating systems
1991
The World Wide Web: The World Wide Web is launched to the public on August 6,
1991
1993
At the beginning of the year only 50 World Wide Web servers are known to exist
1994
The World Wide Web Consortium is founded by Tim Berners-Lee to help with the
development of common protocols for the evolution of the World Wide Web
YAHOO: YAHOO is created in April, 1994.
1995
Java: Java is introduced
Amazon: Amazon.com is founded by Jeff Bezos
EBay: EBay is founded by Pierre Omidyar
Hotmail: Hotmail is started by Jack Smith and Sabeer Bhatia.
1996
WebTV: WebTV is introduced
1997
Altavista introduces its free online translator Babel Fish
Microsoft acquires Hotmail
1998
Google: Google is founded by Sergey Brin and Larry Page on September 7, 1998
PayPal is founded by Peter Thiel and Max Levchin
2001
Xbox: Bill Gates introduces the Xbox on January 7th 2001.
Page | 37
IT Management 2B
2002
Approximately 1 billion PCs been sold
PayPal is acquired by eBay
2005
September 12: eBay acquires Skype
2006
Skype announces that it has over 100 million registered users.
2008
At Macworld Expo, Apple introduces the MacBook Air laptop computer. It features
Core2 Duo processor, 2 GB RAM, fixed battery, no optical drive, USB and micro-DVI
ports, iSight camera, 80 GB hard drive, 64 GB solid-state drive, 13.3-inch diagonal
widescreen LED 1280x800 color screen, AirPort Extreme WiFi, Bluetooth 2.1+EDR,
full-size keyboard and trackpad. Battery life is 5 hours. Weight is 3 pounds; size 12.8
World of Warcraft Released
2008
2008
The European Commission fines Microsoft 899 million euros (US$1.35 billion) for
using high prices to discourage software competition, in defiance of a 2004 order
from Brussels to provide the information on reasonable terms
2008
At the Intel Developer Forum in Shanghai, China, Intel introduces the low-power
Atom microprocessor, in speeds up to 1.86 GHz
South Africa issues a 2.05r postage stamp for "Ergonomics in the office" depicting a
personal computer
Electronic Arts releases The Sims 3 game for personal computers in the USA.
2009
2009
2009
Microsoft launches Windows 7 operating system. Price is US$199.99 for the Home
Premium version, or US$119.99 for an upgrade from older versions.
2009
United States Court of Appeals for the Federal Circuit upholds a US$290 million jury verdict
for i4i against Microsoft for patent infringement by the Microsoft Word program. Microsoft is
barred from selling the current Microsoft Word and Microsoft Office as of January 11. The
company will modify the programs to remove the disputed feature, which relates to the use
of XML. [2322]
2010
2010
2011
2011
2012
2012 xxxx
At Macworld conference in San Francisco, California, Apple CEO Steve Jobs unveils
the iPad tablet computer. It features 9.7-inch touchscreen, 0.5 thick unit. Price starts
at US$499 with 16 GB RAM. [2322]
Market capitalization of Apple (US$222 billion) passes Microsoft (US$219 billion) for
the first time since December 19,1989. Apple stock is worth more than 10 times what
they were 10 years ago, whereas Microsoft stock is down 20 percent over the same
time period
At Microsoft's annual developer conference, Microsoft distributes 5000 Samsung
tablet computers running a test version of Windows 8 operating system.
Yasean Khan joined Mancosa as the Information Technology Manager and makes
major Information Technology transformations in the 6 months he is there.
Virtualization is being adopted as the platform of choice. Electronic Submission is
on the cards.
Ipad 3 released, Steve Job Dies,
Samsung sells more units than apple, however apples profits are much higher.
You fill in the rest…
Page | 38
IT Management 2B
Group Work
1. Review the table above and discuss how the past has affected the present
technological advances.
2. In a group, discuss a particular technology such as the IPAD and trace its
roots through the ages.
3. Discuss some organisations that have been major role-players in shaping the
current technologies in Information Technology.
4. By use of some examples, research how companies have adapted to the
times to remain relevant in the world, to the world.
1.7 Conclusion
Now we have a holistic view of information technology including how
history contributed to the birth of our current state of Information
Technology. It is time to look at the impact that technology has had
and is having on humans. It is important to put into perspective the
history of Information Technology and one should make not at what
speed Information Technology is transforming organisations. Prices
have changed, computing power has changed and we will see that the
way we do business and the way we make decisions is also changing.
We will discover that organisations are seeking to make decisions
based on fact, and modern trends are highlighting the need and desire
of these organisations to do this in real time and not just based on
historical data.
REMEMBER:
Information Technology
has grown at an
incredible rate. History
shows patterns.
Business Intelligence
exposes those patterns
so they can be
manipulated by an
organisation.
Page | 39
IT Management 2B
SECTION TWO: IMPACT OF INFORMATION
TECHNOLOGY
CONTENTS
SECTION TWO: IMPACT OF INFORMATION TECHNOLOGY ............................................................................. 40
2.1 LEARNING OUTCOMES ............................................................................................................................... 42
2.2 READING ..................................................................................................................................................... 43
2.3 INTRODUCTION .......................................................................................................................................... 44
2.4 NEGATIVE IMPACT OF TECHNOLOGY ON THE ORGANISATION, INDIVIDUAL AND SOCIETY........................ 44
2. 5 POSITIVE IMPACT OF TECHNOLOGY ON THE ORGANISATION, INDIVIDUAL AND SOCIETY ......................... 46
2.6 CONCLUSION .............................................................................................................................................. 50
Page | 40
IT Management 2B
Think point
What makes technology so effective in making an impact on our lives?





Do we interact with Information Technology in the world today without even
realising it?
How and where do we interact with Information Technology?
Has Information Technology transformed your life in anyway?
What is Information Technology in the context of where we work?
Does Information Technology affect society?
Page | 41
IT Management 2B
2.1 LEARNING OUTCOMES
1. Understand the negative impact of technology on the organisation, individual and society
2. Understand the positive impact of technology on the organisation, individual and society
Page | 42
IT Management 2B
2.2 READING
Prescribed Reading:
Reynolds, George W. (2010) Information Technology for Managers, International Edition. United
States of America: Cengage Learning
DETAILS: Chapter of Book that should be read.
Chapter 4: Business Process and IT Outsourcing.
Chapter 5: Corporate Governance and IT.
Williams, B and Sawyer,S. (2010) Using Information Technology, 8th Edition. USA, New York:
Mcgraw-Hill
DETAILS: Chapter of Book that should be read.
Chapter 7 PERSONAL TECHNOLOGY: The Future Is You
Chapter 9 THE CHALLENGES OF THE DIGITAL AGE: Society & Information Technology Today
Page | 43
IT Management 2B
2.3 INTRODUCTION
Technology runs in the veins of society. It is the fuel that drives our lives. It is an integral part of daily life. It has
definitely benefited society. It has brought luxury in the life of every common man. Automation brought about by
technology has saved human effort and time to a large extent. It has brought distant places closer and simplified
information access. It has made the world a smaller place to live in. Let us look at some of the important areas,
where technology has brought a positive change.
Read/Research and write additional notes. Make sure you use the prescribed
textbook and useful Internet websites to write additional notes.
2.4 NEGATIVE IMPACT OF TECHNOLOGY ON THE ORGANISATION,
INDIVIDUAL AND SOCIETY
"When we speak of the impact of technology on society, we always talk about the positive effects of technology
and about how technology has made life easy. We talk about the Internet as an information resource and a
communication platform and conveniently ignore the fact that an overexposure to it leads to Internet addiction.
We often discuss how technology has made life easy but easily forget that it has made us overly dependent on it.
Have you thought of the impact of technology from this point of view? I am sure, most of you haven't. Let us look
at this aspect of technology here.
Impact of Technology on Our Society
Think of the days when there were no computers and no modern means of transport. Human life was highly
restricted due to the unavailability of technological applications. Daily life involved a lot of physical activity. Life of
the common man was not as luxurious as that of modern times, but he was more active. Exercise was integrated
into routine physical activities. It was contrary to the sedentary lifestyle of today, which leaves no time for
exercise and fills days with inactivity and laze. Today we don't want to, and thanks to technology, don't even
need to, walk, move around or exert physically to get things done. We have the world at our fingertips.
We think of technology as a boon to society, but is it really? The Internet
has bred many unethical practices like hacking, spamming and phishing.
Internet crime is on the rise. The Internet, being an open platform lacks
regulation. There is no regulation on the content displayed on websites.
Internet gambling has become an addiction for many. Overexposure to
the Internet has taken its toll. In this virtual world, you can be who you are
not, you can be virtually living even after you die. Isn't this weird?
Children are spending all their time playing online and less or almost no
REMEMBER:
Information Technology
has also created as
many problems as it
has solved
Page | 44
IT Management 2B
time playing on the ground. Youngsters are spending most of their time on social networking, and possibly
missing out on the joys of real social life.
Think of the days when there were no online messengers, no emails and no cell phones. Indeed cellular
technology made it possible for us to communicate over wireless media. Web communication facilities have
worked wonders in speeding long-distance communication. On the other hand, they have deprived mankind of
the warmth of personal contact. Emails replaced handwritten letters and communication lost its personal touch.
With the means of communication so easily accessible, that magic in waiting to reach someone and the
excitement that followed have vanished.
Moreover, we have become excessively dependent on technology. Is so
much of dependency good? Is it right to rely on machines to such an extent?
Is it right to depend on computers rather than relying on human intellect?
Computer technology and robotics are trying to substitute for human
intellect. With the fast advancing technology, we have started harnessing
artificial intelligence in many fields. Where is the digital divide going to take
us? How is our 'tomorrow' going to be? 'Machines replacing human beings'
does not portray a rosy picture, does it? It can lead to serious issues like
unemployment and crime. An excessive use of machines in every field can
result in an under-utilization of human brains. Over time, we may even lose
our intellectual abilities. You know of the declining mathematical abilities in
children due to use of calculators in school?
The impact of technology on society is deep. It is both positive and negative.
Technology has largely influenced every aspect of living. It has made life
easy, but so easy that it may lose its charm one day. One can cherish an
accomplishment only if it comes after effort. But everything has become so
easily available due to technology that it has lost its value. There is a certain
kind of enjoyment in achieving things after striving for them. But with
everything a few clicks away, there is no striving, there's only striking."6
REMEMBER:
Ask yourself:
Is Information
Technology
Dependency, that good
for us?
Will humans evolve or
devolve because of
Information Technology
in the future and will
the use of computers
lead to a drain in
HUMAN BRAIN
POWER?
What is the Impact of Technology on Our Society?. 2012. What is the Impact of Technology on Our
Society?. [ONLINE] Available at: http://www.buzzle.com/articles/what-is-the-impact-of-technologyon-our-society.html. [Accessed 27 April 2012]. Adapted.
6
Page | 45
IT Management 2B
Group Work
As an Information Technology manager one has to take the following into consideration as the following if not
looked at will result in a negative impact of Information Technology on an organisation. Place yourself in the
shoes of an Information Technology Manager and discuss the following issues and their relevance to the impact
of Information Technology in an Organisation.
1.
High costs of hardware and software, and the need to upgrade every few years
2. Training costs
3. Maintenance costs, such as salaries of skilled IT personnel
4. Hacking
5. Phishing
6. Malware such as viruses, Trojans and worms
7. Load-shedding and its impact
8. Network down time and its impact
9. Internet abuse by employees
2. 5 POSITIVE IMPACT OF TECHNOLOGY ON THE ORGANISATION,
INDIVIDUAL AND SOCIETY
Automation of Processes in the Industry and the Household: Technology has automated many of the critical
processes in the industry as well as the household. Imagine the amount of labor that must have been involved in
industrial processes when the concept of automation did not exist. Electronic gadgets have entered homes of the
common man to rescue him from the boredom of daily chores. Imagine the amount of time people must be
spending doing household chores during the time there were no machines and household appliances. It's better
not imagined. Today's is the age of robotics. Machines can learn, adopt new things and perform tasks with nearhuman efficiency.
Changed Modes of Transport: The automobile industry and technology are interwoven. Time has witnessed
this industry evolve from mechanical scooters to automated aircraft. Animals were the only modes of transport in
the olden days. Technology was the driving force behind the creation and design of the modern-day automobiles.
Bicycles evolved into scooters and sports bikes. The idea of having four-wheeled modes of transport gave rise to
the creation of cars. Modes of air and water transport came up, thanks to technology.
Reduced Risk to Human Life: Machines have automated many crucial industrial processes. Machines are now
taking up mundane jobs that were once done by human workers. Technology has evolved to an extent where
machines can perform tasks that are not feasible for man, either because they are risky or life-threatening or
Page | 46
IT Management 2B
because they are beyond human capacity. The use of advanced technologies like robotics and artificial
intelligence has proven to be helpful in life-risking endeavors like mining and space exploration.
Data Management and Information Retrieval: Computer technology, needless to say, has changed the face of
the world. Computers can store, organize and manage huge amounts of data. They can process large amounts
of information. Computers have given rise to the software industry, one of the most progressive industries of the
world. The Internet that seeded from computer networking concepts is the most effective communication platform
and the largest information base existing today.
Impact on the Entertainment and Advertising Industries: The Internet has brought a positive change to the
entertainment and advertising industries. Over the Internet, advertisements can reach the masses within
seconds. Internet advertisements have changed equations of the advertising industry. Branding on the Internet is
much more effective that other forms of product promotion. The entertainment media has progressed because of
advancements in technology. Movies, songs, games are a few clicks away. People have begun using the
Internet to watch and download movies, listen to music, play games and entertain themselves. Thanks to handy,
mobile and user-friendly devices, all this has become really easy.
Onset of the Digital Age: There's hardly anything analog now, we live in a digital world, a digital age. Talk pixels
and bytes. The digitization of information has made it possible for us to store it in a compact form. Ever wondered
how gigabytes of data can be stored on a small chip? Digitization it is! Also, digitization enriches the quality of
data storage. Digital voice and digital images are of a higher quality. Digital cameras and digital TVs provide
users with an enriched picture quality, thus bettering user experience with technology.
Communication Redefined: Cellular communication has revolutionized the communication industry. The
conventional telephone, also a piece of technology, was one of the earliest technological developments in
communication. Mobile phones have broadened the horizons of communication by enabling convenient longdistance calling and mobile use. Letters have taken a backseat and emails and cell phone messages have
become the easiest means to connect. Owing to developments in technology, communication is wireless. Social
networking is another defining factor here. It has given an all new dimension to communication, entertainment
and recreation.
Satellite Technology: Satellite communication is an important facet of technology. Satellite TV and satellite
radio have eased the broadcasting of events across the globe. How else do you think could matches and
concerts be broadcasted live? Not just TV and radio, even communication to ships and airplanes wouldn't have
been possible if not for satellite communication. Even your hand-held devices wouldn't be of use, if not for radio
communication.
These were still a few fields influenced by technology. It is almost impossible to enlist all the positive effects of
technology on society. The fast-advancing technology on the whole, has given impetus to developments in
various fields and improved the quality of human life. There's less risk, less effort, less mess. There's more
leisure, more ease and more speed - all because of that ten-letter word - not a word, a phenomenon technology. "7
Positive Effects of Technology on Society. 2012. Positive Effects of Technology on Society. [ONLINE]
Available at: http://www.buzzle.com/articles/positive-effects-of-technology-on-society.html.
[Accessed 27 April 2012].
7
Page | 47
IT Management 2B
"Technology has progressed by leaps and bounds in the last few decades, and the benefits of
technology are there for all to see. One of the biggest arguments against technology is its sometimes
ridiculously high cost which limits its usage and places it out of reach of many people. But it is an
undeniable fact that technology has helped us make many tasks easier, and it has also made the world
a much smaller place.
The latest developments in technology can be seen and felt in many industries, but there are some
areas that have been benefited more than others. Costs of production have fallen, networking has
become easier, employment levels have risen (in some cases), and we have certainly become more
efficient at many complex tasks and processes. With this in mind, let's look at some of the most obvious
benefits of technology that we live with today.
Healthcare
Perhaps the single biggest beneficiary of advancing technology has been the healthcare sector.
Medical research has led to the end of many diseases and ailments, and also to the discovery of many
drugs and medications that have helped prevent many lethal diseases and disorders. Personal records
are easier to study now, and medical research has advanced magnificently. Millions of lives have been
saved as a result of this. Here are some of the benefits of technology in this industry in brief.






Communication between patients and doctors has become easier, more personal, more flexible
and more sensitive.
Personal records of patients are maintained, which makes it easier to study symptoms and
carry out diagnosis of previously unexplainable conditions.
Several medical aids have helped people overcome many medical conditions which they had to
live with earlier.
New medicines have led to the demise of many illnesses and diseases.
Medical research has become supremely advanced, and every ailment seemingly has a cure,
or at least a prevention.
Costs of medical procedures and operations have fallen dramatically over the decades. positive
effects of technology on society.
Education
"Interactive learning and feedback systems
ICT is changing the face of education as we know it. ICT in many countries have already brought
interactive and individualized learning to these environments. Students press buttons in response to
questions in a classroom, instead of raising their hands. The results of the questions are then displayed
to the whole class. Asking multiple choice questions and giving the students immediate feedback to
their responses could tip the scales in a learning environment with this process of instant feedback to
both the students and the lecturers. The lecturer can immediately see when their explanations are not
making sense to the students and change their explanations to suit that class."8
8
Khan, Yasean. (2011). BACHELOR OF COMMERCE IN INFORMATION AND TECHNOLOGY
MANAGEMENT (YEAR 2),MODULE 1,IT MANAGEMENT 2A,Study Guide. Durban, Mancosa
Page | 48
IT Management 2B
It is no surprise that the benefits of technology in the classroom and the benefits of technology in
schools have opened up a whole new learning environment. Knowledge can be easily procured with the
help of Internet technology now, and it is easier to help children with special needs as well. Here are
some more benefits of assistive technology that the educational sector has witnessed.





Personalized learning has come to the fore. Students can pick their own curriculum with ease,
and set their own personal targets.
Distance learning has become much easier, and this has led to a rise in the number of people
who receive education.
E-learning and online education has made it very simple and systematic for an individual to
receive personal attention, so that all his specific needs are fulfilled.
Immediate response to queries and tests have made the whole education process a lot faster.
The use of computers and technology in classrooms has opened up a whole new method of
teaching and effective learning.
Communication
The communication industry has witnessed a huge growth. Social networking and blogging has opened
up a whole new world to people from remote locations, and the reach of the mass media has increased
thousand fold. People can communicate with each other on the move, and there are no limitations
anymore to the benefits of information technology. Here are some more benefits.





The speed of talking to one another is instantaneous.
The mode of talking has become more personalized and can be done from just about
anywhere.
The world has become a smaller place, since no one is out of reach anymore.
The clarity of communication has also improved with improvements in audio quality and video
quality.
Information and news broadcasting has become more personalized as well. Moreover, it can
reach more people at a faster speed, and people's response can also be felt immediately.
Business
Companies have become more profitable with the help of various advanced machines and equipment,
and this has led to a rise in the standard of living of people. The national income of countries has also
expanded as a result of this.





Costs of production have fallen dramatically thanks to automated processes.
Research and development has become far more advanced than ever, and this leads to the
invention of ground breaking technology.
Company accounts and customer records can be easily stored and accessed, and this
increases the market penetration of the business.
Global collaborations and partnerships are easier to start and maintain, and this benefits
everyone involved with international business.
It has become easier to combat competition, and this has led to more choice for the consumer.
All of these benefits of technology are there for everyone to see. Even though there are certain
repercussions and a negative impact of technology as well, nobody can say that technology has not
Page | 49
IT Management 2B
aided society on a whole. The world is a better place thanks to technology, and the future looks much
brighter, thanks to these advancements. "9
2.6 CONCLUSION
The effects of the use, misuse or non use of technology can be seen within the strands of most of society.
Although, society is affected in various ways, modifications in our lifestyles are constantly occurring. From the
invention of the simplest of human accessory, like clothing to the most complex research, such as the human
genome project, there are very few areas of human activity that is out of bounds for technological intervention or
has not been touched by technology in one form or another.
It is the way that we have used or avoided technology, that has come to define the success of failure of people,
companies and even cities and countries. It is quite understandable that it is a challenging area of management
to both be aware of the latest technological developments and to also temper this with caution and foresight in
selecting the correct technological pathways that would suit the goals of those concerned.
The topic at hand is extremely important and the impact of Information Technology on the enterprise as well as
its people, both positive as well as negative, is something the IT manager has to be intimately aware of in order
to make informed decisions when setting up an IT infrastructure. Furthermore, this knowledge will equip the IT
manager to aid senior management in putting Information Technology policies in place and help the organisation
use Information Technology to support the driving goals of the organisation and in some cases even speed up
the attainment of those goals!
Benefits of Technology. 2012. Benefits of Technology. [ONLINE] Available at:
http://www.buzzle.com/articles/benefits-of-technology.html. [Accessed 27 April 2012].
9
Page | 50
IT Management 2B
Attempt the following questions and research further if you could not answer the question.
Some Guidance is provided below
Test Your Knowledge

How do business around the world utilise Information Technology ? How does Information
Technology Impact them?
Possible Solution to Test Your Knowledge Questions
I.T. has helped in customer service, huge corporations like Microsoft attend to customer needs through email and
chat services. Networking internal and external in organizations has improved the working of businesses. Staffs
and clients likewise can get in touch with the managers for feedback, progress reports and extensions.
Communication has bloomed, two business organizations if they need to work together can easily do so.
Hotmail, when merged with MSN was easy since the service was online. Business these days require a lot of
planning, due to high tech organization systems on computers, planning can be done on an organized pattern,
with schedule formats, grant charts etc. Huge databases can now be controlled and stored on network and back
up drives.
Together with the advancement of science and technology, technological innovations grew along with it, resulting
to the emergence of new equipment and gadgets. No matter how big or small your company is, technology
brings both intangible and tangible benefits to become cost efficient and to meet the growing demands and
needs of customers. Technological innovations affect corporate efficiency, culture and relationship among
employees, clients, suppliers and customers. The type and quality of technology used affect the security of
confidential business information.
Due to the burden brought by administrative tasks, like inventory, bookkeeping and records keeping, both big
and small companies rely on computers to do their administrative works. The birth of Internet and online social
networking sites tremendously decreased the costs of business operations. It also makes it easier for companies
to use the Six Sigma management methodologies. Some firms shifted to outsourcing instead of hiring their own
personnel due to the low costs associated with it. Because of the huge impact of technological innovations to
companies, it is impossible for them to live with it.
Commonly used high technology equipment:

Computers

Photocopier

Telephone

Computer printer
Page | 51
IT Management 2B

Internet

Paper shredder

Multimedia projector

Touch screen monitors

Computer mouse

Laptop computers
Advantages of Technology to Business:

Customer Relations. Technology affects the way companies communicate and establish relations with
their clients. In a fast moving and business environment, it is vital for them to interact with clients
regularly and quickly to gain their trust and to obtain customer loyalty. With the use of Internet and
online social networks, firms interact with consumers and answer all their queries about the product.
Establishing effective communication with customers not only creates rapport with them, but it also
creates strong public image. It allows business enterprises to reduce and to cut carbon emissions.
A bit more about the latest trends in CRM:
"Related trends
Many CRM vendors offer Web-based tools (cloud computing) and software as a service (SaaS), which
are accessed via a secure Internet connection and displayed in a Web browser. These applications are
sold as subscriptions, with customers not needing to invest in purchasing and maintaining IT hardware,
and subscription fees are a fraction of the cost of purchasing software outright.
The trend towards cloud-based CRM has forced traditional providers to move into the “cloud” through
acquisitions of smaller providers: Oracle purchased RightNow in October 2011 and SAP acquired
SuccessFactors in December 2011. Salesforce.com pioneered the concept of delivering enterprise
applications through a web browser and paved the way for future cloud companies to deliver software
over the web Salesforce.com continues to be the leader amongst providers in cloud CRM systems.
The era of the "social customer" refers to the use of social media (Twitter, Facebook, LinkedIn, Yelp,
customer reviews in Amazon, etc.) by customers in ways that allow other potential customers to glimpse
real world experience of current customers with the seller's products and services. This shift increases
the power of customers to make purchase decisions that are informed by other parties sometimes
outside of the control of the seller or seller's network. In response, CRM philosophy and strategy has
shifted to encompass social networks and user communities, podcasting, and personalization in
addition to internally generated marketing, advertising and webpage design. With the spread of selfinitiated customer reviews, the user experience of a product or service requires increased attention to
design and simplicity, as customer expectations have risen. CRM as a philosophy and strategy is
Page | 52
IT Management 2B
growing to encompass these broader components of the customer relationship, so that businesses may
anticipate and innovate to better serve customers, referred to as "Social CRM"."10

Business Operations. With the use of technological innovations, business owners and entrepreneur
understand their cash flow better, how to manage their storage costs well and enables you to save time
and money.

Corporate Culture. Technology lets employees communicate and interact with other employees in other
countries. It establishes clique and prevents social tensions from arising.

Security. Modern security equipment enables companies to protect their financial data, confidential
business information and decisions.

Research Opportunities. It provides a venue to conduct studies to keep themselves ahead of
competitors. It allows companies to virtually travel into unknown markets.

Corporate Reports. With technology, business enterprises communicate effectively with their branch
offices to deliver quality financial and operational reports.

Industrial Productivity. Through the use of business software programs or software packages, it
automated traditional manufacturing process, reduces labor costs and enhances manufacturing
productivity. It enables companies to increase efficiency and production output.

Business mobility. Technological innovations improved companies' sales, services, shorted lead time on
receiving and delivering goods and services. Enables them to penetrate multiple markets at least costs.

Research capacity. It enables them to conduct studies on various companies to gain knowledge on the
new trends in the market and way on avoiding them.
Technology affects businesses on many levels. The more efficient an employee is, the more productive he is to
the company. In addition, the more a business stays in touch with its customer base, the better the chance of
building customer loyalty. Advances in technology make that possible, as well as allowing employees from
around the world to work via video conferencing and telecommuting to work.
Consumers
The impact of technology on a business isn't restricted to business use. A business is also affected when
consumers use technology. At one time, the only way some people had to file their tax returns was through going
to either a certified public accountant or a professional tax preparer, or doing taxes themselves. The tax code is
complex and some people might not have felt secure in preparing their taxes on their own. However, accounting
software evolved to the point where many people simply had to answer a series of questions and the computer
would do the rest, including filing the information electronically.
Customer relationship management - Wikipedia, the free encyclopedia. 2012. Customer
relationship management - Wikipedia, the free encyclopedia. [ONLINE] Available at:
http://en.wikipedia.org/wiki/Customer_relationship_management. [Accessed 30 June 2012].
10
Page | 53
IT Management 2B
Crossover
The technology a business uses might not have been designed for businesses. From a marketing point of view,
a company makes more money by going after consumers than businesses. Consumers might buy the latest
upgrade to a technological device, such as an iPhone, while businesses tend to use products for longer periods
of time. On the other hand, the more consumers purchase the latest product, the better the business side of
manufacturing does. A company can reach the consumer market first, then expand into the business arena.
When Apple added enhanced security features to the iPhone, businesses began to look at adding iPhones to the
list of acceptable phones to use in the business environment, resulting in a crossover market.
Social Networking
Social networking affects the business environment. Employees are connected to social networks. This can be a
double-edged sword, however. An employee might post something about the business publicly which should not
be shared. In addition, employees need to understand what gets posted for the public to see can have an impact
on the work environment, especially if the employee is posting negative comments about the work environment
or other employees. On the flip side, businesses can use social networks to monitor customer satisfaction. For
example, if a customer is not happy with a product and he posts his feelings online, the company can contact the
customer and try to resolve any problems. Since social networks have links to friends and family, seeing the
company work hard to make things right with the customer might turn the potential loss of a customer into the
chance to gain new customers.
Telecommuting
Technology has had a large impact on the business environment in terms of telecommuting. With broadband
access and computers today, as well as smartphones, employees can work out of their homes, saving the
company money by not needing as physically large a space to operate. With video conferencing, business
meetings no longer need to be face-to-face, saving on air fare and hotel reservations.
Page | 54
IT Management 2B
Case Study and Group Work
Look at the Company SEMAS below:



Discuss what they are doing to combat some of the effects of modern technology such as
calculators
Look at your local Government and consider the ways it is deploying technology in the various areas of
our society. Provide a holistic view first then provide a more detailed summary of the effects on Society.
What are Companies like Google and Microsoft doing that impact educational organisations in terms of
technology and cost?
Page | 55
IT Management 2B
SECTION THREE: INFORMATION TECHNOLOGY
INVESTMENTS
CONTENTS
SECTION THREE: INFORMATION TECHNOLOGY INVESTMENTS ...................................................................... 56
3.1 LEARNING OUTCOMES ............................................................................................................................... 58
3.2 READING ..................................................................................................................................................... 59
3.3 INTRODUCTION .......................................................................................................................................... 60
3.4 TYPES OF INFORMATION TECHNOLOGY INVESTMENT DECISION MAKING PROBLEMS ...................................................... 61
3.5 INVESTIGATE THE FOLLOWING METHODOLOGIES. .................................................................................... 83
3.6 STRATEGIES FOR MAKING THE RIGHT IT INVESTMENT DECISIONS AND AVOIDING IT COSTS ............................................ 90
3.7 CONCLUSION .................................................................................................................................................. 91
Page | 56
IT Management 2B
Think point



How much has your organisation spent on Information Technology?
Approximately how much of the company's annual turnover does this spend represent?
Do you think the cost in Information Technology is justified by the return on investment?
Page | 57
IT Management 2B
3.1 LEARNING OUTCOMES
Analyse and evaluate the benefits and drawbacks of information technology
investments
After completing this chapter, you should be able to:
 Describe different types of IT investment decisions manager face.
 Briefly describe some of the methodologies that are used in IT investment decisionmaking.
 Explain some of the limitations that should be considered when using IT investment
methodologies.
 Consider some strategies when facing Information Technology investment decisions..
Page | 58
IT Management 2B
3.2 READING
Prescribed Reading:
Schniederjans, M.J., 2004. Information Technology Investment: Decision-Making Methodology. World
Scientific Pub Co Inc.
See (Case Sensitive) https://docs.google.com/open?id=0B1ZF9spPlWD-Z2VjbVM4UExtYWs
Paige Baltzan, A.P., 2009. Business Driven Information Systems. New York: McGraw-Hill.
Page | 59
IT Management 2B
3.3 INTRODUCTION
"Periods of business activity are often marked by and referred to as “ages” in the historical development of the
field of business. According to most business historians we have advanced from the “age of information” into the
“age of knowledge”. In both of these periods of time, information technology has been a determining factor in the
survival and success of firms competing with one another. Those firms that know how to best invest in
information technology have been and will continue to be the successors in this and future eras of business
history.
Regardless of your position in an Organization, investing in information technology may be the most important
decision you will ever face in business. Unfortunately, investing in information technology is not as easy as
common financial investment decisions. Careful consideration of financial and non-financial criteria may have to
be included in the analysis to render an optimal solution. To make good decisions on information technology
today requires the use of a variety of investment methodologies. These investment methodologies must be able
to integrate the complexity of decision criteria in such a way that a decision choice is clear and clearly supported
by the analysis. Today, just generating a decision is not enough. Information technology decisions must be
supported by comprehensive inclusion of all relevant decision-making criteria."11
(Schniederjans, 2004, p.4) Mentions the productivity paradox and the research that was undertaken to establish
the absence of a positive relationship between Information Technology spending and the resulting contribution to
productivity or profitability. The results were contradictory as several researchers had evidence that supported
each of their conflicting outcomes. Schniederjans indicates that this can be considered to be a metaphor on the
subject of Information Technology invetsment decision making.
The conclusion was: " That is, there are no single, simple methodologies that will give a consistent,
reliable and optimal solution to mangers facing an IT investment decision. One type of investment
methodology can suggest one alternative and another methodology a completely different alternative to
an if investment decision choice. To try to help in this very complex decision situation, the purpose of
this book is to explore a series of methodologies that can be used individually or in concert to help aid in
IT investment decision-making." 12
11
12
(Schniederjans, 2004, p.vii)
(Schniederjans, 2004, p.4)
Page | 60
IT Management 2B
3.4 Types of Information Technology Investment Decision making
problems
Information Technology investment decisions get complicated due to the variety of choices that one can make in
this area.
"Hardware asset management
Hardware asset management entails the management of the physical components of computers and computer
networks, from acquisition through disposal. Common business practices include request and approval process,
procurement management, life cycle management, redeployment and disposal management. A key component
is capturing the financial information about the hardware life cycle which aids the organization in making
business decisions based on meaningful and measurable financial objectives.
Software Asset Management is a similar process, focusing on software assets, including licenses, versions and
installed endpoints.
Role of IT asset management in an organization
The IT Asset Management function is the primary point of accountability for the life-cycle management of
information technology assets throughout the organization.
Included in this responsibility are development and maintenance of policies, standards, processes, systems and
measurements that enable the organization to manage the IT Asset Portfolio with respect to risk, cost, control, IT
Governance, compliance and business performance objectives as established by the business.
IT Asset Management uses integrated software solutions that work with all departments that are involved in the
procurement, deployment, management and expense reporting of IT assets.
Goals of ITAM
ITAM business practices have a common set of goals:

Uncover savings through process improvement and support for strategic decision making

Gain control of the inventory

Increase accountability to ensure compliance

Enhance performance of assets and the life cycle management

Improve Availability Time of the Business/Applications/Processes.
Process
ITAM business practices are process-driven and matured through iterative and focused improvements. Most
successful ITAM programs are invasive to the organization, involving everyone at some level, such as end users
(educating on compliance), budget managers (redeployment as a choice), IT service departments (providing
information on warranties), and finance (invoice reconciliation, updates for fixed asset inventories).
Page | 61
IT Management 2B
IT asset management generally uses automation to manage the discovery of assets, so inventory can be
compared to ownership information. Full business management of IT assets requires a repository of multiple
types of information about the asset, as well as integration with other systems such as supply chain, help desk,
procurement and HR systems."13
The problems are:



The decision has a monetary impact on the company.
The decision need to be based on quantitative methods and qualitative measures .
The decision cannot always be objective as the criteria being used is often complex and has multiple
complicated dimensions of sub choices.
Let us expand on the above points:
The decision has a monetary impact on the company.
The decision to purchase any Information Technology in any form has a twofold impact on the organisation. The
first type is the actual cost of the purchase or rental of the software or hardware solution. The second not so
obvious cost is the running costs of actually using the solution. The intention of the solution was to increase
productivity and profits, but an incorrect choice can actually result in an even greater loss than if the organisation
had not used the solution at all. An example of this is recent e-tolling solution that met public outcry.
In a nutshell, there was a lot of new technology that was employed to deal with high speed road tolls. However
the greatest issue was the public was never fully consulted. The company then made a massive investment in
rolling this out, but the system was highly debated after it had been installed and may at the time of printing this
be still unused. Read Below:
READ THE FOLLOWING:
"Even as a high court battle to stop the Gauteng e-tolling system played out in Pretoria, the government
was sticking to its guns, saying the implementation of the tolling project had reached the point of no
return.
Presenting his R39-billion departmental budget for the next financial year in the National Assembly,
Transport Minister S'bu Ndebele claimed that the Gauteng freeway improvement project had won the
support of the majority of its users.
But opposition parties - the DA, COPE and the African Christian Democratic Party - slammed the looming
system, some branding it the ''most expensive in the world".
Ndebele said a "huge majority" of the estimated 800000 regular users of Gauteng's freeways had given etolling the thumbs-up by buying e-tags.
IT asset management - Wikipedia, the free encyclopedia. 2012. IT asset management - Wikipedia,
the free encyclopedia. [ONLINE] Available at: http://en.wikipedia.org/wiki/IT_asset_management.
[Accessed 30 June 2012].
13
Page | 62
IT Management 2B
"We are encouraged that 501245 e-tags have so far been sold and distributed to regular users of this
road network. It's a clear indication that people are cooperating with us," he said.
A court battle waged by various lobby groups to interdict the implementation of the Gauteng tolling
regime is scheduled to resume today after a judge ruled that the matter was urgent.
The tolling system is due to take effect at midnight on Monday.
Opposition MPs are not impressed by Ndebele's assertions.
The DA's Ian Ollis is leading the charge. "What we have been forced into with the e-tolls is the world's
most expensive toll collection system,'' said Ollis. ''It will cost over R1-billion a year just to collect the
tolls. That money will not go to upgrading highways but to the company that won the tender."
Ollis argued that it would cost only R4-million a year to administer a "small fuel levy" increase instead of
the "expensive tolls".
The ACDP's Steve Swart weighed in, saying his party was opposed to the tolling of suburban roads
because of rising fuel prices. He said the government should have thought about the high cost of
collecting the tolls before it entered into the R20-billion agreement.
"This tolling project will impose an indirect cost on the economy via the associated strikes and will
impose a direct cost by increasing transport costs," he said.
Ndebele hit back by insisting that there was "no way" the government would abandon e-tolling.
"Who is going to say which road toll should be stopped? Which project do you want stopped because
you've got R20-billion to pay . the road is there, you can't roll it away like a carpet.
"It's your problem."
He argued that the tolls had to be enforced to enable the SA National Roads Agency (Sanral) to repay its
loan of R20-billion, used to finance the improvement of highways around Pretoria and Johannesburg in
the last two years.
He said failure to service the debt could cause it to skyrocket to R32-billion because of higher interest
rates in the near future, and could compromise the credit rating of the government."14
COMMENT ON THE ABOVE.
E-tolling a done deal, says Ndebele - Times LIVE . 2012. E-tolling a done deal, says Ndebele - Times
LIVE . [ONLINE] Available at: http://www.timeslive.co.za/local/2012/04/26/e-tolling-a-done-dealsays-ndebele. [Accessed 30 June 2012].
14
Page | 63
IT Management 2B
The decision needs to be based on quantitative methods and qualitative measures .
Besides the cost in the entire decision making process, the complicating factor is measuring the value of the
Information Technology investment to the organization.
In a nutshell the following are reasons and benefits that one needs to look at during the Information Technology
Investments process.
 Means of achieving competitive advantage
 Poor investments can be a competitive disadvantage
 Avoid physical risks-Equipment
 Avoid managerial risks-Goals
Organisational Strategic Planning in Information Technology Investment Decision making process
Figure 19- MIS Hierarchical planning stages (Schniederjans, 2004, p.16)
It is important to know where Information Technology investment and decision-making methodologies fits into the
general framework of an organisation
1. Strategic planning stage: Senior managers are expected to be involved in developing specific
systems to implement corporation-wide strategy, and also develop the strategies themselves. In
this phase management has to weigh the risks against the rewards for expanding on Information
Technology resources within the scope of the organisations mission or purpose. The outcomes of
this stage is usually a general set of goals and objectives with corporate governance mandates.
Page | 64
IT Management 2B
2. Tactical planning stage: Middle level managers are expected
to implement the goals an objectives defined in the prior
Strategy stage. This is where they will decide how to implement
the stated goals and objectives. While the prior stage may have
a 5 year schedule, this stage would break that down into
smaller time chunks and what must be done in each time
period. This is where the general plans are transformed into
specific areas of work. The key outcome would be to determine
the resources that would be required to achieve the desired
work. It is at this stage the investment decisions on Information
Technology are made.
3. Operational planning stage: The more detailed day to day
work is planned and scheduled. Where tactical planning takes
into consideration the total workload of a department, the
operational planning stage targets individual goals and
objectives.
REMEMBER:
Information
Technology
investment needs to
use all three phases
of planning:
Strategic
Tactical and
Operation Planning
Page | 65
IT Management 2B
Page | 66
IT Management 2B
The decision cannot always be objective as the criteria being used is often complex and has
multiple complicated dimensions of sub choices.
In the example (Schniederjans, 2004, p.7) of choosing a personal computer we see the number of ways we
approach the problem, usually start of by looking at the cost factor and then looking at the options they can
purchase depending on their need and what they can afford to get. The table below illustrate the sequential
manner in which this is process is carried out.
Figure 20- Complicated dimensions of sub choices
What is Information Technology Investment ?
Figure 21- A Management Information System - Allocating all resources to this can be
considered to be an IT investment (Schniederjans, 2004)
Page | 67
IT Management 2B
Attempt the following questions and research further if you could not answer the
questions.
1. Why is the “productivity paradox” important in IT investment decision making?
2. Why is there such diversity in the types of IT investment decision making problems?
3. What is the relationship between the components of an MIS and the use of IT investment
decision making methodologies? That is, give examples of the MIS components that might
require an investment.
4. Why is it important to consider the limitations of IT investment decision making methodologies
in an analysis?
5. Why is it important to see where IT investment decision making fits into the overall planning of
business organizations?
Page | 68
IT Management 2B
Read The Following Magazine Article- 15
MAGAZINE
Architecture-Based IT Valuation
Marc Lankhorst, Dick Quartel
Wednesday, 31 March 2010
Supporting portfolio management and investment decisions
This paper outlines our architecture-based approach to IT valuation and portfolio management. It
sketches how different valuation criteria can be combined and linked to architecture models, and how a
first part of this approach is implemented in an architecture modeling tool. In this manner, the value
(costs & benefits) of different elements in the architecture can be computed and attributed to the various
goals of the organization, thus supporting well-informed IT investment decisions.
Introduction
After almost half a century of IT developments, many large organizations face an unfavorable ratio between old
(existing) IT and new IT. Because old IT systems tend to be monolithic, unwieldy and inflexible, organizations
experience maintenance as difficult and modernization to meet new business demands as improbable. Some
organizations spend up to 90% of their IT budget in 2009 on maintaining the existing IT landscape, leaving only
10% for innovation. If this trend of increasing budget requirements for existing IT is not reversed, then in the
nearby future no budget at all will be available for new IT. In the worst case, innovation is squeezed out
completely and budgets to spend on existing IT may become insufficient to perform crucial maintenance tasks.
By focusing on the value of IT instead of considering costs only, organizations can decide which IT really
contributes to their business goals and make a well balanced division into budgets for maintenance, exploration,
realization and phasing out. Traditionally, IT has often been regarded only as a cost center in business case
calculations. Its less tangible benefits have often been more or less neglected in portfolio management decisions.
Furthermore, in the past information systems tended to be relatively stand-alone, supporting a single business
silo. This made it easier to attribute its costs and benefits.
Nowadays, however, IT systems and services are more and more interwoven with the business and may support
many different activities, generate independent revenue streams, attract new business, et cetera. To create a
clear insight in these effects, we need a valuation approach that takes as a starting point the overall coherence of
the organization, its products and services, business processes, applications, and infrastructure, i.e., from the
enterprise architecture.
Enterprise architecture makes the connection between enterprise goals and the business functions, processes,
people, IT systems and infrastructure required to reach these goals. It also considers the enterprise as an
interrelated whole, instead of as a set of unrelated point solutions for problems. The valuation approach
described in this paper uses enterprise architecture models to relate business goals to the IT artifacts, such as
services, processes and applications that realize these goals. In this way, the KPIs associated with each goal
can be related to the relevant attributes of the IT artifacts. This enables the development of automated and
model-based techniques to analyze KPIs and business goals. Moreover, by performing such analyses as part of
15
http://www.via-nova-architectura.org/en/magazine/magazine/architecture-based-it-valuation.html
Page | 69
IT Management 2B
the architectural design process, different design alternatives can be assessed with regard to their contribution to
business goals. The enterprise architecture foundation ensures that local optimization is avoided and enterprisewide effects of changes are taken into account.
This paper describes the ingredients for an integrated IT valuation method that uses architectural models as its
backbone. First, we explore the generic business requirements that comprise the high-level strategy of the
organization with respect to its IT, such as its value center approach and operating model. These strategic
choices determine the aspects that need to be taken into account when assessing the value of the IT portfolio.
Next, we describe in more detail how business requirements can be modeled in conjunction with the enterprise
architecture of the organization. This helps in realizing the requirements traceability that is needed to perform a
well-founded portfolio assessment.
Figure 1. Overall structure of our method.
Business requirements and enterprise architecture are the main inputs for Bedell’s method, which computes the
‘value’ of IT systems. The method takes the importance of IT systems to the business and the effectiveness of
their support and creates aggregate metrics across the entire IT landscape. Such metrics should preferably be as
concrete as possible. We describe how to decide on such criteria and indicators for various aspects of the IT
landscape that need to be evaluated. These include quality attributes such as the ‘-ilities’ well-known from
software engineering, and risk analysis criteria. Finally, we give a first outline of a method in which the abovementioned ingredients are integrated, the structure of which is shown in Figure 1.
Determining the IT strategy
In putting a value to IT systems, projects and investments, it is highly important to first have a clear insight in the
strategic choices the organization has made with respect to its IT operations.
Venkatraman (1997) presents one approach to differentiation in IT goals: the value center orientation for IT. The
main idea is that each center represents a different way of extracting value from IT resources. Note that the
centers are interdependent. Venkatraman considers four different value centers (see Figure 2). ‘The cost center
reflects an operational focus that minimizes risks with a predominant focus on operational excellence. Service
center, while still minimizing risk, aims to create IT-enabled business capability to support current strategies.
Investment center, on the other hand, has a longer-term focus and aims to create new IT-based business
Page | 70
IT Management 2B
capabilities. Finally, profit center is designed to deliver IT services to the external marketplace to realize
incremental revenue as well as gain valuable learning and experience to become a world-class IT organization’.
(Venkatraman, 1998).
So on the one hand, there are the cost center and service center approaches, focusing on current business
strategies. On the other hand, there are investment center and profit center that aim at maximizing opportunities
from IT resources and shaping future business strategies.
Figure 2. The concept of a value center (Venkatraman,1997)
For each center, specific business goals and performance indicators can be defined. This approach with different
IT strategies fits with the focus of the IT valuation method our applied research project is constructing. The
business strategy and the matching value centers provide important input for the choice of valuation and
assessment criteria for the IT portfolio.
Cost center
IT that is typically positioned in the cost center is not related to business goals. Examples are the operational
infrastructure involving most data centers, telecommunications network and routine maintenance like installing
and removing equipment, answering questions and administrative support. Specific performance metrics are
used as decision criteria, which are not related to business metrics. Cost center works well when input and
output can be clearly related, like doubling the budget results in a performance increase by factor 3. Relevant
performance metrics are quantitative in nature, for example costs per unit of something, maintenance costs per
unit, or costs per employee. Such measures need to be benchmarked against performance metrics of other
organizations in order to be able to find opportunities for improvement.
Service center
The service center aims to create IT-enabled business capabilities that drive current business strategy. IT
resources create tangible current business advantages. IT is strongly related to business goals. Investment
decisions are not solely based on costs but rather on improving service provisioning. Whether an IT system is a
cost center or a service center depends on the organization. In this way, an IT system can be considered as a
service center for the one organisation and a cost center for the other. For example service characteristics such
as minimize downtime and improve reliability can also be considered as performance metrics. The main question
Page | 71
IT Management 2B
in the service center category is whether an IT system gives the organization a competitive edge and
differentiates the organisation from its competitors. So the purpose of use of an IT system is important and not
the application and functionality in itself. From a service center perspective an organization should look at the
degree that an IT system contributes to customer acquisition and retention.
Investment center
The investment center has a future orientation. It focuses on innovations, for example creating new business
capabilities by means of IT. This requires more than IT. New business capabilities are created with a unique
combination of structure, processes, systems and expertise. Investment centers should focus on more than
technology. Next to IT investments complementary investments will be needed to realise a business capability.
That is, IT investments become part of a total package. Investment center involves resource allocations based on
strategic redirection and reliance on IT for business innovations. The real options approach fits with the
investment center rather than traditional financial metrics, since the real options approach takes risks and
uncertainties into account. The investment center should be run as a venture capitalist. It requires the forward
look of a business innovator.
Profit center
The profit center has a focus on delivering IT products and services in an external marketplace. Next to financial
benefits the intangible benefits should also be taken into account in investment decisions. The profit center
needs an external, marketing orientation, instead of an internal captive monopoly. The profit center should work
in value networks and partner with other companies in combining complementary skills and resources to deliver
value.
Operating model
Next to the commercial strategy that is chosen for IT operations, as outlined in the previous sections, we also
need to take into account the more operational aspects of the organization in defining an IT planning and
valuation approach. As Ross, Weill and Robertson (2006) show with numerous case studies, successful
enterprises employ an ‘operating model’ with clear choices on the levels of integration and standardization of
business processes across the enterprise (Figure 3):
1. Diversification: different business units are allowed to have their own business processes. Data is not
integrated across the enterprise. Example: diversified conglomerates that operate in different markets,
with different products.
2. Replication: business processes are standardized and replicated across the organization, but data is
local and not integrated. Example: business units in separate countries, serving different customers but
using the same centrally defined business processes. Example: a fast food chain replicating its way of
working through all its local branches.
3. Coordination: data is shared and business processes are integrated across the enterprise, but not
standardized. Example: a bank serving its clients by sharing customer and product data across the
enterprise, but with local branches and advisers having autonomy in tailoring processes to their clients.
4. Unification: global integration and standardization across the enterprise. Example: the integrated
operations and supply chain of a chemicals manufacturing company.
This operating model should fit both their area of business and their stage of development.
Page | 72
IT Management 2B
Ross et al. explain the role of enterprise architecture as the organizing logic for business processes and IT
infrastructure, which must reflect the integration and standardization requirements of the operating model. For
example, ERP systems are used extensively by companies that have a unification strategy, since these systems
are well-suited for both sharing data and standardizing business processes across the enterprise. In a
diversification scenario, however, investing in an ERP system might be a wrong choice, since the varied
collection of business processes and localized data do not lend themselves to the ‘one size fits all’ approach of
such a system.
Figure 3. Operating models (Ross et al., 2006).
Next to this operating model, they provide a stage model of the architectural development of organizations:
1. Business silos: every individual business unit has its own IT and does local optimization.
2. Standardized technology: a common set of infrastructure services is provided centrally and efficiently.
3. Optimized core: data and process standardization, as appropriate for the chosen operating model, are
provided through shared business applications (e.g. ERP or CRM systems).
4. Business modularity: loosely coupled IT-enabled business process components are managed and
reused, preserving global standards and enabling local differences at the same time.
5. Dynamic venturing: rapidly reconfigurable, self-contained modules are merged seamlessly and
dynamically with those of business partners.
In practice, most companies are still in stages 1–3. Investment decisions should be guided by the chosen
operating model and the current and desired stage of an organization. E.g. if an organization wants to move from
stage 1 to stage 2, the focus should be on standardizing and centralizing IT infrastructure in order to achieve
efficient operations. The contribution of IT systems and projects to achieving the desired stage, in concordance
with the chosen the operating model, should be a core criterion in valuating these systems or projects.
Another reason for using enterprise architecture in investment decisions is that it provides a coherent view of the
various dependencies between IT systems and of their contribution to business processes and services, and
hence of the broader effects of a localized IT investment decision.
Describing business requirements
Knowing what the overall IT strategy and resulting operating model is, is only a first step. Next, we have to make
Page | 73
IT Management 2B
these strategic choice more concrete and define the resulting business goals and requirements are. Business
requirements management denotes the early phase of the requirements management process that is concerned
with the identification, description, analysis and validation of requirements at business level and their realization
in enterprise architecture. These requirements are a reflection of the business strategy and provide a
concretization of this strategy.
A desired organizational and/or technical change requires the investigation of the stakeholders that are involved
and their concerns regarding the change. New goals and requirements are identified, or existing ones are
changed, to address these concerns. Analysis of these goals and requirements is needed to guarantee
consistency and completeness, and to propose one or more alternative architecture designs that realize the
goals and requirements. Validation of these alternative designs aims at assessing their suitability and selecting
the best alternative.
In this way, business requirements capture the motivation and rationale behind (the design of) enterprise
architectures. Furthermore, architecture artifacts, such as business services, processes and supporting software
applications, are related to the (high-level) goals and requirements they originate from. Or put in another way,
goals and requirements can be traced towards the architecture artifacts that realize them. This traceability
between goals and requirements on one side and architecture artifacts on the other side is important to valuate
these artifacts. In the context of this work, the valuation of artifacts that represent or require IT support is of
particular interest. The valuation of some artifact in terms of the allocation of costs and benefits may largely
depend on the goals and requirements to which the artifact contributes.
Problem chains
Requirements engineering (RE) is concerned with the process of finding a solution for some problem. This
concern can be approached from a problem-oriented view, which focuses on understanding the actual problem,
and a solution-oriented view, which focuses on the design and selection of solution alternatives.
Problem- and solution-oriented requirements engineering can be considered as two consecutive or
complementary phases. Iterations of these phases may be applied to address a problem progressively, i.e., in
multiple, successive steps. From this perspective we can identify so-called problem chains, where each chain
links a problem to a solution such that the solution is considered again as a problem by the next chain. For
example, a business analyst may investigate a business problem and specify a business solution for this
problem. This new solution may require IT support, therefore becoming a problem for the IT analyst. Figure 4
illustrates the notion of problem chains.
Figure 4. Problem chains
Problem chains link requirements engineering to enterprise architecture. This is illustrated in Figure 5. The why
column represents the problem-oriented view and defines the business needs, goals, requirements and usecases that should be addressed. The what column represents the solution-oriented view in terms of enterprise
Page | 74
IT Management 2B
architecture artifacts, such as services, processes and applications. These architecture artifacts define what the
enterprise must do to address the business needs, goals, requirements and use-cases. At the same time, these
requirements engineering artifacts motivate and justify why the enterprise architecture is defined the way it is.
Figure 5. Relation between requirements engineering and enterprise architecture
Requirements management and enterprise architecture
Following the idea of problem chains enables an iterative way of working. Given some problem, the first step is to
analyze the problem and elicit goals and requirements that address the problem. These goals and requirements
are represented by a requirements model. The second step is to conceive a composition of products, services,
processes and applications that realizes the goals and requirements. This composition is represented by an
enterprise architecture model. Both steps can again be repeated for (the problem of) realizing the elements of the
architecture.
Figure 6. Relation between requirements and architecture models
Figure 6 illustrates the relationship between requirements and architecture models, and indirectly, also the
relationship between the requirements management and enterprise architecture processes. These processes are
typically divided into distinct phases, which results in a series of requirements and architecture models such that
models in succeeding phases refine models from preceding phases (as represented by the dashed arrows). For
example, Figure 6 illustrates a process of two phases: the design and realization of some enterprise architecture.
Requirements engineering cycle
The idea of problem chains distinguishes two views on an architecture model: (i) as a design artifact that
represents a solution for some design problem, and (ii) as a frame of reference that delimits the design or
Page | 75
IT Management 2B
solution space. These views are illustrated in the left part of Figure 7.
Figure 7. Views on an architecture model
In general, requirements engineering starts with some organizational goal that needs to be addressed. This issue
cannot be approached ‘from scratch’, but has to take the current organization into account, as represented by
architecture model A1. This means that any requirement or goal in requirements model M should be defined
‘relative’ to architecture A1 in order to address the change. In this situation, architecture A1 acts as a frame of
reference for (problem-oriented) requirements engineering. Subsequently, a new architecture A2 is designed that
realizes a solution for the requirements and goals in model M. In this situation, architecture A2 is considered a
design artifact that results from (solution-oriented) requirements engineering.
The right part of Figure 7 depicts a further decomposition of requirements engineering into three steps:

Problem investigation, which focuses on the problem, i.e., the organizational change, by identifying
and analyzing its cause in terms of the involved stakeholders and their concerns, and by setting goals to
deal with the change.

Investigate solution alternatives, which refines the goals in order to find possible solutions to realize
them. Analyses are performed to reveal conflicts between (refined) goals or contribution relations
between goals in which goals contribute positively or negatively to other goals. Typically, these analyses
trigger the identification and elaboration of alternative solutions.

Solution validation, which validates alternative solutions and chooses the ‘best’ among them. This
choice is amongst others influenced by the conflict and contribution relations that have been identified.
These steps constitute a generic requirements engineering cycle that can be repeated at successive phases in
the development of some enterprise architecture, as indicated by the dashed arrows in Figure 7. Furthermore,
the identification, analysis and refinement of solution alternatives in the second step may be repeated as well,
leading to ‘sub-cycles’.
In Quartel, et al. (2009), a method and modeling language, as an adjunct to the ArchiMate language (Lankhorst
et al., 2009), have been presented that support business requirements management as outlined above. In this
paper, we will not go deeper into this topic, but merely use these ideas in an example below. The interested
reader is referred to the aforementioned publication.
Computing aggregate IT valuations
Page | 76
IT Management 2B
In the previous sections, we addressed the business strategy and requirements that provide the context for
determining the value of an organization’s IT portfolio. In the context of our method, the value of the IT portfolio is
related to the way in which IT projects and applications support these strategic goals and requirements. To
assess such a portfolio, the contributions of its various elements to the goals of the organization must be
determined. Note that this method does not provide a direct link with the effects of IT projects, and hence of the
organization, on the outside world; rather, it assesses the contribution of the IT portfolio to the organization’s
goals, which in turn may contribute to such external effects.
A contribution can be divided into two elements: its importance to a business goal and the quality or
effectiveness in supporting that goal. The value of an organization’s IT portfolio thus depends on the contribution
that its constituent elements provide to the business.
An interesting and useful way of computing an IT portfolio’s value based on these business contributions is
Bedell’s method (Schuurman et al., 2008). This method answers three questions:
1. Should the organization invest in information systems?
2. On which business processes should the investment focus?
3. Which information systems should be developed or improved?
The underlying idea of the method is that a balance is needed between the level of effectiveness of the
information systems and their level of strategic importance. Investments are more crucial if the ratio between the
effectiveness of an information system and its importance is worse.
In order to calculate this ratio, the following information needs to be determined:

The importance of each business process to the organization.

The importance of information systems to the business processes.

The effectiveness of the information systems to the business processes.
Based upon this information, three portfolios are calculated: for the organization as a whole, its business
processes, and the information systems that support these processes. Figure 8 depicts an example of all three
portfolios and associates a general investment decision to each quadrant of the portfolios. A dashed arrow points
to the ideal position of some organization, business process or information system (IS) in the portfolio.
Figure 8. Investment portfolios
The prioritization of investment proposals is determined by the contribution of each information system, which is
defined as the product of its importance and the projected improvement of its effectiveness. In addition, the value
Page | 77
IT Management 2B
of the investment can be evaluated by calculating a so-called project-return index. This index relates the
contribution of the information system to the development costs.
Foundation
Bedell’s method is well-suited to be used in combination with enterprise architecture models. Figure 9 depicts the
architecture elements on which the method operates: a business actor that represents the organization as a
whole, the business processes of the organization, the activities that are performed by the business processes,
and the information systems that support these activities. The architecture elements are represented in the
ArchiMate language (Lankhorst et al., 2009).
For convenience, the ‘used by’ relation is used to relate the architecture elements, except for the aggregation
relation between an individual ‘Information system’ (represented as an application service) and the collection of
(all) ‘Information systems’. As noted before, Bedell assumes the following restrictions on the architecture model:
(i) a business process may comprise multiple business activities, but a business activity contributes to only a
single business process, and (ii) a business activity is supported by a single information system (represented as
an application service), and an information system supports only a single business activity.
Figure 9. Bedell’s method and enterprise architecture
The names that are annotated to the ‘used-by’ relations in Figure 9 represent the variables that need to be
determined as input to the calculation of the investment portfolios as depicted in Figure 8:

IBO = the current Importance of some Business process to the Organization;

IAB = the current Importance of some Activity to some Business process;

IIB = the potential Importance of Information systems to some Business process;

ESA = the current Effectiveness of some Information System to some Activity.
Plotting portfolios
The information obtained from computing these indicators can be shown graphically, as illustrated by the figure
below. This type of plot is familiar to anyone who knows the business value – technical value diagrams used by,
for example, the ASL methodology, in particular its Application Lifecycle Duration Measurement Method (ALMM).
Page | 78
IT Management 2B
Figure 10. Example of an activity level portfolio
Figure 10 depicts an example of an activity-level portfolio. The importance of an activity to a business process is
represented by variable IAB at the y-axis. The effectiveness of a single information system in supporting an
activity is represented by variable ESA at the x-axis. Similar plots can be made at the business process and
organizations levels.
In Bedell’s method, an information system is considered effective when it is cost-effective, has high technical
quality and is functionally appropriate. It is considered strategically important when the activities it supports are
crucial to a business process or the organization in obtaining its strategic objectives. The prioritization of
investment proposals is determined by the contribution of each information system, which is defined as the
product of its importance and the projected improvement of its effectiveness. In addition, the value of the
investment can be evaluated by calculating a so-called project-return index. This index relates the contribution of
the information system to the development costs. However, the determination of all these variables is rather
subjective and lacks concrete guidance. Hence, we need more concrete measurements of the properties of the
IS landscape.
Tool support
The input variables IBO, IAB, IIB and ESA can be defined as attributes of the used-by relation in an ArchiMate
enterprise architecture model. This allows one to calculate the portfolios of Bedell’s method automatically. For
this purpose, the BiZZdesign Architect tool has been extended with a valuation profile for Bedell’s method and a
viewpoint for each portfolio. Figure 11 depicts part of the example from (Schuurman et al., 2008) as modeled in
ArchiMate. In addition the figure shows the profile properties in the Architect tool that are used to represent the
Bedell variables, including the labeling of some of the architecture elements with the values of the properties.
Page | 79
IT Management 2B
Figure 11. Valuation profile for Bedell’s method
The portfolio viewpoints calculate the values of the variables at the axes of the portfolios as explained before.
This information can be shown in a table (Figure 12) or in graphical form (Figure 13).
Figure 12. Business process portfolio in BiZZdesign Architect
Page | 80
IT Management 2B
Figure 13. Business process folio in Excel
Expressing and assessing value
For assessing an IT portfolio, specific measures are needed as input for decision making. These measures or
KPIs should be derived from the business goals. Bedell’s method uses ‘importance’ and ‘effectiveness’ as major
criteria, which are both single measures related to an application or business process. The notion of
‘effectiveness’ (or rather ‘quality’) is broad and it depends on the value center approach that the organization
chooses. For a service center approach, for example, customer satisfaction is an important criterion; the
effectiveness with which a system supports this may depend more on aspects such as usability. For a cost
center, low maintenance and efficient usage of resources is important, and for an innovation center, flexibility of a
system is essential to obtain an effective support of future capabilities.
Although the scope of the concept of effectiveness is large, the various views can all be related to concepts of IT
quality that are addressed in the ISO 9126 standard for software quality (ISO/IEC, 1991). Although this standard
was originally intended for classifying various types of requirements posed to a system before it is built, the
attributes can also be used to assess its qualities after it has been constructed.
The notion of ‘importance’ is more difficult to address. Although methods such as ASL [Van der Pols & Backer,
2006] provide questionnaires to investigate the business value of applications, much of this value is dependent
on, for example, the value of the information a system provides to the business, the value of future opportunities
opened up by IT, or the value of customer satisfaction created by a user-friendly system. A future project phase
might pay more attention to these types of value assessments.
One important category of indicators related to importance addresses risk. Risk in general is one of the criteria
on which managers base their investment decisions. ‘Risk’ is often defined as the effect of uncertainty on
business goals (e.g. in the ISO 31000 guide (ISO, 2009)). In the value center approach, ‘risk propensity’ is an
important factor in the type of value center. The cost and service centers aim for low-risk operations, whereas the
profit and investment centers allow for higher risks in order to obtain possible (but uncertain) gains from future
business opportunities. There are also risks concerned with failure of projects.
To provide the connection between the IT strategy and value center approach, we have investigated a first
mapping between the four value centers and the specific indicators that are most relevant for these centers.
Further research is needed to come up with concrete indicators that can be used within the context of the method
outlined in the previous sections. Furthermore, decision making, whether the decisions apply to IT or not, is
rarely performed under conditions of complete certainty. We will have to deal with these uncertainties and the
risks associated with these decisions. Bayesian networks (Johnson et al., 2007) are an established mathematical
Page | 81
IT Management 2B
technique to deal with uncertainties in networks of dependencies like enterprise architectures.
Another challenge is dealing with imprecise measures. If one asks an expert or managerial opinion on a
qualitative aspect of an IT system, his or her answer is often expressed in rather vague terms, for example: ‘this
system is rather good’, ‘this business process is very important’. But what does ‘rather good’ or ‘very important’
mean? Techniques such as fuzzy logic (Zadeh, 1965) could be used to express and reason about such terms.
Putting it all together
If we put all the elements described in the previous sections together, we arrive at the figure below. The value of
an artifact or project is determined by its contribution to the achievement of business goals. Its contribution is
loosely defined by ‘importance x quality / effectiveness’ of the artifact. Business goals are translated into
(operational) requirements on the enterprise architecture and into the structure of its operating model, and further
refined into KPIs for the artifacts. ‘Importance’ can be determined by assessing the ‘strength’ of the relations
between the business goals and the artifacts. ‘Effectiveness’ or ‘quality’ is determined by measuring the identified
KPIs. Based on these measures of importance and effectiveness, we can then determine the value of the
artifacts.
Decision making and evaluation of alternatives based on the valuation of an IT portfolio will require an
assessment of multiple aspects. An obvious case is the combination of financial aspects (e.g. direct cost, TCO,
ROI, NPV) in relation to measures of business and technical value or effectiveness and importance, as described
in the previous sections. Established financial instruments such as TCO or ROI calculations do not use the
architectural structure and dependencies but do their computations only on the individual elements present in the
portfolio. The outcomes of these techniques should of course be taken into account in making IT investment
decisions.
Each of these techniques results in some assessment or valuation. These results alone are of course not
enough. Given an assessment of the cost, returns and qualities of different alternatives, for example renovating
an application, replacing it completely, or leaving it as-is, how can the organization decide upon such a multitude
of inputs?
Rather than use a separate method for each of these assessments and combining the results by hand, our
ultimate goal is to develop a flexible plug-in architecture for architecture-based valuation methods, in which
different criteria can be combined using a central framework for multi-criteria analysis. Our aim is to provide an
integral approach that can be implemented in tools for architectural design and analysis, to provide optimal
support for architects and IT managers.
Moreover, using these techniques as part of the architectural design process, the value of using enterprise
architecture as a foundation for decision making is strengthened. Different design alternatives can be assessed
on their contribution to business value and well-informed decisions can be made that take the enterprise-wide
effects of changes into account.
In summary the above article should be looked at in the light of Information Technology investment, however as
an Information Technology manager, its very simple! Know what you want and need before you invest, therefore
one must have a proper design that will feed and service the goals of the organisation, and then make
Information Technology investments based on this planned design.
Page | 82
IT Management 2B
3.5 INVESTIGATE THE FOLLOWING METHODOLOGIES.
Use this https://docs.google.com/open?id=0B1ZF9spPlWD-Z2VjbVM4UExtYWs
Attempt explaining the following methodologies after reading
(Schniederjans, 2004) - This is an important reading to understand the
following and cannot be all explained here without making this section of
the book far too long. Here is the summary of what you will find in that
book.
Description
Type of
criteria
Tangible
Application
Benchmark
Technique
Construct a computer program to be run by vendors so as to
determine the run time of individual computer system
configurations
Application Transfer
Team
Conduct a study to determine exact requirements of the IT and
to support the business case
Automatic Value
Points
Calculate the degree of automation based on a set of criteria
concerning the contribution of IT to the overall business
performance
Tangible
and
intangible
Tangible
and
intangible
Bedell’s Method
Calculate contribution of an IT system by multiplying an
importance score by the level of quality improvement made by
the system
Tangible
and
intangible
Information
Economics
Calculate the overall value of an investment based on
enhanced ROI, business domain, and technology domain
criteria
Make a financial comparison between the organization and its
competitors, examine the portfolio of existing applications and
prepare the business case for areas with expected high returns
Tangible
and
intangible
Tangible
and
intangible
Investment Mapping
Calculate evaluation criteria scores and plot investment
alternatives on a grid
Investment Portfolio
Calculate contribution of IT system to business and technology
domain and calculate financial consequences (NPV) of the
system
Tangible
and
intangible
Tangible
and
intangible
Information Systems
Investment
Strategies
Page | 83
IT Management 2B
Information
Economics
Calculate the overall value of an investment based on
enhanced ROI, business domain, and technology domain
criteria
Tangible
and
intangible
Information Systems
Investment
Strategies
Make a financial comparison between the organization and its
competitors, examine the portfolio of existing applications and
prepare the business case for areas with expected high returns
Tangible
and
intangible
Investment Mapping
Calculate evaluation criteria scores and plot investment
alternatives on a grid
Investment Portfolio
Calculate contribution of IT system to business and technology
domain and calculate financial consequences (NPV) of the
system
Tangible
and
intangible
Tangible
and
intangible
Investment Portfolio
Calculate contribution of IT system to business and technology
domain and calculate financial consequences (NPV) of the
system
Tangible
and
intangible
Knowledge Based
System for IS
Evaluation
Obtain an overall quantitative rank based on traditional capital
budgeting techniques and an overall qualitative rank of projects
based on rules established by MIS planning groups and MCDM
models
Tangible
and
intangible
MIS Utilization
Technique
Calculate the overall success of an IT investment based on 48
performance criteria
Process Quality
Management
Analyze mission, critical success factors and key business
processes to identify areas for IT investment
Tangible
and
intangible
Tangible
and
intangible
Page | 84
IT Management 2B
RequirementsCosting Technique
Description
Calculate total cost of an investment as cost
of the mandatory features plus additional
costs for desirable but not included features
Type of criteria
Tangible
Return on
Management
Calculate the return of an investment that can
be attributed to management productivity
Tangible
SESAME
Compare the cost of a computer system with
the cost of performance without a computer
system
Tangible
SIESTA
Assess benefits and risks of the fit between IT
technology strategy/infrastructure and
business strategy/infrastructure
Mostly intangible
Strategic Application
Search and Systems
Invest. Meth.
Analyze the extent of existing systems and
identify the most productive areas for future
investment
Intangible
Value Analysis
Establish value of a system (and/or prototype)
by asking management simple value-related
questions and compare that value to
investment cost
Tangible and intangible
Ward’s Portfolio
Approach
Assess risk of investment and risk of the
portfolio of investments after undertaking
investment
Tangible and intangible
Zero-based
budgeting
Partition projects into smaller projects, assess
each smaller project based on the same
evaluation framework, and select the most
important smaller projects assuming limited
funding
Tangible and intangible
Balanced Scorecard
Evaluate an investment from the user’s,
business value, efficiency, and innovation/
learning perspectives
Tangible and intangible
Boundary
Values/Spending
Ratios
Cost Displacement/
Avoidance
Calculate the ratio of IT cost to a known
aggregate value (total sales, total assets, etc.)
Tangible
Compare the cost of IT investment to the
current costs displaced by the IT system plus
the projected costs avoided by the system
Tangible
Cost Effectiveness
Analysis
Compare the effectiveness of a system with
its cost and select the system with the lowest
cost, best effectiveness, or the optimal
combination of both
Tangible and intangible
Page | 85
IT Management 2B
Description
Obtain, compare, and rank factors critical to
business success, and based on these
rankings, deduce investment priorities
Type of criteria
Intangible
Hedonic Wage
Based on employee activity time allocation,
calculate the marginal value of each
employee and use these values to estimate
the value of IT investment benefits
Tangible
Real Options
Valuation
Calculate additional value of investment that
exists because it provides the option for a
second investment
Tangible and intangible
Quality Engineering
Translate perceived value and risk into a
quality score
Survey and compare user and IS
professionals’ opinions on the effectiveness
and importance of installed systems
Intangible
Critical Success
Factors
Satisfaction/ Priority
Surveys
Intangible
Structural Models
Create a model to analyze how an information Tangible and intangible
system affects the costs and revenues of the
particular business function or line of
business it is intended to serve
Time Savings Times
Salary
Calculate the value added of an IT investment
by estimating the percentage of time the
system will save workers and multiply by the
cost of the workers
Tangible
Value Chain Analysis
Assess how an IT investment can provide
competitive advantage in each phase of the
chain
Tangible and intangible
(Schniederjans, 2004)
In a macro economic sense, a firm operates within an
industry and within global markets. The integration of IT
creates linkages between all possible stakeholders that are
connected to or do business with any firm.
Stakeholders in a macro economic sense include the
external partnering companies that help the firm perform
their business functions, their supply-chains that link firms
together in their industry and with other supply-chains, the
REMEMBER:
If a firm in a particular
industry does not make
the right IT investment
decision, then all
stakeholders can be
negatively impacted and
incur costs
government, and society as whole.
Page | 86
IT Management 2B
If a firm in a particular industry does not make the right IT investment decision, then all
stakeholders can be negatively impacted and incur costs.
IMPACT OF STAKE HOLDER AND COSTS
Stakeholder
Examples of macro economic costs
Industry customers
Poor IT decisions could cause the firm to go out of business. That reduces
competition and increases the likelihood of higher prices to customers. It also
diminishes the quality of selection of products within the industry to all
customers.
Industry members
Poor IT decisions could cause the firm to go out of business, which could
diminish the industry’s demand for supplies, and in turn possibly diminish the
supply-chain network that support other companies in the same industry.
Industry partners
and supply-chain
members
Poor decisions on IT can burden suppliers, vendors, and consultants forcing
them to incur needless costs to maintain equally poor IT that may not serve
their internal needs. Poor IT and the interfaces across supply-chains can slow
down communications, making them less efficient and more costly for all
members. Since in economic theory all supply-chains are linked together,
diminishing one supply-chain will have a negative impact on all those other
supply-chains that are linked to it.
Government
Poor IT can inhibit information between the firm and the government agencies
in monitoring problems. Earlier detection of problems and notification by the
government might save the firm unnecessary rework costs. Poor IT can also
burden the government in their efforts to do a better service for all society and
increases the government’s costs.
Society
Poor IT can delay, delete, and cancel customer orders causing frustration and
costs of all kind. Poor IT investments will eventually be passed on to the
consumer, which means needless higher costs to them. Some bad decisions
can cause an entire company to go out of business, resulting in the loss of
jobs to the employees and revenue to their local economies.
MICRO ECONOMIC VIEW
IT asset risks to
hardware,
software, and data
Vulnerability due
to access can
cause law suits
due to revealing
sensitive customer
information
IT staff risks
Employee training exceeds estimates
requiring additional expenses
IT design and
development risks
Failure to obtain
anticipated
benefits adds to
cost of operations
IT
implementation
risks
Costs that
exceed
estimates
Page | 87
IT Management 2B
Vulnerability due
to piracy or theft
requires
replacement costs
Changes in salary to match new
technology skills increases expenses
IT unable to
support current
business
operations
requires ongoing
and additional
future
expenditures to fix
Time exceeding
estimates can
cause lost
customers and
penalty costs
Vulnerability due
to purposeful or
accidental deletion
Management time exceeds expectations
IT unable to
support future
business
operations
requires ongoing
and additional
future
expenditures to fix
Unexpected user
resistance to
using IT can
cause lost
productivity
adding to
operating
expenses
Vulnerability due
to natural disasters
can cause a loss of
customers
Employee motivation drops as time
increases, requiring overtime expense
Incompatibility or
integration system
failures requires
ongoing and
additional future
expenditures to fix
Changes cause
temporary loss
of productivity
adding to
operating
expenses
(Schniederjans, 2004)
Page | 88
IT Management 2B
Group Work
Please research the following methodologies for Information Technology
Investment: It is required to do this reading and research to understand strategies
for making the right IT investment decisions and avoiding IT costs.
METHOD:




















Accounting rate of return: Analytic hierarchy process: Application
benchmark technique: Application transfer team: Automatic value points:
Balanced scorecard: Bayesian analysis:
Bedell's method
Buss's method:
Benefits-risk portfolio: Benefit assessment grid: Breakeven
analysis: Boundary value:
Cost benefit analysis: Cost benefit ratio:
Cost displacement/avoidance:
Cost effectiveness analysis: Cost-value technique:
Cost revenue analysis: Critical success factors: Customer
resource life cycle: Decision analysis:
Delphi evidence:
Executive Planning for Data Processing: Functional Analysis of Office
Requirements: Gameplaying:
Hedonic wage model: Information Economics: Investment
mapping: Investment portfolio:
Information systems investment strategies: Knowledge based system for IS
evaluation: MIS utilisation technique:
Multi-objective, multi-criteria methods: Option theory:
Potential problem analysis: Profitability index:
Process quality management: Quality engineering:
Return on investment: Return on management:
Requirements-costing technique: Schumann's method:
SESAME:
Seven milestone approach: Strategic application search: Strategic
option generator:
SEE: REQUIRED READING AT START OF CHAPTER.
Page | 89
IT Management 2B
3.6 Strategies for Making the Right IT Investment Decisions and
Avoiding IT Costs
Schniederjans says "IT value and implementation must be discussed in the context of the organization’s goals,
strategies, tactics, operational plans, and culture. In order to determine a payback, you must determine the
benefits as they help an organization achieve their goals
Executive managers, not IT managers, should determine strategic allocation decisions. The total amount of
funds to invest in IT, which business processes should receive funding and which IT capabilities are needed
organization-wide are decisions that executive managers or vice presidents (VPs) should make, not IT managers
In order to measure IT value and its performance over time, utilize many measures of contribution and
performance. The fastest way to fail in IT value measurement is to limit an analysis of cost or benefits to just a
few points in an information system or just a few measures of performance
General guidelines on issues of security and privacy risks, project failure risks, and the quality of IT services
should be determined by executive managers and not IT managers. Security, privacy and project failure risks
can be very large risks, involving the potential destruction of the entire organization. They are, therefore, serious
enough for executive managers, CIOs or VPs to have a hand in establishing their willingness to access these
risks.
IT evaluation methods must evolve with the organization. Organizations change over time, IT adapts to those
changes, and the measurement methods and systems used to monitor and assess the value of IT must also
change
Recognize the limitations of the IT investment methodologies at each phase of the IT investment decision
process. These limitations may in some cases disqualify methodologies from being applied, and rightfully so
Recognize in all the selection processes mentioned above that the IT manager has potential biases that can
preclude the right IT decision choice from the analysis. Making the right decision on both the criteria to include in
the IT investment decision analysis and the methodology to use requires decision making skills that make us
aware of factors that may bias our decision process. 16"
16
(Schniederjans, 2004, p.375)
Page | 90
IT Management 2B
3.7 Conclusion
If you make the right IT decisions, you will end up with an investment that
helps your organization to introduce, create or enhance a competitive
advantage
Improving organization agility: One of the most important competitive
advantages in today’s markets is the ability to be agile or develop the
capacity to react quickly and successfully to change so as to compete
effectively in many developed and emerging global markets.
Helps organizations adjust marketing mix factors to better compete: As
markets for products change, so do what customers look for in a product
change. Successful firms must change their marketing efforts to match the
consumer expectations in the mix features offered with a product.
A means of identifying strategic external competitive intelligence: Implicitly
or explicitly an organization’s strategic intelligence is a pre-requisite for
change, and that effective investments in IT represent a critical
requirement for implementing the changes that will take place as a results
of that intelligence
Reducing IT investment costs: The right decision on IT investment
sometimes means not making an investment at all
REMEMBER:
Invest in Information
Technology to:
Improve agility,
marketing efforts must
match consumer
expectations
Strategic intelligence is a
pre-requisite for change
Information Technology
investments should be
made only after proper
investigation
Sometimes you should
not invest at all at that
moment!
Page | 91
IT Management 2B
SECTION FOUR: BUSINESS INTELLIGENCE
CONTENTS
SECTION FOUR: BUSINESS INTELLIGENCE ....................................................................................................... 92
4.1 LEARNING OUTCOMES ............................................................................................................................... 94
4.2 READING ..................................................................................................................................................... 95
4.3 INTRODUCTION ............................................................................................................................................... 96
4.4 WHAT IS BI? ................................................................................................................................................ 97
4. 5 REASONS FOR BUSINESS INTELLIGENCE................................................................................................................ 98
4.6 BENEFITS OF BUSINESS INTELLIGENCE .................................................................................................................. 99
4.7 FACTORS INFLUENCING BUSINESS INTELLIGENCE .................................................................................................... 99
4.8 FUTURE OF BUSINESS INTELLIGENCE .................................................................................................................. 103
4.9 CONCLUSION ................................................................................................................................................ 109
GROUP WORK .................................................................................................................................................... 110
Page | 92
IT Management 2B
Think point



One of the critical areas for success within an organisation is doing their homework.
What must the organisation do to in terms of the decisions it makes in order increase
profits and its success?
Who said to succeed in war, one should have full knowledge of one's own strength
and weaknesses and full knowledge of the enemies strength and weaknesses?
How can we turn the tide on being data rich but information poor?
Page | 93
IT Management 2B
4.1 LEARNING OUTCOMES




Understand that smart business decisions are based on factual information that is
constantly being analyzed
Understand what Business Intelligence is?
Understand why we would want to use Business Intelligence
Understand how to use various tools in the Business Intelligence process.
Page | 94
IT Management 2B
4.2 READING
Recommended Reading:
Reynolds, George W. (2010) Information Technology for Managers, International Edition. United
States of America: Cengage Learning
DETAILS: Chapter of Book that should be read.
Chapter 1: Managers: Key to Information Technology Results.
Chapter 2: Strategic Planning.
Chapter 8: Enterprise Resource Planning.
Chapter 9: Business Intelligence.
Chapter 10: Knowledge Management.
Williams, B and Sawyer,S. (2010) Using Information Technology, 8th Edition. USA, New York:
Mcgraw-Hill
Paige Baltzan, A.P., 2009. Business Driven Information Systems. New York: McGraw-Hill.
DETAILS: Chapter of Book that should be read.
Chapter 1: Information Systems in Business
Chapter 2: Strategic Decision Making
Chapter 3: E-Business
Chapter 5: IT Architectures
Chapter 6: Databases and Data Warehouses
Chapter 8: Supply Chain Management
Chapter 9: Customer Relationship Management
Chapter 10: Enterprise Resources Planning and Collaboration Systems
Web Links
Please view as many of these presentations as you wish:
BTI Presentations. 2012. BTI Presentations. [ONLINE] Available at:
http://www.bolder.com/presentations.htm. [Accessed 17 May 2012].
Page | 95
IT Management 2B
4.3 Introduction
Gartners 2008
17
CIO survey highlights that Business Intelligence (BI) is of extreme importance to all
CIO's. The Business performance of an enterprise can dramatically improve when decisions are no
longer just decisions, but smart decisions based factual relevant information.
If you are just learning about BI or trying to build BI into your own businesses and you are not sure
where to start or how to proceed, then you are not alone. It is a challenge to design a successful BI.
Some key contributing factors will be the selection of people, processes and technology and how they
"gel" together to create a cohesive working system.
BI helps you to get all the facts needed to make critical and well-timed decisions that will achieve the
objectives of advancing business. By making the very best use of the information available, smart
decisions can be made which are geared towards the objectives of the company, however this needs to
be tempered by a conscious approach of the dynamics of staff and resources within the organisation. In
a nutshell you must establish a strategy before you bring technology or techniques into play.
It is extremely important to understand the factors which influence BI and learn how to design an
effective BI strategy. Prior to starting work on a BI strategy, you must
document your overall business objectives to help formulate BI vision
for the growth of business. After documenting the initial list of key
objectives, you should work with the key stakeholders to confirm the
validity of items on the list and their prioritization. This will ensure
that you start building your BI strategy with a proper foundation
aligned with your business and with the buy-in from stakeholders.
Scope of BI should include making the best use of information for
strategic, tactical, and operational needs. Your purpose in building BI
strategy is to help business with long-term planning, help middle
management with tactical reporting, and help operations with day-today decision making to run the business efficiently. BI is all about
REMEMBER:
To help formulate BI
vision, you must
document your overall
business objectives
Then you should work
with the key
stakeholders to confirm
the validity of items on
the list and their
prioritization
providing people with the information they need to do their jobs more effectively. A wide range of BI
services needs to be provided to meet a wide range of requirements. Scope of BI Strategy should be
determined by the business drivers and business goals. Scope should always account for the changing
17
Gartner, Gartner identifies the top 10 Strategic Technologies for 2009, October 2008
Page | 96
IT Management 2B
business requirements to keep the BI strategy aligned with business. You should not limit your ability to
apply the principles with a restrictive BI strategy. BI strategy should include a broad set of processes,
technologies, and stakeholders for collecting, integrating, accessing, and analyzing information for the
purpose of helping enterprise make better business decisions. BI solutions should enable users to be
able to quickly adapt to new business requirements and evolving sources of information. Overall, BI
vision should be planned in advance of any iteration being implemented. It is vital to establish a BI
vision to ensure that implementation of specific components fits in the overall BI strategy. BI strategy
should state and document the needs as identified by the stakeholders, highlighting how BI fits into the
broader enterprise vision. BI strategy should take into consideration appropriate framework,
methodology, processes, governance, systems, and technology to deliver value that aligns with the
business objectives and priorities.
4.4 WHAT IS BI?
According to Baltzan and Philips, Business intelligence (BI) refers to applications and technologies that
are used to gather, provide access to, and analyze data and information to support decision making
efforts.
"Business intelligence (BI), relates to the intelligence as information valued for its currency and
relevance. It is expert information, knowledge and technologies efficient in the management of
organizational and individual business. Therefore, in this sense, business intelligence is a broad
category of applications and technologies for gathering, providing access to, and analyzing data for the
purpose of helping enterprise users make better business decisions. The term implies having a
comprehensive knowledge of all of the factors that affect your business. It is imperative that you have
an in depth knowledge about factors such as your customers, competitors, business partners,
economic environment, and internal operations to make effective and good quality business decisions.
Business intelligence enables you to make these kinds of decisions.
A specialized field of business intelligence known as competitive intelligence focuses solely on the
external competitive environment. Information is gathered on the actions of competitors and decisions
are made based on this information. Little if any attention is paid to gathering internal information.
Page | 97
IT Management 2B
4. 5 Reasons for Business Intelligence
Business Intelligence enables organizations to make well informed business decisions and thus can be
the source of competitive advantages. This is especially true when you are able to extrapolate
information from indicators in the external environment and make accurate forecasts about future
trends or economic conditions. Once business intelligence is gathered effectively and used proactively
you can make decisions that benefit your organization before the competition does.
The ultimate objective of business intelligence is to improve the timeliness and quality of information.
Timely and good quality information is like having a crystal ball that can give you an indication of what's
the best course to take. Business intelligence reveals to you:

The position of your firm as in comparison to its competitors

Changes in customer behaviour and spending patterns

The capabilities of your firm

Market conditions, future trends, demographic and economic information

The social, regulatory, and political environment

What the other firms in the market are doing
You can then deduce from the information gathered what adjustments need to be made.
.
Page | 98
IT Management 2B
4.6 Benefits of Business Intelligence
Business Intelligence provides many benefits to companies utilizing it.
It can eliminate a lot of the guesswork within an organization,
enhance communication among departments while coordinating
activities, and enable companies to respond quickly to changes in
financial conditions, customer preferences, and supply chain
operations. Business Intelligence improves the overall performance of
the company using it.
Information is often regarded as the second most important resource
a company has (a company's most valuable assets are its people). So
when a company can make decisions based on timely and accurate
information, the company can improve its performance. Business
Intelligence also expedites decision-making, as acting quickly and
correctly on information before competing businesses do can often
result in competitively superior performance. It can also improve
REMEMBER:
The use of BI
Businesses realize that in
this very competitive,
fast paced, and everchanging business
environment, a key
competitive quality is
how quickly they
respond and adapt to
change. Business
intelligence enables
them to use information
gathered, so they can
quickly and constantly
respond to changes as
they happen.
customer experience, allowing for the timely and appropriate
response to customer problems and priorities.
4.7 Factors Influencing Business Intelligence
Customers are the most critical aspect to a company's success. Without them a company cannot exist.
So it is very important that you have information on their preferences. You must quickly adapt to their
changing demands. Business Intelligence enables you to gather information on the trends in the
marketplace and come up with innovative products or services in anticipation of customer's changing
demands.
Page | 99
IT Management 2B
Competitors can be a huge hurdle on your way to success. Their objectives are the same as yours and
that is to maximize profits and customer satisfaction. In order to be successful you must stay one step
ahead of your competitors. In business you don't want to play the catch up game because you would
have lost valuable market share. Business Intelligence tells you what actions your competitors are
taking, so you can make better informed decisions.
Business Partners must possess the same strategic information you have so that there is no
miscommunication that can lead to inefficiencies. For example it is common now for businesses to
allow their suppliers to see their inventory levels, performance metrics, and other supply chain data in
order to collaborate to improve supply chain management. With Business Intelligence you and your
business partners can share the same information.
Economic Environment such as the state of the economy and other key economic indicators are
important considerations when making business decisions. You don't want to roll out a new line of
products during an economic recession. BI gives you information on the state of the economy so that
you can make prudent decisions as to when is the right time to maybe expand or scale back your
business operations.
Internal Operations are the day to day activities that go on in your business. You need in-depth
knowledge about the internal workings of your business from top to bottom. If you make an arbitrary
decision without knowing how your entire organization works it could have negative effects on your
business. BI gives you information on how your entire organization works.
Technology
Business intelligence provides organizational data in such a way that the organizational knowledge
filters can easily associate with this data and turn it into information for the organization. Persons
involved in business intelligence processes may use application software and other technologies to
gather, store, analyze, and provide access to data, and present that data in a simple, useful manner.
The software aids in business performance management, and aims to help people make "better"
Page | 100
IT Management 2B
business decisions by making accurate, current, and relevant information available to them when they
need it. Some businesses use data warehouses because they are a logical collection of information
gathered from various operational databases for the purpose of creating business intelligence.
Technology Requirements
For the Business Intelligence system to work effectively, enterprises must address the following
technical issues:
o Security and specified user access to the warehouse
o Data volume (capacity)
o How long data will be stored (data retention)
o Benchmark and performance targets
Software Types
People working in business intelligence have developed tools that ease the work, especially when the
intelligence task involves gathering and analyzing large quantities of unstructured data. Each vendor
typically defines Business Intelligence their own way, and markets tools to do Business Intelligence the
way that they see it.
Business intelligence includes tools in various categories, but the ones that we are able to help you with
include the following:
o Data Mining, Data Marts
o Decision Support Systems
o Enterprise Integration and Reporting
o Enterprise Reporting for Mainframes
o Web Based Reporting
o Web Enabling
o Web Services
History
An early reference to non-business intelligence occurs in Sun Tzu's The Art of War. Sun Tzu claims
that to succeed in war, one should have full knowledge of one's own strengths and weaknesses and full
knowledge of one's enemy's strengths and weaknesses. Lack of either one might result in defeat. A
Page | 101
IT Management 2B
certain school of thought draws parallels between the challenges in business and those of war,
specifically:

collecting data

discerning patterns and meaning in the data (generating information)

responding to the resultant information
Prior to the start of the Information Age in the late 20th century, businesses sometimes struggled to
collect data from non-automated sources. Businesses then lacked the computing resources to properly
analyze the data, and often made business decisions primarily on the basis of intuition.
As businesses started automating more and more systems, more and more data became available.
However, collection remained a challenge due to a lack of infrastructure for data exchange or to
incompatibilities between systems. Analysis of the data that was gathered and reports on the data
sometimes took months to generate. Such reports allowed informed long-term strategic decisionmaking. However, short-term tactical decision-making continued to rely on intuition.
In modern businesses, increasing standards, automation, and technologies have led to vast amounts of
data becoming available. Data warehouse technologies have set up repositories to store this data.
Improved Extract, transform, load (ETL) and even recently Enterprise Application Integration tools have
increased the speedy collecting of data. OLAP reporting technologies have allowed faster generation of
new reports which analyze the data. Business intelligence has now become the art of sifting through
large amounts of data, extracting pertinent information, and turning that information into knowledge
upon which actions can be taken.
Business intelligence software incorporates the ability to mine data, analyze, and report. Some modern
BI software allow users to cross-analyze and perform deep data research rapidly for better analysis of
sales or performance on an individual, department, or company level. In modern applications of
business intelligence software, managers are able to quickly compile reports from data for forecasting,
analysis, and business decision making.
In 1989 Howard Dresner, a Research Fellow at Gartner Group popularized "BI" as an umbrella term to
describe a set of concepts and methods to improve business decision-making by using fact-based
support systems.
Page | 102
IT Management 2B
4.8 Future of Business Intelligence
In this rapidly changing world consumers are now demanding quicker more efficient service from
businesses. To stay competitive, companies must meet or exceed the expectations of consumers.
Companies will have to rely more heavily on their business intelligence systems to stay ahead of trends
and future events. Business intelligence users are beginning to demand Real time Business Intelligence
or near real time analysis relating to their business, particularly in frontline operations. They will come to
expect up to date and fresh information in the same fashion as they monitor stock quotes online.
Monthly and even weekly analysis will not suffice.
In the not too distant future companies will become dependent on real time business information in
much the same fashion as people come to expect to get information on the internet in just one or two
clicks.
Also in the near future business information will become more democratized where end users from
throughout the organization will be able to view information on their particular segment to see how it's
performing.
So, in the future, the capability requirements of business intelligence will increase in the same way that
consumer expectations increase. It is therefore imperative that companies increase at the same pace or
even faster to stay competitive.
"BI 2.0" is the recently-coined term which is part of the continually developing Business Intelligence
industry and heralds the next step for BI. "BI 2.0" is used to describe the acquisition, provision and
analysis of "real time" data, the implication being that earlier Business Intelligence and Data Mining
products (BI 1.0?) have not been capable of providing the kind of timely, current data end-users are
now clamoring to have. Realizing that hype has historically outpaced reality as Business Intelligence
software companies compete for marketshare As long as Business Intelligence relies upon some kind
of data warehouse structure (including web-based virtual data "warehouses"), data will have to be
converted into what Hayler calls "a lowest common denominator consistent set." When it comes to
dealing with multiple, disparate data sources and the constantly changing, often volatile, business
environment which requires tweaking and restructuring of IT systems, getting BI data in a genuinely
true, "real time" format remains, again according to Hayler, "a pipe dream...As long as people design
data models and databases the traditional way, you can forget about true 'real-time' business
Page | 103
IT Management 2B
intelligence across an enterprise: the real world gets in the way".In the near future business information
will become more democratized where end users from throughout the organization will be able to view
information on their particular segment to see how it's performing.
In the future, the capability requirements of business intelligence will increase in the same way that
consumer expectations increase. It is therefore imperative that companies increase at the same pace or
even faster to stay competitive.18
Business intelligence (BI) has two basic different meanings related to the use of the term intelligence.
The primary, less frequently, is the human intelligence capacity applied in business affairs/activities.
Intelligence of Business is a new field of the investigation of the application of human cognitive faculties
and artificial intelligence technologies to the management and decision support in different business
problems. The second relates to the intelligence as information valued for its currency and relevance. It
is expert information, knowledge and technologies efficient in the management of organizational and
individual business. The paper explores the concepts of BI, its components, emergence of BI, benefits
of BI, factors influencing BI, technology requirements, designing and implementing business
intelligence, and various BI techniques. Powerful transaction-oriented information systems are now
commonplace in every major industry, effectively leveling the playing field for corporations around the
world. To remain competitive, however, now requires analytically oriented systems that can
revolutionize a company's ability to rediscover and utilize information they already own. The Business
Intelligence (BI) has evolved over the past decade to rely increasingly on real time data. The Business
Intelligence (BI) has evolved to rely increasingly on real time data. Business analysis is becoming
essential. It involves actions in response to analysis of results and instantaneously changes parameters
of business processes making BI beneficial for several reasons.
Scifort - Business Intelligence garden. 2012. Scifort - Business Intelligence garden. [ONLINE]
Available at:
http://www.scifort.com/index.php?option=com_content&task=view&id=92&Itemid=151. [Accessed
06 May 2012].
18
Page | 104
IT Management 2B
Key performance indicators
Business Intelligence often uses Key Performance Indicators (KPIs) to assess the present state of
business and to prescribe a course of action. More and more organizations have started to make more
data available more promptly. In the past, data only became available after a month or two, which did
not help managers to adjust activities in time to hit Wall Street targets. Recently, banks have tried to
make data available at shorter intervals and have reduced delays.
The KPI methodology was further expanded with the Chief Performance Officer methodology which
incorporated KPIs and root cause analysis into a single methodology."19
Let's look at BI in more detail.
Figure 22- Basic Understanding of Business Intelligence (BI)
What is Business Intelligence | Products General. 2012. What is Business Intelligence | Products
General. [ONLINE] Available at: http://www.selectbs.com/products-general/what-is-businessintelligence. [Accessed 06 May 2012].
19
Page | 105
IT Management 2B
Business intelligence (BI) software is applied at three different levels in the enterprise: strategic, tactical
and operational. At the strategic level, BI provides performance metrics to management and executives,
often in conjunction with a formal management methodology such as Balanced Scorecard or Six
Sigma. Strategic business intelligence, one of the latest crazes, is generally called performance
management (PM). Depending upon which analyst firm you subscribe to, PM might be preceded by a C
for corporate performance management, an E for enterprise performance management or a B for
business performance management (not to be confused with BPM, the acronym for business process
management).
Tactical business intelligence, called traditional and/or analytical in various industry articles, is the
application of business intelligence tools to analyze business trends, frequently comparing a specific
metric (such as sales or expenses) to the same metric from a previous month or year. In most
companies, there are usually a few analysts in each department who use online analytical processing
(OLAP) and ad hoc query to perform this task. To date, BI tools are mostly used to analyze historical
business data to discover trends or anomalies that need attention.
Finally, operational business intelligence delivers information to the point of business - the front lines of
a business where information is used as part of an operational process. For example, when a person
calls a toll-free number to speak to a customer service representative about his or her telephone bill,
that representative will most likely be looking at a report about the caller's previous billing history and
payment record on a computer monitor. The most interesting thing about this example, as in many
examples of operational BI, is that the person using the BI tool has probably never even heard of the
term business intelligence. Customer service reps do not consciously use a business intelligence tool.
The information is simply put in front of them when they're doing their operational jobs - in this case,
customer support.
Page | 106
IT Management 2B
Figure 23- BI Strategic, Tactical and Operational20
Strategic, tactical and operational business intelligence are like the navigation system, the dashboard,
and the gas pedal, brake pedal and steering wheel in an automobile. The navigation system constantly
shows you whether or not you are on course to reach your destination. This works exactly like a
strategic BI scorecard or performance management system that tells management whether or not the
company is on target to meet its goals. In both cases, the driver and management will take corrective
action if they see that they are off course.
The dashboard, with its fuel gauge, odometer, speedometer and engine lights, mimics tactical business
intelligence. The gauges tell the driver how far he or she has traveled, if the car's systems are
functioning correctly and whether or not more fuel is needed. Similarly, tactical BI looks at historical
data to see if enough has been sold compared to last month and whether or not there is inventory to
meet expected demands.
Finally, operational BI is very much like the steering wheel and the gas and brake pedals, which are
used for all immediate front-line reactions in driving. There is a detour in the road; you must turn right
here to avoid it. A car in front of you has stopped, so you need to slow down and stop as well. The
customer support call is handled in the same way. It is an immediate reactive business process.
Strategic, Tactical and Operational Business Intelligence - Information Management Online Article.
2012. Strategic, Tactical and Operational Business Intelligence - Information Management Online
Article. [ONLINE] Available at: http://www.information-management.com/news/1055164-1.html.
[Accessed 06 May 2012].
20
Page | 107
IT Management 2B
Figure 24 - Operational Tactical and Strategic BI21
Figure 25- The three forms of BI must work according towards a common goal.22
21
22
(Paige Baltzan, 2009, p.336)
(Paige Baltzan, 2009, p.337)
Page | 108
IT Management 2B
Figure 26 - The Latency between a business event and an action Taken from Richard
Hackathorn, Bolder Technologies.23
4.9 Conclusion
We can see that time and analysed data is key to decision making in an organisation. Let's conclude
this with an analogy of an automotive system to the car and driver and of the three levels of BI to the
company. Of the three levels of automobile components - navigation system, dashboard, and steering,
brake and gas - which can you not live without, even for one second? The steering, brake and gas.
Without them, you would either crash or potentially make no progress. The same is true for operational
BI. While strategic and tactical BI look at historical data to tell management and analysts where the
business has been and how it is performing, it is the company's operational processes that keep it
running. Ask the corporate executive whether the company could live without its performance scorecard
report or without the customer support system for a day or two. Customer support cannot stop. It is part
and parcel of how a business operates.
Many people can drive a car with just a steering wheel, gas pedal and brake, and even get to their final
destination. Sooner or later, however, they will either run out of gas or get lost. It is the same for
business. To truly get the most out of business intelligence, you need to have all three levels - strategic,
tactical and operational - working in conjunction with one another. However, a business executive
23
(Paige Baltzan, 2009, p.337)
Page | 109
IT Management 2B
cannot forget the importance of operational delivery of information to front-line workers - without it the
company might crash.
Group Work
Look at the following example of business intelligence software in a live context and
answer the following questions:
"How does a user maintain the gaming floor?
vizMapEditor allows users to make changes and updates to the casino floor map image within the
floorVizPLUS software to reflect actual changes on the gaming floor (Figure 1). This ensures that the
analysis is correctly represented against the correct casino floor map.
vizMapEditor is fully integrated into floorVizPLUS and allows a user to change an existing map or
create multiple designs for analysis purposes and for future use.
vizMapEditor is web based and not only does it manage the casino floor maps, it also manages the
slowly changing dimensions that are associated with the casino floor map. The management of the
slowly changing dimensions is very important for analysis of changes on the gaming floor. The
software makes the management of this data very straight forward. Furthermore, when the updates
to the floor maps are made, they are automatically made in the database, so the normal data
management such as backups and restores can be managed by the data team"24
24
Product Overview » BIS². 2012. Product Overview » BIS². [ONLINE] Available at:
http://www.bis2.net/home/products/productoverview/. [Accessed 17 May 2012
Page | 110
IT Management 2B
1. If Company ABC wanted to implement this, what would the reason be for implementing this?
2. Why would a live analysis of information be crucial in a casino?
3. What other software is out there geared for BI. Find at least 3 and compare them and the value
especially in terms of dashboards and live information, IE: BI 2
Page | 111
IT Management 2B
SECTION FIVE: DATA WAREHOUSING AND DATA
MINING
CONTENTS
SECTION FIVE: DATA WAREHOUSING AND DATA MINING ........................................................................... 112
5.1 LEARNING OUTCOMES ............................................................................................................................. 114
5.2 READING ................................................................................................................................................... 115
5.3 YOU NEED A DATA WAREHOUSE TO DO ANY DATA MINING ................................................................................... 116
5.4 DEFINITION OF DATA MINING (DM) ................................................................................................................. 118
5.5 PURPOSE OF DATA MINING(DM)..................................................................................................................... 118
5.6 PROCESS OF DATA MINING ............................................................................................................................. 118
5.7 WHAT IS DATA MINING AND PREDICTIVE ANALYTICS USED FOR? .............................................................................. 119
5.8 CONCLUSION AND SUMMARY .......................................................................................................................... 120
Page | 112
IT Management 2B
Think point

What underlying infrastructure is required to make BI function?

What is the difference between raw data and analyzed data?

What are some of the data mining tools that are used?

What are some of the data mining activities?
Page | 113
IT Management 2B
5.1 LEARNING OUTCOMES

To understand where the organisation stores data.

How does one mine data?

How is data mining useful?
Page | 114
IT Management 2B
5.2 READING
Recommended Reading:
Paige Baltzan, A.P., 2009. Business Driven Information Systems. New York: McGraw-Hill.
DETAILS: Chapter of Book that should be read.
Chapter 6: Databases and Data Warehouses
Page | 115
IT Management 2B
5.3 You need a Data Warehouse to do any Data Mining
"The data warehouse (DW or DWH) is a database used for reporting and analysis. The data stored in
the warehouse are uploaded from the operational systems (such as marketing, sales etc., shown in the
figure at bottom). The data may pass through an operational data store for additional operations before
they are used in the DW for reporting.
The typical data warehouse uses staging, integration, and access layers to house its key functions. The
staging layer or staging database stores raw data extracted from each of the disparate source data
systems. The integration layer integrates the disparate data sets by transforming the data from the
staging layer often storing this transformed data in an operational data store (ODS) database. The
integrated data is then moved to yet another database, often called the data warehouse database,
where the data is arranged into hierarchal groups often called dimensions and into facts and aggregate
facts. The combination of facts and dimensions is sometimes called a star schema. The access layer
helps users retrieve data.
A data warehouse constructed from integrated data source systems does not require ETL, staging
databases, or operational data store databases. The integrated data source systems may be
considered to be a part of a distributed operational data store layer. Data federation methods or data
virtualization methods may be used to access the distributed integrated source data systems to
consolidate and aggregate data directly into the data warehouse database tables. Unlike the ETLbased data warehouse, the integrated source data systems and the data warehouse are all integrated
since there is no transformation of dimensional or reference data. This integrated data warehouse
architecture supports the drill down from the aggregate data of the data warehouse to the transactional
data of the integrated source data systems.
Data warehouses can be subdivided into data marts. Data marts store subsets of data from a
warehouse.
Page | 116
IT Management 2B
This definition of the data warehouse focuses on data storage. The main source of the data is cleaned,
transformed, cataloged and made available for use by managers and other business professionals for
data mining, online analytical processing, market research and decision support."25
Figure 27- Data Warehouse (Wikimedia Commons)
Information about data mining is widely available. No matter what your level of expertise, you will be
able to find helpful books and articles on data mining. Here are two web sites to help you get started:


http://www.kdnuggets.com/ — This site is an excellent source of information about data mining. It
includes a bibliography of publications.
http://www.twocrows.com/ — On this site, you will find the free tutorial, Introduction to Data Mining
and Knowledge Discovery, and other useful information about data mining.
Data warehouse - Wikipedia, the free encyclopedia. 2012. Data warehouse - Wikipedia, the free
encyclopedia. [ONLINE] Available at: http://en.wikipedia.org/wiki/Data_warehouse. [Accessed 01
July 2012].
25
Page | 117
IT Management 2B
5.4 Definition of Data Mining (DM)
(Williams & Sawyer, 2010, p.418) Define Data Mining as "The computer-assisted process of sifting through
and analysing vast amounts of data in order to extract hidden patterns and meanings and to discover
new knowledge."
5.5 Purpose of Data Mining(DM)
(Williams & Sawyer, 2010, p.418) "The purpose is to simply describe past trends and to predict future
trends." This is so simple to understand, however the impact and implication of using data mining is profound in
the results that can be achieved.
In a nutshell, a company can analyse all the large data it has on its clients to then draw conclusions or emerging
opportunities which it can then use to create new avenues of income.
5.6 Process of Data Mining
In DM, data is acquired and prepared for data warehousing. In simple terms the data is sorted into information
sets that can be used for later queries in the process of DM.
The following steps by Williams & Sawyer indicate the DM process .
1. Data sources: Where is the data coming from?
This can range from:





Point of Sale Transactions
databases of all kinds,
other data warehouses
News feeds
other online internet sources.
2. Data fusion & Cleaning: Is the data in the correct format and is it consistent and free of
errors?
This is where the data, regardless of the sources is mashed or fused together and put through a
process known as "data cleaning" or data scrubbing". During this process, the information is made into
a standard format and checked for errors in consistency. Poor quality data is removed and meta data is
created.
Meta data is additional information about the properties of the information is recorded. In a nutshell it is
data about the data!
3. Data and Meta Data.
The data and the meta data go hand in hand. The meta data is used to create a picture of the
information that has been acquired. It is a crucial part of the data warehouse in understanding the
information stored in a data warehouse. It contains the origin of the data. the transformations it has
undergone, and summary information about it which makes it particularly more useful than the cleansed
but unintergrated, summarised data.
Page | 118
IT Management 2B
Data mining is a set of automated techniques used to extract buried or previously unknown pieces of
information from large databases. Successful data mining makes it possible to unearth patterns and
relationships, and then use this “new” information to make proactive knowledge-driven business
decisions. Data mining then, “centers on the automated discovery of new facts and relationships in data.
The raw material is the business data, and the data-mining algorithm is the excavator, sifting through
the vast quantities of raw data looking for the valuable nuggets of business information.
5.7 What is data mining and predictive analytics used for?
"Direct marketing
You probably have heard the marketing manager phrase “I know that half of my marketing budget is wasted, the
only question is what half?”
The challenge of marketing is that while there are constantly more and more competing offers, the number of
channels (ways of communication) available to communicate with the buyer also increases. In addition to
traditional direct marketing means such as direct mailing, advertising in newspapers, TV and other media, new
means of communication such as the Internet, not only has introduced a large number of new channels for direct
marketing, it has also brought measurability of the response to a whole new level. Today, there is a large amount
of data being generated not only in internal customer data bases, but also related to the response of the
audience to marketing campaigns. This is where predictive data mining comes in. By applying predictive data
mining to historical data, such as customer response for the various channels, demographic, geographic, sales
history etc, it is possible to significantly improve the odds of directing a campaign towards the right audience.
By successfully applying predictive data mining, you not only will be able to target the right audience, thereby
increasing return on invested marketing money. In addition to this, you will also get to know them better, and by
adapting the message to the preferences of your audience you will be able to communicate more effectively.
Collection
All companies with a large customer base have a number of customers who do not pay their dues on time.
Collecting these payments from the debtors requires a great deal of resources, and a large proportion of this
work is wasted on customers that are difficult or impossible to recover. By applying predictive data mining to
historical customer debt data, the collection procedure can be optimized by identifying the debtors most likely to
pay and finding the most effective contact methods or legal actions for each debtor.
By successfully applying predictive data mining within collection, you will recover more money while reducing
collection costs.
Scientific applications
In pharmaceutical companies, chemistry is one of the most resource intensive areas within the research and
development (R&D) activities. The whole purpose of the pharmaceutical company’s R&D is to produce new
chemical entities (NCE) that will make it all the way through clinical trials to the market as new drugs. The search
for new chemical compounds is in essence a trial-and-error process. The job of the R&D chemist is to synthesise
(produce) new compounds for testing in the laboratory.
One such chemist may spend up to three weeks for making just one such compound.
Page | 119
IT Management 2B
Despite the expensive production of new compounds, pharmaceutical companies test very many compounds in
their R&D activities and stores all the results in large databases (there is also a fairly large industry selling
chemical compounds of great diversity). By applying predictive data mining to such historical laboratory test data,
it is possible to reasonably predict the outcome of the laboratory tests without having to synthesise the
compounds. This means that the chemist can find out the most likely properties of the alternative compounds
and choose to work on the most promising ones, before spending the next three weeks in the laboratory, thereby
increasing the quality of the resulting compounds.
Recommendation systems
All companies want to sell more to existing customers. This is often the most effective way of increasing the
profitability. For companies that sell many different products to large customer bases and that keep records of
sales transactions for their customers, it is possible to apply predictive data mining to identify sales opportunities
as products likely to appeal to a particular customer who has not yet bought them. This type of application is also
commonly referred to as cross-selling, and some of the most notable examples of companies using it are
Amazon.com where you will get relevant books recommended, and the DVD rental site Netflix, who now even
has arranged a $1Million prize money competition for the best improvement of their recommendation system.
Other applications
Other applications of predictive data mining include fraud detection (e.g. within credit card transactions, taxation,
telephony, and insurance industry) and risk management (e.g. for determining insurance policy rates or
managing credit applications). "26
Williams and Sawyer summarise data mining being used:




To improve customer acquisition and retention;
To reduce fraud;
To identify internal inefficiencies and then revamp operations;
To map the unexplored terrain of the Internet.
5.8 Conclusion and Summary
Data Warehousing is the strategy of ensuring that the data used in an organization is available in a consistent
and accurate form wherever it is needed. Often this involves the replication of the contents of departmental
computers in a centralized site, where it can be ensured that common data definitions are in the departmental
computers in a centralized site, where it can be ensured that the common data definitions are in use… The
reason Data Warehousing is closely connected with Data Mining is that when data about the organization’s
processes becomes readily available, it becomes easy and therefore economical to mine it for new and profitable
relationships.
Compumine - What is data mining used for?. 2012. Compumine - What is data mining used for?.
[ONLINE] Available at: http://www.compumine.com/web/public/what-is-data-mining-used-for.
[Accessed 01 July 2012].
26
Page | 120
IT Management 2B
Thus, data warehousing introduces greater efficiencies to the data mining exercise. “Without the pool of validated
and scrubbed data that a data warehouse provides, the data mining process requires considerable additional
effort to pre-process the data. Notwithstanding, it is also possible for companies to obtain data from other
sources via the Internet, mine the data, and then convey the findings and new relationships internally within the
company via an Intranet. There are four stages in the data warehousing process:
1.
2.
3.
4.
The first stage is the acquisition of data from multiple internal and external sources and platforms.
The second stage is the management of the acquired data in a central, integrated repository.
Stage three is the provision of flexible access, reporting and analysis tools to interpret selected data.
Stage four is the production of timely and accurate corporate reports to support managerial and
decision-making processes.
Though the term data mining is relatively new, the technology is not. Many of the techniques used in data mining
originated in the artificial intelligence research of the 80s and 90s. It is only more recently that these tools have
been applied to large databases. Why then are data mining and data warehousing mushrooming now? IBM has
identified six factors that have brought data mining to the attention of the business world:






A general recognition that there is untapped value in large databases;
A consolidation of database records tending toward a single customer view;
A consolidation of databases, including the concept of an information warehouse;
A reduction in the cost of data storage and processing, providing for the ability to collect and accumulate
data;
Intense competition for a customer’s attention in an increasingly saturated marketplace;
The movement toward the de-massification of business practices.
With reference to point six above, “de-massification” is a term originated by Alvin Toffler. It refers to the shift from
mass manufacturing, mass advertising and mass marketing that began during the industrial revolution, to
customized manufacturing, advertising and marketing targeted to small segments of the population.
Data mining usually yields five types of information: associations, sequences, classifications, clusters, and
forecasting:
Associations happen when occurrences are linked in a single event. For example, a study of supermarket
baskets might reveal that when corn chips are purchased, 65% of the time cola is also purchased, unless there is
a promotion, in which case cola is purchased 85% of the time.
In sequences, events are linked over time. [For example][ I]f a house is bought, then 45% of the time a new oven
will be bought within one month and 60% of the time a new refrigerator will be bought within two weeks.
Classification is probably the most common data mining activity today… Classification can help you discover the
characteristics of customers who are likely to leave and provide[s] a model that can be used to predict who they
are. It can also help you determine which kinds of promotions have been effective in keeping which types of
customers, so that you spend only as much money as necessary to retain a customer.
Using clustering, the data mining tool discovers different groupings with the data. This can be applied to
problems as diverse as detecting defects in manufacturing or finding affinity groups for bank cards.
All of these applications may involve predictions, such as whether a customer will renew a subscription …
forecasting, is a different form of prediction. It estimates the future value of continuous variables — like sales
figures — based on patterns within the data.
Page | 121
IT Management 2B
Generally then, applications of data mining can generate outputs such as:



Buying patterns of customers; associations among customer demographic characteristics; predictions
on which customers will respond to which mailings;
Patterns of fraudulent credit card usage; identities of “loyal” customers; credit card spending by
customer groups; predictions of customers who are likely to change their credit card affiliation;
Predictions on which customers will buy new insurance policies; behavior patterns of risky customers;
expectations of fraudulent behavior;
Page | 122
IT Management 2B
Case Study and Group Work
Analyse the following and comment on questions that follow:
"Stilgherrian: there’s no way I’m handing over data to Google+
by Stilgherrian
The sheer stupidity of technology’s early adopters never ceases to amaze me. Facebook continues to be
slammed for its dodgy privacy practices. But Google launches Google+, essentially the same thing, and the
shiny-chasers are clamouring to pour in their most intimate information.
“This is basically a giant data mining operation,” freelance journalist and blogger Neerav Bhatt told
today’s Patch Monday podcast. “People voluntarily link themselves in and feed even more data into Google
than they did before.”
No secret there. That’s the business model for the entire web these days. You pay for services with your
personal information, which in turn enables advertisers to target you more accurately.
Social networking services (SNS) are the ultimate expression of this imbalanced exchange. Who you
communicate with, when and how, reveals far more than you may realise. Research on Facebook, for
example, has shown that you can predict when people will develop a romantic relationship before they know
it themselves. Gays can be outed by algorithm. Semantic analysis of the words you use reveals your mood.
Yet you can’t make meaningful use of an SNS without revealing this personal data. It’s kind of the point. Just
as you can’t make use of accounting software without first revealing how you spend your money, you can’t
use the SNS until you reveal and categorise your family, friends and acquaintances — your social graph, it’s
called.
Facebook has been copping flak over two ongoing privacy outrages. One, continually changing how its
insanely complicated privacy controls work and trying to trick people into accepting a wide-open setting by
default. Two, a legalistic privacy policy that’s longer than the US Constitution.
Google seems to have addressed the first problem. The Circles feature in Google+ allows you to categorise
your contacts into circles of friends — family, workmates, your hockey team, payday drinking buddies — and
you post information only to specific circles. Things are private by default. Mostly.
But when it comes to the terms and conditions, Google is no better than the rest. As Paul Ducklin from
information security vendor Sophos points out, there’s Google’s general privacy policy, a separateprivacy
policy for Google+, the user content and conduct policy, the+1 button privacy policy for Google’s equivalent
of the “Like” button, the mobile privacy policy if you use your smartphone, the Picasa privacy notice if you
upload a photo …
When I started writing this article, I’d intended to have a go at people who were foolish enough to reveal
which of their contacts were “prayer group” and which “rough trade” — and which were both — without
reading and understanding the rules. But I think they can be forgiven. In Google’s privacy centre you’ll find
37 written policies. And of course any of those policies can be changed upon Google’s whim. After they’ve
got your data.
Talk to any privacy analyst and they’ll tell you that “informed consent” is the key. By all means let people
exchange privacy for services, as long as they understand the trade-off. But how can anyone possibly
Page | 123
IT Management 2B
comprehend 37 policies?"27
QUESTIONS:
1. Facebook's use of data mining. How far do you think that is true? Does the article below have any truth about
SNS?
2. Is Google a data Mining Giant?
3. Compare Facebook and Google's strategies in terms of data mining.
4, Who do you think is winning? See if you can find out about their revenues and where it comes from.
Case Study and Group Work - 2
1. Do some research in a group and tackle the subject of Data Mining: It’s Banks vs.
Google, Apple, and Facebook. What is your group's opinion on Data Mining in these
organisations and how it affects each of us?
27
Google +: Like Facebook, Google + is about data mining | Crikey. 2012. Google +: Like Facebook,
Google + is about data mining | Crikey. [ONLINE] Available at:
http://www.crikey.com.au/2011/07/12/google-plus-data-mining/. [Accessed 17 May 2012
Page | 124
IT Management 2B
SECTION SIX: PRINCIPLES OF INFORMATION SECURITY
CONTENTS
SECTION SIX: PRINCIPLES OF INFORMATION SECURITY ................................................................................ 125
6.1 LEARNING OUTCOMES ............................................................................................................................. 127
6.2 READING ................................................................................................................................................... 128
6.3 WHAT IS INFORMATION SECURITY ........................................................................................................... 129
6.4 IS IT JUST THE INFORMATION TECHNOLOGY DEPARTMENT WHO SHOULD BE INVOLVED IN SECURITY? . 129
6.5 KEY INFORMATION SECURITY TERMS AND CONCEPTS ............................................................................. 131
6.6 DATA .......................................................................................................................................................... 134
6.7 PEOPLE........................................................................................................................................................ 134
6.8 PROCEDURES ................................................................................................................................................ 134
6.9 NETWORKS .................................................................................................................................................. 135
6.10 BALANCING INFORMATION SECURITY AND ACCESS ............................................................................................. 135
6.11 INFORMATION SECURITY PROJECT TEAM............................................................................................... 137
6.12 DATA RESPONSIBILITIES .......................................................................................................................... 137
6.13 CONCLUSION .......................................................................................................................................... 138
Page | 125
IT Management 2B
Think point
Why does information security make an impact on our lives and organisations?



What is the weakest link in an organisation?
What are the reasons for an attack?
Should we keep our data disconnected from the net? - Pro's and Cons
Page | 126
IT Management 2B
6.1 LEARNING OUTCOMES

understand and apply the basic principles of information security



Be able to define information security.
Define key terms and critical concepts of information security
understand and apply the basic principles of information security
Page | 127
IT Management 2B
6.2 READING
Prescribed Reading:
Whitman, M.E. & Mattford, H.J., 2012. Principles of Information Security. 4th ed. China: China
Translation and Printing Services Limited.
1. Introduction to Information Security.
2. The Need for Security.
3. Legal, Ethical, and Professional Issues in Information Security.
4. Risk Management.
5. Planning for Security.
6. Security Technology: Firewalls, VPNs, and Wireless
7. Security Technology: Intrusion Detection and Prevention Systems
8. Cryptography.
9. Physical Security.
10. Implementing Information Security.
11. Security and Personnel.
12. Information Security Maintenance and eDiscovery.
Page | 128
IT Management 2B
6.3 WHAT IS INFORMATION SECURITY
" The term information security relates to the protection of information, as well as the systems and equipment
that contain and process that information.
One possible definition is:
Information security refers to all the strategies, policies, procedures, mechanisms and technical tools used for
safeguarding information and information systems from unauthorized access, alteration, theft and physical
damage.
While the above definition gives a nice insight in all the different aspects of information security, the enumeration
of "what is protected", "how it is protected" and "what it is protected from", will always leave something out.
Another much broader definition (but not necessarily better) is:
Information security is keeping anyone from doing things you do not want them to do to, with, or from your
information, computers or peripherals.
Unfortunately, this last definition gives a lot less insight in what is involved with information security. It is so broad
that it also includes the even more complex issue of privacy, which I would prefer to keep separate from
information security.28"
6.4 IS IT JUST THE INFORMATION TECHNOLOGY DEPARTMENT WHO
SHOULD BE INVOLVED IN SECURITY?
Clearly it is the perception amongst many people and organisations that information security is only the domain
of the Information Technology department. It is imperitive that when and organisation is tackling information
security that there are members from every department that are present to contribute to the process and success
of tackling information security.
What are the areas and organisaton should tackle in security operations?
A successful organization should have the following multiple layers of security in place to protect its
operations:

Physical security, to protect physical items, objects, or areas from unauthorized access and
misuse

Personnel security, to protect the individual or group of individuals who are authorized to
access the organization and its operations
What is information security.. 2012. What is information security.. [ONLINE] Available at:
http://www.how-to-guides.com/security/encyclopedia/informationsecurity.htm. [Accessed 12 May
2012].
28
Page | 129
IT Management 2B

Operations security, to protect the details of a particular operation or series of activities

Communications security, to protect communications media, technology, and content

Network security, to protect networking components, connections, and contents

Information security, to protect the confidentiality, integrity and availability of achieved via the
application of policy, education, training and awareness, and technology.29
Figure 28 - Components of Information Security (Whitman &
Mattford, 2012)
29
(Whitman & Mattford, 2012, p.8)
Page | 130
IT Management 2B
6.5 KEY INFORMATION SECURITY TERMS AND CONCEPTS










"Access: A subject or object’s ability to use, manipulate, modify, or affect another subject or
object. Authorized users have legal access to a system, whereas hackers have illegal access
to a system. Access controls regulate this ability.
Asset: The organizational resource that is being protected. An asset can be logical, such as a
Web site, information, or data; or an asset can be physical, such as a person, computer
system, or other tangible object. Assets, and particularly information assets, are the focus of
security efforts; they are what those efforts are attempting to protect.
Attack: An intentional or unintentional act that can cause damage to or otherwise compromise
information and/or the systems that support it. Attacks can be active or passive, intentional or
unintentional, and direct or indirect. Someone casually reading sensitive information not
intended for his or her use is a passive attack. A hacker attempting to break into an information
system is an intentional attack. A lightning strike that causes a fire in a building is an
unintentional attack. A direct attack is a hacker using a personal computer to break into a
system. An indirect attack is a hacker compromising a system and using it to attack other
systems, for example, as part of a botnet (slang for robot network). This group of compromised
computers, running software of the attacker’s choosing, can operate autonomously or under
the attacker’s direct control to attack systems and steal user information or conduct distributed
denial-of-service attacks. Direct attacks originate from the threat itself. Indirect attacks originate
from a compromised system or resource that is malfunctioning or working under the control of
a threat.
Control, safeguard, or countermeasure: Security mechanisms, policies, or procedures that can
successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the
security within an organization. The various levels and types of controls are discussed more
fully in the following chapters.
Exploit: A technique used to compromise a system. This term can be a verb or a noun. Threat
agents may attempt to exploit a system or other information asset by using it illegally for their
personal gain. Or, an exploit can be a documented process to take advantage of a vulnerability
or exposure, usually in software, that is either inherent in the software or is created by the
attacker. Exploits make use of existing software tools or custom-made software components.
Exposure: A condition or state of being exposed. In information security, exposure exists when
a vulnerability known to an attacker is present.
Loss: A single instance of an information asset suffering damage or unintended or
unauthorized modification or disclosure. When an organization’s information is stolen, it has
suffered a loss.
Protection profile or security posture: The entire set of controls and safeguards, including
policy, education, training and awareness, and technology, that the organization implements
(or fails to implement) to protect the asset. The terms are sometimes used interchangeably
with the term security program, although the security program often comprises managerial
aspects of security, including planning, personnel, and subordinate programs.
Risk: The probability that something unwanted will happen. Organizations must minimize risk
to match their risk appetite—the quantity and nature of risk the organization is willing to accept.
Subjects and objects: A computer can be either the subject of an attack—an agent entity used
to conduct the attack—or the object of an attack—the target entity, as shown in Figure 1-5. A
computer can be both the subject and object of an attack, when, for example, it is
compromised by an attack (object), and is then used to attack other systems (subject).
Page | 131
IT Management 2B



30
Threat: A category of objects, persons, or other entities that presents a danger to an asset.
Threats are always present and can be purposeful or undirected. For example, hackers
purposefully threaten unprotected information systems, while severe storms incidentally
threaten buildings and their contents.
Threat agent: The specific instance or a component of a
REMEMBER:
threat. For example, all hack-ers in the world present a
collective threat, while Kevin Mitnick, who was convicted
Consider every bit of
for hacking into phone systems, is a specific threat agent.
information in the
Likewise, a lightning strike, hailstorm, or tornado is a
following context:
threat agent that is part of the threat of severe storms.
Vulnerability: A weaknesses or fault in a system or
 Threat
protection mechanism that opens it to attack or damage.
 Threat agent
Some examples of vulnerabilities are a flaw in a software
 Vulnerability
package, an unprotected system port, and an unlocked
 Exposure
door. Some well-known vulnerabilities have been
 Risk
examined, documented, and published; others remain
 Attack
30
latent (or undiscovered). "
 Exploit
(Whitman & Mattford, 2012, pp.9-11)
Page | 132
IT Management 2B
Components of Information systems within an organization.
Figure 29- Components of an Information System (Whitman & Mattford, 2012)
"An information system (IS) is much more than computer hardware; it is the entire set of software, hardware,
data, people, procedures, and networks that make possible the use of information resources in the organization.
These six critical components enable information to be input, processed, output, and stored. Each of these IS
components has its own strengths and weaknesses, as well as its own characteristics and uses. Each
component of the information system also has its own security requirements.
Software
The software component of the IS comprises applications, operating systems, and assorted command utilities.
Software is perhaps the most difficult IS component to secure. The exploitation of errors in software
programming accounts for a substantial portion of the attacks on information. The information technology
industry is rife with reports warning of holes, bugs, weaknesses, or other fundamental problems in software. In
fact, many facets of daily life are affected by buggy software, from smart phones that crash to flawed automotive
control computers that lead to recalls.
Software carries the lifeblood of information through an organization. Unfortunately, software programs are often
created under the constraints of project management, which limit time, cost, and manpower. Information security
is all too often implemented as an afterthought, rather than developed as an integral component from the
beginning. In this way, software programs become an easy target of accidental or intentional attacks.
Hardware
Hardware is the physical technology that houses and executes the software, stores and trans¬ports the data,
and provides interfaces for the entry and removal of information from the system. Physical security policies deal
with hardware as a physical asset and with the protection of physical assets from harm or theft. Applying the
traditional tools of physical security, such as locks and keys, restricts access to and interaction with the hardware
components of an information system. Securing the physical location of computers and the computers
themselves is important because a breach of physical security can result in a loss of information. Unfortunately,
most information systems are built on hardware platforms that cannot guarantee any level of information security
if unrestricted access to the hardware is possible.
Page | 133
IT Management 2B
Before September 11, 2001, laptop thefts in airports were common. A two-person team worked to steal a
computer as its owner passed it through the conveyor scanning devices. The first perpetrator entered the
security area ahead of an unsuspecting target and quickly went through. Then, the second perpetrator waited
behind the target until the target placed his/her computer on the baggage scanner. As the computer was whisked
through, the second agent slipped ahead of the victim and entered the metal detector with a substantial
collection of keys, coins, and the like, thereby slowing the detection process and allowing the first perpetrator to
grab the computer and disappear in a crowded walkway.
While the security response to September 11, 2001 did tighten the security process at airports, hardware can still
be stolen in airports and other public places. Although laptops and notebook computers are worth a few
thousand dollars, the information contained in them can be worth a great deal more to organizations and
individuals.
6.6 Data
Data stored, processed, and transmitted by a computer system must be protected. Data is often the most
valuable asset possessed by an organization and it is the main target of intentional attacks. Systems developed
in recent years are likely to make use of database management systems. When done properly, this should
improve the security of the data and the application. Unfortunately, many system development projects do not
make full use of the database management system’s security capabilities, and in some cases the database is
implemented in ways that are less secure than traditional file systems.
6.7 People
Though often overlooked in computer security considerations, people have always been a threat to information
security. Legend has it that around 200 B.C. a great army threatened the
security and stability of the Chinese empire. So ferocious were the
REMEMBER:
invaders that the Chinese emperor commanded the construction of a
great wall that would defend against the Hun invaders. Around 1275 A.D.,
Information
Kublai Khan finally achieved what the Huns had been trying for thousands
of years. Initially, the Khan’s army tried to climb over, dig under, and
systems are made
break through the wall. In the end, the Khan simply bribed the
up of six major
gatekeeper—and the rest is history. Whether this event actually occurred
components:
or not, the moral of the story is that people can be the weakest link in an
organization’s information security program. And unless policy, education
hardware,
and training, awareness, and technology are properly employed to
software, data,
prevent people from accidentally or intentionally damaging or losing
people,
information, they will remain the weakest link. Social engineering can prey
on the tendency to cut corners and the commonplace nature of human
procedures, and
error. It can be used to manipulate the actions of people to obtain access
networks
information about a system.
6.8 Procedures
Another frequently overlooked component of an IS is procedures. Procedures are written instructions for
accomplishing a specific task. When an unauthorized user obtains an organization's procedures, this poses a
threat to the integrity of the information. For example, a consultant to a bank learned how to wire funds by using
the computer center’s procedures, which were readily available. By taking advantage of a security weakness
(lack of authentication), this bank consultant ordered millions of dollars to be transferred by wire to his own
Page | 134
IT Management 2B
account. Lax security procedures caused the loss of over ten million dollars before the situation was corrected.
Most organizations distribute procedures to their legitimate employees so they can access the information
system, but many of these companies often fail to provide proper education on the protection of the procedures.
Educating employees about safeguarding procedures is as important as physically securing the information
system. After all, procedures are information in their own right. Therefore, knowledge of procedures, as with all
critical information, should be disseminated among members of the organization only on a need-to-know basis.
6.9 Networks
The IS component that created much of the need for increased computer and information security is networking.
When information systems are connected to each other to form local area networks (LANs), and these LANs are
connected to other networks such as the Internet, new security challenges rapidly emerge. The physical
technology that enables network functions is becoming more and more accessible to organizations of every size.
Applying the traditional tools of physical security, such as locks and keys, to restrict access to and interaction
with the hardware components of an information system are still important; but when computer systems are
networked, this approach is no longer enough. Steps to provide network security are essential, as is the
implementation of alarm and intrusion systems to make system owners aware of ongoing compromises.
6.10 Balancing Information Security and Access
Even with the best planning and implementation, it is impossible to obtain perfect information security. We need
to balance security and access. Information security cannot be absolute: it is a process, not a goal. It is possible
to make a system available to anyone, anywhere, anytime, through any means. However, such unrestricted
access poses a danger to the security of the information. On the other hand, a completely secure information
system would not allow anyone access. For instance, when challenged to achieve a TCSEC C-2 level security
certification for its Windows operating system, Microsoft had to remove all networking components and operate
the computer from only the console in a secured room. To achieve balance—that is, to operate an information
system that satisfies the user and the security professional—the security level must allow reasonable access, yet
protect against threats.
Page | 135
IT Management 2B
Figure 30- Balancing Security and Access to information (Whitman & Mattford, 2012, p.19)
Because of today’s security concerns and issues, an information system
or data-processing department can get too entrenched in the
management and protection of systems. An imbalance can occur when
the needs of the end user are undermined by too heavy a focus on
protecting and administering the information systems. Both information
security technologists and end users must recognize that both groups
share the same overall goals of the organization—to ensure the data is
available when, where, and how it is needed, with minimal delays or
obstacles. In an ideal world, this level of availability can be met even after
concerns about loss, damage, interception, or destruction have been
addressed."31
31
REMEMBER:
Security should
not impede the
operations within
an organisation,
but create a
balance between
Information
security and
Access
(Whitman & Mattford, 2012, pp.16-20)
Page | 136
IT Management 2B
6.11 INFORMATION SECURITY PROJECT TEAM
The information security project team should consist of a number of individuals who are experienced in one or
multiple facets of the required technical and nontechnical areas. Many of the same skills needed to manage and
implement security are also needed to design it. Members of the security project team fill the following roles:







Champion: A senior executive who promotes the project and ensures its support, both
financially and administratively, at the highest levels of the organization.
Team leader: A project manager, who may be a departmental line manager or staff unit
manager, who understands project management, personnel management, and information
security technical requirements.
Security policy developers: People who understand the organizational culture, existing policies,
and requirements for developing and implementing successful policies.
Risk assessment specialists: People who understand financial risk assessment techniques, the
value of organizational assets, and the security methods to be used.
Security professionals: Dedicated, trained, and well-educated specialists in all aspects of
information security from both a technical and nontechnical standpoint.
Systems administrators: People with the primary responsibility for administering the systems
that house the information used by the organization.
End users: Those whom the new system will most directly affect. Ideally, a selection of users
from various departments, levels, and degrees of technical knowledge assist the team in
focusing on the application of realistic controls applied in ways that do not disrupt the essential
business activities they seek to safeguard.
6.12 DATA RESPONSIBILITIES
The three types of data ownership and their respective responsibilities are outlined below:



Data owners: Those responsible for the security and use of a particular set of information. They are
usually members of senior management and could be CIOs. The data owners usually determine
the level of data classification (discussed later), as well as the changes to that classification
required by organizational change. The data owners work with subordinate managers to oversee
the day-to-day administration of the data.
Data custodians: Working directly with data owners, data custodians are responsible for the
storage, maintenance, and protection of the information. Depending on the size of the organization,
this may be a dedicated position, such as the CISO, or it may be an additional responsibility of a
systems administrator or other technology manager. The duties of a data custodian often include
overseeing data storage and backups, implementing the specific procedures and policies laid out in
the security policies and plans, and reporting to the data owner.
Data users: End users who work with the information to perform their assigned roles supporting the
mission of the organization. Everyone in the organization is responsible for the security of data, so
data users are included here as individuals with an information security role.
Communities of Interest
Each organization develops and maintains its own unique culture and values. Within each organizational culture,
there are communities of interest that develop and evolve. As defined here, a community of interest is a group of
individuals who are united by similar interests or values within an organization and who share a common goal of
Page | 137
IT Management 2B
helping the organization to meet its objectives. While there can be many different communities of interest in an
organization, this book identifies the three that are most common and that have roles and responsibilities in
information security. In theory, each role must complement the other; in practice, this is often not the case.
Information Security Management and Professionals
The roles of information security professionals are aligned with the goals and mission of the information security
community of interest. These job functions and organizational roles focus on protecting the organization’s
information systems and stored information from attacks.
Information Technology Management and Professionals
The community of interest made up of IT managers and skilled professionals in systems design, programming,
networks, and other related disciplines has many of the same objectives as the information security community.
However, its members focus more on costs of system creation and operation, ease of use for system users, and
timeliness of system creation, as well as transaction response time. The goals of the IT community and the
information security community are not always in complete alignment, and depending on the organizational
structure, this may cause conflict.
Organizational Management and Professionals
The organization’s general management team and the rest of the resources in the organization make up the
other major community of interest. This large group is almost always made up of subsets of other interests as
well, including executive management, production management, human resources, accounting, and legal, to
name just a few. The IT community often categorizes these groups as users of information technology systems,
while the information security community categorizes them as security subjects. In fact, this community serves as
the greatest reminder that all IT systems and information security objectives exist to further the objectives of the
broad organizational community. The most efficient IT systems operated in the most secure fashion ever devised
have no value if they are not useful to the organization as a whole.
6.13 CONCLUSION
Security is needed in an organisation, especially information security. This responsibility however does not just
rest with a single person or department. There are many areas that need attention, such as physical security,
personal security, operations security, communications security, national security, and network security, to name
a few. We can only protect the information from risk by the application of policy, education and technology.
Page | 138
IT Management 2B
TEST YOUR KNOWLEDGE
Summary Questions:
1.
What is the difference between a threat agent and a threat?
2.
What is the difference between vulnerability and exposure?
3.
Identify the six components of an information system.
4.
Who should lead a security team? Should the approach to
security be more managerial or technical?
SOLUTION TO TEST YOUR KNOWLEDGE QUESTIONS
1. The Main difference between threat and threat agent are
Threat is a category of object, person, or other entity that represents a constant danger to
an asset. Whereas a threat agent is the facilitator of an attack. Threats are always
present. Some threats manifest themselves in accidental occurrences, while others are
purposeful.
A threat agent is the specific instance or component of a threat.
Answer from (Whitman & Mattford, 2012)
2. What is the difference between vulnerability and exposure?
The difference is that a vulnerability is the POSSIBILITY or POTENTIAL of the
information being compromised, however it may never actually happen.
Exposure is the knowledge that this exploit exists and has a definite result when
exploited.
Page | 139
IT Management 2B
In a nutshell one is the potential problem that MAY exists, and the latter is the
CERTAINTY that will lead to information being compromised.
3. Identify the six components of an information system.
Hardware, software, data, people, procedures, and networks
4. Who should lead a security team? Should the approach to security be more managerial or
technical?
Ideally, the lead of a security team should have some technical background, but it isn't
essential. A good manager is one who listens to what other team members are saying and
is able to make decisions based on the evidence. The manager must rely on the technical
expertise of the members, even if they themselves are also technical in nature.
For a security team it is usually the case where a senior technical lead becomes the
manager after a period of time. That would be the best case scenario, but as mentioned,
you have to have a person with good management skills overall, whether they are
technical in the area or not.
A balanced approach is the goal from this team. The end results are technical, but the
decisions and how the team operates come from management, and how they interface
with the rest of the corporation is very important.
Page | 140
IT Management 2B
Group Work
Exercises:
Consider the information stored on your personal computer. For each of the
terms listed, find an example and document it: threat, threat agent, vulnerability,
exposure, risk, attack, and exploit.
Using the Web, identify the chief information officer, chief information security
officer, and systems administrator for Apple the makers of the IPAD. Which of
these individuals represents the data owner? Data custodian?
Using the Web, find out more about Kevin Mitnick. What did he do? Who
caught him? Write a short summary of his activities and explain why he is
infamous.
Page | 141
IT Management 2B
Case Study and Group Work 1
Introduction
"The Sequential Label and Supply Company (often referred to as SLS) is a
. national supplier of stock labels as well as a manufacturer of custom labels
and distributor of supplies often used in conjunction with labels, such as
envelopes, adhesive tape, mailing cartons, and related office supplies. The
company was founded by Fred Chin in 1992 and has grown steadily in the
intervening years.
As the case study begins, the company has recognized its growing
dependence on information technology and has organized its information
technology group as shown below:
Figure 31- SLS Organisation
Trouble
It started out like any other day for Amy Windahl at Sequential Label
and Supply Company. She liked her technical support job at the help desk.
Taking calls and helping the office workers with PC problems was not glaPage | 142
IT Management 2B
morous, but it was challenging and paid pretty well. Some of her friends
worked at bigger companies, some at higher-tech companies, but everyone
kept up with each other, and they all agreed that technology jobs were a
good way to pay the bills.
The phone rang. This was not a big deal for Amy. She answered her
phone about 35 times an hour, 315 times a day, nine days every two weeks.
The first call of the day started out the same as usual, with a worried user
hoping Amy could help him out of a jam. The call display on her screen
gave her all the facts: the user's name, his phone number, the department
in which he worked, where his office was on the company campus, and a
list of all the calls he'd made in the past.
"Hi, Bob," she said. "Did you get that document formatting problem
squared away after our last call?"
"Sure did, Amy. Hope we can figure out what's going on today."
"We'll try, Bob. Tell me about it."
"Well, my PC is acting weird," Bob said. "When I go to the screen that
has my e-rnail program running, it doesn't respond to the mouse or the
keyboard."
"Did you try a reboot yet, Bob?"
"Sure did. But the window wouldn't close, and I had to turn it off. Once
it finished the reboot, and I opened the e-rnail program.Tt's just like it was
before-no response at all. The other stuff is working OK, but really, really
slowly. Even my Internet browser is sluggish."
"OK, Bob. We've tried the usual stuff we can do over the phone. Let me
open a case, and I'll dispatch a tech over as soon as possible."
Amy looked up at the LED tally board on the wall at the end of the room.
She saw that there were only two technicians dispatched to desks ide support
at the moment, and since it was the day shift, there were four available.
"Shouldn't be long at all, Bob."
She clicked off the line from Bob and typed her notes into ISIS, the company's Information Status and Issues System. She assigned the newly generated case to the deskside dispatch queue, knowing the roving desks ide
team would be paged with the details and would attend to Bob's problem
in just a few minutes.
A moment later, Amy looked up to see Charles Moody walking briskly
down the hall. Charlie was the senior manager of the server administration
team. He was being trailed by three of his senior technicians as he made a
beeline from his office to the door of the server room where the company
servers were kept in a controlled environment. They all looked worried.
Just then, Amy's screen beeped to alert her of a new e-mail. She glanced
down. It beeped again-and again. It started beeping constantly. She
clicked on the envelope icon, and after a short delay, the mail window
opened. She had 47 new e-rnails in her inbox. She opened one from Davey
Martinez, an acquaintance from the Accounting Department. The subject
line said, "Wait till you see this." The message body read, "Look what this
Page | 143
IT Management 2B
has to say about our managers' salaries ... " There was an icon for a file
attachment that Amy did not recognize. But, she knew Davey, he often sent
her interesting and funny e-rnails. She clicked on the icon.
Her PC showed the hourglass pointer icon for a second and then
resumed showing its normal pointer. Nothing happened. She clicked on
the icon for the next e-mail message. Nothing happened. Her phone rang
again. She clicked on the ISIS icon on her computer desktop to activate the
call management software, and activated her headset. "Hello, Tech Support, how can I help you?" She couldn't greet the caller by name because
ISIS had not yet opened the screen on her Pc.
"Hello, this is Erin Williams in Receiving."
Amy glanced down at her screen. Still no ISIS. She glanced up to the tally
board and was surprised to see the inbound call counter tallying up waiting
calls like digits on a stopwatch. Amy had never seen so many calls come in
at one time.
"Hi, Erin," Amy said. "What's up?"
"Nothing," Erin answered. "That's the problem." The rest of the call was
an exact replay of Bob's earlier call, except Amy couldn't type the notes
into ISIS and had to jot them down on a legal pad. She also couldn't dispatch the deskside support team either. She looked at the tally board. It had
gone dark. No numbers at all.
Then she saw Charlie running down the hall from the server room. He
didn't look worried anymore. He looked frantic.
Amy picked up the phone. She wanted to check with her supervisor
about what to do now. There was no dial tone.
The next day at SLS found everyone in technical support busy restoring
computer systems to their former state and installing new virus and worm
control software. Amy found herself learning how to install desktop computer operating systems and applications as SLS made a heroic effort to
recover from the previous day's attack.
1. Do you think this event was caused by an insider or outsider? Why do
you think this?
2. Other than installing virus and worm control software, what can SLS
do to be ready for the next incident?
3. Do you think this attack was the result of a virus, or a worm? Why do
you think this?
Starting Out
Fred Chin, CEO of Sequential Label and Supply, leaned back in his
leather chair. He propped his feet up on the long mahogany table in the
conference room where the SLS Board of Directors had just adjourned their
quarterly meeting.
"What do you think about our computer security problem?" he asked
Page | 144
IT Management 2B
Gladys Williams, the company's chief information officer, or CIa. He was
referring to last month's outbreak of a malicious worm on the company's
computer network.
Gladys replied, "I think we have a real problem this time, and we need
to put together a real solution, not just a quick patch like the last time."
Eighteen months ago someone had brought an infected floppy disk in from
home and infected the network. To prevent this from happening again, all
the floppy drives were removed from the company computers.
Fred wasn't convinced. "Let's just add another thousand dollars in the
next budget to fix it up."
Gladys shook her head. "You've known for some time now that this
business runs on computers. That's why you hired me as CIa. I've been
researching information security, and my staff and I have some ideas to discuss with you. I've asked Charlie Moody to come in today to talk about it.
He's waiting to speak with us."
Charlie joined the meeting, and Fred said, "Hello, Charlie. As you know
the Board of Directors met today. They received a report on the expenses
and lost production from the virus outbreak last month, and they directed
us to improve the security of our computers. Gladys says you can help me
understand what we need to do about it."
"To start with," Charlie said, "instead of setting up a computer security
solution, we need to develop an information security program. We need a
thorough review of our policies and practices, and we need to establish an
ongoing risk management program. There are some other things that are
part of the process as well, but these would be a good start."
"Sounds expensive," said Fred.
Charlie looked at Gladys, then answered,"Well, there will be some extra
expenses for specific controls and software tools, and we may have to slow
down our product development projects a bit, but the program will be
more of a change in our attitude about security than a spending spree.
I don't have accurate estimates yet, but you can be sure we will put costbenefit worksheets in front of you before we spend any money."
Fred thought about this for a few seconds. "OK. What is our next step?"
Gladys answered, "To start with, we need to initiate a project plan to
develop our new information security program. We'll use our usual systems
development and project management approach. There are a few differences, but we can adapt our current models easily. We will need to appoint
or hire a person to be responsible for information security."
"Information security? What about computer security?" asked Fred.
Charlie responded, "Information security includes all the things we
use to do business: software, procedures, data, networks, our staff, and
computers."
"I see," Fred said. "Bring me the draft project plan and budget in two
weeks. The audit committee of the board meets in four weeks, and we'll
need to report our progress."
Soon after the board of directors meeting, Charlie was promoted to chief
information security officer, a new position that reports to the CIa Gladys
Williams, and that was created to provide leadership for SLS's efforts to
improve its security profile.
Page | 145
IT Management 2B
1. How do Fred, Gladys, and Charlie perceive the scope and scale of the
new information security effort?
2. How will Fred measure success when he evaluates Gladys' performance for this project? How about Charlie's performance?
3. Which of the threats discussed in this chapter should receive Charlie's.
attention early in his planning process?
Industrial Espionage
Henry Magruder made a mistake: he left a CD at the coffee station. Later,
Iris Majwabu was at the coffee station, topping off her coffee cup, hoping
to wrap up her work on the current SQL code module before it was time to
go home. As she turned to leave, she saw the unlabeled CD on the counter.
Being the helpful sort, she picked it up, intending to return it to the person
who'd left it behind.
Expecting to find perhaps the latest device drivers, or someone's work
from the development team's office, Iris slipped the disk into the drive of
her computer and ran a virus scan against its contents. She then opened
the file explorer program. She had been correct in assuming the CD contained data files, lots of them. She opened a file at random, and names,
addresses, and Social Security numbers scrolled down her screen. These
were not the test records she expected; instead they looked more like critical
payroll data. Concerned, she found a readme.txt file and opened it. It read:
Jill, see files on this disc. Hope they meet your expectations. Wire money
to my account as arranged. Rest of data sent on payment.
Iris realized that someone was selling sensitive company data to an outside information broker. She looked back at the directory listing and saw
that the files spanned the range of every department at Sequential Label
and Supply-everything from customer lists to shipping invoices. She saw
one file that she knew contained the credit card numbers for every Web
customer the company supplied. She opened another file and saw that it
stopped about halfway through the data. Whoever did this had split the
data into two parts. That made sense: payment on delivery of the first half.
Now, who did this belong to? She opened up the file properties option
on the readme.txt file. The file owner was listed as "hmagruder." That must
be Henry Magruder, the developer two cubes over in the next aisle. Iris pondered her next action.
Iris called the company security hotline. The hotline was an anonymous
way to report any suspicious activity or abuse of company policy, although
Iris chose to identify herself. The next morning, she was called to a meeting
with an investigator from corporate security, which led to more meetings
with others in corporate security, and then finally a meeting with the
Director of Human Resources and Gladys Williams, the CIO of SLS.
Page | 146
IT Management 2B
1. Was Iris justified in determining who the owner of the CD was?
2. Should Iris have approached Henry directly, or was the hotline the
most effective way to take action?
3. Should Iris have placed the CD back at the coffee station and forgotten the whole thing? Would that response have been ethical on her
part?
Deciding What to Protect
Charlie Moody called the meeting to order. The conference room was
full of developers, systems analysts, IT managers, business users, and business managers.
"All right everyone, let's get started. Welcome to the kick-off meeting of
the Sequential Label and Supply Information Security Task Force. That's the
name of our new project team, and we're here today to talk about our
objectives and to review the initial work plan."
"Why are all of the users here?" asked the manager of sales. "Isn't security a problem for the IT Department?"
Charlie explained, "Well, that used to be the case, but we've come to realize that information security is about managing the risk of using automated systems, which involves almost everyone in the company. In order
to make our systems more secure, we will need the participation of people
from all departments."
Charlie continued, "1 hope everyone has read the packets we sent out
last week with the legal requirements we face in our industry and the
background articles on threats and attacks. Today we'll begin the process
of identifying and classifying all of the information technology risks that
face our organization. This includes everything from fires and floods that
could disrupt our business to criminal hackers who might try to steal or
destroy our data. Once we identify and classify the risks facing our assets,
we can discuss how to reduce or eliminate these risks by establishing controls. Which controls we actually apply will depend on the costs and benefits of each control."
"Wow, Charlie!" said Amy Windahl from the back of the room. "I'm sure
we need to do it-I was hit by the last attack, just as everyone here wasbut we have hundreds of systems."
"It's more like thousands," said Charlie. He went on, "That's why we
have so many people on this team and why the team includes members of
every department."
Charlie continued, "Okay, everyone, please open your packets and take
out the project plan with the work list showing teams, tasks, and schedules.
Any questions before we start reviewing the work plan?"
As Charlie wrapped up the meeting, he ticked off a few key reminders
for everyone involved in the asset identification project.
"Okay, everyone, before we finish, please remember that you should try
to make your asset lists complete, but be sure to focus your attention on
the more valuable assets first. Also, remember that we evaluate our assets
based on business impact to profitability first, and then economic cost of
Page | 147
IT Management 2B
replacement. Make sure you check with me about any questions that come
up. We will schedule our next meeting in two weeks, so please have your
draft inventories ready."
1. Did Charlie effectively organize the work before the meeting? Why or
why not? Make a list of the important issues you think should be
covered by the work plan. For each issue, provide a short explanation.
2. Will the company get useful information from the team it has assembled? Why or why not?
3. Why might some attendees resist the goals of the meeting? Does it
seem that each person invited was briefed on the importance of the
event and the issues behind it? "32
SLS Case. 2012. SLS Case. [ONLINE] Available at: http://brainmass.com/business/informationsystems/360471. [Accessed 12 May 2012].
32
Page | 148
IT Management 2B
Case Study and Group Work 2
"Government executives expressed widespread concern about data leakage, whether caused by
malicious actions or accidental missteps, according to an online survey of 209 executives, conducted
by 1105 Government Information Group Content Solutions. In total, the survey conducted online in
February, garnered 209 responses from public sector executives from organizations ranging from the
Department of Defense to civilian federal agencies, to executives from state and local governments.
Roughly a fifth of government agencies responding to the survey reported that external IT security
incidents have increased in the past year.
The seemingly constant stream of viruses, worms, rootkits, denial-of-service (DoS) attacks and other
security threats underscore how the government’s network perimeter has expanded and blurred, as the
proliferation of mobile and remote users has grown. A whopping 92% of those surveyed said they
expect to spend at least as much, if not more for information security threat prevention in the coming
year. The average annual agency budget for IT security threat prevention, across all levels of
government was reported at $2.75 million
Progressive or leading edge agencies expressed concern about the proliferation of mobile devices and
the impact of cloud computing on security, and are most likely to be investigating single-sign on
authentication alternatives, in their ongoing efforts to improve agency IT threat prevention
infrastructures. The proliferation of mobile devices with confidential information and access to internal
systems was viewed as an increasing security concern, by 78% of respondents.
Page | 149
IT Management 2B
IT security audits are conducted to test and ensure an agency’s IT assets are, in fact, protected. Not
surprisingly, those respondents who reported failing an IT security audit were also more apt to increase
their budgets for IT security protections. Since agencies undergo both external security audits as well
as internal audits, the survey results indicated that nearly 20% of respondents had failed at least one
external audit and 22% had failed at least one recent internal security audit.
Although a lack of adequate protection against data loss or leaks is considered a serious problem,
survey respondents to the 1105 Government Information Group Content Solutions Information Security
Survey, said investments in content security and data loss prevention were not as high on the priority
list, as were investments in intrusion detection, firewalls, VPNs, IP security and continuous monitoring.
Data loss prevention (DLP) helps ensure that sensitive personal information and classified information
housed on government networks remains safe and secure.
Page | 150
IT Management 2B
Tools for Protection
In the 1105 Government Information Group’s survey, respondents were asked to select the tools they
turn to most to help reduce risks associated with a broad array of information security threats. Firewalls
and virtual private network services, along with anti-malware, anti-spam, encryption, authentication,
content filtering, intrusion detection and continuous monitoring topped the list of tools to protect
government resources." 33
Read the above and research further and then the questions below:
1. Discuss in detail some of the greatest Information Technology threats that governments and
organisations face?
2. Why do these threats to Information Technology exist? What would be some of the reasons for
these Information Technology incursions?
3. Discuss how Mobile access and cloud storage have added the risk areas facing organisations.
4. How much should a company spend on investing in securing their information?
5. Do Information Technology audits assist in driving security awareness?
6. Could some organisation's data be compromised without their knowledge?
7. How well prepared is your government against threats facing organisations?
8. What are the ways in which threats to organisations are examined and the most common threat
preventions systems around the world that are in practice or being used today?
33
Research Report: Information Security -- Federal Computer Week. 2012. Research Report:
Information Security -- Federal Computer Week. [ONLINE] Available at:
http://fcw.com/microsites/2012/download-information-security/index.aspx. [Accessed 17 May 2012]
Page | 151
IT Management 2B
SECTION SEVEN: CONCLUSION
In conclusion I would like to thank you for taking the time to go through this module. The journey ahead
is bright and positive. The foundations laid in this and the previous module, will put you on a very
rewarding track in terms of gearing towards taking an organisation to new modes of acquiring success
simply by understanding this module and applying relevant methods or methodologies.
I hope this study guide has helped in contextualizing this information. It should have firmed up your
understanding of Business Intelligence and at the processes, policies and principles of protecting your
data and using your data with business intelligence.
This diagram should help you recap what we have already covered. Thank you.
Page | 152
IT Management 2B
Prescribed Reading:

Reynolds, George W. (2010) Information Technology for Managers, International Edition.
United States of America: Cengage Learning

Schniederjans, M.J., 2004. Information Technology Investment: Decision-Making
Methodology.

World Scientific Pub Co Inc.
Williams, B and Sawyer,S. (2010) Using Information Technology, 8th Edition. USA, New
York: Mcgraw-Hill
Recommended Reading:

Bidgoli, H. (2012) MIS2. Boston: Cengage Learning

Whitman, Michael E. (2011) Principles of Information Security. 4 Edition. Course
Technology.

Paige Baltzan, A.P., 2009. Business Driven Information Systems. New York: McGraw-Hill.
Page | 153