Download ABET - Regis University: Academic Web Server for Faculty

CIS 480/BA 479: Managing
Technology for Business
Strategies
Week 3
Dr. Jesús Borrego
Regis University
1
scis.regis.edu ● [email protected]
Agenda
• Review of Homework 2
• Group Project
• Internet and Security:
▫
▫
▫
▫
Ch. 7 – Telecom, Internet and Wireless Technology
Ch. 8 – Securing Information Systems
Ch. 9 – Enterprise Applications
Ch. 10 – Electronic Commerce
• Group Project – Requirements and Budget
2
HW 2 – IT and Ethics
• There have been a number of headline examples recently
that have discussed the disregard for ethics in an
organization.
• The role of ethics in an organization is an important
component of the culture of an organization and impacts the
way Information Technology develops, manages, and
distributes data.
• Based on the readings this week as well as your own personal
experiences, write a three-to-five page paper on the topic of
IT and Ethics.
• Be sure to include a minimum of two resources in your
paper.
• You may use examples from your own work.
• Be sure to use APA style format for your paper
3
Chapter 7
• Telecom, Internet and Wireless Technology
4
Computer Network
▫ Two or more connected computers
▫ Major components in simple network





Client and server computers
Network interfaces (NICs)
Connection medium
Network operating system
Hubs, switches, routers
▫ Software-defined networking (SDN)
 Functions of switches and routers managed by central program
5
Sample Network
6
Corporate Network
7
Sample Ethernet Network
Source:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/prod_presentation09
00aecd804e1307.pdf
8
Ethernet Network Sub-networks
192.168.2.X
192.168.3.X
9
192.168.1.X
Sample Network Diagram
10
Another example
Source: http://sakswissarmyknife.wordpress.com/2010/10/01/secure-networkdiagram/
11
Client-Server Environment
• Distributed computing model
• Clients linked through network controlled by
network server computer
• Server sets rules of communication for network
and provides every client with an address so
others can find it on the network
• Has largely replaced centralized mainframe
computing
• The Internet: largest implementation of
client/server computing
12
Packet Switching
• Method of slicing digital messages into parcels
(packets), sending packets along different
communication paths as they become available,
and then reassembling packets at destination
• Previous circuit-switched networks required
assembly of complete point-to-point circuit
• Packet switching more efficient use of network’s
communications capacity
13
Packet Communications
14
OSI Layers
Application
Presentation
Session
Transport
Network
Data Link
Physical
15
OSI Layers
• Application – access to OSI environment
and distributed IS
• Presentation – Hides implementation
details of the data
• Session – controls communication
between applications, setsup/connects/terminates connections
Source: Stallings, W. (2007). Data and computer communications (8th ed.). Upper
Saddle River, NJ: Pearson Prentice Hall.
16
OSI Layers (Cont’d)
• Transport – reliable communications,
end-to-end recovery and flow control
• Network – isolates upper layers from
connectivity details
• Data Link – controls block transmission
(error, flow, synchronization)
• Physical – unstructured data transmission
Source: Stallings, W. (2007). Data and computer communications (8th ed.). Upper
Saddle River, NJ: Pearson Prentice Hall.
17
Protocol Stack
Application
Presentation
Application
Application protocol
Presentation
Session
Session
Transport
Server
Server
Transport
Transport protocol
Network
Network
IP
Data Link
Physical
18
IP
protocol
Network
Access
IP
protocol
Data Link
Physical
Internet Protocol Stack
•
•
•
•
19
Application layer
Transport layer
Internet layer
Network interface layer
TCP/IP communications
20
Communications Networks
▫ Local-area networks (LANs)
 Ethernet
 Client/server vs. peer-to-peer
▫
▫
▫
▫
21
Wide-area networks (WANs)
Metropolitan-area networks (MANs)
Campus area networks (CANs)
Car area networks (CANs)
Modems
22
Media
• Physical transmission media
▫
▫
▫
▫
Twisted pair wire (CAT5)
Coaxial cable
Fiber optics cable
Wireless transmission media and devices
 Satellites
 Cellular systems
• Transmission speed
▫ Bits per second (bps)
▫ Hertz
▫ Bandwidth
23
Twisted Pair
•
•
•
•
Typical phone wire
Copper wire
Twists reduce electrical interference
Different categories
▫ CAT 3: 3 twists per inch
▫ CAT 5: 5 twists per inch
• Shielded: metal foil covers each pair of wires
• Unshielded: not covered except for outer layer
Source: http://essayprashesh.blogspot.com/2010/09/twisted-pair-cable.html
24
Twisted Pair
Source: http://www.ecvv.com/product/2063210.html
25
Shielded Twisted Pair
Source: http://www.primuscable.com/store/p/674Shielded-Cat6-Cable-for-Networking-FTP-1000Yellow.aspx?gdftrk=gdfV21784_a_7c150_a_7c4514_a_7c
C6SH_d_448YL&gclid=CLikscuj07gCFc4-Mgod0mYA0g
26
Unshielded Twisted Pair (UTP)
CAT-2, 3, 4, 5
Source: http://essayprashesh.blogspot.com/2010/09/twisted-pair-cable.html
27
Coaxial Cable
• Inner conductor made of copper
• Includes insulating layer around the
conductor
• Protective shield around it
• Outer insulating jacket
• Used in cable television and some telephone
systems
• Originally used in Ethernet
Source: http://searchdatacenter.techtarget.com/definition/coaxial-cable
28
Coaxial Cable
Source: http://www.oocities.org/tohliang/hardware.htm
29
Fiber Optic
• Consists of three layers:
▫ Core – thin glass where light travels
▫ Cladding – outer optical material to reflect the
light back into the core
▫ Buffer Coating – plastic coating to protect core
from damage and moisture
• Can contain many strands
▫ Bundles are protected by a jacket
Source: http://computer.howstuffworks.com/fiber-optic1.htm
30
Fiber Optic
Source: http://www.ecvv.com/product/2063210.html,
http://clcomm.com/index.php?main_page=index&cPath=12 ,
http://electronics.howstuffworks.com/question402.htm
31
Domain Name System
32
VoIP
33
Web Protocols
▫ Hypertext Markup Language (HTML)
▫ Hypertext Transfer Protocol (HTTP):
 Communications standard used for transferring Web
pages
▫ Uniform resource locators (URLs):
 Addresses of Web pages
 http://www.megacorp.com/content/features/082602.
html
▫ Web servers
 Software for locating and managing Web pages
34
Chapter 8
• Security Information Systems
35
Definitions
• Vulnerability
▫ Front door open
• Threat
▫ Thief walking by
• Attack
▫ Thief enters house
• Controls
▫ Have motion sensors in the house
36
System Vulnerability
• Accessibility of networks
• Hardware problems (breakdowns, configuration
errors, damage from improper use or crime)
• Software problems (programming errors,
installation errors, unauthorized changes)
• Disasters
• Use of networks/computers outside of firm’s
control
• Loss and theft of portable devices
37
Attacks
• Spoofing
– Misrepresenting oneself by using fake e-mail
addresses or masquerading as someone else
– Redirecting Web link to address different from
intended one, with site masquerading as intended
destination
• Sniffer
– Eavesdropping program that monitors
information traveling over network
– Enables hackers to steal proprietary information
such as e-mail, company files, and so
38
Attacks (Cont’d)
• Denial-of-service attacks (DoS)
▫ Flooding server with thousands of false requests
to crash the network
• Distributed denial-of-service attacks (DDoS)
▫ Use of numerous computers to launch a DoS
▫ Botnets
 Networks of “zombie” PCs infiltrated by bot malware
 Deliver 90% of world spam, 80% of world malware
 Grum botnet: controlled 560K to 840K computers
39
Computer Crime
• Defined as “any violations of criminal law that
involve a knowledge of computer technology for
their perpetration, investigation, or prosecution”
• Computer may be target of crime, for example:
▫ Breaching confidentiality of protected
computerized data
▫ Accessing a computer system without authority
• Computer may be instrument of crime, for
example:
▫ Theft of trade secrets
▫ Using e-mail for threats or harassment
40
Employees
• Security threats often originate inside an
organization
• Inside knowledge
• Sloppy security procedures
▫ User lack of knowledge
• Social engineering:
▫ Tricking employees into revealing their passwords
by pretending to be legitimate members of the
company in need of information
41
Information Assurance
• Electronic evidence
– Evidence for white collar crimes often in digital
form
• Data on computers, e-mail, instant messages,
e-commerce transactions
– Proper control of data can save time and money
when responding to legal discovery request
• Computer forensics:
– Scientific collection, examination, authentication,
preservation, and analysis of data from computer
storage media for use as evidence in court of law
– Includes recovery of ambient and hidden data
42
Security Policy
• Ranks information risks, identifies acceptable
security goals, and identifies mechanisms for
achieving these goals
• Drives other policies
▫ Acceptable use policy (AUP)
 Defines acceptable uses of firm’s information
resources and computing equipment
▫ Authorization policies
 Determine differing levels of user access to
information assets
43
DRP and BCP
• Disaster recovery planning: Devises plans for
restoration of disrupted services
• Business continuity planning: Focuses on
restoring business operations after disaster
▫ Both types of plans needed to identify firm’s most
critical systems
▫ Business impact analysis to determine impact of
an outage
▫ Management must determine which systems
restored first
44
Protecting Information
• Identity management software
– Automates keeping track of all users and
privileges
– Authenticates users, protecting identities,
controlling access
• Authentication
– Password systems
– Tokens
– Smart cards
– Biometric authentication
45
Tools - Firewall
• Combination of hardware and software
that prevents unauthorized users from
accessing private networks
• Technologies include:
▫ Static packet filtering
▫ Stateful inspection
▫ Network address translation (NAT)
▫ Application proxy filtering
46
Corporate Tools
• Intrusion detection systems:
▫ Monitors hot spots on corporate networks to
detect and deter intruders
▫ Examines events as they are happening to
discover attacks in progress
• Antivirus and antispyware software:
▫ Checks computers for presence of malware and
can often eliminate it as well
▫ Requires continual updating
• Unified threat management (UTM) systems
47
Wireless Security
• WEP security can provide some security by:
▫ Assigning unique name to network’s SSID
and not broadcasting SSID
▫ Using it with VPN technology
• Wi-Fi Alliance finalized WAP2 specification,
replacing WEP with stronger standards
▫ Continually changing keys
▫ Encrypted authentication system with
central server
48
Encryption
• Transforming text or data into cipher
text that cannot be read by unintended
recipients
• Two methods for encryption on
networks
▫ Secure Sockets Layer (SSL) and
successor Transport Layer Security (TLS)
▫ Secure Hypertext Transfer Protocol (SHTTP)
49
Encryption methods
• Symmetric key encryption
▫ Sender and receiver use single, shared key
• Public key encryption
▫ Uses two, mathematically related keys:
Public key and private key
▫ Sender encrypts message with recipient’s
public key
▫ Recipient decrypts with private key
50
Public Key Encryption
51
Encryption Tools
• Digital certificate:
▫ Data file used to establish the identity of users and
electronic assets for protection of online transactions
▫ Uses a trusted third party, certification authority (CA),
to validate a user’s identity
▫ CA verifies user’s identity, stores information in CA
server, which generates encrypted digital certificate
containing owner ID information and copy of owner’s
public key
• Public key infrastructure (PKI)
▫ Use of public key cryptography working with
certificate authority
▫ Widely used in e-commerce
52
Digital Certificates
53
Protecting Environment
• Ensuring system availability
– Online transaction processing requires 100%
availability, no downtime
• Fault-tolerant computer systems
– For continuous availability, for example, stock markets
– Contain redundant hardware, software, and power
supply components that create an environment that
provides continuous, uninterrupted service
• High-availability computing
– Helps recover quickly from crash
– Minimizes, does not eliminate, downtime
54
Cloud and Security
• Responsibility for security resides with company
owning the data
• Firms must ensure providers provides adequate
protection:
▫ Where data are stored
▫ Meeting corporate requirements, legal privacy
laws
▫ Segregation of data from other clients
▫ Audits and security certifications
• Service level agreements (SLAs)
55
Chapter 9
• Enterprise Applications
56
ERP
• Enterprise resource planning (ERP) systems
• Suite of integrated software modules and a
common central database
• Collects data from many divisions of firm for
use in nearly all of firm’s internal business
activities
• Information entered in one process is
immediately available for other processes
57
Enterprise Software
• Built around thousands of predefined business
processes that reflect best practices
▫
▫
▫
▫
Finance and accounting
Human resources
Manufacturing and production
Sales and marketing
• To implement, firms:
▫ Select functions of system they wish to use.
▫ Map business processes to software processes.
 Use software’s configuration tables for customizing.
58
Sample Enterprise System
59
Enterprise System Business Value
• Increase operational efficiency
• Provide firm-wide information to support
decision making
• Enable rapid responses to customer requests for
information or products
• Include analytical tools to evaluate overall
organizational performance
60
Supply Chain Management Systems
• Network of organizations and processes for:
▫ Procuring materials, transforming them into
products, and distributing the products
• Upstream supply chain:
▫ Firm’s suppliers, suppliers’ suppliers, processes
for managing relationships with them
• Downstream supply chain:
▫ Organizations and processes responsible for
delivering products to customers
• Internal supply chain
61
Supply Chain Management
• Inefficiencies cut into a company’s operating costs
▫ Can waste up to 25% of operating expenses
• Just-in-time strategy:
▫ Components arrive as they are needed
▫ Finished goods shipped after leaving assembly line
• Safety stock: Buffer for lack of flexibility in supply
chain
• Bullwhip effect
▫ Information about product demand gets distorted as
it passes from one entity to next across supply chain
62
SCM Issues
• Global supply chain issues
▫ Greater geographical distances
▫ Greater time differences
▫ Participants from different countries
 Different performance standards
 Different legal requirements
• Internet helps manage global complexities
▫
▫
▫
▫
63
Warehouse management
Transportation management
Logistics
Outsourcing
Business Value of SCM
• Match supply to demand; reduce inventory
levels
• Improve delivery service
• Speed product time to market
• Use assets more effectively
• Reduced supply chain costs lead to increased
profitability
▫ Total supply chain costs can be 75% of operating
budget
• Increase sales
64
CRM
• Customer relationship management (CRM)
▫ Knowing the customer
▫ In large businesses, too many customers and too many
ways customers interact with firm
• CRM systems:
▫ Capture and integrate customer data from all over the
organization
▫ Consolidate and analyze customer data
▫ Distribute customer information to various systems
and customer touch points across enterprise
▫ Provide single enterprise view of customers
65
CRM
66
CRM Systems
• Packages range from niche tools to large-scale
enterprise applications.
• More comprehensive have modules for:
▫ Partner relationship management (PRM)
 Integrating lead generation, pricing, promotions,
order configurations, and availability
 Tools to assess partners’ performances
▫ Employee relationship management (ERM)
 Setting objectives, employee performance
management, performance-based compensation,
employee training
67
CRM Tools
• Sales force automation (SFA)
▫ Sales prospect and contact information, sales
quote generation capabilities
• Customer service
▫ Assigning and managing customer service
requests, Web-based self-service capabilities
• Marketing
▫ Capturing prospect and customer data,
scheduling and tracking direct-marketing
mailings or e-mail, cross-selling
68
CRM Capabilities
69
CRM Types
• Operational CRM:
▫ Customer-facing applications such as sales force
automation, call center and customer service
support, and marketing automation
• Analytical CRM:
▫ Based on data warehouses populated by
operational CRM systems and customer touch
points
▫ Analyzes customer data (OLAP, data mining, etc.)
 Customer lifetime value (CLTV)
70
Analytical CRM
71
Business Value of CRM
•
•
•
•
•
•
Increased customer satisfaction
Reduced direct-marketing costs
More effective marketing
Lower costs for customer acquisition/retention
Increased sales revenue
Churn rate:
▫ Number of customers who stop using or purchasing
products or services from a company
▫ Indicator of growth or decline of firm’s customer base
72
Enterprise Application Challenges
• Highly expensive to purchase and implement
enterprise applications
▫ Average “large” system—$12 million +
▫ Average “small/midsize” system—$3.5 million
•
•
•
•
Technology changes
Business process changes
Organizational learning, changes
Switching costs, dependence on software
vendors
• Data standardization, management, cleansing
73
Chapter 10
• Electronic Commerce
74
Electronic Commerce
• E-commerce: Use of the Internet and Web to
transact business.
• Began in 1995 and grew exponentially; still
stable even in a recession.
• Companies that survived the dot-com bubble
burst and now thrive.
• E-commerce revolution is still in its early stages.
75
Features facilitating eCommerce
•
•
•
•
•
•
•
•
76
Ubiquity
Global reach
Universal standards
Richness (media)
Interactivity
Information density
Personalization/customization
Social technology
Internet in the Marketplace
• Reduces information asymmetry
• Offers greater flexibility and efficiency because of:
▫
▫
▫
▫
•
•
•
•
•
77
Reduced search costs and transaction costs
Lower menu costs
Greater price discrimination
Dynamic pricing
May reduce or increase switching costs
May delay gratification: effects dependent on product
Increased market segmentation
Stronger network effects
More disintermediation
Benefits
78
Digital Goods
• Goods that can be delivered over a digital network
▫ For example: music tracks, video, software,
newspapers, books
• Cost of producing first unit is almost entire cost of
product
• Costs of delivery over the Internet very low
• Marketing costs remain the same; pricing highly
variable
• Industries with digital goods are undergoing
revolutionary changes (publishers, record labels,
etc.)
79
eCommerce Types
• Business-to-consumer (B2C)
▫ Example: BarnesandNoble.com
• Business-to-business (B2B)
▫ Example: ChemConnect
• Consumer-to-consumer (C2C)
▫ Example: eBay
• Government-to-consumer (G2C)
▫ Example: City of Colorado Springs web site
80
eCommerce Business Models
•
•
•
•
•
•
•
81
E-tailer
Transaction broker
Market creator
Content provider
Community provider
Portal
Service provider
eCommerce Revenue Models
• Advertising
• Sales
• Subscription
• Free/Freemium
• Transaction fee
• Affiliate
82
Social Networking
• Most popular Web 2.0 service: social networking
▫ Social shopping sites: Swap shopping ideas with
friends
• Wisdom of crowds
• Crowdsourcing
▫ Large numbers of people can make better decisions
about topics and products than a single person.
• Prediction markets
▫ Peer-to-peer betting markets on specific outcomes
(elections, sales figures, designs for new products)
83
eCommerce Marketing
• Internet provides new ways to identify and
communicate with customers.
• Long tail marketing:
▫ Ability to reach a large audience inexpensively
• Behavioral targeting:
▫ Tracking online behavior of individuals on
thousands of Web sites
• Internet advertising formats
▫ Search engine marketing, display ads, rich media,
e-mail, and so on
84
Web Site Personalization
85
Advertising Network
86
Social Network Marketing
• Seeks to leverage individuals influence over
others in social graph
• Target is a social network of people sharing
interests and advice
• Facebook’s “Like button”
• Social networks have huge audiences
▫ Facebook: 150 million U.S. visitors monthly
87
Electronic Data Interchange
• Computer-to-computer exchange of standard
transactions such as invoices, purchase orders.
• Major industries have EDI standards that define
structure and information fields of electronic
documents.
• More companies are increasingly moving toward
private networks that allow them to link to a
wider variety of firms than EDI allows and share
a wider range of information in a single system.
88
EDI
89
Private Exchange
• Large firm using extranet to link to its suppliers,
distributors, and other key business partners
• Owned by buyer
• Permits sharing of:
▫
▫
▫
▫
90
Product design and development
Marketing
Production scheduling and inventory management
Unstructured communication (graphics and email)
Private Industrial Network
91
Location Based Services
• Used by 74% of smartphone owners
• Based on GPS map services
• Types
▫ Geosocial services
 Where friends are
▫ Geoadvertising
 What shops are nearby
▫ Geoinformation services
 Price of house you are passing
92
Mobile commerce services
• Banks, credit card companies provide account
management apps
• Mobile display advertising
▫ iAd, AdMob, Facebook
• Games and entertainment
▫
▫
▫
▫
93
Downloadable and streamable services
Games
Video, short films, movies, TV shows
Music and ring tones
Building business web site
• Pieces of the site-building puzzle
▫ Assembling a team with the skills required to
make decisions about:




Technology
Site design
Social and information policies
Hardware, software, and telecommunications
infrastructure
▫ Customer’s demands should drive the site’s
technology and design.
94
Building business web site (Cont’d)
• Business objectives
▫ The capabilities the site should have
 Business decisions should drive technology
▫ Example: execute a transaction payment
• System functionality
▫ Technology needed to achieve objective
▫ Example: a shopping cart or other payment system
• Information requirement
▫ Specific data and processes needed
▫ Example: secure credit card clearing, multiple
payment options
95
Building business web site (Cont’d)
• Alternatives in building the Web site:
▫ Completely in-house
▫ Mixed responsibility
▫ Completely outsourced
 Co-location
• Web site budgets
▫ Several thousand to millions per year
▫ 50% of budget is system maintenance and content
creation
96
Building the site
97
Web site budget allocation
98
Group Project
• The Course Project Requirements document is
due next week.
• Now that you identified your client (customer)
you can begin assembling the specific
requirements to begin designing your course
project web site.
• Keep in mind that the requirements are the
specific pages you will design for your client.
• For your project you are required to deliver five
(5) specific requirements which will be
converted to five specific web pages.
99
Group Project Requirements
• Your requirements document should contain the
following elements.
▫ The requirements document should be 3-4 pages
in length and adhere to APA guidelines.
 Select one member of the group to submit the
Course Project Requirements document.
▫ Introduction (who is your client)
▫ Purpose Statement (why the web site is necessary
for the business)
▫ List of Requirements (based on client needs)
▫ Summary
100
Questions?
101