The Organization as One

1
Management Information Systems Solving
Business Problems with Information
Technology Part One Business Operations Chapter
Four Security, Privacy, and Anonymity Prof.
Gerald V. Post Prof. David L. Anderson
2
The Growth of Electronic Commerce

• Business-to-Business
• Includes up and down stream transactions that can
  enhance channel coordination and customer
  relationships
• Business-to-Consumer
• Encompasses all interaction between the customer
  and the organization
• Open Marketspace
• Connects business, partner, and consumer

3
Web-Based Commerce Model
Manufacturer/ Supplier
Customers
Direct
Marketspace
Business-to-Business
Business-to-Consumer
Intermediary
4
Operating Effectively in the Business-to-Consumer
Boundary

• Leverage Firms Logistical System
• Price and Manage Online Transactions
• Optimize Communication to Key Consumer Markets
• Achieve Excellence through Service

5
Develop Business Partnerships

• Establish Business-to-Business Relationships to
  Sell Competitively to Customers
• Strengthen the Value Chain
• Provide Value through Communication
• Optimize Business-to-Business Service

6
Virtual Interconnectivity

• Sell in a Virtual World
• Stay Real or Become Virtual
• Communicate with a Community
• Provide Value-Add Services in the Marketspace

7
Opportunities and Threats of End-Run Strategies

• Odd Person Out
• Establish Place in Value Chain
• Compare Information in a Virtual World
• Optimize the Service Offering Across Partner
  Organizations

8
Managerial Issues for Security

• Technical
• Societal
• Economic
• Legal
• Behavioral
• Organizational/Managerial

9
Managerial Issues for Security

• Technical
• How will Security be Implemented?
• What protocols will be the standards of future
  electronic commerce?
• What are the future technologies used to wire
  people and households?

10
Managerial Issues for Security

• Societal
• How will the privacy of individuals be protected?
• How will consumer data be used?
• Will consumer data be misused?
• How do user perceptions of issues reflect reality?

11
Managerial Issues for Security

• Economic
• How will electronic and physical markets differ?
• Will economic theories succeed as instantaneous
  access to information emerges?
• What will be the price of information?

12
Managerial Issues for Security

• Legal
• Should governments continue to subsidize the
  internet?
• How will real world laws apply to the legality of
  virtual sites?
• Who is liable for information accuracy?

13
Managerial Issues for Security

• Behavioral
• How satisfied will users be with virtual
  experiences compared to those in the real world?
• How will a sense of community and social needs be
  represented through E-Commerce?
• What are the characteristics of early adopters of
  E-Commerce?

14
Managerial Issues for Security

• Organizational/Managerial
• What are the differences between managing an
  E-commerce business and a more traditional one?
• How will the organization of the firm change as
  E-commerce becomes more prevalent?
• What products lend themselves to success with
  E-Commerce?

15
Managerial Issues for Security

• Technical
• Societal
• Economic
• Legal
• Behavioral
• Organizational/Managerial

16
Strategic SecurityLeverage Paradigm
Change the Game
Change the Game
Competitive Position
Competitive Position
Nature of Conflict Terms of Competition
Strategic Leverage
Objectives Strategies Tactics
17
Systems DevelopmentLifecycle
Obsolete Solution
Problem to be Solved
Planning
New, Related Problem or Requirement
Analysis
Support
New implementation Alternative or Requirement
Implementation Error (bug)
Problem Understanding and Solution Requirements
Implemented Solution
Design
Implementation
Acceptable Solution Statement
18
Systems Planning Elements

• People
• Users, Management, Information Specialists
• Data
• How it is captured, used, and stored
• Activities
• Automated and Manual
• Business and Information Applications
• Networks
• Where data is stored and processed
• How data is exchanged between different locations
• Technology
• hardware and software used

19
Electronic CommerceBuilding Block
Systems Owners
Systems Users
Systems Designers
Systems Builders
20
Differentiation versus Cost Leadership
T1
Cost
Differentiated Player
Sustainable Premium
Technology Curve
Cost Leader
Minimum or Market-Required Quality
Quality
21
Is Cost Leadership Sustainable?
T1
T2
Cost
Differentiated Player
Sustainable Premium
New Technology Curve
Old Technology Curve
Cost Leader
Minimum or Market-Required Quality
Quality
22
Industry/Company Relationships
Industry Structure Competitive Position
Freedom of Maneuver
Long-term Objectives, Strategic Direction
Detailed Strategies and Tactics
23
Break-Even Point
Total Revenue
Revenue and Costs
Profit
Profit
Total Costs
Fixed Costs
Fixed Costs
Sales
Break-Even Volume
24
Decision Trees
Probability
Decision Point
25
Efforts to Categorizethe Unknown
Uncertainty
Complexity
Instability
26
Variables
Cost
Time
Risk
27
Barriers to Information Security Sources

• Economies of Scale
• Economies of Scope
• Product Differentiation
• Capital Requirements
• Cost Disadvantages
• Independent of Size
• Distribution Channel Access
• Government Policy

28
Four Generic Approaches
Lose
Win
Win/Win
Win/Lose or Cooperative Equilibrium
Win
Lose
Win/Lose or Cooperative Equilibrium
Lose/Lose
29
Lose/Lose
Structure Defines the Industry War

• Total Industry Profits are Very Low, Zero, or
  Negative
• Industry Revenues are Declining, or, at best,
  steady
• Product Technology is at or past its peak

30
Win/Win

• Total Industry Revenues and Profits are Growing
  Rapidly
• Numerous Players of All Sizes
• Products and Services are not Standardized

31
Win/Lose

• Total Industry Revenues and/or Profits are
  Constant or are Growing very Slowly
• Significant Economies of Scale in Production,
  Distribution, and/or Promotion
• Number of Firms Participating in the Industry is
  Limited and Stable
• Individual Participants have, or can obtain,
  Information Regarding the Relative Positions of
  the Players

32
Structure Defines the Terms of Competition

• Wasting Resources
• generic advertising rather than focusing on
  specific market segments
• Precipitating Unwanted Warfare
• Causing a full-scale price war when only brand
  repositioning was necessary
• Failing to Anticipate and Adapt to Changes
• Following historical patterns
• Underspending on Advertising

33
Structure Defines Maneuver

• Standard or Dominant Product Emerges
• Distribution Channels Limit Firms Ability to
  Determine which Channels to Select
• Target and Market Niches Become More Difficult to
  Defend
• Substitutes Limit Price Increases which Requires
  Increase in Advertising Expenditure

34
Two Levels of Planning

• Systems Planning
• Gives Managers, Users, and Information Systems
  Personnel Projects
• Establishes what should be done
• Sets a budget for the total cost of these
  projects
• Systems Project Planning
• Setting a plan for the development of each
  specific systems project

35
Systems Professional Skills

• Systems Planning
• Form project team after proposed systems project
  is cleared for development
• Systems Analysis
• Business Systems Analysts knowledgeable in
  business
• General Systems Design
• Business Systems Analysts
• Systems Evaluation and Selection
• Business Systems Analysts
• Detailed Systems Design
• Wide Range of Systems and Technical Designers
• Systems Implementation
• Systems analysts, programmers, and special
  technicians

36
Effective Leadership Style

• Autocratic Style
• Crisis-Style Management
• Used to Correct Major Problem, such as Schedule
  Slippage
• Democratic Style
• Team-oriented Leadership
• Gives each team member the freedom to achieve
  goals which he/she helped set
• Laissez-Faire Style
• Highly-motivated, Highly-Skilled Team Members
• People who work best alone

37
Project Management Skills

• Planning
• States what should be done
• Estimates how long it will take
• Estimates what it will cost
• Leading
• Adapts to dynamics of enterprise and deals with
  setbacks
• Guides and induces people to perform at maximum
  abilities
• Controlling
• Monitors Progress Reports and Documented
  Deliverables
• Compares Plans with Actuals
• Organizing
• Staffs a Systems Project Team
• Brings together users, managers, and team members

38
CASE/Frameworks

• Computer-Aided Systems and Software Engineering
• Increase Productivity of Systems Professionals
• Improve the Quality of Systems Produced
• Improve Software Maintenance Issue

39
CASE/Frameworks

• Includes
• workstations
• central repository
• numerous modeling tools
• project management
• Systems Development Life Cycle Support
• Prototyping Applications
• Software Design Features

40
Central Repository for Models

• Models Derived from Modeling Tools
• Project Management Elements
• Documented Deliverables
• Screen Prototypes and Report Designs
• Software Code from Automatic Code Generator
• Module and Object Libraries of Reusable Code
• Reverse Engineering, Reengineering, and
  Restructuring Features

41
Software Maintenance

• Reverse Engineering
• Extract original design from spaghetti-like,
  undocumented code to make maintenance change
  request
• Abstract meaningful design specifications that
  can be used by maintenance programmers to perform
  maintenance tasks
• Reengineering
• Examination and changing of a system to
  reconstitute it in form and functionality
• Reimplementation
• Restructuring
• Restructures code into standard control
  constructs
• sequence, selection, repetition

42
Data Design

• Define all the entities to be dealt with and the
  relationships between them
• Transform the conceptual design into logical
  design wherein all the views are combined and all
  the resulting data elements are defined and the
  data structure is syntactically and semantically
  determined
• Normalize this logical design for mathematically
  minimized redundancy and maximized integrity
• Transform this logical design to a physical
  design where the underlying RDBMS, hardware, and
  use patterns are taken into account
• Develop the SQL DDL code specific to each RDBMS
  vendors product is generated

43
Business Rules For Data

• Basic selection of what data elements are of
  interest, what are their characteristics (data
  type and acceptable range - also called syntactic
  structure)
• How they are related to, or dependent on, each
  other in a business sense (key, foreign key and
  referential constraint rule - also called the
  semantic structure)
• Data Integrity Rules

44
Advantages of Data Analysis

• slice and dice dynamic query support
• standard high-level access language (SQL)
• minimum data redundancy
• self-protecting data integrity
• no insert, delete and update anomalies

45
Relational Model

• The Relational Model for data design is the
  foundation of the relational database and the
  industry that produces the engines that run
  them.
• It puts data design (and data modeling) on a
  formal, mathematical footing.

46
Relationship Types

• a). One-to-one (11) means that an occurrence if
  one OT uniquely determines an occurrence of other
  OT - and vice-versa
• b). One-to-many (1n) means that an occurrence
  of one OT determines an occurrence of the other
  OT - but not vice-versa
• c). Many-to-many (nm)means that an occurrence
  of one OT can be related to many occurrences of
  other OT - and vice-versa

47
Data Rationalization

• Identification of data synonyms and homonyms
  across multiple and disparate data sources and
  the creation of a map that points back to their
  original sources.

48
Data Access Gateway

• sits between end users (usually in PC networks)
  and a legacy database
• accepts data read requests (expressed as SQL
  statements)
• converts the requests to legacy access method
  instructions
• provides the resulting data to the users
• data flow is one-way read-only.

49
Structured Data Analysis

• the functions or activities which are to be
  handled by the system
• the external entities which interact with the
  system
• the logical data stores, and
• the data flows among all the the above
• Data flow diagrams (DFD) are used to
  diagrammatically describe the elements.

50
Entity Relationship Diagrams (ERDs)

• A method of documenting and visualizing a
  conceptual data model.

51
Normalization

• The process based on the business rules for data
• a set of data elements (attributes) are arranged
  in a mathematically minimum set of tables
  (relations), within which all the attributes are
  dependent on a primary key attribute (the key).

52
Normalization Model

• The SA/Normalization method is based on the use
  of decomposition rules, which enable one to
  decompose tables/relations.
• Database design starts with flat
  tables/relations, each of which is created out of
  a data stores in the DFDs and then decomposed
  into the normal form relations. No conceptual
  schema of the enterprise is created to express
  the semantics of its information structure.
• The SA/IA method is based on the use of grouping
  rules which map simple relationships in the
  binary-relationship data model onto normal form
  relationships.
• The relational model and the normalization method
  have been criticized for being too detailed to
  use at the initial design stage, and for lacking
  a semantic structure for making unambiguous
  choices in modeling the enterprise.
• The IA method incorporates a semantic model of
  the enterprise which captures its essential
  semantic features from which the normal form
  relations are derived.

53
Conversion into Normalized Record Types

• For every data flow which either enters or
  emanates from a data store (in the leaf level
  DFDs), the integral data elements are identified
• For every data store, a list of the data elements
  which are entering and emanating are drawn up
• The dependencies among all the data elements are
  analyzed, and the normalization rules are applied
  in steps so that at every step a given relation
  is split into more simple relations
• Every relation has a key which consists of one or
  more data elements
• Every non-key data element functionally depends
  on that entire key and not on part of it
• No non-key data element depends on any other
  non-key data element in the relation (there are
  no transitive dependencies)

54
Conversion into Normalized Record Types
Enter exams dates rooms
List of Exams details
D1
Exams File
Details of Exams
Details of Exams
for lecturer
for students
Notify Lectures
Notify Students

55
De-Normalization

• The process of selectively
• combining two or more normalized tables into one,
  or
• decomposing one normalized table into two or more

56
Part Description for Modelfor General Motors

• Part 123 that is supplied by GM was assembled
  on bus 456 on May 28, 1996 is decomposed into
  the following elementary sentences
• a). A part... is supplied by a manufacturer...
• b). A part... was assembled on a bus...
• c). The assembly partbus was performed on a
  date...

57
Part Distribution Modelfor General Motors
Part (p)
Manufacturer (name)
Supplier of
Supplied of

58
Relationship Types

• a). One-to-one (11) means that an occurrence if
  one OT uniquely determines an occurrence of other
  OT - and vice-versa
• b). One-to-many (1n) means that an occurrence
  of one OT determines an occurrence of the other
  OT - but not vice-versa
• c). Many-to-many (nm)means that an occurrence
  of one OT can be related to many occurrences of
  other OT - and vice-versa

59
GM Parts Assembly Distribution Model
Bus (License )
Manu-facturer (name)
Part (p)
Supplier
Date (Calc. date)
Date of Assembly

60
Data Warehouse

• An intermediate, read-only store (usually based
  in a purchased RDBMS product) and the programs
  that manage it.
• Contains recent and summarized data extracted
  from across some or all of the legacy data
  systems
• Presents a subject-based view

61
Functional Dependency

• Mathematical term for the key relationship (using
  rational terminology) between data elements. A
  data element (attribute) that is functionally
  dependent on another data element (the key) will
  always exist in a relation (table) such that a
  unique value for the key will always determine
  or locate or define a unique value of the
  dependent.

62
Metadata

• Data about data that is generally extracted from
  an existing system or created for a new system
  and stored in a design repository for developers
  to use in maintaining or extending the system
  during its lifecycle
• Metadata refers to the table, attribute, and key
  definitions contained in the catalog of a
  relational database. It can also mean the
  business rules for data designed for a new
  design, or the business rules for data thought to
  be enforced in a legacy system (semantic data
  structure, sometimes called meta-data, or meta2
  data).
• The actual syntactic and semantic data structure
  (not just what the documentation might say),
  including a complete synonym and homonym map,
  plus the business rules for data that are
  actually being enforced in the legacy system.

63
Graduate School of Business Administration Loyola
University