Organizational Resource Management ORM 8
Information Systems (IS)
What is IS? IS – a set of interrelated components working together to collect, retrieve, process, store, and distribute information for the purpose of facilitating planning, control, coordination, analysis, and decision making in business organizations Input-process-output perspective People-organization-technology perspective
Why Do People Need Information? Information Systems Why Do People Need Information? Individuals - Entertainment and enlightenment Businesses - Decision making, problem solving and control 2
Data, Information, and Systems Data vs. Information Data A “given,” or fact; a number, a statement, or a picture Represents something in the real world The raw materials in the production of information Information Data that have meaning within a context Data in relationships Data after manipulation
Computer-based Information System An Information System is an organized combination of people, hardware, software, communication networks and the data resources that collects, transforms and disseminates information in a organization.
Data, Information, and Systems Generating Information Computer-based ISs take data as raw material, process it, and produce information as output. Figure 1.1 Input-process-output
Data, Information, and Systems What Is a System? System: A set of components that work together to achieve a common goal Subsystem: One part of a system where the products of more than one system are combined to reach an ultimate goal Closed system: Stand-alone system that has no contact with other systems Open system: System that interfaces with other systems
Data, Information, and Systems Figure 1.3 Several subsystems make up this corporate accounting system.
Data, Information, and Systems The Four Stages of Data Processing Input: Data is collected and entered into computer. Data processing: Data is manipulated into information using mathematical, statistical, and other tools. Output: Information is displayed or presented. Storage: Data and information are maintained for later use.
Ethical and Societal Issues The Not-So-Bright Side Consumer Privacy Organizations collect (and sometimes sell) huge amounts of data on individuals. Employee Privacy IT supports remote monitoring of employees, violating privacy and creating stress.
Ethical and Societal Issues The Not-So-Bright Side Freedom of Speech IT abridge free speech. IT Professionalism No mandatory or enforced code of ethics for IT professionals--unlike other professions. Social Inequality Less than 20% of the world’s population have ever used a PC; less than 3% have Internet access.
Activity 1 Share your experience of Information Systems incorporated in your company?
Role of IS
Expanding Roles of IS Data Processing: 1950s-1960s Management Reporting: 1960s-1970s Decision support: 1970s-1980s Strategic and End User Support: 1980s-1990s Global Internetworking: 1990s-2000s
Classification of IS Information Systems Operations Support System Management Support System Transaction processing systems Process control systems Office automation systems Management information systems Decision support systems Executive information systems
Other categories Expert systems End user computing systems Business information systems d) Strategic information systems a) Expert Systems are knowledge-based systems that provides expert advice and act as expert consultants to the users b) End user computing systems support the direct, hands on use of computers by end users for operational and managerial applications c) Business information systems support the operational and managerial applications of the basic business functions of a firm d) Strategic information systems provide a firm which strategic products, services, and capabilities for competitive advantage
Enterprise Resource Planning (ERP) Integrated programs that can manage a company’s entire set of business operations Often coordinate planning, inventory control, production and ordering
Information Systems Planning
Definition / Levels of IS Planning What is IS planning? The process of developing a view of the future that guides decision making today Stating the direction we want to go and how we intend to get there
The Changing World of Planning Evolution of strategic IS planning along with rapid change of Internet-driven technologies. Traditional style of planning no longer viable Command and control IS as a support function “Lifecycle” (static environment) Still need long-range vision but with flexibility and creativity 23
INFORMATION SYSTEMS IN THE ENTERPRISE
MANAGEMENT CHALLENGES KEY SYSTEM APPLICATIONS FUNCTIONAL PERSPECTIVE OF SYSTEMS INTEGRATING FUNCTIONS & PROCESSES *
TYPES OF INFORMATION SYSTEMS DATA WORKERS KIND OF SYSTEM GROUPS SERVED STRATEGIC LEVEL SENIOR MANAGERS MANAGEMENT LEVEL MIDDLE MANAGERS OPERATIONAL OPERATIONAL LEVEL MANAGERS KNOWLEDGE LEVEL KNOWLEDGE & SALES & MANUFACTURING FINANCE ACCOUNTING HUMAN RESOURCES MARKETING
MAJOR TYPES OF SYSTEMS EXECUTIVE SUPPORT SYSTEMS (ESS) DECISION SUPPORT SYSTEMS (DSS) MANAGEMENT INFORMATION SYSTEMS (MIS) KNOWLEDGE WORK SYSTEMS (KWS) OFFICE AUTOMATION SYSTEMS (OAS) TRANSACTION PROCESSING SYSTEMS (TPS) *
DECISION SUPPORT SYSTEMS (DSS) MANAGEMENT LEVEL INPUTS: LOW VOLUME DATA PROCESSING: INTERACTIVE OUTPUTS: DECISION ANALYSIS USERS: PROFESSIONALS, STAFF EXAMPLE: CONTRACT COST ANALYSIS
DECISION SUPPORT SYSTEMS (DSS) FLEXIBLE, ADAPTABLE, QUICK USER CONTROLS INPUTS/OUTPUTS NO PROFESSIONAL PROGRAMMING SUPPORTS DECISION PROCESS *
EXECUTIVE SUPPORT SYSTEMS (ESS) STRATEGIC LEVEL INPUTS: AGGREGATE DATA PROCESSING: INTERACTIVE OUTPUTS: PROJECTIONS USERS: SENIOR MANAGERS EXAMPLE: 5 YEAR OPERATING PLAN
EXECUTIVE SUPPORT SYSTEMS (ESS) TOP LEVEL MANAGEMENT DESIGNED TO THE INDIVIDUAL TIES CEO TO ALL LEVELS VERY EXPENSIVE TO KEEP UP EXTENSIVE SUPPORT STAFF *
SALES & MARKETING INFORMATION SYSTEM
MANUFACTURING INFORMATION SYSTEM
FINANCE & ACCOUNTING INFORMATION SYSTEM
HUMAN RESOURCES INFORMATION SYSTEM
Developing an Information Technology Risk Management Program
Information Security is the protection of data against unauthorized access or modification
What is “Risk”? Risk is intentionally exploit a particular information system vulnerability, and the resulting impact on the organization if this should occur (National Institute of Standards & Technology-NIST) Risk is the probability of a vulnerability being exploited in the current environment, leading to a degree of loss of confidentiality, integrity, or availability, of an asset. (Microsoft)
What is Risk Management? The goal of a risk management program is to protect the organization and its ability to perform its mission from IT-related risk
Risk Management is the Keystone of Information Security
Risk Management has Three Parts Risk Assessment - Determining where risks lie, and how big they are Risk Mitigation - Prioritizing, evaluating, and implementing appropriate risk-reducing controls Evaluation and Assessment – Since Risk Management is continuous and evolving, the past year’s Risk Management efforts should be assessed and evaluated prior to beginning the cycle again
Risk Management Process What is my risk? What will I do about it? How did I do? Risk Assessment Risk Mitigation RM Evaluation
Assessing Risk Phase has Three Steps Planning – Align your annual process with your budget; Specify your scope; Identify and pre-sell stakeholders; embrace subjectivity Facilitated Data Gathering – Identify tangible and intangible assets, threats, vulnerabilities, existing controls, probable impact Risk Prioritization – Determine probabilities, and combine impact with probability to produce a risk statement
Risk Mitigation Options Assume the Risk – Accept the risk and continue operating (how big is your appetite?) Avoid the Risk – Stop running the program or sharing the data Transfer the Risk – Use options to compensate for the loss, such as insurance Lessen the Risk – Implement controls that lessen the impact or lower the likelihood
Activity 3 Can Risk Assessment be done in terms of calculation of financial figures?