150 74 8MB
English Pages [148]
ESSENTIALS OF INFORMATION SYSTEMS
JONAS FLODEN
Digitized by the Internet Archive in 2022 with funding from Kahle/Austin Foundation
https://archive.org/details/essentialsofinfoOO0Oflod
Essentials of Information
Systems JONAS FLODEN
CUMBERLAND COUNTY LIBRARY 800 E. COMMERCE ST. BRIDGETON, NJ 08302
&> Studentlitteratur
FEB
COPYING PROHIBITED All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without
permission in writing from the publisher. The papers and inks used in this product are eco-friendly.
Art. No 35853
ISBN 978-91-44-07709-3 First edition 1:1 © The author and Studentlitteratur 2013 www.studentlitteratur.se Studentlitteratur AB, Lund
Cover design: Lotta Bruhn Cover illustration: luchschen/Shutterstock
Printed by Lightning Source Inc. in the United States of America, 2013
CONTENT
Reading instructions 7
CHAPTER1
What are information systems? 9
Data, information and knowledge
9
A system 12
Information system 13 Information technology 14 The need for information in decision making 14 Types of information systems 18 Justification for information systems 20 Study questions 21 References 22
CHAPTER 2 Information systems as a part of the business strategy 23 The value chain 23
Business processes 24 Five forces 27
Competitive strategies using IT 28
The hype curve 30 Study questions 33 References 34
© THE
AUTHOR
AND
STUDENTLITTERATUR
CONTENT
CHAPTER 3 Computer systems 35 What is a computer?
35
A brief history of the computer 35 Moore’s law 39 Digital 41
Type of computers 42 Computer parts 43 Computer standards
45
Operating system 46
Study questions 50
CHAPTER4
Datastorage
51
Primary storage 52
Secondary storage 53 Long-term storage
56
Study questions 58 References
CHAPTERS
58
Networks
59
Metcalfe’s Law 59
LAN, WAN and servers 60
The Internet 61 Intranet and extranet
65
Study questions 65 References 66
CHAPTER6
Databases
67
The data hierarchy 67
Relational database
69
Redundancy 70 Database management systems 71 Data warehouse Data mining
71
72
Study questions 73
© THE
AUTHOR
AND
STUDENTLITTERATUR
CONTENT
CHAPTER7
Information systems in an organisation 75
Enterprise Information Systems 76
The evolution of Enterprise Information Systems 79 The structure of an Enterprise Information System 82
Specialised information systems 87 Study questions 87 References 88
CHAPTER 8 Systems development
89
Business processes 90
Development costs and risks 91 User involvement and acceptance
93
Systems Development Life Cycle 96 Open Source Software and proprietary software 107 Study questions 109 References
110
CHAPTER 9 Computer crime and security 111 Computer crime 111
Computer security 115 Study questions 121
References 122
CHAPTER 10 Computers, ethics and society 123 A world built around the computer 124 Privacy 125
Ethics 128 Environmental impact 130 Source evaluation Study questions
References
132 134
136
Index 137
© THE
AUTHOR
AND
STUDENTLITTERATUR
READING INSTRUCTIONS
The intention behind this book is to give a condensed instruction to information systems. The intended reader is a person interested in information systems, but with no previous knowledge in the area. The typical reader would be a first-year university student who wants a basic understanding of computers and the information systems commonly occurring in companies and organisations today. The reader should get a general understanding of how computers and information systems work and how they can be used in companies and organisations today. The text will not go into technical details, but will introduce the vocabulary and key concepts necessary to understand and talk to IT professionals. At the end of each chapter there are study questions. The answers to some of the questions can be found in the text, while others have no given answer. These questions will require that you think for yourself and include your own experiences and opinions in the answers. This will require that you understand the topic and not only quote the book. The cogwheels represent technical sections that are more focused on readers with a technical interest. The boxes are cases and examples that are used to highlight and contrast important aspects of the text.
© THE
AUTHOR
AND
STUDENTLITTERATUR
Hf
keke Sina ania
ai Ae
uiaieraiene tof oil x aoteile sheen deagyLeet ~
are we iden an Bhan ids nw Silman a ay om ee 27 AEA vata ND tet vise sea soercetal one pert Artem aaa ho
=
sete dae alt rola erntang aeiieesSamy —es
i
/
Bdoe
on
a aie
ewiltrin ive at Shea
7
la ropon
Che sy] Fie es gee rmBon 4 Laat ¢ehy maerd otProto helen pe pee as Geis rslh tiges adtymedes Ps at iS
.
=
a.
anaes? 3 tanaYameoe wr Lie sok pale age Me newt t-77 Sta
Os
ani
sige
Ase) oy Ameer GayeBe
trae #3 A
|
Aloe os
‘
o ar nape Alph rr
EAI. Soe
oe —
~ if
7
eae aes“
emamagia
As
a
What are information systems?
CHAPT 1
information systems have always been a part of everyday life in companies and organisations. Thousands of years ago, clay tables, wax tablets and papyrus scrolls were used to keep record of business transactions. Today, advanced computer
systems perform the same tasks. The introduction of computers has forever changed how information is handled in a company. Information can today be handled and processed much faster than before and the possibilities are almost endless. This has caused the information system to become a core element in all organisations today. Many resources are spent on developing and implementing
information systems, and it is generally agreed that a well functioning information systemisa key element in achieving a successful business. A good understanding of information systems, their possibilities and limitations and the components in
the system are therefore crucia! for everyone working in any organisation today.
Data, information and knowledge The first step in understanding information systems is to understand what information really is. The purpose of an information system is to handle information. Information is commonly confused with data and knowledge, but these three concepts are very different. Data is raw facts, e.g. a number, a name oran address. Information is data that is useful for someone. To convert data to information normally requires that the data is aggregated, organised, sorted, analysed and presented in a context to the user. A list of all telephone numbers in an area, e.g., is data, but when the numbers are connected to a person, sorted and presented in a phonebook, they become information for persons looking for a phone number. The fact that information is something
© THE
AUTHOR
AND
STUDENTLITTERATUR
9
1
WHAT
ARE
INFORMATION
SYSTEMS?
Aggregated Organised Sorted Analysed
Interpreted and understood by the receiver Knowledge
Numbers Names Addresses etc.
Sales revenue per salesperson Bus timetable A dinner recipe
How to manage the sales force Which bus to take Know how to cook
etc.
etc.
FIGURE 1.1 Data information and knowledge.
that is useful for someone also implies also that what is information for one person is data for another person. If you are not looking for a phone number, then the phonebook is just data. What is information for a person can therefore also be different over time, depending on what the person requires at that time. See figure 1.1. But presenting the right information to a user does not necessarily mean that this turns into knowledge with the user. A typical example would be where a lecturer at a university lectures and presents information to the students. The lecturer has collected data and processed it into information that is presented to the students. However, when the exam comes and the students fail, it is obvious that the information has not turned into knowledge for the students. Defining knowledge is difficult but it concerns the process of being able to understand and use the information received. We often confuse structured data for knowledge. After big accidents, e.g. an aircraft crash, it is almost always found that the information needed to avoid the accident was there, but the information was never understood or analysed correctly. This can often be attributed to information overload. The amount of information provided by the information system is simply too much to comprehend, i.e. it never turns into knowledge with the user. A study showed that 43 percent of managers think that important decisions are delayed and the ability to make decisions
affected as a result of having too much information. 38 percent of managers surveyed waste substantial amounts of time just looking for information. 10
© THE
AUTHOR
AND
STUDENTLITTERATUR
1
WHAT
ARE
INFORMATION
SYSTEMS?
An information system trying to supply its user with information must therefore be well adapted to the needs of its users. The need for information, and therefore the requirements on the information system, is unique for each organisation and each situation. The design and implementation of information systems constitute a constant battle between cost-effective standard solutions that deliver “standard” information to the user and expensive custom-made solutions that deliver user-specific information. The information system should be able to produce information with a high information quality. This means that the information should have the right content, be in the right format and come at the right time. INFORMATION OVERLOAD
During the Vietnam war, several incidents occurred where American F4 Phantom
F4 Phantom Il Cockpit.
fighters were shot down, although all warning systems had been fully functioning and warned the pilot about the danger. Investigations later revealed that the pilots had suffered from information overload. The complex cockpit environment and radio transmissions had produced too much information for the pilot to absorb. Therefore, the pilots had missed the important warnings.
Picture: Wikipedia.
Previous studies on fighter pilots during the Korean war had resulted in the OODA loop. The loop consists of four steps: 1. Observe (the enemy), 2. Orient (the aircraft), 3. Decide (what to do) and 4 Act. The pilot that can reach
step 4 quickest is likely to be the winner. Information overload during the Vietnam war caused the pilots to get stuck at step 1 in the loop. The OODA loop can also be applied in business, where the company that spots a business opportunity first, orients the company to take advantage of it, decides on a strategy and acts first is likely to become more successful than its competitors.
© THE
AUTHOR
AND
STUDENTLITTERATUR
aval
1 WHAT
ARE
INFORMATION
SYSTEMS?
A system A system is a set of interlinked, real or abstract, components that work together to reach acommon goal. It interacts with its surroundings, has clear outer boundaries, and can be further divided into subsystems. A system is not just about computers, but almost anything could be viewed as a system, e.g. a company, an animal, a sports team or a country. The definition of a system might appear clear, but it is obvious that it also opens up for interpretations. A sports team, for example, has a common goal to win the game and interacts with the opposing team, referees etc. It consists of a number of players and can be divided into subsystems, e.g. forwards and defenders. However, should the substitutes be considered as part of the team (system)? Should the team spirit be included as a component? The fans? A system is viewed differently by different people and it is not possible to find just one true picture of the system. See figure 1.2.
FIGURE 1.2 A suggestion for a football team system divided into four subsystems. Figure: Wikipedia
12
© THE AUTHOR
AND
STUDENTLITTERATUR
1
WHAT
ARE
INFORMATION
SYSTEMS?
Information system The first thing people think about when they hear information system is computers. However, an information system does not have to include computers. It consists of people and the equipment and procedures they use to manage the flow of data and information. This could be a typewriter and a person that files paper in a filing cabinet. The way an organisation handles its information, and the people that do it, is also a part of the information system. What it is all about is to have a system that can handle the data in an organisation and collect it, store it, aggregate it and present it to a user so that it becomes information. This information can be used for decision making, every-day operations or any other of the thousands of tasks in an organisation. An information system can be defined as an interacting structure of people, equipment and procedures, which together collect, store and manage data and make information available for the purpose of planning, implementation and control. The purpose of the information system is to collect data and to transform it into information by presenting it to the user in an appropriate
way so that it can be used to manage the organisation. It is obvious that the information system for a large multinational corporation must be different from the information system in the local supermarket. It is not possible to have a single information system that will work for all organisations, since a system can be viewed differently by different people and the need for information is different for different people. To design the information system, it is necessary to thoroughly understand the organisation, its procedures and its information need. Even then, it is not possible to find one best system that everyone in the organisation will agree on. The system design will always be unique for each organisation and partly based on subjective judgements and experience. The information system can also be viewed as a part of a socio-technical system. The socio-technical perspective looks at organisations as being made up of people (the social system) and the tools and equipment (the technical system) they use to produce goods or services for their customers. The success of an organisation will largely depend on how well the two systems work together. The information system must bridge the two parts and help them work together.
© THE
AUTHOR
AND
STUDENTLITTERATUR
13
1
WHAT
ARE
INFORMATION
SYSTEMS?
The socio-technical system has emergent properties which mean that some properties of the system are only visible when the two sub-systems are put together. Thus, you will not see them if you study the systems separately. The total system is therefore more complex than the individual sub-systems taken separately and must be studied as a whole. For example, a seemingly good company policy in the social system to handle all customer complaints within one day could perhaps not be handled by the technical system, resulting in bad customer service and more complaints. Another example is that a technical manufacturing process based on teamwork would not work well in an organisation without trust between the co-workers. The socio-technical
perspective highlights the importance of understanding the complete organisation and its surroundings when designing an information system. A technical system that might work perfectly with one social system might
be a complete failure with another social system.
Information technology Information technology, commonly abbreviated IT, are the tools used in an information system. The most obvious technology is the computer and, although they do not have to be included in an information system, a successful information system today always includes computers. Computers make it possible to manage, analyse and present large amounts of data effectively and at a relatively low cost, and they bring possibilities that previously were unthinkable, e.g. direct access to real-time information. However, it is important to remember that computers are just tools and will not solve any problems by themselves. It is easy to focus on the technology, but applying computers in a poorly designed information system will only allow mistakes to be made faster.
The need for information in decision making The decision making in an organisation can be divided into operational decision making, tactical decision making and strategic decision making. The information need for each type of decision making is very different and therefore also the support needed from the information system. See figure 1.3.
14
© THE
AUTHOR
AND
STUDENTLITTERATUR
1 WHAT
ARE
INFORMATION
SYSTEMS?
Strategic decision making
Tactical decision making
Operational decision making
FIGURE 1.3 The three types of decision making.
Typically, the characteristics of each decision level can be shown as in table 1.1. TABLE 1.1 Characteristics of decisions.
Level
Decision type
Decision characteristics
Decision maker
—_ Information characteristics
Strategic
Unstructured
Ad-hoc, infrequent, lack of detailed data
Top management
Wide scope, summarised, specialised
Tactical
Semi-structured
| Combines structured decision making with unstructured
Middle management
A mix of data intense, detailed data and wide scope unstructured data
Operational
Structured
Predictable, rational, frequent,
Low level management,
Data intense, detailed
support
narrowly focused —_ordinary employees
OPERATIONAL DECISION MAKING
The operational perspective is the short-term daily operations, such as how should a new customer order be recorded or which shipping company should we use for this shipment? These operational decisions occur frequently in an
organisation and are structured and narrowly focused. Structured means
© THE
AUTHOR
AND
STUDENTLITTERATUR
15
1
WHAT
ARE
INFORMATION
SYSTEMS?
that the decisions are repetitive, routine decisions that solve the problem using existing standard solutions. For example, the bookkeeping in a company follows formalised procedures where identical procedures should be repeated for each arriving invoice. The solution to a structured problem is often rational and fact based, with little room for personal opinions. This makes these decisions very suitable for computers. The information needed is detailed quantitative data.
STRATEGIC DECISION MAKING
Strategic decisions are long-term decisions occurring seldom in an organisation, such as deciding to build a new factory, entering a new country or developing new products. These problems are unstructured and basically the opposite of the structured operational problems. The problems are rarely occurring and there is no pre-existing solution. The problem has a very wide scope and is influenced by a large number of factors from different areas. Many unknown variables will affect the problem, which makes it impossible to find one guaranteed best solution. For example, a company trying to launch an important new product line can never completely predict how it will be received by the market. The number of unknown variables are simply too many. The information need is very wide with aggregated data from several areas, but still, the final decisions will always rely on the decision maker’s experience and personal judgement. Information systems can support strategic decision making by providing data and analyses, but they can never make the decision.
TACTICAL DECISION MAKING
Tactical decisions concern medium term decisions, such as budgeting, credit check, production scheduling, project planning or purchasing. These types of decisions will impact the organisation with medium importance and moderate consequences for the next few weeks, months or perhaps a year. They can best be described as a mix between the operational and strategic problems. The problems are semi-structured and contain both structured and unstructured parts. For example, the decision to change to a new supplier of a product can partly be treated as a structured problem by calculating purchase 16
© THE
AUTHOR
AND
STUDENTLITTERATUR
1
WHAT
ARE
INFORMATION
SYSTEMS?
and transport costs. However, there are also unstructured aspects, such as the quality of the products, the trustworthiness of the company and their production capacity. The structured data provides a base for the decision making, but must be complemented by an analysis of the unstructured aspects based on human judgement.
DECISION MAKING IN THE REAL WORLD
Although the three types of decision making just described provide an easy overview of the decision-making process, it must be pointed out that this picture is a rough simplification of the real world. Structured decisions also occur on a strategic level and vice versa. The boundaries between a tactical decision and a strategic decision are not clear and not all tactical decisions are made by middle management etc. However, summaries like this provide an overview of typical decisions made in organisations today. THE IMPORTANCE OF DATA QUALITY
The quality of the input data is always important in decision making. However fine the information systems and models used, the decisions will not be better than the input data. The famous saying “Garbage in = Garbage out” really sums up everything. The introduction of global positioning Picture: Wikipedia. systems (GPS) has given people an ability to pinpoint their position on the earth with extremely high accuracy. Pleasure boats have GPS-based maps where the position of the boat is shown on a digital map. For many people, the computer screen has replaced the traditional forms of navigation with paper charts. Unfortunately, there have been a series of accidents where pleasure craft have run aground at high speed and particularly at night. Many of these accidents have been traced back to an overreliance on GPS navigation. The driver knows that the GSP is accurate and has therefore zoomed in on the map in high detail and tried to pass islands and rocks with only a few meters’ margin in complete darkness. What the driver fails to take into consideration is that the underlying map is less accurate than the GPS.
© THE
AUTHOR
AND
STUDENTLITTERATUR
Wr
1
WHAT
ARE
INFORMATION
SYSTEMS?
The nautical charts were designed long before the GPS was invented, and many of the measurements in less busy areas are more than a hundred years old. In those days, the accuracy in determining the position of e.g. an underwater rock was far lower than today. However, this was not a problem when paper charts were used since they were designed to be used at a less detailed scale. For example, a 50-metre positioning error in the real worid could.represent as little as 1 millimetre on the paper chart. In practice, this would not be a noticeable error. Today, the failure to take into consideration the quality of the input data when zooming in on the digital charts can have disastrous consequences.
Types of information systems Several types of information systems exist in organisations today. They can be divided into four main categories: Operational support systems, Management support systems, Decision support systems and Strategic planning systems.
The categories represent a hierarchical order where the functions build on each other. In reality, the systems tend to blend into each other and the division between the different types are rather arbitrary. One system can perform several of the functions and they can be given different names by different software vendors. See figure 1.4.
Strategic planning system
Decision support system
Management support system
Operational support system FIGURE 1.4 The four types of information systems,
18
© THE
AUTHOR
AND
STUDENTLITTERATUR
1
OPERATIONAL
WHAT
ARE
INFORMATION
SYSTEMS?
SUPPORT SYSTEM
An operational support system is designed to handle the daily activities in the organisations, e.g. record inventory levels in a warehouse, register customer
orders or do basic bookkeeping. The purpose of the system is to handle a large number of transactions as quickly and efficiently as possible. The activities they perform are quite standardised and following formal rules. For example, the bookkeeping in a company follows formalised procedures where identical steps are to be repeated. The potential gain from these systems is great since these repetitive activities are perfect for computers. Today, it is practically impossible to find an organisation that does not use computers in their operational system. All organisations also have some kind of operational system. Typical systems are for example accounting systems and Warehouse Management Systems (WMS). The operational systems also include systems to facilitate the work process, such as collaboration systems, document sharing systems and e-mail systems.
MANAGEMENT
SUPPORT SYSTEM
A management support system is designed for performance measurement and reporting. The system is intended to supply managers with information for the daily operations, e.g. daily reports or key performance indicators such as customer service levels or resource utilisation. The system informs the manager about the current status of the organisation and supports the manager’s decision making. The management system uses the large data quantity provided by the transaction systems and transforms it into aggregated information suitable for managers. Typical systems are the large Enterprise Resource Planning (ERP) system, expert systems, Customer Relationship Management (CRM) systems and Human Resource Management (HRM) systems.
DECISION SUPPORT SYSTEM
A Decision Support System (DSS) is intended to support decisions on a tactical level. As the name implies, the purpose of the systems are not to
© THE
AUTHOR
AND
STUDENTLITTERATUR
19
1
WHAT
ARE
INFORMATION
SYSTEMS?
make the decisions but to support them. Tactical decisions are made using a combination of structured quantitative data that are then analysed by the managers and combined with their experience and knowledge. The systems use the data provided by the operational and management support systems and combine them with data from outside sources, e.g. maps and public statistics, to supply the manager with decision support. A DSS can be data driven or model driven. A data-driven DSS performs quantitative analyses based on the organisation’s collected data, e.g. to detérmine which types of customers are the most profitable. A model-driven DSS uses models and algorithms to analyse and predict different events, e.g. the effects of a new factory layout or a marketing campaign. Typical DSS are Geographical Information Systems (GIS), and simulation and modelling systems. A key area for DSSs in business is Business Intelligence systems (BI). BI aims at consolidating, analysing and providing access to large amounts of data for decision making.
STRATEGIC PLANNING SYSTEM
A strategic planning system helps the top managers with the strategic decisions. These are basically decision-support systems focused on strategic decisions. They help the top management identify the strengths and weaknesses of their company and to find ways to better reach the company’s strategic goals. Based on the company’s current situation, the goal the company wants to reach and the prevailing market conditions, the system can use data from all other systems in the organisation to supply decision support data.
Justification for information systems Information systems are needed to support the decision-making process. Computers provide an easy way to manage large amounts of data and perform calculations on the data material. It also reduces the time needed
to collect the information needed for the decision making, which is a great advantage in today’s fast moving world. The complexity of the modern world also makes the number of alternatives that must be analysed for an average decision very large. The justification for each type of system is different. An operational support system is an absolute requirement in today’s business world. It is
20
© THE
AUTHOR
AND
STUDENTLITTERATUR
1
WHAT
ARE
INFORMATION
SYSTEMS?
Decision type
Information system
Justification
Strategic
Strategic planning system
Competitive advantage
decision making
Tactical
Decision
Identification of
support system
new opportunities
decision making
coer
MRP
Decision types, information
Operational
systems y and their justification.
decision making
support system
ESM:
we of eee existing resources SaaEe
. Operational support system
Competitive qualification
impossible to imagine any organisation today managing all its basic functions on paper. Such an organisation would not be able to compete on the market. The management support systems are needed to manage the existing resources properly. This increases the effectiveness and efficiency of the organisation.
The decision support systems are needed to identify new business opportunities for the organisation and to help the organisation evolve. Finally, the strategic planning systems are used to find the competitive advantage that will help the organisation to stay one step ahead of its competitors.
The different types of information systems are focused on different types of decisions. The operational systems are focused on structured decisions, the management systems on semi-structured decisions, and the DSS and strategic systems on unstructured decisions. See figure 1.5.
Study questions 1 This book is about information systems, but what is an information system? Explain what an information system is and explain the meaning of the words information and system. 2 Give examples of three information systems. 3 What is the difference between data and information?
© THE
AUTHOR
AND
STUDENTLITTERATUR
20
1
WHAT
ARE
INFORMATION
SYSTEMS?
4 Imagine an information system producing bus time-tables. For which users of the system is the output information? 5 Can you imagine any company that is not using an information system?
6 Name three situations in your own life where you have suffered from information overload. 7 What is the difference between information technology and information system? 8 What is the role of a computer in an information system? 9 Doall information systems use computers? Give reasons for your
answer. 10 Name three information systems you use that do not include computers. 11 Why can we not have an information system that looks the same for all companies and organisations? 12 Why is information important in decision making? 13. What are the characteristics of a structured decision? 14 Explain how the decision characteristics relate to the information characteristics for the three types of decision making. 15 Can all decisions be made by computers? Give reasons for your answer. 16 What are the four main types of information systems? 17 What cana
DSS be used for?
18 What is the justification for having a strategic planning system? 19 Are computers necessary parts of a modern information system? Give reasons for you answer.
References Reuters (1996). Dying for Information? An Investigation into the Effects of Information Overload in the U.K. and Worldwide, Reuters Business Information and Benchmark Research, London. Curts, R.J. & Campbell, D.E. (2001). Avoiding Information Overload Through the Understanding of OODA Loops, A Cognitive Hierarchy and Object-Oriented Analysis and Design. 6" ICCRTS conference, June 19-21.
i)
© THE
AUTHOR
AND
STUDENTLITTERATUR
Information systems as a part of the business strategy
CHAPT 2
Information systems are used for all purposes in an organisation. No matter where
you look in a modern organisation, there will be information systems. Their use might be strategic, operational or tactical, but their common denominator is that they all try to contribute to the organisation's business strategy, i.e. the plans and policies that configures the company’s resources to meet the needs and expectations
ona competitive market, in order to reach the company’s long term goal.
The value chain The need for information systems exists through all processes in an organisation. This can be seen using the value chain concept. The concept shows the chain ofactivities that a product passes through in order to reach a competitive advantage or profit. The activities are divided into primary activities and support activities. The primary activities are directly involved in the creation ofa product ora service, while support activities aim at supporting the primary
activities. See figure 2.1. Information systems are present in all activities in the value chain. For example, logistics use automated warehouses and route-planning software for distribution. Customer service uses customer relationship management software to track customer complaints etc. The technology development uses technical design software and the human resource management uses HRM software. Wherever you look in the value chain you will find information systems. The systems do not have to work separately but can also be used to integrate different parts of the value chain. This systems integration brings together the different sub-systems into one common information system by
© THE
AUTHOR
AND
STUDENTLITTERATUR
23
2
INFORMATION
SYSTEMS
AS
A PART
OF
THE
BUSINESS
STRATEGY
Yoddns SalHAiyoe
Inbound logistics
| Operations
| Outbound logistics
| Marketing |Customer |- and sales service
Asewid samianoe
FIGURE 2.1 The value chain.
sharing data and processes across the organisation. This integration can also extend outside one’s own organisation to include suppliers and customers. For example, retail stores sometimes allow potential customers to access the store inventory level on their homepage to see if the store has a certain product, or a factory might allow its system to place orders for raw materials directly in the supplier’s system.
Business processes The activities and decisions made in an organisation can also be thought of as business processes. These can be seen like a flowchart of activities, for example the steps that need to be taken to manufacture a car or to send an invoice. A business process can be defined as the structured tasks and activities that are performed to produce a service or a product. The process has a beginning and an end, and in between there are a number of tasks that transform the input into an output that gives value for the customer. See figure 2.2. Business processes look across the departments and functional areas in an organisation and focus instead on the flows that creates value for the organisation. Instead of only looking at a single department, e.g. logistics or marketing, the process view covers all activities performed in order to create the desired output. Each organisation will have several business processes 24
© THE AUTHOR AND STUDENTLITTERATUR
2
INFORMATION
SYSTEMS
AS A PART
OF
THE
BUSINESS
STRATEGY
Ship production Receive order
Manufacture product Send invoice
Receive payment
FIGURE 2.2 An example ofacustomer order business process,
that are all linked together. Similarly to the value chain, the processes can be divided into primary processes and support processes. Several management techniques exist that focus on managing processes instead of separate activities.
The information system in an organisation aims at supporting these
processes e.g. by providing information or automating the process. This means that the information system should be aligned with the business processes and not only follow the departments. Remember that an information system includes people, procedures etc., so you do not necessarily have to have the same computer system in all departments.
BUSINESS PROCESS NOTATION
“> ¥ 3 Business processes can be represented graphically using the standardised
Business Process Model and Notation (BPMN). This is a way of drawing diagrams of the business processes using a standardised format. For example, an activity where something is performed is always a rectangle with round corners, a gateway where the process can take different directions is a diamond shape, something that is associated with something is shown by a dotted line etc. Business process diagrams can become very complex , and it is an advantage to have acommon way of drawing the diagrams. Drawing diagrams like this is also a common part in information systems development. See figure 2.3.
© THE AUTHOR AND STUDENTLITTERATUR
25
[sanss] § 0} QO)
-
3St] uno, anss|
1 I
© THE
{JIM UOISSNISIG ssad01g-qns J8AQ
J! ayy Jeadas asye4 ajqeuen St ay)
AUTHOR
AND
“(EIPSAIyIM
BUSINESS
:29INOS)
THE
Payjapow Huips0d3ze ©} NWdg
wem juun ‘Aepsunuy 6 we
s
OF
ssax0id
ne>
sepua|e
Hurwem
uoissnosig
auyjpeag
jewr3
SIU ySe] SuINJad ay} ANJEA JO ay} UOISSNISIG JOAQ 0} andj 10 asje4
AS A PART
E7aUNDIS yy Hunoa
MOI | Yam10} YI UOISSNISIP JO JY) sanss| yBnoiyyjrew-a 40 sjJ22
9224)
uolssnosiq
404 a2uasajuod
Aejaq 9 skep woy quawa>unouuy
Re
a>
SYSTEMS
Jepuaje)
@>unouuy
Sanss| 40} sig uoissn
skep
INFORMATION
)(
1
1
26 7
aesapow }JewW-3
2 STRATEGY
ayenjeaq ssalboig @ Uolssndsig
ayerepow uolssndsig a2uasayu0>D }]@D
STUDENTLITTERATUR
2
INFORMATION
SYSTEMS
AS A PART
OF
THE
BUSINESS
STRATEGY
Five forces One of the best known frameworks for developing business strategies is Porter’s five forces model. The framework identifies five main forces that influence the potential strategies for a company and can also be used to identify how IT can help in developing successful strategies. See figure 2.4.
RIVALRY AMONG
EXISTING COMPETITORS
This is perhaps the most obvious of the competitive forces. It represents the rivalry and competition between your company and its existing competitors.
THREAT OF NEW ENTRANTS
This force represents the risk that new competitors will enter into the market. There exist entry barriers for new companies that want to enter a market,
e.g. investment costs, the need for certain technology, marketing costs, legal barriers, economies of scale in production etc. Depending on how high these barriers are and the potential profit in the market, there is a risk that new companies will enter the market.
Threat of new entrants
Bargaining
Rivaly among
power of
existing
power of
suppliers
competitors
customers
Bargaining
Threat of substitute products FIGURE 2.4 Porter's five forces.
© THE
AUTHOR
AND
STUDENTLITTERATUR
a7]
2
INFORMATION
SYSTEMS
AS
A PART
OF
THE
BUSINESS
STRATEGY
THREAT OF SUBSTITUTE PRODUCTS
A product offered on the market is also threatened by substitute products. These are products that fulfil the same basic customer requirements but in a different way, e.g. traditional mail might be substituted by e-mail or a paper newspaper is substituted by an Internet homepage. A substitute “product” might also be the decision not to consume this type of products at all, e.g. to stop smoking.
BARGAINING
POWER OF CUSTOMERS
This represents the power held by the customers. This force can be large if there are very few potential customers, or if there are a large number of suppliers that can easily be substituted. This can be seen in on-line shopping for books, for example, where several companies offer identical products. It is also common among suppliers to the automotive industry, where many companies only have one customer.
BARGAINING POWER OF SUPPLIERS
The suppliers of acompany might also have great power. This force is a mirror of the bargaining power of the customers. If there only is one supplier of a product, then this supplier will have great power. E.g. if you want to sell iPhones, then your company must agree to Apple’s terms. This force is present where there is a unique product or product shortage, a high switching cost, i.e. it is expensive to change supplier, a strong brand name, or ifthe customers have very low bargaining power.
Competitive strategies using IT A number of competitive strategies have been developed to counter the five force’s and information technology may well be a part of all strategies. Some of the more well known strategies are cost leadership, differentiation strategy, innovation strategy, growth strategy and alliance strategy.
28
© THE
AUTHOR
AND
STUDENTLITTERATUR
2
INFORMATION
SYSTEMS
AS
A PART
OF
THE
BUSINESS
STRATEGY
COST LEADERSHIP STRATEGY
This strategy aims at handling the threats from the five forces by achieving cost leadership by having the lowest costs. IT can support this strategy by, for example, streamlining the production process by automated production systems or warehouse management systems to reduce warehouse costs. The computer manufacturer Dell lets its customers customise and order their computers on-line and then builds them to order. This reduces transaction costs and the need to keep costly inventory. Cost leadership is related to price leadership, where the company uses it cost leadership to also offer the lowest price.
DIFFERENTIATION
STRATEGY
It is possible to gain a competitive advantage by making the products different from the competitor’s products. In this way the products will offer something unique to the customers. IT can support this by e.g. adding extra services such as a homepage with support and information for the products. It can also create new add-on services, such as a transport company offering automatic
text messages to the customer’s mobile phone about the status of a shipment.
INNOVATION
STRATEGY
Creating new products and services can be an effective way to gain a
competitive advantage. This means inventing something that previously did not exist on the market or offering an existing product to a new market segment. IT is the foundation for many new products and services, but it can also be used to develop these products. Advanced decision support systems help companies analyse business opportunities, and engineering systems help in developing and designing new products.
GROWTH
STRATEGY
By growing, a company can reach new markets and achieve economies of scale. A large organisation has some advantages over a small organisation,
© THE AUTHOR
AND STUDENTLITTERATUR
29
2
INFORMATION
SYSTEMS
AS A PART
OF
THE
BUSINESS
STRATEGY
such as lower product development costs. The cost to develop a new product is the same, irrespective of whether it is sold in 100 copies or in 1 million copies, but the share of the development cost per sold copy is reduced with larger sales. IT supports growth by offering the possibility to communicate and coordinate the activities in a large organisation. It also enables the production to be scaled up by offering automation and improved process control.
ALLIANCE STRATEGY
Another way of reaching new markets and growing is to create alliances with other companies. This may even alter the industrial structure altogether through strategic alliances between major companies. In the production industry, supply chain management is a form of alliance strategy where companies in a supply chain try to cooperate and share information. IT supports this by offering the means to communicate and coordinate the alliance and creating a platform for the cooperation.
The hype curve A consequence of the rapidly changing IT market is that new technologies are frequently introduced. The reception of these new technologies tend to be overly positive with unrealistic expectations only to quickly fall out of fashion before sometimes returning as useful productive tools. This is called the hype curve, which consists of five steps when the technology is introduced on the market. The hype curve is a useful tool to understand the changes in the industry, e.g. by plotting new and emerging technologies on the curve. See figure 2.5. First, the technology trigger is when a promising technology is introduced. The technology is not yet in full commercial use, but the potential of the technology is tempting and receives a lot of publicity. This is followed by the peak of inflated expectations where the technology is praised to the skies. When the technology is new, everyone tends to look only positively at the potential of the technology and the success stories that are starting to emerge. Expectations are unrealistically inflated. The third step that follows is the trough ofdisillusionment, which is the backlash after the huge expectations of the previous step. The technology has failed to meet those expectations, and 30
© THE AUTHOR
AND STUDENTLITTERATUR
2
INFORMATION
SYSTEMS
AS
A PART
OF
THE
BUSINESS
STRATEGY
Visibility a
Peak of Inflated Expectations
Plateau of Productivity
Slope of Enlightenment
Trough of Disillusionment Technology Trigger Time
FIGURE2.5 The hype curve. Source: www.gartner.com
many companies are pulling out of the technology. The interest diminishes as it is apparent that the inflated expectations will not be met. The technology is not necessarily a failure, but the hype around the technology was simply too high. During the fourth step, slope ofenlightenment, the technology continues to develop and starts to find its place in the business with realistic expectations. The technology and its potential uses are now better understood. Finally, the fifth step, plateau ofproductivity, is reached where the mainstream adaptation of the technology takes place and it becomes a natural part of the business. The time it takes for a technology to reach the plateau of productivity can vary and not all technologies will reach that far. A typical example is the IT bubble around year 2000 when the Internet was expected to change the world. During the IT bubble, the expectations were sky high for anything that had “com” in the company name. Early success stories such as Amazon.com inspired investors. Recently started companies without any customers could be sold for millions of dollar just because they claimed to have a novel business idea for the Internet. Basically, every company was valued as if they would dominate the future world market on the “new” Internet and stock prices were unrealistically expected to © THE
AUTHOR
AND
STUDENTLITTERATUR
31
2
INFORMATION
SYSTEMS
AS
A PART
OF
THE
BUSINESS
STRATEGY
continue rising forever. However, this peak of inflated expectations did not last forever. After a few years it became apparent that not all new companies would become the new Microsoft or Apple. The IT bubble burst with stock prices plummeting and many companies going bankrupt. This was the third step, trough of disillusionment, where the interest in Internet businesses almost disappeared. Very few people were interested in investing in anything Internet related after the huge losses in the IT bubble. After this, the Internet technology continued to develop with more realistic expectations up the slope of enlightenment until it reached the mainstream adaptation on the plateau of productivity. This is where we find the Internet business today, as a natural part of any business. BOO.COM b
| a
00.CO
It is impossible to talk about the IT boom without
mentioning boo.com. The company was founded in 1998 with the intention to sell branded fashion
apparel on the Internet. The company only survived for 15 months but managed to burn about 135 million US$ before it went bankrupt. boo.com did basically everything wrong. They considered the Internet as one market and tried to be global right from the start, without considering different customer preferences, cultures, tax regulations etc. The homepage was extremely advanced, complicated to navigate, full of bugs, and could take as much as five minutes to load in an age where the customers used slow modems. It could take the customer one hour to order a product, and then they had to wait one week to get it. The customer service was poor, the physical distribution of the products did not work and the introduction of the site was delayed several times. However, this was during the IT boom so everything concerning the Internet was popular with the investors. The company had no problem getting the necessary $12 million start-up capital and immediately started by opening offices in London, New York, Munich, Paris, Amsterdam and
Stockholm and marketed themselves heavily. Their plan was to go from nothing to $365 million in annual sales in only two years. After one year, boo.com was valued at $390 million . Surprisingly enough, this was before the website was even launched and before they
32
© THE AUTHOR AND STUDENTLITTERATUR
2
INFORMATION
SYSTEMS
AS
A PART
OF
THE
BUSINESS
STRATEGY
had their first customer. When the site finally opened in November 1999, they only got about 50 orders per day and terrible reviews. During the normally busy Christmas shopping, Boo.com had sales of $100,000 per week and costs of $4 million per week. However, this did not stop investors from putting a further $28 million into the company, before the bankruptcy in May 2000. Today, it is impossible to understand how the company could be valued so high, but this was not strange during the IT boom. It was generally argued that rules of the “old economy” were not valid any more in the “new economy” (i.e. the Internet-based world). The traditional economic
models were therefore not used in the “dot.com” businesses, but a completely new set of business logic was invented.
Study questions 1
© THE
Choose a real or imagined company. List potential uses of information systems for each part of Porter’s value chain. Choose a real or imagined company. What information does the different types of employees in the company need in order to do their job? Give an example of a business process that could occur ina supermarket. What is Porter’s five forces? Give examples of how possible strategies in the IT area can be used to overcome the threats in Porter’s five forces. Do you think an IT-based strategic advantage can last forever? Give reasons for your answer. Under what conditions can the bargaining power of the suppliers be greater than that of the customers? Banks have gone from having many local offices to putting most of their customer relations on line and closing many offices. Customers are expected to interact with the bank through internet banking and telephone. Explain the strategy that has lead to this change and the role technology has played in this transformation.
AUTHOR
AND
STUDENTLITTERATUR
33
2
INFORMATION
SYSTEMS
AS
A PART
OF
THE
BUSINESS
STRATEGY
9 How do businesses benefit from information systems? 10 What is the peak of inflated expectations in the hype curve? 11 Howcan the hype curve be used to understand the rapid changes in the IT industry? 12 The introduction of new technology can change the conditions for existing companies. Describe briefly how the introduction of the digital camera has changed the prerequisites for the traditional photo store. 13. What can we learn from the IT bubble?
References Porter, M.E. (2008). The Five Competitive Forces That Shape Strategy. Harvard business review, p. 86-105. Gartner (2011). Understanding Gartner’s Hype Cycles. Gartner Inc, Stamford. Lindstedt, G. (2002). boo.com och IT-bubblan som sprack. Manpocket.
34
© THE
AUTHOR
AND
STUDENTLITTERATUR
Computer systems
CHAPTE 3
Information technology (IT) is the tools used in an information system. As can be seen from the previous definition of information systems, this can include anything from pen and paper to supercomputers. However, a key part in all information systems today is the modern computer. A basic understanding of the technical side of computer systems is necessary to handle a modern
information system properly. The development and operations of information systems involve interaction and cooperation with computer specialists. To sharea
common language and understanding of key concepts is a prerequisite to having a successful information system.
What is a computer? The word computer comes from the 17th-century profession called computers. These were people employed to solve mathematical problems. Standard problems, e.g. interest rate calculations, were solved and published in large mathematical tables where users could look up the answer given certain input numbers. This profession perfectly sums up what computers are all about: they compute! A computer is nothing but a calculation machine.
A brief history of the computer The story of the computer began with attempts to automate time-consuming
and error-prone hand calculations. One of the first mechanical calculation machines was made by Blaise Pascal in 1642. Based on cog wheels it could only make additions and subtractions and was never a commercial success.
© THE
AUTHOR
AND
STUDENTLITTERATUR
35
3
COMPUTER
SYSTEMS
FIGURE 3.1 Punch cards in aloom.
Picture: Wikipedia.
Another key invention came during the industrial revolution in the late 18th century when punch cards started to be used to control textile looms. Using sheets of paper with holes in them, the patterns to be woven were transferred to the loom. The papers were pulled through the machine where the presence or absence of holes controlled the machine. This was a primitive form of “programming” the machine. See figure 3.1. The next great step came with Charles Babbage who in 1822 published the design for a “machinery to the computation of very big mathematical tables”. Although never built, his “Difference engine”, weighing 13.6 tonnes and consisting of 25,000 parts, could have been used for logarithmic and trigonometric calculations. See figure 3.2. Babbage is most famous for his second design, the steam powered “Analytical engine” from 1837. Built according to the same structure as a modern computer, this 30 x 10-metre large machine even had a printer! The machine was programmable using punch cards and would have been able to multiply two twenty-digit numbers in three minutes. The machine was never built, but is considered to be the first complete computer design. During the early 20th century calculation machines started to appear in more practical uses. Machines using punch cards where used to handle large amounts of data e.g. in national censuses or for book-keeping purposes
36
© THE
AUTHOR
AND
STUDENTLITTERATUR
3
COMPUTER
SYSTEMS
FIGURE 3.2 A modern replica of Babbage’s Difference Engine. Picture: Wikipedia.
in companies. Their strength lay in summarising and aggregating large amounts of data. They also found military use during the world wars. See figure 3.3.
FIGURE 3.3 An IBM 407 Accounting machine from 1949. Picture: IBM Archives.
© THE
AUTHOR
AND
STUDENTLITTERATUR
37
3 COMPUTER
SYSTEMS
Allearly designs have been based on mechanical calculations. Perhaps the biggest step in computers came with the invention of the electronic digital computer. Using vacuum tubes, it became possible to perform calculations without moving parts. This increased the speed and capacity of the computers. One of the first electronic digital computers was the ENIAC (Electronic Numerical Integrator and Computer). It was completed in 1946 and its first
task was to participate in the design of the first hydrogen atomic bomb. The computer weighed 27 tonnes and occupied an area of 167 m? with its 18,000 vacuum tubes. It was capable of performing 5,000 calculations per second and was programmed by switches and patching cables. See figure 3.4. Vacuum tube computers had problems with reliability due to frequent failure of the vacuum tubes. The ENIAC spent about 50 percent of its time out of operation to replace broken vacuum tubes. This was resolved with the introduction of the transistor in the 1950s. By the 1960s transistors had
replaced vacuum tubes in most applications, as it is smaller, cheaper, more reliable and requires less power.
FIGURE 3.4 The ENIAC computer. Picture: U.S. Army Photo.
38
© THE AUTHOR AND STUDENTLITTERATUR
3
COMPUTER
SYSTEMS
FIGURE 3.5 Three integrated circuits with their plastic casing. Picture: Wikipedia
The next step came with the introduction of the integrated circuit, commonly known as the microchip, in the 1960s. This is a small plate containing miniaturised electronic circuits and can perform the same functions as vacuum tubes and transistors. The circuits can be extremely small, containing up toi million transistors per mm/?. Their power consumption and production costs are very low. These small circuits are put into protective plastic casings with connectors. Today, we find integrated circuits in everything from toasters to mobile phones. It is likely that more or less everything you own that runs on electricity has an integrated circuit somewhere. See figure 3.5.
Moore’s law The performance of a computer is closely related to the number of transistors that can be put on the microchips in the computer. In 1965, Gordon Moore, one of the founders of Intel, made the prediction that the number of transistors ona microchip would double every 24 months. This has been called Moore’s Law and has so far been proven correct. The law is commonly generalised to refer to computer performance, and has also been extended to include such things as hard-drive capacity and computer cost. Everything indicates that the law will stay valid for several more years. See figure 3.6. The law is a reflection of the rapid development in the IT sector today. Computers get obsolete quickly and software manufacturers often design their programs to run only on the latest computers. This has been one of the © THE
AUTHOR
AND
STUDENTLITTERATUR
39
3
COMPUTER
SYSTEMS
;
:
:
Nig019-099 8 tne EX
sg
eae
2,600,000,000
Dus! Core iteciquts 2
|
a Popes
civert
AND £10.
Touhy
FONERCe'® % eins Nese EX % Opteron 24) “Cores? (Quad AME K10@
1,000,000,000 ~
Hannan 2 with iB cache@
saci 2@
Segreo~
INO Re
100,000,000 +
Bat as7
O83
o rors
VAD = 2
curve shows transistor count doubling every
10,000,000
ASAD KE LeCoe 8 Regen Ls
two yeans
BAM
Pertiven
2
©) 2 =
KS
Z
1,000,000 -
cane
8 he
WKESS,
0286 @ ye 000 @ fe iM
100,000 ~
Sis @ woe08
10,000
2,300
eos, 890g eas 808) 3” @7B0 OF Osos vo 4004@ REA 1802 =
1971
T
T
a
1980
1990
else
ae
2000
a
ee
2011
Date of introduction
FIGURE 3.6 Moore's Law. Figure: Wikipedia.
origins of the term bloating, referring to computer software tending to get larger and larger and requiring more and more computer resources. The rapid development is also a business challenge for companies in the IT industry. Moore’s law also shows that keeping hardware in stock causes it to lose value rapidly. An expensive computer can one year later only be sold for a fraction of its original purchase price. DEALING WITH MOORE’S LAW Computer manufacturers try in different ways to counteract the effect of Moore’s Law. One of the most successful companies has been Dell. Founded in 1984, the company owes a large part of its success to its ordering
Picture: Wikipedia.
40
and distribution system. Instead of the traditional make-to-stock policy, ie. where products are manufactured and then put in stock until they are sold,
© THE
AUTHOR
AND
STUDENTLITTERATUR
3 COMPUTER
SYSTEMS
Dell has chosen a make-to-order policy supported by an advanced information system. A computer is not assembled and the components are
not acquired until Dell receives a customer order. The customer logs in to Dell’s homepage and can there customise their computer, e.g. memory size, hard drive size etc. The homepage checks that the combination is allowed, and puts an internal order in Dell’s organisation to purchase the components and assemble the computer. The customer gets longer delivery times than if Dell used make-to-stock, but can instead customise the computer and get a lower price since the raw material and computer will not get obsolete in stock.
Digital Computers are often called digital computers. Being digital means that something can only can adopt discrete values, e.g. 1, 2, 5 and 10 or blue and green. Perhaps the simplest example of something digital is a lighthouse where the light flashes on and off. The lighthouse is also an example ofa digital binary signal, which means that it can only adopt two different values (on or off). The word binary means that something is composed of only two parts. The opposite of digital is analog where all values are allowed. Everything that happens in a computer is transformed into electrical signals. Computers use binary digital signals, meaning that a signal can either be on or off, called 1 or o. Digital binary systems are ideal for use in computers since they correspond well to how transistors work. A transistor has a number of incoming connections, and depending on which of the input connections is being fed an electric signal, the output from the transistor will be different. By sending binary signals through a combination of transistors, they can be used to perform all types of calculations. The binary numeral system is used to represent everything that happens in the computer. In the ordinary decimal system we have ten numbers (0-9),
and when we run out of numbers, we move one position to the left, add the number 1 in that position, and start counting again from 0, i.e. after 9 comes 10. In the binary system we only have two numbers (1 and o). After 1, when we
again run out of numbers, we move one position to the left and start counting again, i.e. after 1 comes 10 (which equals 2 in decimal numbers). Similarly,
© THE AUTHOR
AND STUDENTLITTERATUR
41
3
COMPUTER
SYSTEMS
100 in binary equals 4 in decimal numbers and 101 binary equals 5 decimally. Thus, we get rather long numbers, but it is possible to represent all numbers using only 1 and o. These numbers can then be transformed into text using standard conversion tables, e.g. 01100001 (or 97 decimal numbers) means
a” in the ASCII character encoding standard. There exist several different encoding standards with different scope and complexity.
Type of computers Several types of computers exist and can be divided into microcomputer systems, mid-range systems and mainframe systems.
MICROCOMPUTER
SYSTEMS
These are the traditional personal computers (PC) that we find in any family or office today. They are designed for everyday use, such as word processing, e-mail, computer games etc, and try to combine low cost with reasonably good computer performance. A special type of microcomputer is the computer terminal. This is a simple computer that connects to a larger computer and lets the larger computer perform the heavy computing. A typical example is an ATM, which connects to the bank’s main computer to process the transaction. This can also be called a client/server relationship, where the
microcomputer (client) connects to the larger computer (server) to access
resources on the server. The client/server concept can also be used to describe what happens every time someone surfs the Internet. We also find microcomputers that are specially made for a given purpose. For example, an ordinary cash register at a supermarket today is a kind of microcomputer. Other examples of custom-made microcomputer systems are video-game consoles, advanced mobile phones, tablet computers or e-book readers.
MID RANGE SYSTEM
When the microcomputers do not offer enough performance, then mid range systems can be used. These are essentially more powerful microcomputers and can be used for more demanding applications and programs. They
42
© THE
AUTHOR
AND
STUDENTLITTERATUR
3
COMPUTER
SYSTEMS
are commonly used as servers, supplying smaller computers with data
and resources, and in industry and research for advanced calculations. The midrange systems that are used as personal desktop computers are sometimes called workstations. A mid-range system is a few times more expensive than a microcomputer but still not extremely expensive. Remembering Moore’s Law, we can also conclude that what was considered a mid range system a few years ago is today considered a microcomputer.
MAINFRAME
SYSTEMS
There is also a need for very large computers that can handle extreme processing and storage requirements. These are mainframe systems used by e.g. banks and large corporations. A mainframe system is very expensive and might fill a whole room but in return offers very high performance. They are today largely being replaced by mid-range systems for financial reasons and due to the increase in performance of these systems. However, they are still widely used. Supercomputers are extreme mainframe systems designed to handle the most advanced calculations. Only alimited number of supercomputers exist in the world and they are more or less custom made and extremely expensive. They are often used in research and military applications.
Computer parts A computer is built around input, output, storage and processing units
and devices. These parts are called the hardware, or the physical parts of a computer, as compared to the programs computers run, which are called the software. See figure 3.7.
Output
FIGURE 3.7 Structure of
a computer.
© THE
AUTHOR
AND
STUDENTLITTERATUR
43
3 COMPUTER
SYSTEMS
INPUT
Input is data and instructions fed into the computer. There are a number of devices that allow us to communicate with the computer. Historical computers used punch cards as their input device, but today we rely on keyboards, mouse, touch screens and similar devices. There are also a number of devices that try to automate the data input process, such as bar code scanners, text recognition, voice recognition, scanning etc.
PROCESSING
Processing is the actual calculations the computer performs. Every time you press a key on your keyboard, this input is processed by the computer and causes some reaction by the computer. This could be anything from displaying a new character in your word processing software to starting a program or “killing” an enemy in the latest computer game. Processing is performed by the Central Processing Unit (CPU). This is the advanced microchip that is the core of the computer. Well known manufacturers are Intel and AMD. In consumer marketing, computers are often referred to according to their CPU type, e.g. an Intel Pentium computer. ‘The speed of a CPU is measured in MHz, representing the number of cycles the processor can perform per second. Although MHz is an important estimate of the computer's performance, the final performance of a computer
will be greatly influenced by a number of other factors, such as the speed of other circuitry in the computer and its connected devices. The CPU is not the only microprocessor in a computer. Other processing units exist for specific tasks, such as managing the graphical output, sound etc.
STORAGE
Computers also need to store data somewhere. This could be short-term storage for a few microseconds while the computer performs some calculations, or it could be long-term storage of backup data for several years. Storage can be divided into primary storage or secondary storage. Primary storage is the
44
© THE AUTHOR AND STUDENTLITTERATUR
3 COMPUTER
SYSTEMS
small internal computer memory that stores the data the computer most immediately needs. Secondary storage is the larger external storage units such as hard drives, DVD discs and USB sticks. These are used for more long-term storage of data and for data not frequently needed or too large to fit in the internal memory.
OUTPUT
The result of the computer’s calculations must also be displayed somewhere to be of use. This can be done through printers, computer screens, sound etc.
Computer standards Technically, there are many ways you could build a computer. However, by agreeing to following common standards it becomes possible to use components and software from different manufacturers. The USB port we find on all computers today is an example of a standardised connection. It is beneficial for companies to adopt the standards since it increases the potential market for their products. On the other hand, they might lose a competitive advantage they have if their own solution is technically superior or they control important patents. Standards can be either agreed standards or de-facto standards. An agreed standard is where a number of organisations agree to use a certain standard. This can be based on legal requirements or the work of a standardising committee. Examples of agreed standards are the USB port, which has been agreed on by the large computer manufacturers, and the Internet protocol, which determines how computers should communicate on the Internet. A de-facto standard is when a technical solution becomes so dominating that everyone has to adapt to it. When the first Blue-Ray Discs appeared, they competed with the DVD HD format, which offered similar performance. Blue-Ray managed to reach a larger market share than DVD HD, mainly by getting Blue-Ray players installed in all PlayStation 3 video game consoles. This eventually lead to DVD HD being cancelled and Blue-Ray becoming the de-facto standard for high-definition video storage.
© THE AUTHOR
AND
STUDENTLITTERATUR
45
3
COMPUTER
SYSTEMS
Operating system A computer is controlled by an operating system. This is the program that you meet when you start the computer and that controls all the basic functions in the computer. The most common operating system is Microsoft Windows, but several other operating systems exist.
PURPOSE OF AN OPERATING SYSTEM
An operating system manages the hardware in the computer and everything that is connected to the computer. It controls how the different parts of the computer should cooperate and communicate with each other. It also allocates the CPU resources to different tasks. This means determining what the CPU should do at any given moment. The operating system prioritises between different tasks and decides what should be handled first, since most CPUs can only do one task at a time. A task is everything a computer has to perform, e.g. to receive input from the keyboard, move a file or display something on the screen. However, it is possible to switch rapidly between the tasks, which makes them appear as if they ran simultaneously. When a program is run on the computer, for example a word processing software, the operating system is the link between the program and the computer hardware. A program must therefore be adapted to the operating system it is intended to run on. A program designed for one operating system cannot run on another operating system. User interface The most clearly visible part of an operating system is the user interface, or how the operating system communicates with the user. Most operating systems use a Graphical User Interface (GUI) which allows the user to communicate with the operating system using icons, buttons, boxes, windows and pictures. This is what can be seen in Microsoft Windows where the user uses the computer mouse to point, click, drag and drop to interact with the computer. Older type of operating systems used a command-line interface where text commands where typed in to perform tasks. See figure 3.8.
46
© THE
AUTHOR
AND
STUDENTLITTERATUR
3
Enter today’s date
(n-d-y):
The IBM Personal Computer Version 1.00 (C)Copyright > dir *.con IBNBIO con IBNDOS con COMMAND = =CON FORMAT con CHKDSK con SYS Con DISKCOPY CON DISKCOMP COM COMP COM DATE COM TIME COM MODE COM EDLIN con DEBUG Con BASIC Con BASICA con
1920 6100 3231 2560 1395 896 1216 1124 1620 252 250 860 2392 60439 10880 16256
COMPUTER
SYSTEMS
08-04-81
DOS IBM Corp 1981 07-23-81 08-13-81 08-04-81 08-04-81 08-04-81 08-04-81 08-04-81 68-04-81 08-04-81 08-04-81 08-04-81 08-04-81 08-04-81 08-04-81 08-04-81 08-04-81
A>_
FIGURE 3.8 The command-line interface of the operating system MS-DOS. Picture: Wikipedia.
MICROSOFT WINDOWS
The most common operating system today is Windows by Microsoft. Windows exists in several versions, the latest of which is Windows 8. Other versions are Windows 95, 98, NT, 2000, XP, Vistaand Windows 7. All versions
have a similar GUI. The origins of Windows was the command-line interface operating system MS-DOS introduced in 1982. This became the most common operating system until it was replaced by Windows in 1995. It is difficult to estimate market shares, but Windows has roughly 90-95 percent of the market. This dominance on the market means that
most computer programs are designed for Windows and often not made for other operating systems.
MAC OS
The computer manufacturer Apple introduced its own operating system called Mac OS in 1984. This was one ofthe first operating systems using a GUI.
© THE
AUTHOR
AND
STUDENTLITTERATUR
Ay,
3
COMPUTER
SYSTEMS
The Mac OS quickly became popular, particularly in the media industry and universities, with its user-friendly operating system, but lost market shares to Windows and today has about 5-7 percent of the market. The current version
is Mac OS X. Both Mac OS and Windows compete on the same market of microcomputer users.
The Mac OS can only be run on the Macintosh (or Mac) computers manufactured by Apple. Previous versions of the Mac computer could only run Mac OS but recent versions can also run Windows and other operating systems.
UNIX
Originally developed in i969, Unix is widely used in workstations and mid-range systems. Unix is powerful but largely lacks the user-friendliness found in the operating systems aimed at microcomputer systems. The software available for Unix is targeted at professional workstation users and servers. Thus, you will not find many computer games and entertainment software for Unix.
LINUX
An operating system similar to Unix is the free open-source Linux. The core of the system was developed by the Finnish programmer Linus Torvald in 1991 and has since been extended by independent programmers all over the world. Linux is free to use, and the operating system is known as a lean system that functions well on older and simpler computers. As it is well established in the open-source community, there is a great deal of free software available for Linux, such as spread-sheets and word-processing software, games, web
browsers etc. Linux is becoming an interesting alternative for companies looking for a low-cost alternative to Windows. Many third-world countries are also widely adopting Linux. Its main domain today is servers where Linux has a large market share. Among microcomputers, Linux has about a 1-2 percent market share. Interestingly, Linux is the dominating operating system for supercomputers.
48
© THE
AUTHOR
AND
STUDENTLITTERATUR
3
COMPUTER
SYSTEMS
IBM VS. APPLE - THE BATTLE OF STANDARDS
The two main combatants in the microcomputer market have been IBM and Apple. However, the two companies choose two different strategies with two completely different outcomes. One of the leading computer manufacturers during the 1970s and 1980s
was IBM. In the early 1980s, IBM introduced its personal computer, the PC. Picture: Wikipedia There were many operating systems to choose from for the customers, but the most popular and least expensive was MS-DOS from the small company Microsoft. The IBM computer was made of standard components which meant that it could easily be copied by other manufacturers The PC became a success and many copies followed. The IBM compatible PC became a de-facto standard among computers and is the foundation for the modern PC. Microsoft was free to sell its MS-DOS operating system to other manufacturers, while maintaining the copyright to the system. The computer could thus be copied but not the operating system. This meant that the power shifted to Microsoft and IBM was eventually driven out of the market by the low-cost clones. In 2005, IBM stopped manufacturing microcomputer systems, while Microsoft had become one of the world’s
The original IBM PC.
largest and most influential IT companies as its operating system Windows has reached a 90-95 percent worldwide market share.
A different strategy was chosen by Apple. When the first Macintosh (or Mac) computer was released in 1984 it was a computer that in many
ways was superior to the IBM PC and MS-DOS. It featured an easy to use graphical user interface, mouse and slim design. However, Apple had chosen a vertical integration strategy where all parts of the computer, from the CPU to the operating system, was designed and copyrighted by Apple. This meant that the computer could not be copied. The absence of low-cost clones meant that the Mac was more expensive than the PC, thus resulting in lower sales and limited interest from software vendors to produce programs for the Mac. Apple survived but eventually became a marginal player on the computer market with about 5-7 percent of the market.
© THE
AUTHOR
AND
STUDENTLITTERATUR
49
3 COMPUTER
SYSTEMS
Study questions i
Why is it important for anyone in a business today to have a basic understanding of computers? What is the origin of the word computer? How did the invention of the vacuum tube influence the development of the computer? Do you own an integrated circuit? Ifso, what do you use it for? Give a brief summary of the historical development of computers until today. What is Moore’s Law?
7 You have been given the offer to purchase enough computer hardware to satisfy your company’s need for the next ten years at a very good price. Would you recommend your boss to accept the offer, or would you prefer to purchase the hardware one unit at a time over the next ten years at a higher cost? Give reasons for your answer. What are the main differences between microcomputers and mainframe systems? Explain an ATM in the context of client/server. What is the difference between hardware and software? What is the CPU used for? Give an example of a de-facto standard, other than the one mentioned in this book. Why is it necessary with an operating system necessary in a computer?
Explain how the GUI has simplified the way we use computers Why has Windows become the dominating operating system? Compare the three most common operating systems. What is the difference between a digital and an analog signal? Explain the classical joke “There are only 10 types of people in the
world: those who understand binary and those who don’t”.
50
© THE
AUTHOR
AND
STUDENTLITTERATUR
Data storage
CHAPTER 4
Data needs to be stored somewhere in a computer system. This could be just short temporary storage for a few milliseconds while the computer calculates, or it can be long-term storage for several years. There are several possible technical options to store data from a computer, and different storage options are chosen depending on the purpose of the storage. It
is important to make the right storage decisions to ensure smooth and safe access to your data.
Data storage is measured in bytes, where one byte is the equivalent of one character. The standard mathematical prefixes k (kilo = thousand), M (mega = million), G (giga = billion) and T (tera = trillion) are used to express larger storage capacity, e.g. 1 megabyte (1 MB) is 1 million bytes and 1 terabyte (1 TB) is 1 trillion bytes. Storage can be divided into primary storage and secondary storage. TABLE 4.1 Different types of data storage.
Primary storage
Location
Secondary storage
Inside the
"Inside the
computer
computer
Outside the computer
computer
Types
Integrated circuits (RAM and ROM)
Hard disc drive
USB stick, CD/DVD, Floppy disc
Tape
Speed
Very fast
Medium to slow
Very slow
Cost
Expensive
| Medium cost |
Medium cost
Low cost
Sensitivity ,
Sensitive
|Medium
Robust :
Typeofaccess |Directaccess . Life span
Medium speed |
Outside the
;
_Directaccess
While electricity | |5~10 years supplied (volatile memory)
© THE AUTHOR AND STUDENTLITTERATUR
|
Veryrobust
Direct access ‘Sequential access 10-25 years | (5-10 years for USB/SSD)
20-30 years
51
4
DATA
STORAGE
Primary storage Primary storage is the short-term data storage, commonly referred to as computer memory. These are integrated circuits mounted inside the computer with the purpose of short-term storage of data. Most CPUs can only handle one thing at a time, so everything that is not currently being processed must
be stored somewhere. As the internal memory operates closely together with the CPU, it is important that they are as fast as possible, so that the CPU does not have to wait for the memory to supply it with new data. The primary memory is made up of integrated circuits. This gives very short access times, i.e. the memory can store and retrieve data fast, but the cost is rather high. The primary storage is therefore rather small. A modern PC has a primary memory of a few GB. It can keep the data stored for as long as power is supplied to the computer, but the data immediately disappears when the power is interrupted. This is called a volatile memory. See figure 4.1. Technically, there are two types of primary storage, read-only-memory (ROM) and random-access-memory (RAM). The RAM-memory is the normal
computer memory. The name random access comes from its being a direct access memory, which means that it is possible to access any position in the memory directly. A direct access memory is divided into storage positions with unique addresses, where each position can be directly accessed just as easily as any other position. Data can be both read and written to the RAM-memory. A ROM-memory is a memory that can only be read. The data on the integrated circuits is permanently stored during the manufacturing and cannot be changed (at least not easily). This is a non-volatile memory, which can keep the data stored in it also without a constant power supply. In a computer, these are used to store the short computer program needed to
FIGURE 4.1 A primary
storage memory. Picture: Wikipedia.
52
© THE
AUTHOR
AND
STUDENTLITTERATUR
4
DATA
STORAGE
start up the computer. This contains information on how to connect to the hardware and how to start loading the operating system etc.
Secondary storage There is also a need for non-volatile data storage, i.e. storage that can keep the data also without a constant power supply. Data needs to be stored also when the computer is turned off or when the small primary storage is full. The secondary storage is commonly used for archival and backup purposes and has evolved from the old-time punch cards to modern hard drives and flash drives.
FLOPPY DISCS
A floppy disc is a small disc of magnetic material stored in a plastic envelope. Floppy discs were the standard secondary storage during the 80s and 90s but has now been replaced by other media. It is cheap but has a limited storage capacity. A standard 3.25 inch disc can store 1.44 MB. The floppy drive works
similarly to an old-fashioned record. A reading arm moves across the spinning disc and reads the data stored on the disc in the form of small magnetized spots on the disc’s surface. Access to the data is relatively slow. See figure 4.2.
HARD DISC DRIVE
A hard disc drive (HDD) is similar to a floppy disc but is much faster and has a higher capacity. Often mounted inside the computer, the hard drive consists of several magnetic discs mounted on top of each other. The disc
FIGURE 4.2 8-inch, 5%4-inch,
and 32-inch floppy disks. Picture: Wikipedia.
© THE
AUTHOR
AND
STUDENTLITTERATUR
53
4
DATA
STORAGE
FIGURE 4.3 An open hard drive where the magnetic discs and reading arm can be seen. Picture: Wikipedia.
spins and a reading arm reads the data. A hard drive can also be portable and temporarily connected to the computer. A normal hard drive has a capacity of several hundred GB. See figure 4.3.
CD/DVD
ACD or DVD, also called optical discs, is a plastic disc read by a laser beam. The disc spins and the laser reads or writes small pits on the surface of the disc. Most optical discs can only be written once but read many times. However, more expensive disc types that can be read and written several times also exist. A CD has a storage capacity of 700 MB and a DVD has a capacity of 4.7 GB. Their low price and relatively large storage capacity make them popular for long-term storage for home users and individuals. Unfortunately, most users are unaware of the fairly short life span of an optical disc, which makes them less suitable for very-long-term storage.
USB FLASH DRIVE
A USB flash drive or USB memory is a type of portable storage device that contains a non-volatile memory chip that can be read and written several times. It plugs in to the USB port on the computer. The flash drive has no moving parts and is similar to the ROM memory used as primary storage
in computers. It has largely replaced the floppy disc and CD/DVD as a short-term secondary storage. Its robustness, small size and relatively low
54
© THE
AUTHOR
AND
STUDENTLITTERATUR
4
DATA
STORAGE
price make it commonly used, e.g. to carry files between home and school or work. Its storage capacity is normally a few GB. Related to the USB flash drive is the Solid State Drive (SSD). The basic
storage technology is the same, but, the purpose of an SSD is to replace the HDD for internal secondary storage in the computer. The SSD is faster, smaller, quieter and less sensitive than a conventional HDD but considerable more expensive, and it offers less storage capacity.
MAGNETIC TAPE
This is one of the oldest types of computer data storage device. A magnetic tape, similar to a large cassette tape, is run through the reader. Access is slow, since the magnetic tape uses sequential access. Unlike the other types of storage media which offer direct access and can access any storage position directly, the magnetic tape must be wound to the right position, and all data is read sequentially, one item after the other, in the order it was recorded on the tape. This medium is therefore very slow but it is very inexpensive, which still
Direct access
FIGURE 4.4 Direct access to sectors on a disc vs. sequential access to a tape to read the sequence A-B-CD-E.
© THE
AUTHOR
AND
STUDENTLITTERATUR
55
4
DATA
STORAGE
makes it advantageous for long-term archival storage in large organisations. Magnetic tapes can come in different formats and sizes. Their storage capacity can be several hundred GB. See figure 4.4.
Long-term storage Long-term data storage presents a number of problems. Contrary to what many people believe, all storage media have limited lifespans. Not many storage media can be expected to survive more than 10-15 years. The laws of physics cause the magnetic data on hard drives etc. and the small pits on optical discs to disappear over time. Media with moving parts, such as hard drives, are sensitive not only to the deterioration of the magnetic data but also to mechanical failure and wear and tear. It is difficult to state exactly for how long a storage medium can be read, since it depends on many factors such as the quality and storage of the physical storage medium. For example, the top manufacturers of optical discs commonly claim a 50-100-year life expectancy for high quality discs under optimal conditions, while other studies have shown that a disc can be impossible to read after only six months if stored incorrectly in direct sunlight. However, a common estimate for an average optical disc ranges between 10 and 25 years with large individual variations. The problem lies not only with the physical characteristics of the medium, but also in changing file formats and technical equipment. The file format is the way the data stored in a file is translated into information, i.e. how the I’s and 0’s in the file should be translated into e.g. a picture. Today, most people use the Microsoft Word format for text files, but just a few years ago, completely different formats and programs were used. It is safe to assume that other file formats will be used in just a few years’ time. Even if you can read the data on an old storage medium, it is uncertain if you can find a program that can translate the data into understandable information. Another problem lies with the technical equipment used for reading the data media. The data media are often saved but seldom the equipment used to read it. To be able to retrieve the stored data, you do not only need to have the data media, but also the machines used to read them, the software able to interpret them and perhaps also spare parts to the equipment. Finally, you might have legal problems with software licenses, bankrupt companies, copyrights etc.
56
© THE
AUTHOR
AND
STUDENTLITTERATUR
4
DATA
STORAGE
To ensure safe long-term storage of data, the data need to be read and transferred to new media regularly, e.g. moved to a new hard drive or DVD every few years. You also need to keep copies of the software and equipment used to read the data media. Many people today also rely on online services to store their data, e.g. Dropbox, Flickr or similar services. This places the responsibility for transferring the data to new storage media on the service provider, e.g. Dropbox,
but instead adds the risk of the provider deciding to close their service or going bankrupt. For example, in 2012 the file storage site Megaupload was closed by
the U.S. Justice Department after accusations of storing illegal material. At that time, the site had 50 million visitors per day and a total of 25 000 terabyte stored data. All users worldwide were immediately denied access to their files. MAGNETIC STORAGE VS. PAPER STORAGE In 1975 NASA launched the VIKING space
probes to Mars. The USsi billion project performed several experiments on Mars, and the results were transmitted to Earth and recorded on magnetic tapes. 25 years later, a scientist was interested in examining the data Viking spacecraft. Picture: NASA.
from a particular experiment.
The tapes were found and could be read, but no one could remember the file format used. With the help of some 25-year-old paper printouts, they managed to restore parts of the information, but large parts of the experiments have been lost forever. In 1947, a shepherd boy in current-day West
Bank, not far from Jerusalem, was looking for some lost sheep. In a cave he found some clay jars containing old hand-written documents. They turned out to be biblical texts from around the year 100 B.C., more than 2000 years old. The documents, known as the Dead Sea Scrolls, have been interpreted and have provided much interesting historical information. A part of the Dead Sea
Scrolls.
© THE AUTHOR
It is a general concern among historians
today that our modern age will become a “black
AND STUDENTLITTERATUR
57
4
DATA
STORAGE
hole” for future historians. At no previous time in history has so much information been created as today, butso little information is saved. Books, photographs and paper letters that were saved and could withstand long-time storage have been replaced by e-mail, digital pictures and homepages.
Study questions
Ff KP WwW bh
5 6 7
8
Compare the three most common operating systems. What are the benefits of a volatile memory? Why is there a need for non-volatile data storage? The answer is: ”A small plastic disc coated with iron oxide that resembles a small phonograph record enclosed in a protective envelop. It is a widely used form of magnetic disc medium that provides a direct-access storage capability for microcomputer systems”. What is the question? What are the different types of secondary storage and when are they used? Which storage media use sequential access? You are responsible for archiving and backup of data in an organisation. Large amounts of data should be stored for ten years. Which of the following storage media do you select and why? USB, CD/DVD or magnetic tape? What can we learn from the dead sea scrolls about long-term data storage?
References USC (2001). USC neuroscientist finds signature of life on Mars in decades-old data. Press release, University of Southern California, 27 July.
58
©
THE
AUTHOR
AND
STUDENTLITTERATUR
CHAPTE 5
Networks
Computers are often connected together in networks. The best known network, of course, is the Internet, but computer networks can also be local networks inside a company or perhaps just a private network in an apartment. The purpose of a
network is to communicate and to share resources and information among its participants.
Metcalfe’s Law The idea behind networks is to allow computers to communicate with each other to increase the usefulness of the computer. A network becomes more and more useful as the number of computers connected to it grows. An analogy can be drawn to the telephone. If you are the only one with a telephone, then it is quite useless. Who are you going to call? If your best friend also gets a telephone, then it becomes more useful. The more people you can call, the more useful it becomes. The usefulness of a network thus grows exponentially with the number of users connected (or proportional to the square of the number of users connected to the network). This is called Metcalfe’s Law . The effect of Metcalfe’s Law can clearly be seen on the social network sites, such as Facebook. Many people choose Facebook over competing sites, since it has the most membersso youcan find “everyone” there. Facebook thus has an advantage over other sites with fewer users
© THE
AUTHOR
AND
STUDENTLITTERATUR
oA Z|
VGBERT, a,aM
EZ,
>oS RAex XAd
er
B; ‘\ Was 5] a
ei o:
PEE
FIGURE 5.1 The number of possible connections
grows exponentially with the number of nodes.
Figure: Wikipedia.
59
5 NETWORKS
that can be attributed to Metcalfe’s Law.
A large number of users makes the site (i.e. social network) more useful.
LAN, WAN and servers A network is a number of connected computers, using a common protocol that
allows users to communicate and share resources with other users. A protocol is the rules and message format, i.e. the “language”, the computers use to talk to each other. Networks consist technically of three parts: a number of computers, the connecting medium between them (e.g. cables) and the technical equipment and software needed to manage the communication on the network.
Examples of common technical equipment
FIGURE $.2/ Servers mountedina
are modems, network cards, hubs, switches ae and routers that manage and direct data traffic in the network. An important type of computer that is found in most networks is the server. This midrange or mainframe computer provides services to other computers in the network. This could include managing printing or e-mails, sending a homepage or storing a file. The server types are named after their service, e.g. a mail server handles e-mail and a web-server handles homepages. Servers are often put in a common location, a server hall or data center, where they are mounted in racks. A rack looks like a wardrobe with shelves. See figure 5.3.
The networks can be divided into two main types: WAN and LAN. A Local Area Network (LAN) is a network covering a small geographical area, like a building, an office or an apartment. A LAN is often limited in size. Most organisations today have a LAN in their office. It is also often connected to the Internet. A modern LAN in an office will allow users to share printers and access file servers, e-mail systems and the Internet. By putting printers and files on the network they can be more easily maintained, files shared and backed up more easily and costs reduced.
60
© THE
AUTHOR
AND
STUDENTLITTERATUR
5 NETWORKS
mmm
FIGURES.3
A server hall
with servers mounted in racks, Picture: Wikipedia.
A Wide Area Network (WAN)
is a network that covers a wide area, e.g. a city
or country. The most well known WAN is the Internet but also other large national or corporate networks exist.
The Internet The origins of the Internet began in the 1969 with the creation of the ARPANET. This was a research project among some American universities to create a network that did not require a direct connection between all computers. Previously, two computers connected to each other had to have a direct line between them that could be used by only these two computers. The ARPANET was based on packet switching, which allowed data to be sent on shared connections and forwarded between participating computers until it reached the intended receiving computer. The two ways of communicating can be compared to two ways of sending a paper letter. In the old method, the letter was carried by one person all the way from the sender to the receiver, while a modern postal service works more like package switching. The letter is picked up and brought to a central terminal where it is sorted and sent, together with other letters, in a big truck to a another terminal where it is sorted again and sent on to the next terminal etc. until it finally reaches the receiver. The ARPANET grew and became connected with many other networks,
but the original ARPANET did not have any of the services we today associate
© THE
AUTHOR
AND
STUDENTLITTERATUR
61
5
NETWORKS
with the Internet. Slowly services started to evolve. The first e-mail, forexample, was sent in 1971. The modern technical structure and commercialisation of the Internet came during the 1980s with the main breakthrough in 1993 with the invention of the World Wide Web (WWW) or the Web. This is what we
today see every day when we open a web browser and surf to a homepage. Previously, the Internet consisted of mainly text interfaces, very few pictures and was generally not that easy to understand. WWW and the web browser meant that text and pictures could be mixed and links could be created to other pages or sites. The easy-to-use WWW meant that the average person could start using the Internet. It is important to distinguish between the underlying network and services offered on the network. The WWW, Spotify, e-mail etc. are all services offered on the network called Internet. Further services can then be offered using these services, e.g. the service of on-line shopping is offered using the service WWW on the Internet network. The number of Internet users has grown drastically in recent years. However, the Internet users are not evenly spread around the world. In countries such as the US, Sweden, Denmark and Norway about 80-90 percent of the population have Internet access. This can be compared to countries such as India and Pakistan with less than 10 percent Internet access. However,
FIGURE 5.4 Internet users around the world 2010. Figure: Wikipedia.
62
© THE
AUTHOR
AND
STUDENTLITTERATUR
5
NETWORKS
looking at absolute numbers, the Internet is dominated by Asians. For example, a country like China with 1,3 billion inhabitants only has about 30 percent Internet penetration. Still, China has more than 400 million Internet users or roughly the same number of users as we find in Europe. India with 1.2 billion inhabitants and 5 percent Internet penetration has 60 million users or roughly the same as Germany. See figure 5.4.
INTERNET STRUCTURE
The Internet actually consists of several connected networks. No single organisation owns the Internet, although there are some independent nonprofit organisations that play an administrative role in governing the Internet, e.g. in setting standards and allocating domain names. Basically, the Internet works pretty much as when you want to connect to the Internet yourself. A home or company user will contact an Internet service provider (ISP), e.g. a national telecom company, and negotiate the terms of the connection, e.g. cost and speed. The user also agrees to follow the standard Internet protocol. The user then gets access to the Internet and the Internet also gets access to the user’s computer or LAN and any services
the user wishes to offer, e.g. a homepage (if allowed by the ISP). The ISP in turn has agreements with other larger ISPs to get access to their networks, and so on. Thus, the Internet is created with a large number of large and small networks connected together, all agreeing to use the same protocol and transmit each other’s data. The Internet uses IP addresses to know where to send data. An IP address is the address, or “telephone number”, to acomputer connected to the Internet, €.g. 130.241.150.34. These numbers are used by the Internet to know where to
send the data. However, when we send e-mails or access homepages, we do not use the long and strange IP address. Instead, we just type in the name of the homepage, e.g. cnn.com or wikipedia.org. This name is called a domain and must be translated into an IP address before it can be used to connect to the server. The computers do this automatically by connecting to one of a large number of Domain Name Servers, (DNS servers), located on the Internet.
The DNS servers have a list of all domain names and their IP addresses and translate the domain name to the correct IP address.
© THE AUTHOR AND STUDENTLITTERATUR
63
5
NETWORKS
In theory, all computers connected to the Internet should have their own IP addresses, but this is not the case since there is a shortage of addresses. Many computers share the same IP address. An ISP with many customers knows, for example, that not everyone will be connected at the same time. The ISP therefore has fewer IP addresses than customers. Each computer is then automatically assigned a new address by the ISP every time it connects. This is called a dynamic address, compared toa static address that is always the same. Static addresses are more expensive but are used for computers that must have a known address, e.g. a web server. A customer accessing a homepage (the client) will always be the party that initiates the communication, i.e. the client will be the one first contacting the server. The client then tells the server where to send the data, i.e. what IP address it currently has. It therefore does not matter if the address changes each time the client logs on, but it is important that the server should have the same address so the client knows how to contact the server. An ISP (or LAN/WAN) can also “hide” ail customers behind one single IP address (i.e. one computer) facing the internet. All data traffic is then sent
through the server that keeps track of what each computer inside the local network requested, but as seen, from the Internet, it only appears that one computer is connected. This is one reason why it is hard to know how many
computers are connected to the Internet. BEING ANONYMOUS
ON THE INTERNET
Many persons, governments and organisations
have an interest in finding out who has been accessing the Internet at a certain time. Their
aim could be to track down the origin of spam e-mails, illegal file sharing or to find people that have expressed opinions that the Illustration: Lotta Bruhn, government does not approve. The record of who owns an IP address is public and can be accessed online, e.g. at www.db.ripe.net/whois. However, this is not necessarily the person that was using the computer. The owner ofthe IP address is often an ISP or an organisation. The ISP often has internal records showing which customer was logged in at the IP address at that time.
64
© THE
AUTHOR
AND
STUDENTLITTERATUR
5 NETWORKS
Generally, the ISPs are very reluctant to share that information publicly. Even if the records are made public, they do not show who has been sitting in front of the computer. They only show whose password and Internet connection have been used. People that wish to hide on the Internet use public Internet cafés or “bounce” their transmission between several computers. This could be done illegally by means of viruses installed on other computers that forward the data without revealing the origin/destination or (more or less) legally through anonymising services that, normally for a fee, allow you to access certain home pages, use file sharing etc. through their servers and “promise” not to reveal your true IP address to anyone. But remember, however hard you try, you will always leave a trail on the Internet. It is only a question of how easy it is to follow.
Intranet and extranet Organisations also sometimes use intranets and extranets. An intranet is an
internal network (LAN) built using the same technology as the Internet. It could be called a local Internet with homepages, e-mail etc. The purpose is to share information, communicate and collaborate within the company in a way that already is familiar to all Internet users. The intranet is protected from the outside Internet by security measures which allow the organisation to share confidential information in the intranet. A similar network is the extranet. This is an intranet that extends outside the organisation and also includes its partners, customers, vendors etc. Basically it is several connected intranets that together form an extranet. This private, Internet-like, network is used to share information and to communicate and collaborate with the organisation’s partners.
Study questions 1 How can Metcalfe’s Law be used to explain the success of Facebook? 2 Anew system for online collaboration has been installed at your company, but a few employees refuse to use it. How will this affect
the benefits of the system?
© THE
AUTHOR
AND
STUDENTLITTERATUR
65
5 NETWORKS
What is the purpose of a server? What is the difference between a LAN and a WAN? Is Internet a modern invention? Give reasons for your answer.
What would your life be like without the Internet? State the five most important changes for you if the Internet should disappear
W bh nou
tomorrow. The number of Internet users is different in different parts of the world. You are the project manager at a global company that is planning to start an internet based business in either China or North America. Explain pros and cons with the two markets based on the different number of Internet users. Name three services you can find on the Internet. 9 What is an intranet?
Who owns the Internet? 130.241.150.34 is an example of a number used in certain computer
networks. What are the numbers called and what are they used for? Why is it hard to know how many computers are connected to the Internet?
References World Economic Forum (2011). The Global Information Technology Report 2010-2011, Geneva.
66
© THE
AUTHOR
AND
STUDENTLITTERATUR
CHAPTE 6
Databases
An information system is largely about managing
data and providing the
organisation with information. Efficient way of handling of the data is therefore very important. Data can be managed in databases, which is a systematic way of
storing data so that it can be retrieved and analysed to provide information tothe organisation. As has been explained previously, data is raw facts and information is data that is useful to someone. A database, as the name implies, is a base for data storage and not for information storage. The database stores the raw data that can be transformed into information. A database is queried by computer software
and users to retrieve data for analysis and decision making.
The data hierarchy Data is stored at a number of levels in a database. The lowest level is the bit,
or electric circuit that can be either on or off, ie. 1 or o. A number of bits (normally eight) are combined to form a byte. A byte is a binary number that can be translated to a character using conversion tables, e.g. the byte 01000110 (or 70 in decimal numbers) stands for the character F in the ASCII character encoding standard. The next level in the data hierarchy is the field. A number of characters used to describe something are grouped together in a field, e.g. a name, an address or a telephone number. Several related fields are grouped together ina record, e.g. fields concerning data for a person, such as name and addresses, are grouped together in a record for each person. Records are grouped together in afile. A file contains related records, e.g. records for all employees in a company.
© THE
AUTHOR
AND
STUDENTLITTERATUR
67
6 DATABASES
_Data
Bit
Byte
1or0
A group
of bits
hierarchy
equaling one
Field [| »}
Related
characters
character
Bearer
01000100 = D
:
The name "Doe"
Name and address fields for the person Doe
Name and addresses records for all employees
Files of all employees, projects and departments
FIGURE 6.1 The data hierarchy.
Related files are grouped together in a database. Related files could be e.g. a file of all employees in a company, a payment file, a file showing which customers are handled by which sales person etc. See figure 6.1. Think of the data hierarchy as an old-fashioned paper address book in a library. The library is the database. The address book is the file. The page for each person in the book is the record. Each line on the page, e.g. phone number, is a field. Each character in the phone number is a byte and the ink in the writing is the bits. See figure 6.2.
Database —» Field Characters
Record FIGURE 6.2 The data
hierarchy as a book. Illustration: Field File
68
SimonasP/Shutterstock from an idea by Jonas Flodén.
© THE AUTHOR AND STUDENTLITTERATUR
6
DATABASES
Relational database One of the main advantages of databases is that it is possible to combine and extract data from different files and use selection criteria. For example, assume that you have a file of all employees in a company and a file of all projects. It is then possible to combine them and make a list of all employees working on a certain project.
This can be done in different ways, but the most common way is to use a relational database structure. In a relational database, data is viewed as tables where each line represents a record and each column represents a field. Each table is a file. , Data in different files can be linked to each other using keys. A key is a field that has the same value in two tables. For example, assume that all employees in a company are given unique individual employment numbers. If you have a field for the employment number in both the employee file and project file in the example above, then the two files can be linked together. The database then knows that records with the same employee number field belong together. See figure 6.3. So, the database can combine data from the two files, e.g. to present a view of the hours worked and the name of the employee for a certain project. The database then takes the related fields, which fulfil the selection criteria, and present them together. This can become a very powerful tool to handle data, since it is possible to link data together from several tables and have very
2L
Relation
l
Key field
Employee number
Key field
Name
Phone number
142-87
JohnDoe
55512445
251-32 “
Bill Smith
555 2 D2
241-22
AnnaCari
0 ..,
55512678...
|
1b
wi
Factory
251-32
127
Design
) 241-22
45
Factory
142-87
82
FIGURE 6.3 A relation between two files in a database using a key.
© THE AUTHOR AND STUDENTLITTERATUR
69
6
DATABASES
advanced selection criteria, for example all employees with a salary above a certain amount who live in a city with a name containing the letter P and who worked more than 50 hours on two projects. Employee number
Name
142-87
Jotin Boe
Factory
82
251-32
Bill Smith
Factory
127
FIGURE 6.4 The name and hours worked for the employees on project Factory shown by linking two flles.
Redundancy Another great advantage of databases is that it is possible to avoid redundancy. Redundancy means that the same data is stored several times. A common example of redundancy is when several computer systems in an organisation all store the same customer’s address and phone number. This wastes storage space and increases administration and maintenance costs, but the main problem is to keep the information updated in all systems. It is just a matter of time until you forget to update the information in one system and end up with conflicting information between the systems. It then becomes difficult to know what information is most current. This can be avoided by using a database approach where the data is stored in one single database which is accessed by the different systems to retrieve or store the relevant information. This also makes it easier to change and update the computer software in an organisation. The process of transferring and converting data from an old system to the new system, which is often complicated, can be avoided. Instead of transferring the data between the old and new software, the new software can just be instructed to access the same central database. Ultimately, a company would have just one central database where everything is stored, and all users and programs would access the central
database. In reality, this is very seldom the case. Many programs use their own local databases. There could be many reasons for this, e.g. old software, incompatible data formats, security, different geographical locations etc., but the reality is that redundancy is hard to avoid completely. However, you should try to avoid redundancy as far as possible.
7O
© THE
AUTHOR
AND
STUDENTLITTERATUR
6
DATABASES
Database management systems Databases are managed by Database Management System (DBMS). ADBMS is a type of computer software responsible for development, maintenance and use of a database. The DBMS acts like an interface between the database and users and other programs that want access to the data. The DBMS keeps track of how the data is stored and related and how to access it. All requests for the database go through the DBMS. This is, for example, to make sure that two users cannot change the same record at the same time. One example of a DBMS is Microsoft Office Access which is included in the Office programs. This offers a graphical user interface to design a database and to ask questions to the database. The standard language to ask questions, called queries, to a relational database is SQL (Structured Query Language). The use of a standard language makes is easier to interact with different databases on different computer systems without having to learn a new language for each database. SQL is a set of text commands, such as “SELECT”, “FROM” or “WHERE”, but most DBMSs offer a graphical interface to design queries.
Data warehouse An organisation normally has several databases. They are continually used and the data in them changes all the time. The databases, obviously,
contain a lot of data from which valuable information can be extracted. However, trying to perform advanced analyse on constantly changing data from several databases is very difficult. This can be avoided by using a data warehouse. A data warehouse is database consisting of data collected from other databases that has been copied to the data warehouse and been cleaned up and organised. This means that errors in the data have been fixed and the data has been processed so that the data warehouse contains a static (not changing), database of high quality data. The data warehouse can then be used for statistical analyses, modelling and other types of analyses.
© THE
AUTHOR
AND
STUDENTLITTERATUR
Wf
6
DATABASES
Data mining One of the most important uses of a data warehouse is for data mining. This means that the data in a data warehouse is analysed to discover hidden patterns and trends. Data mining is often done using advanced statistical methods or artificial intelligence. The intention is to extract hidden information that is not directly visible in the database. Some patterns in a data warehouse might be obvious and directly visible without data mining, for example that large companies order more products than small companies or that most apples are sold on Thursdays, but other patterns might not be discovered without data mining. For example, it might appear at first glance that the biggest customers are also the most profitable ones as they order the most products, but data mining might reveal that these customer also require the greatest sales effort and special adaptation of the production process, so that in fact they cause the company to lose money. Data mining is commonly used in Business Intelligence systems (BI). DATA MINING IN THE GROCERY STORE
A modern grocery store with personal bonus cards and computerised check-out systems that keep track of exactly which products are sold to whom and when etc. is the perfect
arena for data mining. For example, finding out which products are commonly purchased Picture: Wikipedia. together and by which customer type makes it possible to target the marketing, e.g. by offering special discounts or displaying the products together in the store. A UK grocery store found that of their 100 different types of cheeses, only a handful were profitable. At first, they considered discontinuing the unprofitable products. However, data mining revealed that the store’s most profitable customers also preferred the least profitable cheese. The store therefore decided to keep the unprofitable cheeses in their product range, in order not to risk driving away the profitable customers.
ale
© THE
AUTHOR
AND
STUDENTLITTERATUR
6
DATABASES
Although the conditions are good for data mining in a grocery store, it is important also to consider the customer reaction. In 2008, the Swedish grocery chain ICA sent advertisements to 2 million of its customers with “personal discounts” based on previous purchases, e.g. if you had bought many diapers, you were offered a discount on diapers and other related products. However, the customer reaction was not as positive as ICA had hoped. The company received many protests, and a negative media storm erupted where ICA was accused of not respecting the personal integrity of their customers. After some debate, the general opinion changed and the customers welcomed the new discounts.
Study questions List and describe each part of the data hierarchy. Why is a database not called an informationbase? Give examples of three databases you regularly use. Why should redundancy be avoided? What is a relational database? How is it possible to know which records are related in a relational KF DN WwW ph aun database? What is a data warehouse? oNWhat is required to perform data mining? The Swedish Tax Agency has started using data mining to catch people trying the cheat with their taxes. However, they are not telling exactly how they are using data mining. Give some examples of how you think the Tax Agency can use data mining. 10 Internet search engines store data about all homepages and what the users search for. The search engine knows where you are from, your previous searches and what other users with similar profiles have searched for. Give three examples of how data mining could be used on this data to provide the user with better answers to their searches.
© THE
AUTHOR
AND
STUDENTLITTERATUR
73
Information systems in an organisation
CHAPTER 7
Many different computer based information systems of different sizes exist in an organisation today. They range from small specialised systems, e.g. the system
built into a cash register, to large enterprise-wide systems covering all aspects of the business. All these systems together with the people and procedures form the information system for the organisation. The information system in an organisation is a web of different systems that are, more or less, well integrated with each other.
The core of the information system in an organisation is often a large enterprise-wide system that aims at integrating all parts of the business in one system that shares data and processes in the organisation. This central Enterprise Information System (EIS) is then combined with separate smaller
systems for specialised tasks.
Specialised information
system
Specialised
Specialised
information
Information
information
system
System
system
FIGURE 7.1 Core system and specialised systems together form the information system.
© THE AUTHOR
Enterprise
AND STUDENTLITTERATUR
Specialised information
system Information System
US
7
INFORMATION
SYSTEMS
IN AN
ORGANISATION
Specialised information systems could be, e.g. technical design systems, e-mail systems, communication systems or some other system that offer a
function that is not offered by the EIS or where the organisation has chosen to not use an EIS. These systems might not be technically directly integrated with the other systems, but is still a part of the organisation’s information system. Remember from the definition of information systems that it includes not only the computers but also the people and procedures, and that it can be divided into subsystems. The structure of the information systems might look very different in different companies. Some lack a central EIS and rely only on separate stand-alone systems, while others have a very large EIS and few separate systems. Most companies have a mix of new and old legacy information systems. In reality, the systems are not always as modern and well integrated with each other as you might be led to believe from reading newspaper articles and text-books. When following the rapid IT development according to Moore’s Law, it is easy to assume that companies replace their information systems
regularly and always have the most advanced and integrated information systems, just as people replace their mobile phones and home computers every few years. However, that is far from the truth. Companies might for example operate a 20-year-old system side by side with state-of-the-art systems, and old systems might be built into newer systems. The high cost and complexity involved in replacing systems means that many companies avoid replacing systems unless it is absolutely necessary. Mergers with other companies or the addition of a new factory or warehouse etc. might also introduce new (or old) systems into the information system.
Enterprise Information Systems The fundamental idea of the large Enterprise Information Systems (EIS) that constitutes the core of the information system is to integrate seamlessly the information flow throughout the organisation. These systems are large scale systems that are enterprise wide, i.e. they integrate all parts of the business enterprise, and can handle large volumes of data. The overall aim of an EIS is to plan, measure and control the business. An EIS does this by combining several smaller and previously separate information systems, e.g. the accounting system, the logistics system etc. into one system. All core 76
© THE
AUTHOR
AND
STUDENTLITTERATUR
7
INFORMATION
SYSTEMS
IN AN
ORGANISATION
activities in the company are thereby integrated into one information system where the same data is visible to all parts of the company. EISs are purchased as, more or less, standard systems from software vendors. Well known providers of EISs are SAP, IFS, Oracle, Agresso and Jeeves, but many others exist. It is important to note that, although EIS are common, they are not utilised in all organisations. Many still rely only on the separate smaller stand-alone systems with less integration.
BENEFITS
A successful EIS reduces costs and enables the company to react more quickly to changes in the market which results in more satisfied customers. Acommon information system also helps to unify the structure and processes of the organisation.
The EIS improves the information flow and thereby provides better information support for planning and decision making. Better access to information allows managers to make faster and more informed (and thereby hopefully better) decisions. Without an EIS, it is not unusual for managers
to get reports from dozens of systems in different formats and sometimes containing contradictory information. The integrated information system
eliminates the need to store the same data redundantly in several systems and make time consuming (and often complicated) data transfers between
the systems. It also reduces the number of information systems that need to be maintained and updated in the company. A seamless information flow also allows operational processes and decisions to be automated and taken over by the system, such as production scheduling and invoicing. A customer order can, for example, automatically trigger the scheduling of the production, ordering of raw material, booking of transport etc. and other operational decisions. This reduces costs and improves efficiency and would not have been possible unless all systems were connected.
DRAWBACKS
The main drawbacks of an EIS are high investment costs combined with a difficult and expensive implementation, difficulties in adapting the complex and rigid EIS to the organisation and a high degree of system dependency.
© THE
AUTHOR
AND
STUDENTLITTERATUR
77
7
INFORMATION
SYSTEMS
IN AN
ORGANISATION
The implementation of a large EIS is known to be very troublesome. Introducing a large system, such as an EIS, is a very complex task that requires fundamental changes to the organisation. There are many examples of companies that have failed in their implementation and been forced to abandon the EIS at very high costs. Organisations underestimate the complexity of the system and the commitment and resources needed for a successful implementation. A TROUBLESOME
EIS IMPLEMENTATION
The Swedish Social Insurance Agency (Férsdkringskassan) introduced a new information system for dental care benefits. ne The system is based on one of the leading EISs Picture: Wikipedia. and the original implementation was, during the planning stage in 2006, estimated at €7.6 million. However, the implementation was delayed and had trouble meeting the original requirements. After receiving heavy criticism, a
government review report three years later estimated the costs at €36 million or almost five times the original cost. The Social Insurance Agency seriously underestimated the complexity of introducing the EIS. The original implementation plan also included introducing the same EIS into 46 other social benefit systems. However, this was cancelled after the implementation of the dental system.
EIS has been criticised for being rigid and forcing the company to adapt to the processes built into the EIS, rather than having the EIS adapt to the company. The systems are designed and standardised according to what the software vendor considers to be the “best practice” business process for the function, e.g. how to manage a warehouse. These built-in best practices can be adjusted by settings in the EIS, but only to a limited extent. Adapting to best practice might be very beneficial for a company, but there is also a risk that a company loses its unique competitive advantage if it has to adapt toa given “best practice”. See figure 7.2. Introducing an EIS also makes the company very dependent on the system. Business processes are changed to adapt to the system and the EIS might control many of the routine decisions. For example, employees that
78
© THE
AUTHOR
AND
STUDENTLITTERATUR
7
INFORMATION
SYSTEMS
IN
AN
ORGANISATION
Enterprise Information
Existing Business Processes
System Best-Practice
EIS betas
+
New Business
FIGURE 7.2 Business processes and EIS must be adapted to each other.
Processes
previously handled invoices manually have been assigned to different tasks or left the organisation. Returning to the business process used before the implementation will be task almost as challenging as implementing the EIS. Once implemented, the system must therefore always work. If the EIS stands still, then the business will also stand still.
The evolution of Enterprise Information Systems The Enterprise Information Systems have evolved over several decades. This evolution has been caused not only by the technical development and the decreasing cost of computers, but also by businesses realising the advantages that could come from computerised information systems. The evolution has gone from expensive systems with a limited scope, only used by the largest companies in the 1970, to smaller and less expensive systems used by many companies today and covering all business areas.
MATERIAL REQUIREMENTS PLANNING - MRP
The evolution of the modern EIS started in the early 1970 with the introduction
of the Material Requirements Planning system (MRP). These systems were production planning and inventory control systems for the manufacturing industry. The focus was on managing the inventory. Managing the
© THE
AUTHOR
AND
STUDENTLITTERATUR
79
7
INFORMATION
SYSTEMS
IN AN
ORGANISATION
manufacturing process of a product is much like doing a big jigsaw puzzle. A number of components must be put together in the right order and in the most efficient way. This, in essence, is a large mathematical problem which computers are well suited to solve. Computers are very good at performing calculations, keeping track of numbers and knowing how different things are connected to each other. The automotive industry was a forerunner in the use of MRP systems with their expensive, complex products with a large number of parts. The MRP system used backward scheduling based on incoming customer orders and the dates the ordered products must be finished. The desired completion date was used to calculate the required start date for the manufacturing. Each product was divided into a number of sub-components and raw materials using a list called bill ofmaterials, or BOM. The BOM shows which components are needed to manufacture a product. By using the BOM, the MRP system could calculate the raw materials required, check what the company had in storage and, if needed, order more materials in suitable quantities. Previously, many companies only reacted to historical data, since the lack of a central system meant that the warehouse did not always know what was currently being produced and the production department did not always know if the needed raw material was in stock. For example, a company ordered more raw materials when the warehouse was empty or a shortage existed, thus reacting to something that had already happened. Manual production planning also meant that human errors were common. With MRP systems, the companies could instead react to current data, i.e. their incoming customer orders. This meant that they could keep lower stock levels and have a more accurate production planning. The MRP systems were designed according to the idea that there were standard business processes that could be used in all similar companies. Two companies using the same type of ERP system would thus use the same underlying processes for how production planning and inventory control are done.
The MRP systems were the first successful standardised enterprise information systems. Previous attempts to use computer systems had been tailormade to the organisation, resulting in high development and implementation costs. The early MRP systems where expensive and complicated systems and only used by the very large companies.
80
© THE
AUTHOR
AND
STUDENTLITTERATUR
7
MANUFACTURING
INFORMATION
SYSTEMS
IN AN
ORGANISATION
RESOURCE PLANNING - MRP II
The Manufacturing Resource Planning systems, or MRP II, were introduced in the 1980. They were based on the MRP systems but were extended to plan the entire manufacturing process. The original MRP system focused on the inventory and materials requirement, while the MRP II system also included the planning of labour resources, equipment etc. along with the materials planning. Financial functions were also included since companies realised that changes in the inventory levels also resulted in financial transactions. For example, an inflow of raw material to the warehouse must also result in an increase in the inventory assets in the bookkeeping. When a products is sold, the inventory asset should be decreased and the accounts receivable (i.e. what the customer owes the company) be increased. It therefore made sense to include manufacturing and finance in the same system.
ENTERPRISE RESOURCE PLANNING - ERP
The next step came with the introduction of Enterprise Resource Planning systems, or ERP, in the 1990. Computer based information systems were by this time common in most departments in a company, but they did not communicate with each other. MRP II had successfully integrated the manufacturing systems, but other departments still remained as separate computer systems. Transferring data between the systems was troublesome
and time consuming. Sometimes, conflicting data might be found in different systems, e.g. the shipping address for an order could be different in the logistics system and in the customer order system. A top manager wanting to
know the overall status of the company would commonly have to collect data from dozens of different systems. This caused inefficiencies and prevented the company from quickly reacting to changes in the market. The ERP system is built around a central database that stores all data in the company. Different software modules are then added for each department in the company and connected to the central database. Any change in one of the modules is then immediately visible for the other modules through the central database. For example, if the manufacturing department updates information in the production module that a customer order has been produced and is
© THE
AUTHOR
AND
STUDENTLITTERATUR
81
7
INFORMATION
oS
acai
SYSTEMS
fame ete
IN AN
ORGANISATION
meee tice cog nN
Human ar Resources
iN
NN
he
thanicon ee sonia
arian)
module Pm
a
am
en
CaN
Supply Chain module
GMs
i
rt
Accounting module
Central
database
eal ae ae
asm
er epee cet ne
ay
Customer
Relationship [ey
eel
module
FIGURE 7.3 Structure ofan ERP system.
ready to ship, then this can immediately be seen by the sales department in the customer relationships module and by the logistics department in the logistics module. See figure 7.3.
An ERP system also automates some business processes. A number of standard processes are always performed in a company. For example, an incoming customer order should result in a production order for the factory, a credit check by the financial department, a transport booking by the logistics department etc. These standard processes can easily be automated when all systems are connected to each other, thus increasing speed and reducing errors.
The structure of an Enterprise Information System An Enterprise Information System consists of a number of connected modules with different functions. Like pieces in a puzzle, the modules are put together. Each company decides how many and which modules they want to purchase. Some companies start with a limited number of modules and add more modules later, while others get modules for all departments straight away. 82
© THE
AUTHOR
AND
STUDENTLITTERATUR
7
INFORMATION
SYSTEMS
IN AN
ORGANISATION
A traditional EIS, like the ERP system, is purchased as a package from one software vendor that offers all modules required. This gives a system where the modules are well integrated. However, this also makes the company very dependent on one software vendor. New modules can only be purchased from that vendor. Different vendors offer a different selection of modules, so there is a risk that the module you want is not available from your vendor. The quality of the modules might also be different, where e.g. a vendor can offer a good logistics module but an inferior accounting module. The very high costs in replacing the EIS system and switching to another software vendor, ties the company to one vendor for a long time. See figure 7.4. Another option is to use Enterprise Application Integration or EAI, which is a technical solution that allows computer systems from different vendors to integrate with each other. Adding independent EAI connections, or middleware, between existing systems allows them to exchange information through EAI. This means that the existing systems in the company do not have to be replaced all at once, as with an ERP system. Instead, they can still be used and new systems, or modules, can be added from different vendors. An EAI solution has a lower investment cost and lower risk, but each system or module will still use its own database and processes and will not be completely integrated.
FIGURE 7.4 Ascreen
dump from a CRM module in an EIS,
Source: IFS,
© THE
AUTHOR
AND
STUDENTLITTERATUR
83
7
INFORMATION
SYSTEMS
IN AN
ORGANISATION
It is also possible to have an EIS that is not physically installed at the company. It is becoming common to access the EIS over the Internet. The software and data is then located on a server connected to the Internet and accessed through a normal web browser. The server is operated by the EIS software provider. These often web-based EISs have the advantage that they require no special hardware or software installation at the company. This means that the initial investment costs are lower and that it requires less technical knowledge in the organisation to operate. The company pays a subscription fee for the use of the system but everything else, such has hardware investments, upgrades, and maintenance is managed by the software provider. The system can also be accessed wherever there is an Internet connection. This way of selling a system is called Software as a Service (SaaS). The underlying rationale behind this idea is that a specialised software provider could run the system more cost efficiently at one central site, than if several organisations would run local copies of a system. This is achieved by utilising economies of scale and a higher level of competence among the staff. For example, several customers can share the same servers, backup systems etc. and the staff will have greater experience with the system and can be more efficient in e.g. upgrading and problem solving. Temporary demand peaks from one customer can be balanced against temporary demand lows from another customer, thus reducing the need for spare capacity. However, the core idea of accessing the EIS over the Internet also means that the company must put all its sensitive data on a server belonging to the software provider. This gives a number of added risks. Most SaaS providers knows their business and can protects the customer data and make sure that the system is on-line, but what happens if the software provider goes bankrupt or decides to stop selling their system as SaaS? How can we make sure that we always have access to our data? A local system, e.g. ERP, could still be used if the provider goes bankrupt, but not an SaaS system. There is also a legal aspect, where the software provider's server might be located in a different country governed by different laws. This can give unforeseeable consequences, e.g. in who has the right to access the data. Similar issues also occur with other online services, such as file hosting services (e.g. Dropbox), image hosting services (e.g. Flickr), e-mail (e.g. Hotmail), or social communities (e.g. Facebook). SaaS is also commonly known as cloud
computing. The term cloud computing, or the Cloud, could also include other
84
© THE
AUTHOR
AND
STUDENTLITTERATUR
7
INFORMATION
SYSTEMS
IN
AN
ORGANISATION
computing services delivered in a similar way, e.g. access to infrastructure such as networks and servers. An EIS can also be integrated in different types of mobile devices, e.g. smartphones. This allows mobile employees, e.g. truck drivers and travelling salespeople, to have access to the same information as their colleagues in the office. This also gives the managers in the office better opportunities to manage the mobile employees. Whichever technical solution is selected, the main function of the EIS remains the same: to plan, measure and control the business. The rapid development of computers and the introduction of concepts such as SaaS has meant that having an EIS has become a reasonable investment for most companies. From being used only by the largest companies, EISs have now become common in all types of companies.
MODULES
The main modules in an EIS are Accounting and Finance, Supply Chain Management (SCM), Human Resource Management (HRM) and Customer
Relationship Management (CRM), although the names may vary between different systems. Putting names and labels on different modules is difficult. Not everyone agrees on e.g. what should be included in a CRM module, and similar modules can be given different names and scope by different software vendors. A module can also be divided into sub-modules. There is a large number of software vendors on the market, and everyone wants to market their system as unique. It is therefore important always to study carefully what the system actually does, and not only go by its name.
Accounting and Finance
The Accounting and Finance module manages the traditional bookkeeping in the company by keeping track ofall financial transactions. It also provides financial information and makes financial analyses for decision making and reporting. It helps in budgeting and investment decisions.
© THE
AUTHOR
AND
STUDENTLITTERATUR
85
7
INFORMATION
SYSTEMS
IN AN
ORGANISATION
Supply Chain Management
The Supply Chain Management (SCM) module is the logistics module. The supply chain is the flow of materials, information, money and services from raw materials suppliers through production to end customer. The SCM module includes planning, execution and control of all activities in raw material sourcing, manufacturing, warehousing and delivering finished products to customers. This includes the production planning and inventory management functions of the traditional MRP system.
Customer Relationship Management
The Customer Relationship Management (CRM) module is designed to help the company manage its relationship with existing and potential customers. This includes functions such as marketing, advertising, market research and analysis, customer service and sales force support. The CRM module provides an integrated view of all customer data and interactions which allows the company to be more efficient and increase customer loyalty.
Human Resource Management
Human Resource Management (HRM) is about managing the human resources in the company, i.e. the employees. This module gives support for maintaining employee records, evaluate employee performance, organise training, scheduling, recruitment etc. It contains support for all activities related to previous, current and potential employees of the organisation.
Business Intelligence
Larger systems also often have a Business Intelligence (BI) module which takes data from the other modules and presents it to top managers through easyto-use interfaces. This helps top managers to find easily the data they need
from the large and complex EIS. BI offers strong reporting and drill-down capabilities to give managers meaningful and useful information to improve and facilitate decision making.
86
© THE
AUTHOR
AND
STUDENTLITTERATUR
7
INFORMATION
SYSTEMS
IN AN
ORGANISATION
Specialised information systems An organisation's information system often combines the large EIS with other systems to supply functionality that is not offered by the EIS or where a well functioning legacy system already exists. This could be more general systems, such as e-mail systems, timesheet reporting system or advanced specialised systems, such as simulation systems, technical design systems (e.g. Computer Aided Design, CAD), Advanced Planning and Scheduling systems (APS) etc. Some common specialised information systems are Geographical Information System (GIS) which is a map-based system specially designed to analyse and work with a geographical data. Simulation and modelling systems try to imitate the real word to allow experiments and forecasts to be made in a computer instead of the real world. Expert systems try to imitate the decision making process of human experts to allow computers to make semi-structured decisions.
Study questions 1 What is the aim of an Enterprise Information System? 2 In the media, you often get the impression that all companies use the most modern and well integrated information systems. Is this true? If not, why is not everyone using the best available systems? 3. What are the benefits and drawbacks of an EIS?
4 What are the benefits of information sharing in an organisation? 5 Why can an EIS not be exactly adapted to the business processes in the organisation? 6 What are the risks and benefits of adapting to the given best practises of an EIS? 7 How is backwards scheduling used in an MRP system? 8 Explain the difference between an MRP system and a MRP II system.
9 What is an ERP system? 10 Howcan the risks of being tied to one software supplier with an EIS system be handled? 11 What are the benefits of Software as a Service (SaaS)?
© THE AUTHOR AND STUDENTLITTERATUR
87
7
INFORMATION
SYSTEMS
IN AN
ORGANISATION
12 Whatare the risks of putting your sensitive data in “the cloud”? 13 Explain the main modules in an EIS. 14 Why is it difficult to put names on the different modules in an EIS? 15 What are the main benefits and drawbacks of an EIS based on
standardised modules? 16 Go out on the Internet and search for Enterprise Resource Planning. How many ERP vendors can you find?
References Statskontoret (2009). Inforande av ett nytt tandvardsstod. Granskning av Forsakringskassans genomforande av tandvardsstédet. Report 2005/298-5.
88
© THE
AUTHOR
AND
STUDENTLITTERATUR
Systems development
CHAPTER 8
It is important to understand
the process behind the development of an
information
in an organisation
system. Everyone
will have a part in the
development process, even if they are not IT technicians. The information system is a key part of a modern organisation and is nothing that can be left for the IT
department or consultants to develop on their own. This becomes particularly important when introducing large systems as the
Enterprise Information Systems (EIS). An EIS implementation is not an IT project,
but a change project for the entire organisation. The introduction of anew EIS must become top priority in the organisation and also remain top priority throughout the process. A new system is a fundamental change in the organisation and must
have the full support of the top management to be successful.
Systems development is often performed by external consultants with limited or no previous knowledge of the organisation. A large part of the systems development process is therefore devoted to understanding the characteristics of the organisation that is going to use the information system and to determine the requirements. It might appear obvious but it is still important to point out: If you do not know the problem, then you cannot solve it! It is tempting to jump immediately into the technical development phase with computers and programming that show hands-on results, rather than spending along time making lists of boring user requirements and analysing processes. However, the key to a successful project is doing a proper analysis of the organisation and setting the right system requirements. It is just like buying acar. You cannot just buy “a car”. First, you have to decide if you want a tractor or a sports car or something in between.
© THE
AUTHOR
AND
STUDENTLITTERATUR
89
8
SYSTEMS
DEVELOPMENT
FIGURE 8.1 Setting the right requirements is a key to a successful project.
Picture (left): David Merrett. Picture (right): Thomas doerfer.
Business processes Implementing a new system is not only about the technical implementation, but equally important is the business processes to support the system. A business process is the structured task and activities that are performed to producea service or a product. It can be thought of like a flowchart of activities. A new information system must be followed by business processes in line with the new system. This often means that the old business processes must be reengineered. Business Process Reengineering (BPR) is the re-thinking and re-redesign of the processes of an organisations to adapt them to current needs and resources. Studies have shown that having an information system more advanced than the business process will cause inefficiencies. Having good business processes is actually more important than having an advanced information system. The worst case is trying to use an advanced system with
bad business processes. An analogy can be made with driving a car while trying to read a road map. If you drive faster than you can read the map, you will end up in a ditch when the road turns. The advanced system can be seen as a multiplier for bad decisions. TABLE 8.1 Business process and information systems support.
Business
Information
Processes
system
Good
Advanced
Rating
Map and car driving analogy
1
We have a fast car and know exactly how to
Superior business performance
read the map, which takes us to our destination
quickly.
Good
Simple
2 Lack of system support for business
90
We have a good map and take the best route, but our car is slow so we do not reach our destination as fast as we planned.
© THE AUTHOR
AND STUDENTLITTERATUR
8 SYSTEMS
Bad
Simple
Bad
3
Advanced
DEVELOPMENT
Below average
We drive slowly and have an old map, but we
business performance
get to our destination sooner or later without too many detours.
4 System cannot be properly utilised
We have a fast car, but we get lost and almost do not make it to our destination since we drive too fast to read the map.
Development costs and risks Systems development is a risky business that often fails and goes over budget. About 25 percent of all large system development projects fail completely, 25 percent go as planned and 50 percent are implemented at higher cost than intended and/or with reduced functionality. The projects are also often delayed. It is not unusual with projects that cost twice the budgeted amount and takes twice as long to complete. The costs for a delayed project can be substantial. Delay costs can be related to higher development costs, increasing costs to continue operating and maintaining old systems, lost business opportunities, delayed efficiency gains from the new system etc. The main risks of systems development can be summarised in Table 8.2. TABLE 8.2 Failure risks for systems implementation.
Failure risk
Comment
Complexity of system
A large, complex system is more likely to fail than a simpler system.
No user acceptance
The intended user must accept the new system and preferably be committed to and involved in the development.
Insufficient user training
The users must understand and know how to use the new system to decrease worries and fears and to be able to participate in the implementation.
Top management support
A new system is a costly and fundamental change in the business and must have full management support throughout the project.
Project management
Bad project management can lead to e.g. cost overruns, failure to meet deadlines, missing functionality and lower system performance.
Incorrect functional
The right requirements must be set in order to acquire the right system.
requirements
IT failure
Pure technical issues are seldom a problem today but can have
devastating effect when they occur.
© THE
AUTHOR
AND
STUDENTLITTERATUR
91
8
SYSTEMS
DEVELOPMENT
The costs for systems development can vary greatly. A small development project can cost a few hundred euros while a new EIS for a multinational company can cost several hundred million euros. It is very difficult to give an estimate of the costs of an average systems implementation. As an example, the cost of implementing a large EIS in a Swedish retailing company with 7,000 employees is budgeted at € 60 million. The Swedish armed forces are currently implementing a large EIS with a budget at € 285 million, although it is expected to end significantly over budget. The time required for the system development will also vary depending on the system and ranges from a few months to several years. Contrary to what many people believe, the cost of buying the hardware and software is only a small part of the development costs. The large parts are the organisational reengineering to adapt the organisation and business processes to the new system, learning to use the new possibilities, and training the employees in using the new system. It is important not to forget the cost of the time spent in the organisation to prepare for the new system. Just a simple thing as a two-day training session in an organisation with 1,000 employees equals 2,000 working days or about 8 person years. A good system development process is vital in helping to reduce the risk of runaway costs. A general rule is to set the right system requirements from the beginning and trying to identify all problems as early as possible in the process. The cost of changes and fixes increases exponentially with time in the project. It is much more difficult and expensive to change something in the system when it has already been implemented on all computers, than to change an idea on paper at the beginning of the process. See figure 8.2. 4
Cost to make
changes
Projekt start
Time
System
FIGURE 8.2 Cost of late
implementation 92
changes in a project.
© THE AUTHOR AND STUDENTLITTERATUR
8 SYSTEMS
DEVELOPMENT
GETTING IT RIGHT FROM THE START
The aircraft manufacturer Airbus was originally formed as a cooperation between aircraft manufacturers in different European countries. Development and production of different parts of the aircrafts still take place in different countries, before all parts are
Picture: Wikipedia.
transported to Toulouse, France, where the
aircraft are assembled. Airbus recently developed the world’s largest passenger aircraft, the Airbus 380. Each plane costs more than 300 million dollars and the total
development costs were huge. The 72-metre long plane can carry up to 850 passengers and contains more than 100,000 different cables. All these cables caused a problem when the first prototype aircraft was being assembled in Toulouse. When the different aircraft sections delivered from different countries were assembled, the cables could not be connected. The cables were a few centimetres too short! It turned out that the cable specifications had changed during the late stages of the production process. A new low-weight type of cable had been selected that was a bit thicker and therefore could not be bent as tightly around the corners as before. The new cables should have been made slightly longer than the old cables to compensate for this. The engineers involved in the design of the cables worked in different countries and could not agree on using the same version of the CAD software (an advanced computer program used to create technical drawings and blueprints). Thus, the design files made in one country could not be read in the system used in another country, and the effect of the design change was not discovered. The late design changes and failure to use a common computer system for the design caused the first flight of the Airbus 380 to be delayed at high cost, loss of prestige and a very costly redesign of the cables.
User involvement and acceptance A key factor in systems development is user involvement. The two main reasons for this are to set the right systems requirements and to get user acceptance for the new system. © THE
AUTHOR
AND
STUDENTLITTERATUR
93
8
SYSTEMS
DEVELOPMENT
The users have a lot of knowledge of the current business processes, and they know what they want improved and what works well. The users should not be involved because they are computer experts, but rather because they are not computer experts. They know what they want done and see things that a computer expert does not see. A simple thing, such as where you put the OK button on the screen, might not appear important to the computer programmer, but it is very important for the person that is going to click that button 100 times per day for the next 10’years. A mixed team of people from both the IT side and the business side will develop a better system together than either side by themselves. A successful information system must also be accepted by the persons that are going to use the system. Several studies have shown that the most common reason for the failure of a new information system is lack of user acceptance. Everyone in the organisation must try their best to make the new system work, if it is to be successful. It is enough if only a few users, for example, do not care about learning the new system properly, are careless when entering data, or, in the worst case, try to sabotage the system. Involving the users in the system development gives the psychological advantage of making the users feel that it is “their” system and not something that the management is forcing on them. This will also give the users a better chance to understand the reason behind the system change and why the system requests certain data. USER INVOLVEMENT
A factory in western Sweden decided to invest in an automated storage and retrieval system. This is an automatic warehouse that is served by robots and managed by a central computer system, and only that system knows where everything is stored. After installing the very expensive system, the factory found that it did not work properly. When asked to retrieve a certain product, the Picture: Wikipedia. system would sometimes retrieve a completely different product. The engineering firm that had sold and installed the system returned and tested the system. However,
94
© THE
AUTHOR
AND
STUDENTLITTERATUR
8
SYSTEMS
DEVELOPMENT
everything worked perfectly, but as soon as the engineers left, the system started behaving strangely again. The engineers were called back again, only to get the same perfect results. This continued for more than six months until the problem was finally tracked down to one of the employees. When an employee hands over a product to the robots, the system requires that the employee enters a product code telling the system which product it is. One employee thought that it was difficult to learn all the codes, so he decided just to use the same code for everything. Thus, the system worked correctly by the input data was wrong. It is unclear if the employee did not understand the purpose of the codes or if he tried to sabotage the system, but the result was the same. One person’s failure to operate the system correctly resulted in system failure.
It requires good management skills to persuade everyone to accept the system. It is important to be open with information about the new system and inform the users about how it is going to change their daily work. The managers must consider that information can be interpreted differently by the employees. For example, if the manager says that the new system is going to save the company a lot of time and money, then the employee thinks that someone is going to be fired and becomes worried. The information should not only be about money and efficiency enhancements, but also about how the new system can improve working conditions for the employees, and make the company more successful and a safer place to work etc. The manager must be open with both positive and negative effects for the employees and never lie. The managers trying to introduce a new system must recognise and respect that the new information system is going to change the way many people do their daily work, and this is often perceived as a threat. It is also going to change the informal power structure in the organisation. This can be small things that become very important for the individual. For example, a secretary that has managed accounting documents in a paper filing system for 20 years has had a key position in the information system. Being the only one that knows the filing system properly, the secretary is perceived by herself, and others, as an important person. Suddenly, the management decides to introduce a computerised accounting system. All the secretary's documents are put online and become accessible for everyone. The secretary is given other assignments, perhaps just feeding data into the system. It is very likely
© THE AUTHOR
AND STUDENTLITTERATUR
95
8
SYSTEMS
DEVELOPMENT
that the secretary is going to be very negative towards the new system. At the same time, the secretary will have a key role in transferring the documents to the new system, since the secretary is the only one that knows the paper filing system. Obviously, the success of the new system will be dependent on the transfer working well and on-time. A simple thing like if the secretary decides to call in sick during the ”boring” data transfer might be enough to cause the entire project to fail. Still, you can never expect everyone to be positive about the new system or to know the reasons for their protests. For example, in one case the most negative employee turned out to be embezzling money from the company and was afraid to be discovered.
Systems Development Life Cycle There are several different methodologies or guidelines for the development of a system. The most common one, Systems Development Life Cycle (SDLC) consists of a number of sequential steps, starting with the identification of the problem to be solved and ending with the maintenance and support of the finished system. SDLC is also a continuous cycle where the process can stop and return to a previous step if necessary, e.g. if the requirements have changed. See figure 8.3.
SYSTEMS INVESTIGATION
The first step is the systems investigation. This step aims at understanding the problem that the new information system is going to solve. Before starting a costly new system development process it must first be determined if there really is a need for a new system and what we are going to benefit from it. In other words, this step should determine what the problem is and if it is worth solving. This step involved carrying out a feasibility study of the project to investigate its potential impact. A feasibility study is not intended to cover all aspects in detail, but rather to determine if it is interesting to proceed with this project. The detailed investigation and design is made later in the SDLC. A feasibility study can be divided into five main areas, abbreviated TELOS (Technical, Economical, Legal, Operational and Schedule). 96
© THE
AUTHOR
AND
STUDENTLITTERATUR
8
SYSTEMS
DEVELOPMENT
1, Systems investigation
5. Systems maintenance
2. Systems analysis
4. Systems implementation
3. Systems design , ee ee
FIGURE 8.3 The Systems Development Life Cycle.
Technical feasibility will determine if the project it possible from a technical perspective, e.g. can we get fast enough computers? Economic feasibility concerns the financial side of the project and determines ifthe system helps us make more money. Also knownas cost/benefit analysis, the intention is to calculate the financial costs and benefits of the
project to see if it is profitable. It is important not to forget about the possible economical gains that cannot be directly quantified. Better decision support might, for example, lead to better decisions and a more profitable company,
but this effect is much harder to estimate than, for example, the effects of a 10 percent time saving in a factory.
Legal feasibility checks that there are no legal obstacles to the new system, for example that the system does not violate any copyrights or store personal data in an illegal way. Legal obstacles might occur both during the development, implementation and use of the system. © THE
AUTHOR
AND
STUDENTLITTERATUR
97
8
SYSTEMS
DEVELOPMENT
Operational feasibility determines if the intended system will give adequate support to the organisation and its operations. The operations are the ongoing recurring activities involved in the running of a business. The operational feasibility checks if the intended systems will support these activities, e.g. will this system help us reach our goals? Will the system solve the problem and is the problem worth solving? The operational feasibility should also check if the organisation will accept this new system. Each organisation has an informal culture or set of beliefs and values that governs the daily life of the organisation. Any new system must consider these factors and make sure that it can get the support of the managers and users. Schedule feasibility determines if the project can be completed on time. The output from the feasibility study is a summary of problems and opportunities concerning the intended new system. Based on this output, the company should decide whether to continue with the development process or not.
SYSTEMS ANALYSIS
The systems analysis aims at determining the functional requirements of the
new system. These are the requirements that the system should fulfil to solve our problem, i.e. what we should be able to do with the system. This step should find what we want the system to do, but not how the system is going to do it. The systems analysis consists of an organisational analysis of the company and the creation of a logical model of the system. These are then used to determine the functional requirements. The organisational analysis is intended to examine the business
requirements and make the people involved in the systems development understand the organisation, culture and characteristics of the organisation that is going to use the system. The information needed in each organisation is unique and it is impossible to design a good information system without first understanding the organisation. This does not only concern the actual information flows but also the culture and traditions within the organisation and how the company does business. The development team must understand the company’s business model, the business requirements and the area of
business to be able to build an information system that supports it. This also includes studying the current information system in the company (remember that an information system is more than just computers) and learning from it. 98
© THE
AUTHOR
AND
STUDENTLITTERATUR
8 SYSTEMS
DEVELOPMENT
A logical model of all information flows is also created. This is a blueprint of how the information flows and processes look in the organisation today. Remember that this is not a technical description but a logical description. This is often modelled through a data flow diagram (DFD) which isa graphical flowchart that shows the information flow and what is done to the information, e.g. a customer order arrives, the order is stored until it can be processed, the processing starts by checking if the product is in stock, if not then... etc. If the order comes in by phone, paper or electronically is not interesting in the logical model. The focus is on the flow and processes. Several different modelling methodologies exist for identifying the flows and building the logical model, and often a combination of different methods are used. The organisational analysis and logical model are then used to determine the functional requirements. Again, the focus is on what should be done and not on how it is going to be done. It is important to think freely in this analysis and not to be constrained by the current system used or the current routines in the company. Just because the company has done something one way previously, does not mean that this is the best way to do it in the future. The functional requirements can be divided into the main functional requirements and quality requirements. The main functional requirements define the functions the system should offer, e.g. to register customer orders or keep track of inventory levels. The quality requirements (sometimes called non-functional requirements), show constraints on the system and often apply to the system as a whole, e.g. the system must meet a certain safety standard. The finished list of functional requirements could be very long and cover several hundred pages for a large system. These requirements will form the basis for the design of the system, and it is therefore very important that they are made properly. Poor requirements can substantially increase the development costs of the system, simply because you do not know what system you should build. One problem could be that the requirements are unclearly written and therefore interpreted differently by different people working on the system, another that the requirements are too abstract and can therefore not be verified if they are met. Different requirements may contradict each other, key functions may have been left out, unnecessary functions may be included etc. User involvement is very important in this step. The users are those who know the processes and are going to work with the finished system. © THE AUTHOR AND STUDENTLITTERATUR
99
8
SYSTEMS
DEVELOPMENT
An American study showed that a joint team of IT specialists and business specialists produced the best functional requirements. The finished project then managed to meet all functional requirements and went “only” 43 percent over budget. The financially worst case was when the business experts alone wrote the specification, although they managed to reach the best functionality. TABLE 8.3 A joint team produces the best functional requirements
Responsible for requirements
Budget % of target
Time % of target
Functionality % of target
IT department
162,9
172,0
91,4
Business department
196,5
245,3
110,
Jointly
143,4
159,3
103,7
The functional requirements could be used as an internal document for the future development of the system, but could also be used to collect bids from external software providers that offer “off-the-shelf” products, i.e. already developed standard systems. The output from the systems analysis will be the list of functional requirements and an understanding of the organisation and users that are going to be involved in the system. From this, it can be decided if the development process should continue or if the development should be cancelled or return to a previous step in SDLC. FUNCTIONAL REQUIREMENTS
In 1628, the new Swedish warship Vasa was about to set out on its maiden voyage. The Vasa was one of the most powerful warships of its time and represented a huge financial
investment, similar to that ofa modern aircraft carrier. Unfortunately, the maiden voyage lasted only a few minutes until a Picture: Wikipedia.
100
© THE AUTHOR
AND
STUDENTLITTERATUR
8
SYSTEMS
DEVELOPMENT
slight breeze caused the ship to capsize and sink only a few hundred metres from land. A disaster and a national scandal! The Swedish King Gustavus Adolphus, had ordered a ship with two gun decks, as opposed to other ships at the time that only had one gun deck, i.e. the ship had two floors with guns instead ofjust one. The intention was to fit more guns on the ship and get a more powerful ship. However, this design with heavy guns placed high up in the ship caused the ship to become unstable and the disaster was unavoidable. A slight breeze was enough to make the ship turn over. What the king did wrong was focusing his requirements on the technical design rather than the fuiictional requirements. If he had ordered a warship that could beat any other warship in the region, then the design made by the shipbuilders would probably have been completely different. Instead he decided to focus on technology and not function. The Vasa was found and salvaged in 1961 and can now be visited in the Vasa museum in Stockholm. 4
SYSTEMS DESIGN
The systems design step concerns the actual design of the system, i.e. how the system is going to fulfil the requirements. The system design step will design the system “on paper” and decide which technical solutions should be use, but the actual implementation and programming of the computer system is not included in this step. The systems design step will result in the system specifications, which is the blueprint later used for the actual implementation. If we compare this to building a house, then the functional requirements
show the type of house you want, number of rooms, size, style etc, while the systems specification is the detailed blueprint you hand over to the builders with details about materials, exact measurements etc. A make-or-buy decision must be made between programming completely new software or buying an existing of-the-shelf-product and adapting it to the organisation. Programming a new custom-made software makes it easier
to adapt it perfectly to the organisation and systems requirements, but the risk that something goes wrong and the project is delayed or fails is much ~ greater. Buying an off-the-shelf product is often cheaper, but there is a risk of having to spend substantial resources on adapting it and still not getting
© THE
AUTHOR
AND
STUDENTLITTERATUR
101
8
SYSTEMS
DEVELOPMENT
as system as well adapted as the custom-made system. If an off-the-shelf option is selected, then the systems design step will also include collecting and evaluating bids from external software providers, using the functional requirements. It is therefore important that the technical solutions should not be specified already in the functional requirements, as different providers might have different approaches to meeting the same requirements. The systems requirements are included as a part of the final contract with the software provider. This is a very important part of the contract, as this will be used to determine if the system finally delivered fulfils the contract. The system design step takes the functional requirements and turns them into a detailed technical specification. This design step includes several modelling activities where new logical models and data flow models are made. This can be divided into logical system design and physical system design. The logical system design shows an abstract representation of all data flows and processes in the new system. It shows what the new system will have to do to meet the requirements. This includes describing the processes and input, output, etc. needed in the system. It is a description on an abstract level independent of the technical solution. The physical system design then describes how the system will actuaily perform this. It includes the detailed design of hardware, software, databases etc. It describes how the components work together and what each component does. A common method used for developing systems specifications is prototyping, which is the rapid development and testing of different prototypes, i.e. working models of small parts of the system. Instead of spending a lot of time developing detailed specification the developers start with just a rough idea of what the users want. A prototype is then quickly made and tested with the users. After listening to the user comments, the developers refine the prototype and test it again. This is repeated until a good prototype is found. A user interface could for example be developed like this where several versions of the interface is tested and revised. Prototyping simplifies and speeds up the systems design and also involves the users in the process. The output from the system design step is a detailed technical systems specification that can be used as a blueprint for building the actual system.
102
© THE AUTHOR
AND
STUDENTLITTERATUR
8
SYSTEMS
DEVELOPMENT
SYSTEMS IMPLEMENTATION
This step is the actual implementation of the system. The two main parts are the completion of the technical system and the implementation of the system in the organisation. The first step of the systems implementation is to build the actual IT system. Based on the systems specification, the technical design is implemented. This includes programming new software or adapting existing software to the specifications. The necessary hardware and software is acquired. The software must also be tested and debugged before it is implemented. Five types of testing are performed in this step. Unit testing tests each part (unit) of the system separately, systems testing tests the entire system together, volume testing tests the system with a large amount of data, integration testing tests all related systems together and acceptance testing tests that the system meets the functional requirements. User documentation and systems documentation should also be created for the system. Most people think about the user manuals but the systems documentation is sometimes neglected. The user manuals contain instructions for the users on how the system works. The systems documentation contains detailed technical information on how the system is designed and programmed. This is important information when in the future the system is going to be further developed, extended, repaired or changed. Unfortunately, the systems documentation tends to be something that is put on a shelf somewhere and receives little interest when the new system is implemented, since there is no immediate use for it. It is a fact today
that many companies have very poor or no systems documentation. In other words, they trust their entire business on a computer system that they do not know how it works.
© THE
AUTHOR
AND
STUDENTLITTERATUR
103
8
SYSTEMS
DEVELOPMENT
THE MILLENNIUM BUG
The lack of proper systems documentation became obvious during the millennium bug. The early computer systems used only two digits to represent years, i.e. instead of 1979 they just used 79. The reason was to save computer memory,
which was scarce‘in the early computers. No one could then imagine that the same systems would be in use after the year 2000.
Picture: Wikipedia,
The problem, or the Millennium bug, was the simple mathematical fact that after 99 (year 1999)
comes 100. No one knew how the systems would react to this. Would they crash when the system tried to store three digits (100) in a location only intended for two (00)? Would time start running backwards and
change to year 00 (year 1900) and how would that affect e.g. interest rate calculations? It was obvious that the systems had to be checked and fixed, but how could that be done? Most systems documentation had been lost after 30 years or never written in the first place. Working systems had to be replaced just to be on the safe side or they had to be subjected to expensive reverse engineering (basically reading the program line by line and figuring out how it works) to fix the problem. Reverse engineering was particularly expensive during the Millennium bug due to the fact that most systems were programmed in an old programming language that very few people knew. In the end, the Millennium bug proved to cause almost no problems, but huge costs could have been avoided with proper systems documentation.
Any new system is also going to replace an old system. This means that there is a lot of data in the old system that must be transferred to the new system. The complexity and time requirements of this data conversion should not be underestimated. The large amounts of data involved means that just the
process of physically loading the data into the new system might take days or weeks. In the US, companies with more than 1,000 employees store, on average, Over 235 terabyte of data, or more than the entire US Library of 104
© THE AUTHOR AND STUDENTLITTERATUR
8
SYSTEMS
DEVELOPMENT
Congress. Add to this that you will probably have to correct errors in the data, merge data from different databases, sort out unwanted data and reorganise the data. This might be a complicated process and, naturally, the success of the new system is dependent on the data in the system being correct. Failure in the data conversion is acommon reason for failing the implementation. The users also need to receive training in using the system. This could be a challenge since modern information systems are very complex and the time available for training is limited. Often, managers only get a few hours’ training in the new system. It is interesting to note that companies can spend large amounts of money on developing asystem, but then do not give the users more than a few hours’ training in using the system. It is better to invest in a simpler system that everyone is trained to use 100 percent, than investing
ten times the money in a system that is only used 10 percent. How much a system is used in reality varies a lot. One supplier of HRM (Human Resource Management) systems estimates that 20 percent of the HR managers in a
company use everything in the system, 60 percent use parts of the system and 20 percent use nothing. The training should not only focus on hands-on how to use the system, but also on why the system behaves the way it does. A negative attitude towards a new system might be caused by the users not understanding why they have to do some things in the system. They might think that the system is poorly designed, when in reality there is a logical
reason behind the design. The users must also learn how the new system impacts the company’s business model and how it can be used to improve the operations. When the new system is implemented, the old system has to be removed.
There are four main system conversion strategies for this. See figure 8.4. In a direct conversion, the old system is stopped and directly replaced by the new system at a given date. The organisation goes from using the old system to the new system basically over night. This is the quickest and cheapest way of doing the conversion, but it is also the most risky one. If there
should be some problems with the new system, then the company has no option of going back to the old system. The new system must work directly. In a pilot conversion the new system is first tested in a small test (pilot) conversion. Just one department, office or group of employees, change completely over to the new system, and the rest stay in the old system. Everyone is not converted until the pilot has proven successful. Thus, only a © THE AUTHOR AND STUDENTLITTERATUR
105
8 SYSTEMS
DEVELOPMENT
Old system See
___»
ee
ee
Pilot ice
Old system
Direct : EORV acu
New system eee =
New system
Pilot Boniersion
New system
Phased aunhacian
ee Old system
Phase
eee ar eee
Old system E
| HE
| |Me
New system
;
|
DeaneSNe tanto |
Parallel conversion
FIGURE 8.4 The four system conversion
strategies.
small part of the company is hurt if the new system fails. The pilot will identify problems in the new system that can be fixed before the full conversion. However, a successful pilot conversion only shows that the new system can work but not that it will work. Other parts of the organisation might have other requirements than the pilot department. Also, most companies (unfortunately) tend to choose the most committed employees for the pilot, i.e. the people that knows computers, and are interested and willing to stay up all night to make it work. Problems that the committed employees fix in the pilot, might not be that easily fixed by the others in the full conversion. In a phased conversion the new system is introduced step by step. One by one, the functions are taken over by the new system, while the rest of the functions remain in the old system. The phases are implemented in the entire company at the same time. This conversion has a rather low risk, but takes a lot of time. In a parallel conversion both systems are run in parallel until the new system works correctly and the old system can be shut down. This is the safest conversion strategy, but also the most expensive one. It also faces a lot of practical problems where everything must be made twice, both in the old and new system.
106
© THE AUTHOR AND STUDENTLITTERATUR
8
SYSTEMS
DEVELOPMENT
Which conversion strategy to choose depends on the system. In some systems there are no options other than a direct conversion when it is only possible to run one system at a time. However, in most cases it comes down to a trade-off between cost and risk.
SYSTEM MAINTENANCE
The last step in the SDLC is the system maintenance. This step is ongoing for the entire life of the system. Every system needs some maintenance. This could be correcting bugs that haye not been discovered previously, adding upgrades, adapting the system to new requirements, improving the performance of system and replacing hardware. Maintenance of an existing system is very important to keep the system well functioning. The maintenance strategy can be active and try to seek out and fix problems before they occur, or it can be passive and only aim at fixing problems when they occur. In comparison, a passive strategy has lower costs of operation but the consequences can be severe if the system suffers a large breakdown that could have been prevented with an active strategy. An active strategy is more expensive to operate but can give significantly lower costs in the long run if large breakdowns can be prevented. The cost of system maintenance will increase with the age of the system until we finally reach a point where it is cheaper to build a new system, than to continue to repair and fix the old system. At this point, the cycle of the SDLC starts all over again and goes back to the systems investigation step
for a new system.
Open Source Software and proprietary software Software has traditionally been proprietary. This means that an organisation owns the software and sells you the licence to use it, but you are not allowed to see the source code or to modify it. The source code is the text the computer programmers write to program the software. The code is written in a programming language, e.g. C++ or Java, but is compiled into another format before being distributed to the buyer of the program. The source code cannot be directly extracted from the compiled file.
© THE
AUTHOR
AND
STUDENTLITTERATUR
107
8
SYSTEMS
DEVELOPMENT
In traditional proprietary software development, a number of programmers are employed by an organisation to write the source code. The organisation will have made an investment in developing the code and have an interest in protecting it. In open source software (OSS), the user is allowed to see the source code, modify it and distribute it to other people. The right to modify and distribute the software means that the software development process is different from the traditional development process. The source code is, normally, published on the Internet where anyone can contribute to the development of the software by checking the source code, fixing bugs, adding features, adapting the software to local needs and languages etc. The large number of programmers involved makes the development process very rapid. There is no need to wait for the proprietary software owner to release a new version or fix a bug, as you or anyone else can do it directly. The rights granted to the user of an OSS depends on the licence used. There are many different OSS licences. Often, you are free to modify the source code and redistribute it, as long as you also make your changes available as open source and give your users the same rights to modify and redistribute. OSS is often called free software and a common statement is that it is “free as in speech” but not “free as in beer”. This means it is free as in “little or no restrictions”, but not free as in “no cost”. Most licences allow you to sell an OSS, although you cannot prevent the customers from making minor modifications to the software and then giving it away for free or selling it for half the original price. In reality, many OSS programs are therefore also free as in no cost. Even if the software itself is available at no cost, there is also a market for support services to an OSS program such as distribution of the software, manuals, training, site installation and support. Many companies make money from supplying these support services for otherwise free software. It is important to note that many of these services are included in the price of proprietary software, but has to be purchased separately when
using “free” OSS. The reason for a programmer to participate in an open-source project
can be divided into two main categories: intrinsic and extrinsic motivation. Intrinsic motivation means that the person is driven by an interest or enjoyment in the task itself and participates since it is interesting, enjoyable
108
© THE AUTHOR
AND STUDENTLITTERATUR
8
SYSTEMS
DEVELOPMENT
or challenging. The reward comes from the participation itself, just like some people play football or collect stamps for fun. Extrinsic motivation means that the person is driven by an external reward. The person expects to gain something in the future from participating and doing a good job. This could be increased social status in a community, a well paid job offer, a need for the finished software, or the possibility to make money from the finished software by selling support and other services related to the software. Commercial companies can also participate in the development by extrinsic motivation. TABLE 8.4 Examples of reasons to participate in OSS development Intrinsic motivation
Extrinsic motivation
Interesting work
Future business opportunities
Enjoyable work
Use of finished software
Challenging work
Social status
Altruism
Personal marketing
Political/ideological
Learning new skill to be more competitive
Commonly used OSS are the Linux operating system, the Firefox web browser, the Apache web server, OpenOffice office applications and many others. More on the open source concept and licences can be found on the Open Source Initiative homepage (http://opensource.org/).
Study questions 1 Explain why an EIS is not an IT project but a change project for the entire organisation. 2 What is business process reengineering? 3 What are the risks of not setting the right systems requirements? 4 Which is best? To have an advanced information system or advanced business processes? Give reasons for your answer.
5 What are the main risks within systems development? 6 What role do the users play in the development of new information system?
7 How much information should you share with the employees during the development process?
© THE
AUTHOR
AND
STUDENTLITTERATUR
109
8
SYSTEMS
DEVELOPMENT
Why could the employees be against the introduction of a new information system? A common statement is “Information systems are too important to
be left to the computer specialists”. Do you agree? Give reasons for your answer. Explain the Systems Development Lifecycle (SDLC) What is TELOS? What role does the Logical Data Model play during the development process?
oor apy oon
Why is the system documentation an important part in developing a new information system? What is included in a feasibility study in SDLC? There are four main strategies for changing over to anew information system. What are those strategies and which one would you choose to convert to a new air traffic control system? Explain your decision. Is Open Source Software free? Give reasons for your answer. Why do programmers participate in open source software development? What are the benefits and drawbacks of using open source software?
References Ellis, K. (2008). Business Analysis Benchmark. IAG Consulting, New Castle. Matlack, C. (2006). Airbus: First, Blame the Software. Business Week, October 5.
Heinrich, C.E. & Simchi-Levi, D. (2005). Do IT investments really pay off? Supply Chain Management Review 9(4), 22-28.
110
© THE
AUTHOR
AND
STUDENTLITTERATUR
Computer crime and security
CHAPTER 9
Unfortunately, the computer world is not free from crime. Computer systems
are receiving more and more attention from criminals as their importance in our society increases. Computers are a vital part of the infrastructure of all companies
and organisations today. Naturally, it becomes very important to have good
computer security to protect the computer system and its contents against crime, just as it is important to have a good lock on your front door.
Computer crime Computer crime can be divided into two main categories. Crimes facilitated by computers and crimes that target computer systems.
CRIMES FACILITATED BY COMPUTERS
Crimes facilitated by computers are crimes where the computer is just a tool. Most of these crimes existed long before computers, such as different kind of scams. For example, most Internet users today have probably received e-mails from a “prince” or “king” somewhere that wants help to transfer a large amount of money and offer you millions if you help him. Of course, there is no prince and you will end up having to pay money if you accept the offer. The same scams existed earlier, but then they were sent by ordinary mail. Other crimes are new, such as excessive spamming, which is illegal in many countries, or different types of phishing. Spam is unsolicited bulk e-mail messages sent indiscriminately to a very large group of people, most often offering to sell something. It is estimated that spammers only get about one answer per one million e-mails sent, but the extremely low cost of sending
© THE AUTHOR
AND STUDENTLITTERATUR
at:
9
COMPUTER
CRIME
AND
SECURITY
an e-mail still makes spamming profitable. Phishing is attempts to get a user to reveal sensitive information, such as credit card numbers or passwords, by pretending to represent a trusted institution. A common example is e-mail designed to look as if sent by a bank asking the receiver to send their credit card number due toa “technical error” in the bank. Of course, the bank is not the sender and it is just a trick to get the credit card number. Phishing also occurs in e-commerce where a site is hacked and all payments redirected to a similar-looking fake site. When the customer clicks the button to pay, the information is transmitted to the criminals and not the intended company.
CRIMES TARGETING COMPUTERS
Computers can be targeted in different ways by criminals. The most common objectives are to get access to computer resources or, the opposite, to deny the rightful owners access to their resources. Criminals might try to break into, or hack, computer systems to get access to information stored there, e.g. to steal company secrets. The intention can also be to use the computer for the hacker’s own aims. Spam, for example, is seldom sent directly from the spammer’s own computer. Normally, the spammers use computers infected by viruses that allow them to be remotely controlled to send the spam. These so-called botnets (bot is short for robot)
can consist of thousands, or even millions, of ordinary home computers where the user is completely unaware that the computer is being remotely controlled. Access to these botnets can be sold or even rented. Criminals can also try to deny owners access to their computer resources. For example, blackmail attempts have been made where criminals have threatened to crash an e-commerce site during the Christmas shopping if they do not get a large sum of money. The purpose can also be political where certain governments or organisations get their homepages crashed. These DoS-attacks (Denial of Service) can be made using botnets where thousands of computers repeatedly try to access a server until it crashes.
ATTITUDES
There is a difference in attitude towards computer crime compared to other types of crime. When a burglar breaks into a company office, the company hu Ba)
© THE
AUTHOR
AND
STUDENTLITTERATUR
9
COMPUTER
CRIME
AND
SECURITY
immediately reports it to the police. However, when the same company has its website hacked, it very rarely reports it to the police. Only about 30 percent of companies report computer crime to the police. The reasons for this are several. First, the chance of the police actually finding the criminal is small. The attacker might be located on the other side of the world and use a remotely controlled computer, which in turn controlled another computer, which controlled another computer etc. until the final attack was made. The police often lack the resources and knowledge to trace these attacks. Secondly, many organisations do not want to admit that they have been hacked. It is not good PR to tell the world that your computer security is low. You become a less trustworthy business partner and you send a message to other criminals that your system can be hacked. It is like telling burglars that you have a bad lock on the door and going to be away for the weekend. The general attitude in society today is also that computer crime is less serious than “real” crime. A simple example is the debate about file sharing and the illegal downloading of copyrighted music and films where large groups of people think that this should be legalised. Penalties for computer crime are also often lower than for the equivalent “physical” crime. For example, assume that you find the login to someone’s Facebook account and log in and read their personal messages. Then compare this to finding the same person’s keys, going to the person’s apartment, unlocking the door, enter the apartment and checking the mail and reading the personal diary. Basically, you are doing the same thing, but the general attitude in society towards the two crimes is different and also the sentence you would get if you were caught is different. The electronic crime is considered less serious. Computer crime is often considered as a victimless crime, since the criminals do not destroy or steal anything physical. However, this is not true. The cost of repairing the damage caused by someone “breaking into” a computer system can be far greater than the cost of repairing a broken
window. The value of stolen information can also be very great. The increasing use of computers everywhere has also meant that organised crime organisations have become interested in computer crime. Industrial
espionage is commonly performed by hacking into computer systems and stealing information. If the hacker is skilful, then the attacked company will not even know that something has been stolen. The armed forces and intelligence agencies of most countries are also using the Internet and
© THE
AUTHOR
AND
STUDENTLITTERATUR
113
9
COMPUTER
CRIME
AND
SECURITY
computer hacking to collect information. Recently, an attempt to hack the Pentagon was traced back to a foreign military intelligence. Some analysts believe that future wars will be fought in cyberspace. Almost everything is controlled by computer, so by taking control over water plants, electricity, infrastructure etc. you can force a country to surrender. Not all criminals have an economic interest in the attacks. Many are just doing it “for fun” or to get higher status in their community. By hacking a famous homepage or controlling the latgest botnet you become famous. However, whatever motivates them, they are still criminals.
DAMAGES
A large American survey found that about half of all companies face some kind of security breach each year. Mainly this is the result of random attacks, but 30 percent of the companies had attacks targeted specifically at their company. The most common problem was viruses which were found in 50 percent of the companies, followed by insider abuse of networks (e.g. employees using the network to download copyrighted material) and laptop theft. The traditional “hacking” or system penetration was only the 10th most common problem. From a financial perspective, the most costly attacks are the financial frauds. Although unusual, the cost of financial fraud is far greater than the cost of any other security threat. The second most costly attacks are theft of confidential data followed by the cost of viruses. Costs arise from, among other things, productivity loss when the computers are down, system repair, replacement of stolen equipment and compensation customers for lost data and errors. TABLE 9.1 The most common and costly security problems.
Most costly problems
Most common problems
1. Financial fraud
1. Viruses
2. Theft of confidential data
2. Insider abuse of network
3.Viruses
|
4. System penetration (hacking) 5. Laptop theft
114
3. Laptop theft »
4, Unauthorised access toInformation 5. Bots
© THE AUTHOR
AND STUDENTLITTERATUR
9
COMPUTER
CRIME
AND
SECURITY
A large share of the financial losses can be traced back to attacks performed by insiders. Incidents caused by insiders are far fewer than external incidents, but the potential for e.g. financial fraud is much greater if the person already is trusted in the system.
Computer security Computer security refers to the attempts made to protect the computer systems and information contained in them from theft, destruction and alteration, while at the same time allowing the system to be accessed and productive for the intended users. The security measures taken must be balanced between the two main objectives of keeping the system safe and at the same time making it possible to use. It is easy to make the computers perfectly safe (just put them in cement at the bottom of the sea), but the difficult part is to also keep them usable. See figure 9.1. Understanding computer security is based on understanding how threats and vulnerabilities together form the risk in the system. A threat is something that can potentially cause harm to the computer system. Vulnerability is some flaw in the system that allows an attack to be successful. When threats and vulnerability overlap, it becomes a risk. The magnitude of the risk is the probability that the vulnerability is exploited combined with the consequences of a successful attack. For example, a computer virus (threat) is only dangerous if there is a flaw in our anti-virus software (vulnerability) so it fails to detect the virus which infects the system (risk). The risk is high if
the likelihood that we will be infected with the virus is high and the potential damage from it is high. The process of identifying the threats, determining the associated vulnerability and risks and then finding ways to reduce the risk is referred to as risk management. There are several ways of managing the risks once
Vulnerability FIGURE 9.1 The relationship
between threat, vulnerability and risk.
© THE AUTHOR
AND STUDENTLITTERATUR
115
9
COMPUTER
CRIME
AND
SECURITY
they are identified. The most obvious strategy is mitigation, where the risk is removed, e.g. by a software update. Transference is a strategy when someone else is persuaded to accept the risk on your behalf, e.g. by taking out an insurance. This will not remove the risk, but will reduce the consequences of it. Acceptance is a strategy where it is simply accepted that the system has a known risk. Perhaps the cost of mitigating the risk is too high or it might not be possible to mitigate the risk. Avoidance is where a risk is removed simply by taking away the threatened system, e.g. by removing a threatened server. This will reduce the functionality of the system but remove the risk. Threats and their associated vulnerabilities can be divided into external and internal, based on where they come from.
EXTERNAL THREATS AND RELATED VULNERABILITIES
External threats originate from outside your organisation. This means that the actor responsible for the threat tries to attack your system from the outside. The threat could be specifically aimed at your organisation, e.g. an attempt to steal information, or just random, e.g. a computer virus infecting
all possible computers. Attacks are very common in all systems connected to the Internet. Most attacks are random and just checks if a computer has any known security flaws that the attacker can exploit, e.g. an operating system with a known error that has not been updated. Attacks like these are easy to perform but also easy to prevent by keeping all systems updated. Typical random attacks could be computer viruses spreading or someone randomly scanning the Internet for servers with a security flaw. Other attacks are more elaborate and targeted at a specific system and require more skills from the attacker. External threats can be handled by technical measures to a large extent as
most threats come via the Internet or other networks. For example, firewalls are used to restrict who can access a system. The firewall sits between the internal network and the external network, e.g. the Internet, and decides what is allowed to pass between the two networks. Antivirus software can be installed on all computers to protect against viruses.
A computer virus is a
small program that can copy itself and infect computers. Different viruses do different things. Some start a botnet, some try to steal passwords or delete files while others just display “funny” messages.
116
© THE
AUTHOR
AND
STUDENTLITTERATUR
9
COMPUTER
CRIME
AND
SECURITY
Designing good protection against external threats is complicated and something that should be left to the computer security experts. External threats are a rapidly changing world with a continuous race between hackers and security experts, where attackers try to exploit technical vulnerabilities before the security experts can block them. New viruses and security holes (small errors) in firewalls and operating systems are discovered daily. The hackers use these security holes in the software to gain access to the system. The security expert in return issues updates to the operating systems and antivirus software to block these holes. Handling external threats also includes protecting against physical threats such as physical thefts of computers, fire or natural disasters. A physical perimeter protection with locks, alarms, etc. around the server hall is needed to make it difficult to access. Only key employees should have access to the servers.
INTERNAL THREATS AND RELATED VULNERABILITIES
Threats and vulnerabilities can also come from within the company. Employees, or insiders, that have access to the system can cause large financial losses. Inside threats is largely a management issue, since it is to a large extent handled by management guidelines and not only by technical equipment. Many people only think about managing technical vulnerabilities, such as updating software to stop security holes and installing new anti-virus software. This is a good start, but it is important to realise that computer security is not something bought in a box and installed by the computer department. It is a way of thinking that must run through the entire organisation. Remember that a chain is not stronger than its weakest link. A company might have perfect protection against external threats, but that is not worth anything if the employees leave the front door unlocked with
all computers running and logged in when they leave for lunch. Everyone in the organisation must understand the importance of computer security
and do their part in keeping the system safe by reducing its vulnerability. Internal management related vulnerabilities can be divided into four categories. Malice, carelessness, unawareness and unclear management.
© THE AUTHOR
AND STUDENTLITTERATUR
117
9
COMPUTER
CRIME
AND
SECURITY
Malice from trusted employees is hard to prevent. An employee that wants to steal from the company or hurt the company can do a lot of damage, since the employee is already trusted with access to the system. An insider that is willing to sell company secrets or has been fired and wants revenge is hard to discover. One way of protecting against malice is to make sure that employees only have access to the systems they absolutely need. Perhaps the janitor does not need access to the customer database? Carelessness is far more common. Typical examples are passwords written on PostIt notes by the computer, leaving the computer logged in and then going to lunch, letting unknown persons into the computer hall etc. Carelessness might also be caused by exaggerated computer security. For example, requiring that the employees must change their password every week makes it hard to hack the system, but the drawback is that the employees will never have a chance to learn the new passwords and will instead write them on a PostIt note by the computer. LAPTOP LOSS
In 2006, an accountant at one of the major
Picture: Wikipedia,
accounting firms was doing an audit ofa very large Internet e-commerce site. As in most companies, the accountant used a laptop computer. Unfortunately, the accountant left the computer in his car and it got stolen. The laptop computer contained the personal data
of 243,000 customers, in many cases including their credit card numbers. The accounting firm had to write letters to all customers affected and informing them ofthe theft. Luckily, the thieves were probably only after the computer and were unaware ofthe valuable information they had stolen, No credit card numbers were ever used. However, the PR loss for the accounting firm was gigantic. Similarly, a survey among London’s taxis revealed that each year 55,000 mobile phones, 4,718 PDAs and 3,179 laptop computer are left behind in the taxis by customers. Just imagine the amount of sensitive information
that people just forget! Sensitive information is stored on laptops all
118
© THE
AUTHOR
AND
STUDENTLITTERATUR
9
COMPUTER
CRIME
AND
SECURITY
around the world, but few people take into consideration that their laptops are theft-prone. Only about 2 percent of all stolen laptops are ever recovered.
Unawareness is when an employee is unaware that he is doing something wrong. Perhaps he believes it is ok to let his friend use the office computers or to run file-sharing software on the computer and download copyrighted music. One of the easiest ways of getting access to a system is to use an employee’s good faith. Just call them and say that you are “Peter” from the computer department and need their password to check a problem with the servers. Surprisingly many people will happily tell “Peter” their password. This, and other, attempts to trick people into revealing confidential information is called social engineering. An IT policy should be established containing rules about what the employees are allowed to do and what the company is allowed to do. E.g. is the company allowed to track what homepages the employee visits? The IT policy should be signed by all employees so that everyone is aware of the rules. GETTING VIRUSES
Bnaveby Download Is your PC virus-free? Get it infected here!
Not all people think very much when they surf the Internet. The security specialist Didier Stevens decided to test this and put an drive-by-download.info ; = ad on Google with the text “Is your PC Copyright: virus-free? Get it infected here!”. You would blog.didierstevens.com not expect many people to click that ad, but people obviously do not think. On average, two people per day clicked the ad! Computer security requires everyone in the organisation to think. You can install the world’s best antivirus software, but you must also get the employees to think about computer security. No one should click an ad like that!
Unclear management is the lack of proper planning. An organisation must have a clear and detailed plan for its IT system. It must be clear who is
© THE
AUTHOR
AND
STUDENTLITTERATUR
119
9
COMPUTER
CRIME
AND
SECURITY
responsible and what they must do in emergency situations. For example, a large Swedish Internet provider had a failure of their mail servers, resulting in millions of e-mails being lost. The problem was traced back to the engineer in charge of the servers being on holiday. The server was equipped to send warning text messages to the engineer’s mobile phone if something went wrong. However, the engineer did not bring his work mobile on holiday, and no one thought of having someone else monitor the warnings when he was away. Thus, the server warned about the problem but no one read the messages. A written organisational plan for the IT department should be established detailing all areas of responsibility and stating who is responsible. An emergency plan or Disaster Recovery Plan (DRP) must also exist in case of an emergency. The plan should list all possible emergencies and for each emergency cover the necessary actions before, during and after the emergency. For example, assume that the server hall burns down and all servers are destroyed. The emergency plan should then already before the accident have made sure that all backup systems worked and that there was a plan for how to find a new temporary server hall and new servers. During the emergency, the plan should contain practical details such as Who should talk to the media? Who should contact the employees? How can the fire department get a blueprint of the server hall? etc. After the accident, the plan should show how the backups should be recovered. Which data have top priority to be recovered? Who should be responsible? etc. It is important to have a plan ready for these situations. Once the accident happens, there is no time to sit down and start discussing how the system should be restored. Remember that most businesses today will stand still without a working computer system, so a quick recovery is important.
SELECTING
Illustration:
Corer ane
120
A GOOD PASSWORD
How many passwords do you have? A normal Internet user has dozens of different accounts at different sites, each requiring a user name and a password. It is tempting to select a password that is easy to remember and use the same password for all sites, but this is risky. : An uncomplicated password can easily be guessed by an intruder, for example by simple trial-and-error, i.e.
© THE AUTHOR
AND
STUDENTLITTERATUR
9
COMPUTER
CRIME
AND
SECURITY
trying all words in a dictionary until something is accepted. Having the same login credentials on all sites further increases the risk. If the password is stolen, e.g. if site is hacked, the intruder will automatically get access to all your sites. Several studies have shown that the most common passwords are simple ones such as “password” and “123456”. However, there are a number of tricks to make a password hard to guess.
A good password should: ¢ e e ¢ ¢
Be at least eight characters long Contain both capital and small letters Contain numbers Contain special characters (e.g. $, €, @) Not be a word in any language (including backwards, slang and paraphrases, e.g. UsA) ¢ Not be a logical sequence of character (e.g. 1234, abcd) ¢ Not be associated with you (e.g. nickname, date of birth)
¢ Not be used on several sites A trick to remember a good password and at the same time having a different password on each site is to start with a sentence that only you know, for example “My ticket to London last summer cost 100£”. Taking the first letter in each word gives the good password MttLlsci£é. To make the password different for each site, just add a few letters from the site name. For example, replace the second and third letters with the first and last letters in the site name. The password for Dropbox would thus be MDxLisci£é and the password for Facebook MFkLIsc1é.
Study questions 1 Give examples of three types of crimes that have been facilitated by the introduction of the computer. 2 Howare botnets used to send spam? 3 How does the attitude differ between computer-based crime and crimes in the “real” world? Do you think this difference is justified? 4 Is downloading copyrighted music and movies a victimless crime?
Give reasons for your answer.
© THE
AUTHOR
AND
STUDENTLITTERATUR
2
9
COMPUTER
CRIME
AND
SECURITY
5 How does risk, threat and vulnerability relate to each other in the context of computer security? 6 Threats against computer security can be both internal and external. What are the internal threats? 7 Why are insiders one of the biggest threats to a computer system? 8 Can you have too high computer security? Give reasons for your answer. 9 Explain why computer security is not something that is bought in a box. 10 Give three examples of when you yourself have been careless with your computer security and explain what you could have done differently. 11 Why is it important to have a disaster recovery plan? 12 Do you think people in general are naive and easy victims for social engineering? Give reasons for your answer.
References Richardson, R. (2008). CSI Computer Crime & Security Survey. www.GoCSI.com
2)
© THE AUTHOR
AND
STUDENTLITTERATUR
Computers, ethics and society
CHAPTER 10
Information systems and computers are becoming increasingly present in ali
parts of society. Large parts of our social interaction and communication with authorities and companies take place on the Internet. We are expected to be able to use a computer and have access to the Internet. Even if you are 80 years old,
you are expected to have an e-mail address today. The positive side is that this makes our interaction more flexible and simple. For example, today we can ina few minutes easily collect information over the Internet that just a few decades ago would have taken days to collect ina library.
However, there are also concerns with this heavy reliance on computers and the Internet. Large groups in the society that do not have access to computers and the Internet, e.g. many older people, are left behind as more and more information and services are only available on the Internet. The extensive
use of computers also causes privacy concerns. Every time you use a credit card, buy an airline ticket, get treated at a hospital, log into a computer, visit a homepage or write something on Facebook, some computer system somewhere in some country is going to register that. As you know by now, information systems are very good at combining data from different sources, analyse and draw conclusions from it. Many people are worried today about how they are going to protect their privacy. This privacy concern is something that must be taken seriously. Not only is user acceptance important for the success of a new system, but there is also a real possibility that the invasion
of privacy is going too far.
© THE
AUTHOR
AND
STUDENTLITTERATUR
123
10
COMPUTERS,
ETHICS
AND
SOCIETY
A world built around the computer Computers have become something that all young people in the industrialised world take for granted. Many companies also assume that everyone has computers and Internet access. It is getting more and more common that customer information is only made available online. You see ads and product packaging with text like “visit www.companyname.com for more information”. This is an easy, low-cost and practical way to spread information. However, in reality many groups of people are not part of the famous digital revolution. This inequality between groups to have access to new technology is called the digital divide. These people do not know computers, cannot afford them or are simply not interested in them. Older people that have not grown up with computers often can not access the Internet. Many people in low income groups cannot afford a computer, both in poorer countries and in the industrialised world. To them, computers are a luxury. This digital divide is further strengthened by the fact that it is often are more expensive to live “off-line”. For example, paying bills is often free online, but commands a high service fee in the bank office. Similarly, buying an airline ticket over the phone comes with an extra service fee compared to online booking. From a company perspective, it is important not to assume that everyone
has acomputer. Large customer groups must be offered an alternative means of communication, or they will choose the products and services offered by competing companies.
From society’s perspective, it is important that all groups should be given an equal chance of participating in society. All members of society must be able to access news, debates and information. Governments and authorities, just like companies, must also make sure that all groups in the society can access their information and not just rely on the Internet. This is even more important for authorities than for companies, since citizens do not have any alternative sources of information or any “competitor” to choose. On a global level, a global digital divide is opening up between the richer and the poorer countries. Today, many poor countries cannot afford to give everyone access to the expensive information technology. The citizens themselves cannot afford computers etc. and the government cannot afford to build the IT infrastructure. However, better access to information technology, and in particular the Internet could help developing a country by giving
124
© THE
AUTHOR
AND
STUDENTLITTERATUR
10
COMPUTERS,
ETHICS
AND
SOCIETY
better access to education, information, efficient communication, etc. It could also help support democracy by giving everyone the an opportunity to participate in the political debate and accessing news and information. In the workplace, computers are a normal part of life in any organisation today. As an employee, you are expected to be able to handle e-mail, Internet etc, just as you are expected to read and write. This comes natural to the younger generation that has grown up with computers. However, younger people must realise that when it comes to computer experience in the workplace, they are the exception and not the norm. Today’s students are not unlikely to find a boss on their first job who grew up with punch cards. The majority of people in an organisation today have not grown up with computers, and many people are still a bit scared of computers and are not comfortable doing anything with the computer outside their normal routines. This is particularly important to remember for young people in management positions who have older subordinates. What comes natural to younger people might require training for older people.
Privacy Advanced information systems threatens to violate our privacy, Privacy is our right to keep information about ourselves secret and to decide what information we would like to share and with whom. This includes the wish to be anonymous in certain situations. The level of privacy wanted varies between different individuals and different cultures. Some people are very reluctant to share information, while others have no problem telling the world everything. Modern information systems threaten to take away this right to be anonymous, as they commonly store uniquely identifiable data about individuals. More or less, everything we do today involves computers, which are good at collecting, storing and analysing data. Activities that previously could not be traced can now easily be monitored. For example, watching TV was earlier an anonymous activity where no one could monitor which TV signals your antenna intercepted and what programs you watched. Today, _ many people have digital cable TV (IPTV), where your TV must connect to a server and request each program. This means that the cable TV provider can track your TV viewing every second.
© THE AUTHOR
AND
STUDENTLITTERATUR
125
10
COMPUTERS,
ETHICS
AND
SOCIETY
There is a constant debate in society concerning these privacy issues,
focusing on the core areas of data collection and data confidentiality. Data collection issues concern how much data organisations should be allowed to collect and under what conditions. For example, is the individual’s explicit consent needed to collect the data? For how long can the data be stored? etc. Data confidentiality issues concern what you should be allowed to do with the data. For example, should you be allowed to sell the data to a third party? Use it for marketing? Combine different databases? etc. Most countries have privacy laws regulating these issues and many organisations have their own privacy policies to communicate with their customers how they manage the data of their customers. In the end, there must be a balance between the individual’s need for privacy and the needs of society and organisations. Our right to privacy is not absolute. On one side are individuals that want to keep their privacy. On the other side are companies and governments that see great opportunities for targeted marketing, fighting crime, planning etc. with all this data. In some situations we must give up some of our privacy for the good of society or to receive products or services. For example, we must tell the tax agency how much money we make each year, show our passport when crossing a border and give away our address when we order something home delivered from a company. Most individuals are also positive towards sharing data as long as it is beneficial for them and many voluntarily share data on e.g. social networking sites. For example, many people would like the emergency operator to be able to geographically position an incoming emergency call, but are reluctant to have the same data stored and analysed by the military intelligence. The same issues are relevant in the workplace, where the employer has the possibility to track everything the employees do with the office computers. The importance of the Internet and the associated privacy risks have been highlighted with the increasing use of social media. These are services that base themselves on user-generated content, such as pictures, videos and texts that the users upload, and constitute forums for dialogue and communication between the users. The services include blogs, forums, wikis and networking
sites, such as Facebook, Twitter and YouTube. Social networking sites, e.g. Facebook or LinkedIn, gather millions of members and many companies use social media as a way of interacting with their customers. Several of the most visited sites on the Internet today are social media sites.
126
© THE AUTHOR
AND
STUDENTLITTERATUR
10
COMPUTERS,
ETHICS
AND
SOCIETY
These sites greatly facilitate communication but also raise privacy concerns when large parts of our lives become accessible on the Internet. The social media sites will have access to tremendous amounts of data about their users. This opens up for potentially intrusive data mining, such as mapping
personal preferences, political opinions, hobbies etc. The marketing potential for the network site, e.g. in targeted advertising, selling user information etc, is great but so is the risk of upsetting the users by violating their privacy. Anyone can also find a lot of personal information about an individual with a simple Internet search. Large parts of this data have probably been voluntarily uploaded by the individuals themselves or their friends on social media sites. However, once uploaded on the Internet, the data is not easy to remove. Even if you can delete it from one site, the data might already have been copied and downloaded to other sites. The “funny” party pictures or stories on your blog that you upload as a teenager might not be as funny when your employer or parents-in-law find them ten years later. You should therefore always think twice before uploading something on the Internet. It might stay there forever. A BLOG MIGHT LOSE YOU A JOB
The information that can be found about you on the Internet might turn out to be costly for you. A 24-year-old engineer applied for a job in a different city. The job interview went well and the applicant was the most qualified candidate for the job, but did not get the job. When his application was returned to him, he found that the company had included a printout of his girlfriend’s anonymous blog where she Picture: Wikipedia. wrote that she hoped that he would not get the job, since she did not want to move. On the printout was handwritten “What should we do?” The company declined to comment on how they found the anonymous blog or if it had affected their decision not to employ the engineer. The printout was explained as “internal material” that had been sent back by mistake. Even if you think that you are anonymous on the Internet and that you are not writing anything sensitive, the consequences can be great if the information ends up in the wrong hands.
© THE
AUTHOR
AND
STUDENTLITTERATUR
127
10
COMPUTERS,
ETHICS
AND
SOCIETY
Ethics An information system can potentially have a large effect on the personal lives of individuals. It is therefore important always to consider the ethics of an information system. The ethics is the informal rules about what is right or wrong in our society, and is not necessarily the same as the legal rules. The ethical rules are based on what people feel is right or wrong and not on any formal decision. The ethics can differ between different groups of people, cultures and situations. For example, what is considered a normal and legitimate gift to a business partner in one country might be considered a bribe in another country. In war, soldiers are expected to kill, while in normal society killing is considered wrong. It is therefore not possible to give a simple answer to what is ethically right and wrong. This is something that all decision makers must decide for themselves according to their own values. A simple way of testing if a decision you are about to make is ethical, is to ask yourself if you would like to see it in the headlines of tomorrow’s newspaper. If not, then the decision is probably not ethically right for you. The company and organisation implementing a new system will be held responsible for the ethics of the system. A company must look beyond the
purely legal aspects of what is allowed and also consider the ethical aspects. Media and public opinion will judge the company according to its ethics. There is also a widespread opinion, according to the theory of Corporate Social Responsibility (CSR), that a company has a responsibility towards society that goes much further than just what is required by law. A company is also responsible for conducting its business in a way that honour ethical values and respect people, communities and the natural environment.
The terms morality and ethics are often confused and mixed. A rough definition is that ethics is the theoretical reflection and thoughts about what is right to do and morality is what you do in practice. Thus, a person’s ethics is not always the same as that person’s morality.
ETHICAL GUIDELINES FOR IT
There are four general principles for evaluating the ethical impact of a new IT system: proportionality, informed consent, justice and minimized risk. These principles do not only concern IT but can also be used to evaluate the
128
© THE
AUTHOR
AND
STUDENTLITTERATUR
10
COMPUTERS,
ETHICS
AND
SOCIETY
ethical impact of all activities in a company. The guidelines do not give any definite answers but are rather issues that should be considered and evaluated.
PROPORTIONALITY
The good achieved by the system must outweigh the harm, i.e. the system must do more good than bad. Comparing good and bad is always difficult, but the greater the risks with the systems, the bigger the rewards must be. For example, a nuclear power plant carries a big risk if something goes wrong and the plant has a meltdown. However, the benefit of producing electricity with no CO, emissions is also great. Therefore, many countries have decided to allow nuclear power plants, but many organisations are also against this and believe that the gains do not outweigh the risk.
INFORMED CONSENT
The people affected by the system must be informed of the risks, understand them and accept them. By understanding the risks, people can freely decide if they want to accept them or not. A higher risk can be ethically motivated ifa person freely accepts it. For example, an astronaut knows that he has a very dangerous profession, but he has freely and knowingly chosen it. However, you cannot take a bus driver and suddenly force him to take the same risks as an astronaut, since he has not agreed to it.
JUSTICE
The risks and benefits should be fairly distributed. One group should not have all the benefits and another group all the harm. Very few systems will be completely fair, but the distribution should be as fair as possible and definitely not just benefit one group. For example, a customer database might contain private information about the customers. This data is valuable as a marketing tool and could be sold to other companies. However, the benefits of this lie with the company selling the database as they get the money. The customers have their privacy violated and may receive a
© THE
AUTHOR
AND
STUDENTLITTERATUR
129
10
COMPUTERS,
ETHICS
AND
SOCIETY
lot of telemarketing calls. Some people argue that the customer gets better business offers this way and therefore gains from it, while others just think it’s a violation of privacy. MINIMISED RISK
The system should be designed and implanted so that the risks are minimised. For example, radio waves that might cause cancer should be avoided, even if it has not been definitely proven that they do cause cancer. When an information system is created it also always hasa specific purpose, e.g. as a customer database. However, once the system is created it becomes possible to use it for other purposes. The question then arises whether this should be allowed or not. For example, a DNA database created for research purposes might also be used by the police to track down criminals. The people donating their DNA to the database did it under the condition that it should be used for research. Is it ethically right to let the police use the database to catch a murderer and violate the agreement with the donors? If not, is it ethically right to let a murderer walk free and perhaps kill again? If yes, where do you draw the line? The next time the police may want to track down a burglar or perhaps a graffiti artist. Should you allow access even for small crimes? If you do not honour the agreement with the DNA donors you will never be able to get new donors for the database and then there will be no database to use for anyone. These are no easy questions to answer, but questions like these will arise in most information systems. One way of avoiding them is to design the system in a way so that it cannot be used for any other purposes, i.e. to minimise the risk. Do not collect more data than you need and do not store it for any longer than necessary. It is easy to collect some extra data just to be on the safe side in case it is needed and to store it “just in case”, but also consider the risk that the data might be misused. Your intention in collecting the data might be good, but 10 years later the data might be in the hands of a military dictator somewhere who does not share your ethical beliefs.
Environmental impact An efficient use of IT can help reduce the negative environmental impact of many human activities. Telecommuting can, for example, replace the need for 130
© THE
AUTHOR
AND
STUDENTLITTERATUR
10
COMPUTERS,
ETHICS
AND
SOCIETY
travel, and efficient production planning can reduce the need for transport. However, IT also has negative environmental impacts. The production of computers and equipment consumes resources and uses toxic chemicals. The recycling of old computers is important to make sure that the chemicals do not end up in nature. Fully functioning old computers can be donated to aid organisations that send the computers to poorer parts of the world. A computer does not have to be able to run the latest games or word processors to be useful in schools and libraries in many countries. The energy consumption of all computers is substantial. It is estimated that the world’s computers cause COs emissions almost as large as those of the airline industry. A quarter of these emissions are caused by servers. It is estimated that the world’s 44 million servers are responsible for 0.2 percent of the worlds CO, emissions (80 megatons per year). As acomparison, this is 25 percent more than the total Swedish emissions. A large part of the energy consumption comes from cooling. Servers generate a lot of heat and need to be constantly cooled. If the cooling system in a normal server hall fails, it will only take about 5 minutes for the temperature in the room to reach 40 degrees Celsius. A big worry is the rapid increase in energy use. For example, the server emissions are expected to increase by 400 percent until the year 2020 due to the increasing use of IT. A recent study estimated that the current energy consumption of YouTube alone equals the total energy consumption of the entire Internet two years earlier. Organisations need to be aware of this increasing energy use and work on saving energy, not only for financial reasons, but mostly for ethical and environmental reasons. ENVIRONMENTAL
IMPACT OF E-BOOKS
Books have been published on paper for a very long time. The paper must be produced and transported to the printers, the book printed and transported to the store etc. All this has a negative impact on the environment. Today, books can also be read as e-books on a computer or in a handheld e-book reader. This eliminates the physical transport, but instead the e-book reader must be manufactured and electricity
Picture: Wikipedia. —_yroduced to supply the reader and all servers.
© THE
AUTHOR
AND
STUDENTLITTERATUR
131
10
COMPUTERS,
ETHICS
AND
SOCIETY
An environmental comparison is not as favourable for the e-book as most people might think. A study showed that an e-book reader must be used to read at least 33 books of 360 pages each before it becomes more
favourable for the environment than the traditional paper book. Most people only read a few books per year, so the e-book reader must be used for many years. A comparison was also made betweerl reading a daily newspaper online for 30 minutes and subscribing to the traditional paper newspaper. Interestingly, it was found that to read the paper online emits 15 percent more CO, than reading the traditional paper. This comparison shows that environmental effect of IT is not that easy to estimate. The impact is more than just the power consumption of the
computer in front of you. It is also all environmental effects from the production of the computer and the production and energy consumption of all other hardware involved in getting the information to the computer.
Source evaluation The wealth of information that becomes accessible through the Internet is amazing, and it is possible to find the answer to almost every question. Open dictionaries, such as Wikipedia, make information easy to find and have become the first choice for many people when looking for facts. However, the Internet is an open network and anyone can publish a homepage or edit a text in Wikipedia. Just because something is published on the Internet it is not necessarily true. Basing decisions on false facts will lead to the wrong decisions. This means that source evaluation has become very important. Source evaluation is the ability to analyse information sources and to assess their credibility. Make it a habit always to make a quick source evaluation of all texts you read on the Internet. Source evaluation can be performed by considering four factors.
ORIGINATOR
The originator, or author, of the text is very important. First check if the person or organisation responsible for the text is named and then if the person
132
© THE AUTHOR AND STUDENTLITTERATUR
10
COMPUTERS,
ETHICS
AND
SOCIETY
appears to have knowledge in the field they are writing about. For example, if the author is a well known university professor in the field, then the text is likely to be more trustworthy than if it is written by a high-school student.
AIM OF TEXT
All texts have an aim. They can be written to influence, teach, provoke or perhaps sell a product. The aim of the text will influence how trustworthy it is. For example, a product review is more trustworthy if it is written by an independent journalist than by a company selling the product. The aim of the text is particularly important in politically sensitive subjects, where many people have an interest in promoting their views, e.g. during an election campaign.
TARGET GROUP
A text is also targeted at a specific group of readers. It could be intended for children, employees, voters, customers, technical experts etc, and the author will adapt the text to the intended reader. Therefore, it is important to choose a text adapted to a target group suitable for your purpose. For example, if you want to write a scientific report about the universe, then perhaps a kindergarten home page about the planets is not your best source of facts. A text targeted at children will probably contain simplifications so that the children will understand, but this will not be acceptable in a scientific report.
AGE
Many homepages on the Internet are not updated and the facts can be out of date. Try to determine when the homepage was last updated and if the topics covered risk being outdated. For example, a 10-year-old homepage claiming to discuss current economic affairs is not a reliable source.
© THE AUTHOR
AND STUDENTLITTERATUR
133
10
COMPUTERS,
ETHICS
AND
SOCIETY
WIKIPEDIA FACTS
The on-line encyclopaedia Wikipedia has become one of the world’s most widely used encyclopaedias. It is an open encyclopaedia where almost anyone can add or edit an article. The quality control of the articles basically relies on other users reacting to errors and correcting them. This can be compared to a traditional
Picture: NASA
encyclopaedia where leading experts are
contracted to write the articles. In 2005, a study compared the number of errors in a number of articles in Wikipedia and the famous Encyclopaedia Britannica. The study found that Wikipedia on average had 3.86 mistakes per article while the Britannica had 2.92 mistakes. The study found 8 major errors, of which four came from each encyclopaedia, and concluded that Wikipedia comes close to Encyclopaedia Britannica in terms of accuracy. However, Wikipedia’s quality control does not always work. In 2010 a journalist wrote an imaginary article in Wikipedia about himself. The article started as a short uncontroversial text about himself and was then regularly updated every few weeks with imaginary facts. “Facts” such as being a childhood friend with President Obama and the true brain behind his politics, winning the most famous journalist award a thousand times, and being voted the sexiest man in Sweden every week, was accepted without objection. It was not until the journalist named himself “son of God” and “king of the world” in the article that another user reacted and deleted parts of the text. However, some less obvious errors were still left in the article. It is important not just to trust everything you find on the Internet. It might be true, but it might also be a joke!
Study questions 1 Is it important that everyone has access to the Internet? Give reasons for your answer. 2 Name three privacy concerns you have when using the Internet.
134
© THE AUTHOR AND STUDENTLITTERATUR
10
COMPUTERS,
ETHICS
AND
SOCIETY
3 What problems can occur in the workplace when we mix a young generation that has grown up with computers with an older generation that is not comfortable with computers?
4 Large consumer groups do not have access to the Internet. Assuming that you work for a multinational food company selling their products through supermarkets throughout the world, how does this affect your business and the way you interact with your customers? 5 The largest Swedish rail company SJ, with 100,000 passengers per
day, has decided to stop printing their timetables on paper. From December 2011, the timetables will only be availbile on the Internet and by phone. They claim the reason is that printed timetables are outdated more easily. Discuss SJ’s decsion. Do you think this is a good decision? What will the implications be for different customer groups? 6 Search for your own name on the Internet. How much information about yourself can you find? Do you believe this represents a fair picture of yourself? Did you find anything you did not want the world to know? 7 What is the difference between ethics and morality? 8 Can you always say what is right and wrong? Give reasons for your
answer. 9 Which general ethical guidelines should be used when implementing new technology? Illustrate the guidelines with examples. 10 Many companies equip their employees with smartphones connected to the company’s e-mail system which enables the employees always to have access to their work e-mail. Evaluate the ethical implications of such a system. 11 The introduction of an Enterprise Information System might lead to current employees loseing their jobs. Assume that the introduction
of an EIS will lead to great savings for the company, but that one single mother with two small children will lose her job and have to live homeless on the streets. Is it right to introduce the EIS? 12 What are the main environmental impacts from computers? 13 Can you trust everything on the Internet? 14 How do you evaluate a text found on the Internet?
© THE AUTHOR AND STUDENTLITTERATUR
135
10
COMPUTERS,
ETHICS
AND
SOCIETY
15 Your boss tells you that he has found some interesting facts about your company’s main competitor’s new product on an anonymous Internet homepage and asks you to consider this information in your company’s product development. From an ethical and source evaluation point of view: What do you answer your boss?
References Holm, J. (2007). Flickvannen bloggade - da fick Jonas inte jobbet. Expressen, April 25. McKinsey (2008). Data centers: How to cut carbon emissions and costs McKinsey
on Business Technology, Winter, McKinsey & Company.
Borggren, C. & Moberg, A. (2009). Pappersbok och elektronisk bok pa ldasplatta - en jamforande miljobedémning. KTH Centre for Sustainable Communications, Stockholm. Glies, J. (2005). Internet encyclopaedias go head to head, Nature, Volume 438, Issue 7070, 15 December, p. 900-901.
Svanell, A. (2010), Experiment med fakta. SvD, July 31.
136
© THE
AUTHOR
AND
STUDENTLITTERATUR
INDEX
access, direct 52,55
CD 54
access, sequential 55 accounting and finance 85 address, dynamic 64
central processing unit, CPU
address, static 64 agreed standard AMD
COz2 emissions
44
ARPANET
cloud computing 84 131
competitive strategies 28
45
computer
analog 41 analytical engine 36 antivirus software 116 Apple 47 ASCII
44,46
client/server 42
35
computer crime 111
- attitude 112 - damages
114
- facilitated by computers 111 - targeting computers 112 computer parts 43
61
42
computer security 115
Babbage, Charles 36 best practice 78 bill of materials, BOM binary number 41 bloating 40 botnet 112
conversion
105
— direct 105
80
- parallel 106 - phased 106 - pilot 105 corporate social responsibility, CSR 128
business information system 75
cost/benefit analysis 97
business intelligence, BI 20,72, 86 business process 24,78,90 Business Process Model and Notation,
crime, computer 111 - attitude 112
BPMN 25 business process reengineering, BPR
© THE
CRM
90
AUTHOR
- damages 114 - facilitated by computers 111 customer relationship management,
AND
STUDENTLITTERATUR
19,86
137
INDEX
ethics 128
data 9
database
67
expert system
Database Management Systems, DBMS
71
19, 87
external threats 116 extranet
65
extrinsic motivation
database, relational 69
109
data center 60 data flow diagram, DFD
feasibility study 96
99
field 67
data hierarchy 67 data mining 72 data storage 51 data warehouse
file 67 file format
71
decision making 14 decision support system, DSS 19 Denial of Service, DoS 112 development changes 92 development costs 91 digital 41 digital divide 124 direct access
120
63
54
dynamic address 64 economies of scale 29 emergency plan 120 emergent properties 14 ENIAC 38 Enterprise Application Integration, 83
enterprise information system, EIS 76 - benefits 77 — drawbacks — modules — structure
GIS
20, 87
global digital divide 124 graphical user interface, GUI 46
hardware
53
43
hub 60
63
domain name server, DNS
EAI
geographical information system,
hard disc drive, HDD
105
Disaster Recovery Plan, DRP
DVD
floppy disc 53
52,55
direct conversion
domain
56 firewall 116 five forces 27
77 85 82
human resource management, HRM 19,86 hype curve 30 information
9
- overload 10 - quality 1 information system 9, 13
- justification 20 information technology, IT 14,35 informed consent
129
integrated circuit 39
Intel 44 internal threats 117 Internet
61
enterprise resource planning, ERP 19
internet service provider, ISP 63
environment
Internet structure
138
130
© THE
AUTHOR
63
AND
STUDENTLITTERATUR
INDEX
Internet users 62 intranet
Microsoft Access 71
65
Microsoft Windows
intrinsic motivation
47
mid-range system 42
108
IP address 63
minimised risk 130
IT bubble 31
modem
IT policy 119
Moore’s law 39,76
justice 129
60
motivation, extrinsic
109
motivation, intrinsic
108
networks 59,60 non-volatile memory
52,53
justification, information systems 20 key 69
knowledge 10 open source
48
legacy information systems 76
open source software, OSS
Linux
operating system 46 operational decision making 15
48
local area network, LAN 60 logical system design 102 long term storage 56
operational support system
packet switching 61 parallel conversion 106
mainframe systems 43
Pascal, Blaise 35
47
maintenance
PC 42
107
make-or-buy 101 Management support system
19
Manufacturing Resource Planning, MRPII 81 Material Requirements Planning, MRP
52,53
— random access
52
- read only 52 - volatile 52
Metcalfe’s law 59 MHz
44
microchip 39 microcomputer system 42
AUTHOR
44,52
privacy 125 - data collection 126 ~ data confidentiality 126 - law 126 - policy 126 processing 44 proportionality 129 proprietary software 107 protocol 60 - Internet protocol 45,63
Microsoft 47
© THE
phased conversion 106 phishing 112 physical system design 102 physical threats 117 pilot conversion 105 primary storage
79
memory non-volatile
19
organisational plan 120
magnetic tape 55
Mac OS
48, 107
AND
STUDENTLITTERATUR
139
INDEX
— primary 52 - secondary 53
prototyping 102 punch card 36 racks 60
random access memory, RAM
read only memory, ROM
52
redundancy 70,77 relational database
69
reverse engineering 104 risk 115
risk management 115 60
secondary storage 45, 51,53
security, computer 115 sequential access server
supercomputer
43
supply chain management, SCM switch 60
record 67
router
52
strategic decision making 16 strategic planning system 20 Structured Query Language, SQL 71
55
60
server hall 60 simulation 20,87
system
30, 86
12
system conversion 105 system maintenance 107 systems analysis 98
systems design 101 systems development 89 systems development life cycle, SDLC
96
systems documentation 103 systems implementation 103 systems integration 23 systems investigation 96
social engineering 119 social media 126
Social network 126 society 123 socio-technical system 13 software 43 Software as a Service, SaaS 84 Solid State Drive, SSD 55 source code 107 source evaluation 132 spam 111 standard 45 - agreed 45 - de-facto 45 static address 64 storage 44
- long term 56
140
tactical decision making 16 telecommuting 130 TELOS 96 testing 103 threats 115
- external 116 — internal 117 - physical 117 Torvald, Linus 48 transistor Unix
USB
38,41
48
45
USB-flash drive 54
user acceptance 93 user-generated content 126
© THE
AUTHOR
AND
STUDENTLITTERATUR
INDEX
user interface, graphical 46
volatile memory 52
user involvement
vulnerability 115
93
vacuum tube 38
value chain 23 virus 116
© THE AUTHOR
AND STUDENTLITTERATUR
Wide Area Network, WAN 61 workstation 43 world wide web, WWW 62
141
a
—
’
_—
|
an
st
? ’
or
‘“-
—_
tea
a
=
= a
=
aS
= =
sS
=r ~ =
_—
al
-
—
P -
x
“
>
if
i
_ =
a
7
=
7
i a
7 eae
;
a
a
_
-
— ae
:
es
=