UNIT IV

Internet
"The Internet, sometimes called simply "the Net," is a worldwide system of computer networks -
a network of networks in which users at any one computer can, if they have permission, get
information from any other computer (and sometimes talk directly to users at other computers)."
 Implications of Internet
 To Find Information: We can use the Internet to find information about
almost anything, using Internet search engines such as Google and Yahoo.
However, we must carefully check the source (website) and quality of the
information. An example of good source of general information is wikipedia.org
 File Sharing: A file can be put on a “Shared Location” or onto a File Server
for instant use by colleagues. Mirror servers and peer-to-peer networks can be
used to ease the load of data transfer.
 Communication and Social Networking: Internet chat and instant
messaging systems allow people to stay in touch in a convenient way while
working at their computers. Messages can be sent and received instantly. In
addition, these systems also allow file transfer, as well as voice and video contact.
Social networking websites allow people to stay in touch with friends and family,
and knowing their activities by viewing their profiles. The concept of a social
networking website is to store people’s profiles and connecting them between one
and another. A personal profile can include pictures and videos to be shared
 Remote Access: Computer users can easily connect to other computers and
information stores around the world using the internet. The access can be done
with or without security, authentication and encryption, depending on the needs.
Remote access is encouraging new methods of working from home and
information sharing in many businesses. Using Virtual Private Network (VPN), a
businessman can use a remote desktop session to access his PC in the other side
of the world.
 VoIP: VoIP (Voice over Internet Protocol) started from an optional two-way
voice chat provided by some of the instant messaging systems that started around
the year 2000. The benefit of VoIP is that it can be free or cost much less than a
normal telephone call, because the Internet carries that voice traffic. VoIP is
surely a cheap solution for long distance call

Intranet
"An intranet is a private computer network that uses Internet protocols and network connectivity
to securely share any part of an organization's information or operational systems with its
employees."
 Features Of Intranet
 Sometimes the term refers only to the organization's internal website, but often it
is a more extensive part of the organization's computer infrastructure and private
 websites are an important component and focal point of internal communication
and collaboration.
 An intranet is built from the same concepts and technologies used for the Internet,
such as clients and servers running on the Internet Protocol Suite (TCP/IP). Any
of the well known Internet protocols may be found in an intranet, such as HTTP
(web services), SMTP (e-mail), and FTP (file transfer).
 Intranets differ from extranets in that the former are generally restricted to
employees of the organization while extranets may also be accessed by customers,
suppliers, or other approved parties. Extranets extend a private network onto the
Internet with special provisions for access, authorization and authentication.
 Intranets are being used to deliver tools and applications, e.g., collaboration (to
facilitate working in groups and teleconferencing) or sophisticated corporate
directories, sales and Customer relationship management tools, project
management etc., to advance productivity.
 Intranets are also being used as corporate culture-change platforms. For example,
large numbers of employees discussing key issues in an intranet forum application
could lead to new ideas in management, productivity, quality, and other corporate
issues.
 Implications of Intranet
Following are some general examples of information or processes that might be available on an
intranet to serve various departments.
 Human Resources: From employee training materials to the employee
handbook, an intranet can offer quick easy access to fundamental publications to
all employees. Benefits, 401 k tracking, job applications, and an employee
directory are just a few examples. A company newsletter and employee
newsgroups or chat boards are other opportunities an intranet affords.
 Sales Department: One of the most productive uses of an intranet is
interactive multimedia training. Sales reports, forecasts and goals, marketing
strategies and geographic saturation are all tools the intranet can keep available at
the click of a mouse. Profiles of potential new markets or clients, and information
on potential competing markets can also be helpful to sales staff in designing
better sales models.
 Accounting Department: Requisition requests on an intranet will save time,
resources and money. Pages within an intranet can be password protected to limit
employee access, or administratively controlled. Payroll, receivables/payables,
and budget reports are all processes that can reside on the intranet.
 Information Systems: Data warehousing access, departmental software
development applications, and network support can be invaluable uses of an
intranet. Intranet support itself with FAQs and interactive tutorials for virtually
any purpose or department, allow employees to teach themselves, minimizing
training investment. Security information and technical resources are also
common uses of an intranet.
 Executive Branch: Bottom line information like quarterly profit/loss reports,
stock market analysis, tax and legal information, and merger or partnership
information can all be neatly provided on an intranet. Meeting minutes,
appointment calendars and key profiles (employees, companies or clients) can
also reside here.
 Extranet
"An extranet is a private network that uses Internet protocols, network connectivity, and possibly
the public telecommunication system to securely share part of an organization's information or
operations with suppliers, vendors, partners, customers or other businesses." It has also been
described as a "state of mind" in which the Internet is perceived as a way to do business with a
pre approved set of other companies' business-to-business (B2B), in isolation from all other
Internet users. In contrast, business-to-consumer (B2C) involves known server(s) of one or more
companies, communicating with previously unknown consumer users.
 Features of Extranet
 It has also been described as a "state of mind" in which the Internet is perceived
as a way to do business with a pre approved set of other companies' business-to-
business (B2B), in isolation from all other Internet users. In contrast, business-to-
consumer (B2C) involves known server(s) of one or more companies,
communicating with previously unknown consumer users
 An extranet can be understood as an intranet mapped onto the public Internet or
some other transmission system not accessible to the general public, but is
managed by more than one company's administrator(s). For example, military
networks of different security levels may map onto a common military radio
transmission system that never connects to the Internet.
 Implications of Extranet
During the late 1990s and early 2000s, several industries started to use the term "extranet" to
describe central repositories of shared data made accessible via the web only to authorized
members of particular work groups.
For example, in the construction industry, project teams could login to and access a 'project
extranet' to share drawings and documents make comments, issue requests for information, etc.
In 2003 in the United Kingdom, several of the leading vendors formed the Network of
Construction Collaboration Technology Providers, or NCCTP, to promote the technologies and
to establish data exchange standards between the different systems. The same type of
construction-focused technologies has also been developed in the United States, Australia,
Scandinavia, Germany and Belgium, among others. Some applications are offered on Software
as a Service (SaaS) basis by vendors functioning as Application service providers (ASPs).
Specially secured extranets are used to provide virtual data room services to companies in
several sectors (including law and accountancy). There are a variety of commercial extranet
applications, some of which are for pure file management, and others which include broader
collaboration and project management tools also there are exist a variety of Open Source extranet
applications and modules, which can be integrated into other online collaborative applications
such as Content Management Systems.

Business Support Systems

Decision Support in Business
BUSINESS AND DECISION SUPPORT
To succeed in e-business and e-commerce, companies need information systems that can support the diverse
information and decision-making needs of their managers and business professionals. This chapter focuses on the
major types of management information systems, decision support, and executive information systems. The chapter
concentrates on how the Internet, intranets, and other web-enabled information technologies have significantly
strengthened the role of information systems play in supporting the decision-making activities of every manager and
knowledge worker in the internetworked e-business enterprise.

Analyzing Siemens AG
We can learn a lot from this case about how Internet and intranet technologies are changing the face traditional
information systems for managerial information and decision support. Take a few minutes to read the case, and we
will discuss it (See Siemens AG in section IX).

Information, Decisions, and Management: [Figure 8.2]

The type of information required by decision-makers in a company is directly related to the level of management
decision-making and the amount of structure in the decision situations they face. The framework of the classic
managerial pyramid applies even in today’s downsized organizations and flattened or non-hierarchical
organizational structures. Levels of management decision making still exist, but their size, shape, and participants
continue to change as today’s fluid organizational structures evolve. Thus, the levels of managerial decision-making
that must be supported by information technology in a successful organization are:
 Strategic Management: - Typically, a board of directors and an executive committee of the CEO and top
executives develop overall organizational goals, strategies, policies, and objectives as part of a strategic
planning process.

They monitor the strategic performance of the organization and its overall direction in the political, economic,
and competitive business environment.

Unstructured Decisions - Involve decision situations where it is not possible to specify in advance most of the
decision procedures to follow.

Strategic Decision Makers - Require more summarized, ad hoc, unscheduled reports, forecasts, and external
intelligence to support their more unstructured planning and policy-making responsibilities.

 Tactical Management - Increasingly self-directed teams as well as middle managers develop short- and
medium-range plans, schedules, and budgets and specify the policies, procedures, and business objectives for
their subunits of the organization.
 They also allocate resources and monitor the performance of their organizational subunits, including
departments, divisions, process teams, and other workgroups.

Semistructured Decisions - Some decision procedures can be prespecified, but not enough to lead to a definite
recommended decision.

Tactical Decision-Makers - Require information from both the operational level and the strategic level to
support their semistructured decision making responsibilities.

 Operational Management - The members of self-directed teams or supervisory managers develop short-range
plans such as weekly production schedules.

They direct the use of resources and the performance of tasks according to procedures and within budgets and
schedules they establish for the teams and other workgroups of the organization.

Structured Decisions - Involve situations where the procedures to follow when a decision is needed can be
specified in advance.

Operational Decision Makers - Require more prespecified internal reports emphasizing detailed current and
historical data comparisons that support their more structured responsibilities in day-to-day operations.

Information Quality: [Figure 8.3]

What characteristics would make information valuable and useful to you?
 Examine the characteristics or attributes of information quality. Information that is outdated, inaccurate, or
hard to understand would not be very meaningful, useful, or valuable to you or other end users.
 People want information of high quality, that is, information products whose characteristics, attributes, or
qualities help make it valuable to them.
 Three dimensions of information are time, content, and form.

Decision Structure:
Providing information and support for all levels of management decision-making is no easy task. Therefore,
information systems must be designed to produce a variety of information products to meet the changing needs of
decision-makers throughout an organization.

DECISION SUPPORT TRENDS

Information systems are increasingly being used to support business decision-making. A number of trends have
occurred in this area:
 e-commerce is expanding the information and decision support uses and expectations of a company’s
employees, managers, customers, suppliers, and other business partners.
 Fast pace of new information technologies like PC hardware and software suites, client/server networks, and
 networked PC versions of DSS/EIS software, made EIS/DSS access available to lower levels of management,
as well as to nonmanagerial individuals and self-directed teams of business professionals.
 The Internet and the World Wide Web have also contributed greatly to the concept of e-commerce.
 Dramatic growth of intranets and extranets that internetwork e-business enterprises and their stakeholders.
 e-business decision support applications are being customized, personalized, and web-enabled for use in e-
business and e-commerce.

MANAGEMENT INFORMATION SYSTEMS

Management information systems were the original type of information systems developed to support managerial
decision-making. A management information system produces information products that support many of the day-
to-day decision-making needs of managers and business professionals. Reports, displays, and responses produced by
information systems provide information that managers have specified in advance as adequately meeting their
information needs. Such predefined information products satisfy the information needs of managers at the
operational and tactical levels of the organization who are faced with more structured types of decision situations.

Management Reporting Alternatives:

MIS provide a variety of information products to managers. Three major reporting alternatives are provided by such
systems as:
 Periodic scheduled reports -
- Traditional form of providing information to managers. Uses a prespecified format designed to provide
managers with information on a regular basis.

 Exception Reports
- Reports that are produced only when exceptional conditions occur.

 Demand Reports and Responses

- Information is provided whenever a manager demands it.

 Push Reporting
- Information is pushed to a manager’s networked workstation.

ONLINE ANALYTICAL PROCESSING: [Figure 8.8]

Online analytical processing is a capability of management, decision support, and executive information systems
that enables managers and analysts to interactively examine and manipulate large amounts of detailed and
consolidated data from many perspectives (analytical databases, data marts, data warehouses, data mining
techniques, and multidimensional database structures, specialized servers and web-enabled software products).
Online analytical processing involves several basic analytical operations:
 Consolidation - Involves the aggregation of data. This can involve simple roll-ups or complex groupings
involving interrelated data.
 Drill-Down - OLAP can go in the reverse direction and automatically display detailed data that comprises
consolidated data.
 Slicing and Dicing - Refers to the ability to look at the database from different viewpoints. Slicing and dicing
is often performed along a time axis in order to analyze trends and find patterns.

OLAP applications:
 Access very large amounts of data to discover patterns, trends, and exception conditions
 Analyze the techniques between many types of business elements.
 Involve aggregated data.
 Compare aggregated data over hierarchical time periods.
 Present data in different perspectives.
 Involve complex calculations between data elements.
 Are able to respond quickly to user requests so that managers or analysts can pursue an analytical or decision
thought process without being hindered by the system.

DECISION SUPPORT SYSTEMS

Decision support systems are computer-based information systems that provide interactive information support to
managers and business professionals during the decision-making process. Decision support systems use:
 Analytical models
 Specialized databases
 Decision maker’s own insights and judgments
 Interactive, computer-based modeling process to support the making of semistructured and unstructured
business decisions

DSS Models and Software:

Decision support systems rely on model bases as well as databases as vital system resources. A DSS model base is
a software component that consists of models used in computational and analytical routines that mathematically
express relationships among variables. Examples include:
 Spreadsheet models
 Linear programming models
 Multiple regression forecasting models
 Capital budgeting present value models

Geographic Information and Data Visualization Systems

Geographic information systems (GIS) and data visualization systems (DVS) are special categories of DSS that
integrate computer graphics with other DSS features.
 Geographic Information System – is a DSS that uses geographic databases to construct and display maps and
other graphics displays that support decisions affecting the geographic distribution of people and other
resources.
 Data Visualization Systems – DVS systems represent complex data using interactive three-dimensional
graphical forms such as charts, graphs, and maps. DVS tools help users to interactively sort, subdivide,
combine, and organize data while it is in its graphical form.

USING DECISION SUPPORT SYSTEMS: [Figure 8.14]

Using a decision support system involves an interactive analytical modelling process. Typically, a manager uses a
DSS software package at his workstation to make inquiries, responses and to issue commands. This differs from the
demand responses of information reporting systems, since managers are not demanding prespecified information.
Rather, they are exploring possible alternatives. They do not have to specify their information needs in advance.
Instead they use the DSS to find the information they need to help them make a decision.

Using a DSS involves four basic types of analytical modelling activities:

 What-If Analysis: - In what-if analysis, an end user makes changes to variables, or relationships among
variables, and observes the resulting changes in the values of other variables.
 Sensitivity Analysis: - Is a special case of what-if analysis. Typically, the value of only one variable is changed
repeatedly, and the resulting changes on other variables are observed. So sensitivity analysis is really a case of
what-if analysis involving repeated changes to only one variable at a time. Typically, sensitivity analysis is
used when decision-makers are uncertain about the assumptions made in estimating the value of certain key
variables.
 Goal-Seeking Analysis: - Reverses the direction of the analysis done in what-if and sensitivity analysis. Instead
of observing how changes in a variable affect other variables, goal-seeking analysis sets a target value for a
variable and then repeatedly changes other variables until the target value is achieved.
 Optimization Analysis: - Is a more complex extension of goal-seeking analysis. Instead of setting a specific
target value for a variable, the goal is to find the optimum value for one or more target variables, given certain
constraints. Then one or more other variables are changed repeatedly, subject to the specified constraints, until
the best values for the target variables are discovered.

Data Mining for Decision Support:

The main purpose of data mining is knowledge discovery, which will lead to decision support. Characteristics of
data mining include:
 Data mining software analyzes the vast stores of historical business data that have been prepared for analysis in
corporate data warehouses.
 Data mining attempts to discover patterns, trends, and correlations hidden in the data that can give a company a
strategic business advantage.
 Data mining software may perform regression, decision-tree, neural network, cluster detection, or market basket
analysis for a business.
 Data mining can highlight buying patterns, reveal customer tendencies, cut redundant costs, or uncover unseen
profitable relationships and opportunities.

EXECUTIVE INFORMATION SYSTEMS

Executive information systems (EIS) are information systems that combine many of the features of management
information systems and decision support systems. EIS focus on meeting the strategic information needs of top
management. The goal of EIS is to provide top executives with immediate and easy access to information about a
firm's critical success factors (CSFs), that is, key factors that are critical to accomplishing the organization’s
strategic objectives.

Features of an EIS:
 More features such as web browsing, electronic mail, groupware tools, and DSS and expert system capabilities
are being added.
 Information is presented in forms tailored to the preferences of the executives using the system. Heavy use of
graphical user interface and graphics displays.
 Information presentation methods used by an EIS include exception reporting and trend analysis. The ability to
drill down allows executives to quickly retrieve displays of related information at lower levels of detail.
 Internet and intranet technologies have added capabilities to EIS systems.
 EIS’s have spread into the ranks of middle management and business professionals as they have recognized
their feasibility and benefits, and as less-expensive systems for client/server and corporate intranets become
available.

ENTERPRISE INFORMATION PORTALS AND DECISION SUPPORT

Major changes and expansion are taking place in traditional MIS, DSS, and EIS tools for providing the information
and modeling that managers need to support their decision making. Some of these changes include:
 Decision support in business is changing, driven by rapid developments in end user computing and networking;
Internet, web browser, and related technologies, and the explosion of e-commerce activity.
 Growth of corporate intranets, extranets, as well as the Web, has accelerated the development and use of
“executive class” information delivery and decision support software tools by lower levels of management and
by individuals and teams of business professionals.
 Dramatic expansion of e-commerce has opened the door to the use of such e-business DSS tools by the
suppliers, customers, and other business stakeholders of a company for customer relationship management,
supply chain management, and other e-business applications.

Enterprise Information Portals:

 Enterprise information portals are being developed by companies as a way to provide web-enabled
information, knowledge, and decision support to executives, managers, employees, suppliers, customers, and
other business partners.
 Enterprise information portals are described as a customized and personalized web-based interface for
corporate intranets that give users easy access to a variety of internal and external business applications,
databases, and services.
 Enterprise information portal is the entry to corporate intranets that serve as the primary knowledge
management systems for many companies. They are often called enterprise knowledge portals by some
vendors. Knowledge management systems are defined as the use of information technology to help gather,
organize, and share business knowledge within an organization.
 Enterprise information portals can play a major role in helping a company use its intranets as knowledge
management systems to share and disseminate knowledge in support of its business decision-making.

KNOWLEDGE MANAGEMENT SYSTEMS [Figure 8.20]

Knowledge management has become one of the major strategic uses of information technology. Many companies
are building knowledge management systems (KMS) to manage organizational learning and business know-how.
The goal of KMS is to help knowledge workers create, organize, and make available important business knowledge,
wherever and whenever it’s needed in an organization. This includes processes, procedures, patterns, reference
works, formulas, “best practices,” forecasts, and fixes. Internet and Intranet web sites, groupware, data mining,
knowledge bases, discussion forums, and videoconferencing are some of the key information technologies for
gathering, storing, and distributing this knowledge.

Characteristics of KMS:
 KMS are information systems that facilitate organizational learning and knowledge creation.
 KMS use a variety of information technologies to collect and edit information, assess its value, disseminate it
within the organization, and apply it as knowledge to the processes of a business.
 KMS are sometimes called adaptive learning systems. That’s because they create cycles of organizational
learning called learning loops, where the creation, dissemination, and application of knowledge produces an
adaptive learning process within a company.
 KMS can provide rapid feedback to knowledge workers, encourage behavior changes by employees, and
significantly improve business performance.
 As an organizational learning process continues and its knowledge base expands, the knowledge-creating
company integrates its knowledge into its business processes, products, and services. This makes it a highly
innovative and agile provider of high quality products and customer services and a formidable competitor in the
marketplace.

Section II: Artificial Intelligence Technologies in Business

BUSINESS AND AI
Business and other organizations are significantly increasing their attempts to assist the human intelligence and
productivity of their knowledge workers with artificial intelligence tools and techniques. AI includes natural
languages, industrial robots, expert systems, and intelligent agents.

Analyzing BAE Systems

We can learn a lot about the business value of using the Internet and artificial intelligence technologies from this
case. Take a few minutes to read it, and we will discuss it (BAE Systems in Section IX).

AN OVERVIEW OF ARTIFICIAL INTELLIGENCE

Artificial intelligence (AI) is a science and technology based on disciplines such as computer science, biology,
psychology, linguistics, mathematics, and engineering. The goal of AI is to develop computers that can think, as
well as see, hear, walk, talk, and feel. A major thrust of AI is the development of computer functions normally
associated with human intelligence, such as reasoning, learning, and problem solving.

The Domains of Artificial Intelligence: [Figure 8.23]

AI applications can be grouped into three major areas:

 Cognitive Science - This area of artificial intelligence is based on research in biology, neurology, psychology,
mathematics, and many allied disciplines. It focuses on researching how the human brain works and how
humans think and learn. The results of such research in human information processing are the basis for the
development of a variety of computer-based applications in artificial intelligence.

Applications in the cognitive science area of AI include:

Expert Systems - A computer-based information system that uses its knowledge about a specific complex
application area to act as an expert consultant to users. The system consists of knowledge base and software
modules that perform inferences on the knowledge, and communicate answers to a user’s questions.

Knowledge-Based Systems - An information system, which adds a knowledge base and some, reasoning
capability to the database and other components, found in other types of computer-based information systems.

Adaptive Learning Systems - An information system that can modify its behavior based on information
acquired as it operates.
 Fuzzy Logic Systems - Computer-based systems that can process data that are incomplete or only partially
correct. Such systems can solve unstructured problems with incomplete knowledge by developing approximate
inferences and answers.

Neural Network - software can learn by processing sample problems and their solutions. As neural nets start to
recognize patterns, they can begin to program themselves to solve such problems on their own.

Genetic Algorithm - software uses Darwinian (survival of the fittest), randomizing, and other mathematical
functions to simulate evolutionary processes that can generate increasingly better solutions to problems.

Intelligent Agents - Use expert system and other AI technologies to serve as software surrogates for a variety of
end user applications.

 Robotics: - AI, engineering, and physiology are the basic disciplines of robotics. This technology produces
robot machines with computer intelligence and computer-controlled, humanlike physical capabilities.

Robotics applications include:

1. Visual perception (sight)
2. Tactility (touch)
3. Dexterity (skill in handling and manipulation)
4. Locomotion (ability to move over any terrain)
5. Navigation (properly find one’s way to a destination)

 Natural Interface: - The development of natural interfaces is considered a major area of AI applications and is
essential to the natural use of computers by humans. For example, the developments of natural languages and
speech recognition are major thrusts of this area. Being able to talk to computers and robots in conversational
human languages and have them “understand” us is the goal of AI researchers. This application area involves
research and development in linguistics, psychology, computer science, and other disciplines. Efforts in this
area include:

Natural Language - A programming language that is very close to human language. Also, called very high-
level language.

Multisensory Interfaces - The ability of computer systems to recognize a variety of human body movement,
which allows them to operate.

Speech Recognition - The ability of a computer system to recognize speech patterns, and to operate using these
patterns.

Virtual Reality - The use of multisensory human/computer interfaces that enables human users to experience
computer-simulated objects, entities, spaces, and “worlds” as if they actually existed.

NEURAL NETWORKS

Neural networks are computing systems modelled on the human brain's mesh-like network of interconnected
processing elements, called neurons. Of course, neural networks are much simpler than the human brain (estimated
to have more than 100 billion neuron brain cells). Like the brain, however, such networks can process many pieces
of information simultaneously and can learn to recognize patterns and program themselves to solve related problems
on their own.

Neural networks can be implemented on microcomputers and other computer systems via software packages, which
simulate the activities of a neural network of many processing elements. Specialized neural network coprocessor
circuit boards are also available. Special-purpose neural net microprocessor chips are used in some application
areas.

Uses include:
 Military weapons systems
 Voice recognition
 Check signature verification
 Manufacturing quality control
 Image processing
 Credit risk assessment
 Investment forecasting
 Data mining

FUZZY LOGIC SYSTEMS

Fuzzy Logic is a method of reasoning that resembles human reasoning since it allows for approximate values and
inferences (fuzzy logic) and incomplete or ambiguous data (fuzzy data) instead of relying only on crisp data, such as
binary (yes/no) choices.

Fuzzy Logic in Business:

Examples of applications of fuzzy logic are numerous in Japan, but rate in the United States. The United States has
tended to prefer using AI solutions like expert systems or neural networks. Japan has implemented many fuzzy
logic applications, especially the use of special-purpose fuzzy logic microprocessors chips, called fuzzy process
controllers. Examples of fuzzy logic applications in Japan include:
 Riding in subway trains and elevators
 Riding in cars that are guided or supported by fuzzy process controllers
 Trading shares on the Tokyo Stock Exchange using a stock-trading program based on fuzzy logic
 Japanese-made products t that use fuzzy logic microprocessors include auto-focus cameras, auto-stabilizing,
camcorders, energy-efficient air conditioners, self-adjusting washing machines, and automatic transmissions.

GENETIC ALGORITHMS

The use of genetic algorithms is a growing application of artificial intelligence. Genetic algorithm software uses
Darwinian (survival of the fittest); randomizing, and other mathematical functions to simulate an evolutionary
process that can yield increasingly better solutions to a problem. Genetic algorithms were first used to simulate
millions of years in biological, geological, and ecosystem evolution in just a few minutes on a computer. Now
genetic algorithm software is being used to model a variety of scientific, technical, and business processes.

Genetic algorithms are especially useful for situations in which thousands of solutions are possible and must be
evaluated to produce an optimal solution. Genetic algorithm software uses sets of mathematical process rules
(algorithms) that specify how combinations of process components or steps are to be formed. This may involve:
 Trying random process combinations (mutation)
 Combining parts of several good processes (crossover)
 Selecting good sets of processes and discarding poor ones (selection)

VIRTUAL REALITY (VR)

Virtual reality (VR) is computer-simulated reality. VR is the use of multisensory human/computer interfaces that
enable human users to experience computer-simulated objects, entities, spaces, and "worlds" as if they actually
existed (also called cyberspace and artificial reality).

VR Applications:
 Computer-aided design (CAD)
 Medical diagnostics and treatment
 Scientific experimentation in many physical and biological sciences
 Flight simulation for training pilots and astronauts
 Product demonstrations
 Employee training
 Entertainment (3-D video games)
VR Limitations:
The use of virtual reality seems limited only by the performance and cost of its technology. For example, some VR
users develop:
 Cybersickness - eye strain, motion sickness, performance problems
 Cost of VR is quite expensive

INTELLIGENT AGENTS [Figure 8.29]

An intelligent agent (also called intelligent assistants/wizards) is a software surrogate for an end user or a process
that fulfils a stated need or activity. An intelligent agent uses a built-in and learned knowledge base about a person
or process to make decisions and accomplish tasks in a way that fulfils the intentions of a user. One of the most well
known uses of intelligent agents is the wizards found in Microsoft Office and other software suites.
The use of intelligent agents is expected to grow rapidly as a way for users to:
 Simplify software use.
 Search websites on the Internet and corporate intranets
 Help customers do comparison-shopping among the many e-commerce sites on the Web.

EXPERT SYSTEMS

One of the most practical and widely implemented applications of artificial intelligence in business is the
development of expert systems and other knowledge-based information systems.
 Knowledge-based information system - adds a knowledge base to the major components found in other types of
computer-based information systems.
 Expert System - A computer-based information system that uses its knowledge about a specific complex
application area to act as an expert consultant to users. ES provide answers to questions in a very specific
problem area by making humanlike inferences about knowledge contained in a specialized knowledge base.
They must also be able to explain their reasoning process and conclusions to a user.

Components of Expert Systems: [Figure 8.31]

The components of an expert system include a knowledge base and software modules that perform inferences on the
knowledge and communicate answers to a user’s question. The interrelated components of an expert system
include:
 Knowledge base: - the knowledge base of an ES contains:
1. Facts about a specific subject area
2. Heuristics (rule of thumb) that express the reasoning procedures of an expert on the subject.

 Software resources: - An ES software package contains:

1. Inference engine that processes the knowledge related to a specific problem.
2. User interface program that communicates with end users.
3. Explanation program to explain the reasoning process to the user.
4. Software tools for developing expert systems include knowledge acquisition programs and expert system
shells.

 Hardware resources: - These include:

1. Stand alone microcomputer systems
2. Microcomputer workstations and terminals connected to minicomputers or mainframes in a
telecommunications network.
3. Special-purpose computers.

 People resources: - People resources include:

1. Knowledge engineers
2. End-users

Expert System Applications: [Figure 8.34]

Using an expert system involves an interactive computer-based session, in which:
 The solution to a problem is explored with the expert system acting as a consultant.
 Expert system asks questions of the user, searches its knowledge base for facts and rules or other knowledge.
 Explains its reasoning process when asked.
 Gives expert advice to the user in the subject area being explored. Examples include: credit management,
customer service, and productivity management.

Expert systems typically accomplish one or more generic uses. Six activities include:
 Decision Management
 Diagnostic/troubleshooting
 Maintenance Scheduling
 Design/configuration
 Selection/classification
 Process monitoring/control

DEVELOPING EXPERT SYSTEMS

The easiest way to develop an expert system is to use an expert system shell as a developmental tool. An expert
system shell is a software package consisting of an expert system without a kernel, that is, its knowledge base. This
leaves a shell of software (the inference engine and user interface programs) with generic inferencing and user
interface capabilities. Other development tools (such as rule editors and user interface generators) are added in
making the shell a powerful expert system development tool.

Knowledge Engineering
A knowledge engineer is a professional who works with experts to capture the knowledge (facts and rules of thumb)
they possess. The knowledge engineer then builds the knowledge base using an interactive, prototyping process
until the expert system is acceptable. Thus, knowledge engineers perform a role similar to that of systems analysts
in conventional information systems development. Obviously, knowledge engineers must be able to understand and
work with experts in many subject areas. Therefore, this information systems speciality requires good people skills,
as well as a background in artificial intelligence and information systems.

THE VALUE OF EXPERT SYSTEMS

Expert systems are not the answer to every problem facing an organization. The question becomes “what types of
problems are most suitable to expert system solutions?” Ways to answer this question include:
 Look at examples of the applications of current expert systems, including the generic tasks they accomplish.
 Identify criteria that make a problem situation suitable for an expert system. Some of these important criteria
include: Domain, expertise, complexity, structure, and availability.

Domain: The domain, or subject area, of the problem is relatively small and limited to a well-defined
problem area.
Expertise: Solutions to the problem require the efforts of an expert. That is, a body of knowledge,
techniques, and intuition is needed that only a few people possess.
Complexity: Solution of the problem is a complex task that requires logical inference processing, which would
not be handled as well by conventional information processing.
Structure: The solution process must be able to cope with ill-structured, uncertain, missing, and conflicting
data, and a problem situation that changes with the passage of time.
Availability: An expert exists who is articulate and cooperative, and who has the support of the management
and end users involved in the development of the proposed system.

Benefits of Expert Systems:

Before deciding to acquire or develop an expert system, it is important that managerial end users evaluate its
benefits and limitations. In particular, they must decide whether the benefits of a proposed expert system will
exceed its costs.
 Captures the expertise of expert or group of experts in a computer-based information system.
 May outperform a single human expert in many problem situations.
 Faster and more consistent than a human expert.
 Can have the knowledge of several experts.
 Does not get tired or distracted by too much work or stress.
 Available at all times, whereas a human expert may be away, sick, or may have left the company.
 Helps preserve and reproduce the knowledge of experts
 Can be used to train the novice.
 Effective use of expert systems can allow a firm to have a competitive advantage by:
a. Improving the efficiency of its operations.
 b. Producing new products and services.
c. Locking in customers and suppliers with new business relationships.
d. Building knowledge-based strategic information resources.

Limitations of Expert Systems:

 Limited focus (specific problems and specific domains).
 Inability to learn.
 Difficulties in maintaining expert systems.
 Cost involved in developing them.
 Excel only in solving specific types of problems in a limited domain of knowledge.

GROUPWARE
•Groupware is technology designed to facilitate the work of groups.
•This technology may be used to communicate, cooperate, coordinate, solve problems, compete, or negotiate.
•While traditional technologies like the telephone qualify as groupware, the term is ordinarily used to refer to a
specific class of technologies relying on modern computer networks, such as email, newsgroups, videophones,
or chat.

Groupware technologies are typically categorized along two primary dimensions:

•Whether users of the groupware are working together at the same time ("real-time" or "synchronous"
groupware) or different times ("asynchronous" groupware), and
•Whether users are working together in the same place ("collocated" or "face-to-face") or in different places
("non-collocated" or "distance").

SAME TIME DIFFERENT TIME

“Synchronous” ASYNCHRONOUS

Voting, presentation support Shared computers

Videophones, chat Email, workflow

Groupware and levels of collaboration

Groupware can be divided into three categories depending on the level of collaboration.
•Communication can be thought of as unstructured interchange of information. A phone call or an IM Chat
discussion is examples of this.
•Conferencing (or collaboration level, as it is called in the academic papers that discuss these levels) refers to
interactive work toward a shared goal. Brainstorming or voting are examples of this.

•Co-ordination refers to complex interdependent work toward a shared goal. A good metaphor for
understanding this is to think about a sports team; everyone has to contribute the right play at the right time as
well as adjust their play to the unfolding situation - but everyone is doing something different - in order for the
team to win. That is complex interdependent work toward a shared goal: collaborative management.

Collaborative management Tools

167
•Internet forums (also known as message boards or discussion boards) — a virtual discussion platform to
facilitate and manage online text messages
•Online chat — a virtual discussion platform to facilitate and manage real-time text messages
•Instant Messaging
•Telephony — telephones allow users to interact
•Videoconferencing — networked PCs share video and audio signals
•Data conferencing — networked PCs share a common whiteboard that each user can modify
•electronic calendars — schedule events and automatically notify and remind group members
•project management systems — schedule, track, and chart the steps in a project as it is being completed
•workflow systems — collaborative management of tasks and documents within a knowledge-based business
process
•knowledge management systems — collect, organize, manage, and share various forms of information
•prediction markets — let a group of people predict together the outcome of future events
•extranet systems (sometimes also known as 'project extranets') — collect, organize, manage and share
information associated with the delivery of a project (e.g.: the construction of a building)

ADVANTAGES OF GROUPWARE
•Groupware offers significant advantages over single-user systems. These are some of the most common
reasons people want to use groupware:
•to facilitate communication: make it faster, clearer, more persuasive
•to enable communication where it wouldn't otherwise be possible
•to enable telecommuting
•to cut down on travel costs

GROUPWARE: APPLICATIONS
1) Asynchronous Groupware Applications
•Email: basic email systems today typically include interesting features for forwarding messages, filing
messages, creating mailing groups, and attaching files with a message.
•Workflow system allows documents to be routed through organizations through a relatively-fixed process.
•Group calendars allow scheduling, project management, and coordination among many people, and may
provide support for scheduling equipment as well.

2) Synchronous or Real-time Groupware Applications

•Shared whiteboards allow two or more people to view and draw on a shared drawing surface even from
different locations. This can be used, for instance, during a phone call, where each person can jot down notes or
to work collaboratively on a visual problem.
• Chat systems permit many people to write messages in real-time in a public space. As each person submits a
message, it appears at the bottom of a scrolling screen.

168
 Decision support system
A decision support system (DSS) is a computer-based information system that supports business or
organizational decision-making activities. DSSs serve the management, operations, and planning levels of an
organization and help to make decisions, which may be rapidly changing and not easily specified in advance.

DSS is an interactive software-based system intended to help decision makers compile useful information from
raw data, documents, personal knowledge, and/or business models to identify and solve problems and make
decisions.

DSSs include knowledge-based systems. A properly designed DSS is an interactive software-based system
intended to help decision makers compile useful information from a combination of raw data, documents,
personal knowledge, or business models to identify and solve problems and make decisions.

Typical information that a decision support application might gather and present are:

 inventories of information assets (including legacy and relational data sources, cubes, data warehouses,
and data marts),
 comparative sales figures between one period and the next,
 Projected revenue figures based on product sales assumptions.

Development Frameworks

DSS systems are not entirely different from other systems and require a structured approach. Such a framework
includes people, technology, and the development approach.

DSS technology levels (of hardware and software) may include:

169
 1. The actual application that will be used by the user. This is the part of the application that allows the
decision maker to make decisions in a particular problem area. The user can act upon that particular
problem.
2. Generator contains Hardware/software environment that allows people to easily develop specific DSS
applications. This level makes use of case tools or systems such as Crystal, AIMMS, and think.
3. Tools include lower level hardware/software. DSS generators including special languages, function
libraries and linking modules

An iterative developmental approach allows for the DSS to be changed and redesigned at various intervals.
Once the system is designed, it will need to be tested and revised for the desired outcome

Classification

There are several ways to classify DSS applications. Not every DSS fits neatly into one category, but may be a
mix of two or more architectures.

Holsapple and Whinston classify DSS into the following six frameworks: Text-oriented DSS, Database-
oriented DSS, Spreadsheet-oriented DSS, Solver-oriented DSS, Rule-oriented DSS, and Compound DSS.

A compound DSS is the most popular classification for a DSS. It is a hybrid system that includes two or more
of the five basic structures described by Holsapple and Whinston.

The support given by DSS can be separated into three distinct, interrelated categories: Personal Support, Group
Support, and Organizational Support.

DSS components may be classified as:

1. Inputs: Factors, numbers, and characteristics to analyze

2. User Knowledge and Expertise: Inputs requiring manual analysis by the user
3. Outputs: Transformed data from which DSS "decisions" are generated
4. Decisions: Results generated by the DSS based on user criteria

DSSs which perform selected cognitive decision-making functions and are based on artificial intelligence or
intelligent agents technologies are called Intelligent Decision Support Systems (IDSS).

The nascent field of Decision engineering treats the decision itself as an engineered object, and applies
engineering principles such as Design and Quality assurance to an explicit representation of the elements that
make up a decision.

Applications

As mentioned above, there are theoretical possibilities of building such systems in any knowledge domain.

One example is the clinical decision support system for medical diagnosis. Other examples include a bank loan
officer verifying the credit of a loan applicant or an engineering firm that has bids on several projects and wants
to know if they can be competitive with their costs.

170
DSS is extensively used in business and management. Executive dashboard and other business performance
software allow faster decision making, identification of negative trends, and better allocation of business
resources.

A growing area of DSS application, concepts, principles, and techniques is in agricultural production, marketing
for sustainable development. For example, the DSSAT4 package, developed through financial support of
USAID during the 80's and 90's, has allowed rapid assessment of several agricultural production systems
around the world to facilitate decision-making at the farm and policy levels. There are, however, many
constraints to the successful adoption on DSS in agriculture.

DSS are also prevalent in forest management where the long planning time frame demands specific
requirements. All aspects of Forest management, from log transportation, harvest scheduling to sustainability
and ecosystem protection have been addressed by modern DSSs. A comprehensive list and discussion of all
available systems in forest management is being compiled under the COST action Forsys

A specific example concerns the Canadian National Railway system, which tests its equipment on a regular
basis using a decision support system. A problem faced by any railroad is worn-out or defective rails, which can
result in hundreds of derailments per year. Under a DSS, CN managed to decrease the incidence of derailments
at the same time other companies were experiencing an increase.

Benefits
1. Improves personal efficiency
2. Speed up the process of decision making
3. Increases organizational control
4. Encourages exploration and discovery on the part of the decision maker
5. Speeds up problem solving in an organization
6. Facilitates interpersonal communication
7. Promotes learning or training
8. Generates new evidence in support of a decision
9. Creates a competitive advantage over competition
10. Reveals new approaches to thinking about the problem space
11. Helps automate managerial processes

Decision support systems (DSS) are a diverse group of interactive computer tools—primarily customizable
software —designed to assist managerial decision making. They fall into a broader class known as
management support systems (MSSs). The goal of a DSS is to make management more efficient and effective,
particularly with ad hoc and discretionary decisions (versus routine or programmatic ones that require little
judgment). Interactivity is key; unlike related expert systems and many artificial intelligence tools (see Figure
1), DSS generally do not attempt to make the decision themselves, but rather present information in a manner
that is conducive to making an informed and efficient decision.

EVOLUTION OF DSS

DSS were introduced in the 1970s and gained mainstream attention in the 1980s. Originally run largely on
mainframes, they were seen as an evolutionary step from management information systems, which at the time
were relatively inflexible storehouses of corporate data. In that environment, DSS were high-end applications
reserved for occasional, non-recurring strategic decisions by senior management.

171
Since then, the rapid advances in personal computers ushered in a new breed of simple and widely used DSS.
Indeed, some experts consider the built-in

Figure 1
Decision support Systems Versus Other Management Tools
analytic functions in popular spreadsheet programs, such as Microsoft Excel and Lotus 1-2-3, to be mini-DSS.
As a result, many DSS today are simple, informal PC software tools that users create themselves with the help
of templates, macros, user-programmed modules, and other customizable features.

While a simple DSS for an individual may cost a couple hundred dollars and some programming time,
sophisticated ones continue to be significant business investments. At their inception they were exceptionally
expensive to develop, and thus only large companies could afford them. Although relative prices have come
down, they still tend to cost anywhere from $30,000 to $500,000 or more to implement company-wide.
Premium systems are offered by such firms as IBM, SAS Institute, SPSS, and a host of more specialized
vendors.

COMPONENTS OF A DSS

There are three basic components in a DSS:

 a database
 a model base
 a user interface

Depending on the system, each of these components may be very simple or highly elaborate. The database, or
in advanced systems, a database management system (DBMS) or a data warehouse, consists of structured,
real-life information, such as customer account records, product sales history, employee schedules, or
manufacturing process statistics. The model base, or model base management system (MBMS), contains one or
more models for the kind of analysis the system will perform. For example, if the purpose of the system is to
supply sales projections under different conditions, one model might be a linear regression formula derived

172
from past sales and other factors. The user interface integrates the two into a coherent system and provides the
decision maker with controls for—and possibly feedback about—managing the data and the models.

THE STRUCTURE OF DECISIONS

STRUCTURED DECISIONS.

A structured decision is one in which all three components can be fairly well specified, i.e., the data, process,
and evaluation are determined. Usually structured decisions are made regularly and therefore it makes sense to
place a comparatively rigid framework around the decision and the people making it. An example of this type
of decision may be the routine credit-granting decision made by many businesses. It is probably the case that
most firms collect rather similar sets of data for credit granting decision makers to use. In addition the way in
which the data is combined is likely to be consistent (for instance, household debt must be less than 25 percent
of gross income). Finally, this decision can also be evaluated in a very structured way (specifically when the
marginal cost of relaxing credit requirements equals the marginal revenue obtained from additional sales). For
structured decisions it is possible and desirable to develop computer programs that collect and combine the
data, thus giving the process a high degree of consistency. However, because these tend to be routine and
predictable choices, a DSS is typically not needed for highly structured decisions. Instead, there are any number
of automated tools that can make the decision based on the predefined criteria.

UNSTRUCTURED DECISIONS.

At the other end of the continuum are unstructured decisions. These decisions have the same components as
structured ones; however, there is little agreement on their nature. For instance, with these types of decisions,
each decision maker may use different data and processes to reach a conclusion. In addition, because of the
nature of the decision there may also be few people that are even qualified to evaluate the decision. These types
of decisions are generally the domain of experts in a given field. This is why firms hire consulting engineers to
assist their decision-making activities in these areas. To support unstructured decisions requires an appreciation
of individual approaches, and it may not be terribly beneficial to expend a great deal of effort to support them.

Generally, unstructured decisions are not made regularly or are made in situations in which the environment is
not well understood. New product decisions may fit into this category for either of these reasons. To support a
decision like this requires a system that begins by focusing on the individual or team that will make the
decision. These decision makers are usually entrusted with decisions that are unstructured because of their
experience or expertise, and therefore it is their individual ability that is of value. One approach to support
systems in this area is to construct a program that simulates the process used by a particular individual. These
have been called "expert systems." It is probably not the case that an expert decision maker would be replaced
by such a system, although it may offer support in terms of providing another perspective of the decision.
Another approach is to monitor and document the process that was used so that the decision maker(s) can
readily review what has already been examined and concluded. An even more novel approach used to support
these decisions is to provide environments that are specially designed to give these decision makers an
atmosphere that is conducive to their particular tastes, a task well suited for a DSS. The key to support of
unstructured decisions is to understand the role that individual experience or expertise plays in the decision and
to allow for individual approaches.

SEMI-STRUCTURED DECISIONS.

In the middle of the continuum are semi-structured decisions, and this is where most of what are considered to
be true decision support systems are focused. Decisions of this type are characterized as having some agreement

173
on the data, process, and/or evaluation to be used, but there is still a desire not to place too much structure on
the decision and to let some human judgment be used. An initial step in analyzing which support system is
required is to understand where the limitations of the decision maker may be manifested, i.e., will it be in the
data acquisition portion, or in the process component, or possibly in the evaluation of outcomes. For instance,
suppose an insurance executive is trying to decide whether to offer a new type of product to existing
policyholders that will focus on families with two or more children that will be ready to attend college in six to
nine years. The support required for this decision is essentially data oriented. The information required can be
expressed in terms of the following query on the insurance company's database: "Give me a list of all of our
policyholders that have a college education and have more than two children between ages 10 and 12."

PROCESSING INFORMATION

A major role of DSS is simple information processing; the program makes a large array of facts and
considerations more digestible. They also automate tasks at which humans tend to be slow and inaccurate, such
as sorting and mathematical calculations.

WHAT-IF ANALYSIS.

For instance, the insurance executive who wanted to offer the new product now has to decide on a price for the
product. In order to make this decision, the effect of different variables (including price) on demand for the
product and the subsequent profit must be evaluated. The executive's perceptions of the demand for the product
can be captured in a mathematical formula that portrays the relationship between profit, price, and other
variables considered important. Once the relationships have been expressed, the decision maker may now want
to change the values for different variables and see what the effect on profits would be. The ability to save
mathematical relationships and then obtain results for different values is a feature of many decision support
systems. This is called "what-if' analysis and is a common application for DSS to automate.

EVALUATING OUTPUT.

Of course, the output from such a system is only as good as the model or data being used; if the demand model
is inaccurate or outdated or based on dissimilar products, the outcome projections may be worthless. Thus,
decision makers must be aware of the risk of potential inaccuracies and understand the underlying logic behind
a DSS's output, as opposed to accepting its output blindly, in order to make an informed decision. The object of
a good DSS is to obtain useful information for human consideration rather than to let the computer make the
decision itself. Advanced DSS may contain safeguards and pointers to help users avoid misinterpreting output
or creating meaningless output.

SPECIAL KINDS OF DSS

Although all DSS are designed to tackle fairly specific types of problems, there are a number of recognized
subcategories of DSS. Among them group decision support systems (GDSS) and executive information systems
(EIS). At times these can be hard to distinguish from a "conventional" DSS, but both continue to enjoy solid
backing in corporations and the separate terminology persists.

GROUP DECISION SUPPORT SYSTEMS.

As the name implies, GDSS are used to assist groups of decision makers who have common or overlapping
responsibilities, such as executive committees, task forces, and work teams. Some of these tools are designed to
be used directly when the group is convened. One example is tallying and processing group member
174
preferences, and then presenting output for the participants to discuss. In other cases the group may never meet,
but a centralized system is available to each member for common tasks they perform, such as financial
monitoring and reporting.

EXECUTIVE INFORMATION SYSTEMS.

EISs are suites of data analysis tools that are meant to be applied to a company's most critical financial and
performance data. In large organizations, usually this means the EIS has the ability to pull and manipulate data
—increasingly in real time instead of waiting days or weeks for the most recent data—on multiple corporate
systems. EISs enjoyed a resurgence in the 1990s in part because of widespread management interest in activity-
based costing, data warehousing, and enterprise resource planning systems. Software advances have also made
EISs less costly and more powerful. Many of the latest systems are run on client/server technology using a Web
browser.

UNIT V

Global IT Management Dimensions

Global IT Management Challenges

• Political challenges
– Many countries regulate or prohibit the
transfer of data across their national boundaries

175
 – Others severely restrict, tax, or prohibit
imports of hardware and software
– Some have local content laws that specify the portion of the value of a product that must be
added in that country if it is to be sold there
– Others require a business to spend part of the revenue they earn in a country in that nation’s
economy
• Geoeconomic challenges
– Physical distances are still a major problem
– It may take too long to fly in specialists
– It is difficult to communicate in real time
across 24 time zones
– Many countries do not have good telephone
and telecommunications services
– It may be hard to find skilled local workers
– There can be great differences in the cost of living and labor costs between countries
• Cultural challenges
– Languages
– Cultural interests
– Religions
– Customs
– Political philosophies
– Global IT managers need cultural training
before they are sent on assignment
– Different work styles and business relationships
Transnational Strategies
• Companies are moving toward a transnational strategy
– Business depends heavily on information systems and Internet technologies to help integrate
global business activities
– Requires an integrated and cooperative worldwide IT platform

176
 Information Resource Management
IRM
 Is to design, inventory and control all of the resources required to produce information.
 When standardized and controlled, these resources can be shared and re-used throughout the
corporation, not just by a single user or application.
 Techniques of managing information as a shared organizational resource.
IRM includes:
 Identification of information sources
 Types and value of information they provide
 Ways of classification, valuation ,processing , and storage of the information
Classes of information resources:
 BUSINESS RESOURCES
 SYSTEM RESOURCES
 DATA RESOURCES

Benefits of implementing an IRM Strategy

 Identifies gaps and duplication of information
 Clarifies roles and responsibilities of owners and users of information
 Provide costs saving in the procurement and handling of information
 Identifies cost/benefits of different information resources
 Actively supports management decision processes with quality information

Security and Ethical

Challenge
Section I: Security, Ethical, and Societal Challenges of IT
Introduction

There is no question that the use of information technology in e-business operations presents major security challenges, poses serious
ethical questions, and affects society in significant ways.

Analyzing F-Secure, Microsoft, GM, and Verizon

We can learn a lot from this case about the security and ethical issues in business that arise from the challenges caused by computer
viruses. Take a few minutes to read it, and we will discuss it (see F-Secure, Microsoft, GM, and Verizon: The Business Challenge of
Computer Viruses in Section IX).

Business/IT Security, Ethics, and Society [Figure 11.2]

177
The use of information technology in e-business has major impacts on society, and thus raises serious ethical issues in the areas such
as:
 Crime
 Privacy
 Individuality
 Employment
 Health
 Working Conditions

Note: Students should realize that information technology could have a beneficial effect as well as a negative effect in each of the
areas listed above.

Ethical Responsibility of Business Professionals

As a business end user, you have a responsibility to promote ethical uses of information technology in the workplace. These
responsibilities include properly performing your role as a vital human resource in the e-business systems you help develop and use in
your organizations.

The AITP code provides guidelines for ethical conduct in the development and use of information technology. End-users and IS
professionals would live up to their ethical responsibilities by voluntarily following such guidelines.

For example, you can be a responsible end user by:

 Acting with integrity
 Increasing your professional competence
 Setting high standards of personal performance
 Accepting responsibility for your work
 Advancing the health, privacy, and general welfare of the public

Business Ethics:

Business ethics is concerned with the numerous ethical questions that managers must confront as part of their daily business decision-
making. Managers use several important alternatives when confronted with making ethical decisions on business issues.

These include:
 Stockholder Theory – Holds that managers are agents of the stockholders, and their only ethical responsibility is to increase the
profits of the business, without violating the law or engaging in fraudulent practices.

 Social Contract Theory - States that companies have ethical responsibility to all members of society, which allow corporations
178
 to exist based on a social contract.

 Stakeholder Theory - Maintains that managers have an ethical responsibility to manage a firm for the benefit of all of its
stakeholders, which are all individuals and groups that have a stake in or claim on a company.

Technology Ethics [Figure 11.4]

Proportionality – The good achieved by the technology must outweigh the harm or risk. Moreover, there must be no alternative that
achieves the same or comparable benefits with less harm or risk.

Informed Consent – Those affected by the technology should understand and accept the risks.

Justice – The benefits and burdens of the technology should be distributed fairly. Those who benefit should bear their fair share of
the risks, and those who do not benefit should not suffer a significant increase in risk.

Minimized Risk – Even it judged acceptable by the other three guidelines, the technology must be implemented so as to avoid all
unnecessary risk.

Ethical Guidelines:

The Association of Information Technology Professionals (AITP), is an organization of professionals in the computing field. Its code
of conduct outlines the ethical considerations inherent in the major responsibilities of an IS professional.

Business and end users and IS professionals would live up to their ethical responsibilities by voluntarily following such guidelines as
those outlined in the AITP standard. You can be a responsible end user by:
 Acting with integrity
 Increasing your professional competence
 Setting high standards of personal performance
 Accepting responsibility for your work
 Advancing the health, privacy, and general welfare of the public

Computer Crime
Computer crime is a growing threat to society by the criminal or irresponsible actions of computer individuals who are taking
advantage of the widespread use and vulnerability of computers and the Internet and other networks. It thus presents a major
challenge to the ethical use of information technologies. E-computer crime poses serious threats to the integrity, safety, and survival
of most e-business systems, and thus makes the development of effective security methods a top priority.

The Association of Information Technology professionals (ATIP) defines computer crime as including:
 The unauthorized use, access, modification, and destruction of hardware, software, data, or network resources.
179
 The unauthorized release of information
 The unauthorized copying of software
 Denying an end user access to his or her own hardware, software, data, or network resources
 Using or conspiring to use computer or network resources to illegally obtain information or tangible property.

Penalties for violation of the U.S. Computer Fraud and Abuse Act include:
 1 to 5 years in prison for a first offence
 10 years for a second offence
 20 years for three or more offences
 Fines ranging up to $250,000 or twice the value of stolen data

Hacking: [Figure 11.7]

Hacking is the obsessive use of computers, or the unauthorized access and use of networked computer systems. Illegal hackers (also
called crackers) frequently assault the Internet and other networks to steal or damage data and programs. Hackers can:
 Monitor e-mail, Web server access, or file transfers to extract passwords or steal network files, or to plant data that will cause a
system to welcome intruders.
 Use remote services that allow one computer on a network to execute programs on another computer to gain privileged access
within a network.
 Use Telnet, an Internet tool for interactive use of remote computers, to discover information to plan other attacks.

Cyber-Theft
180
Many computer crimes involve the theft of money. In the majority of cases, they are “inside jobs” that involve unauthorized network
entry and fraudulent alternation of computer databases to cover the tracks of the employees involved.

Unauthorized Use at Work:

The unauthorized use of a computer system is called time and resource theft. A common example is unauthorized use of company-
owned computer networks by employees. This may range from doing private consulting or personal finances, or playing video games
to unauthorized use of the Internet on company networks. Network monitoring software called sniffers is frequently used to monitor
network traffic to evaluate network capacity, as well as reveal evidence of improper use.

Software Piracy:

Computer programs are valuable property and thus are the subject of theft from computer systems. Unauthorized copying of software
or software piracy is a major form of software theft because software is intellectual property, which is protected by copyright law and
user licensing agreements.

Piracy of Intellectual Property:

Software is not the only intellectual property subject to computer-based piracy. Other forms of copyrighted material, such as music,
videos, images, articles, books, and other written works are especially vulnerable to copyright infringement, which most courts have
deemed illegal. Digitised versions can easily be captured by computer systems and made available for people to access or download
at Internet websites, or can be readily disseminated by e-mail as file attachments. The development of peer-to-peer (P2P) networking
has made digital versions of copyrighted material even more vulnerable to unauthorized use.

Computer Viruses:

One of the most destructive examples of computer crime involves the creation of computer viruses or worms. They typically enter a
computer system through illegal or borrowed copies of software, or through network links to other computer systems. A virus usually
copies itself into the operating systems programs, and from there to the hard disk and any inserted floppy disks. Vaccine programs,
and virus prevention and detection programs are available, but may not work for new types of viruses.

Virus - is a program code that cannot work without being inserted into another program.

Worm - is a distinct program that can run unaided.

Privacy Issues
The power of information technology to store and retrieve information can have a negative effect on the right to privacy of every
individual.

For example:
 Confidential e-mail messages by employees are monitored by many companies
 Personal information is being collected about individuals every time they visit a site on the World Wide Web
 Confidential information on individuals contained in centralized computer databases by credit bureaus, government agencies, and
private business firms has been stolen or misused, resulting in the invasion of privacy, fraud, and other injustices.
 Unauthorized use of information can seriously damage the privacy of individuals.
 Errors in databases can seriously hurt the credit standing or reputation of individuals.

Some important privacy issues being debated in business and government include the following:
 Accessing individuals’ private e-mail conversations and computer records, and collecting and sharing information about
individuals gained from their visits to Internet websites and newsgroups (violation of privacy).
 Always “knowing” where a person is, especially as mobile and paging services become more closely associated with people
181
 rather than places (computer monitoring)
 Using customer information to market additional business services (computer matching).
 Collecting telephone numbers and other personal information to build individual customer profiles (unauthorized personal files).

Privacy on the Internet:

The Internet is notorious for giving its users a feeling of anonymity, when in actuality; they are highly visible and open to violations
of their privacy. Most of the Internet and its World Wide Web and newsgroups are still a wide open, unsecured, electronic frontier,
with no tough rules on what information is personal and private. You can protect your privacy in several ways:
 Use encryption to send e-mail (both sender and receiver must have encryption software).
 Anonymous remailers to protect your identify when you add comments in newsgroup postings.
 Ask Internet service provider not to sell your name and personal information to mailing list providers, and other marketers.
 Decline to reveal personal data and interest on online service and websites user profiles.

Computer Matching:

Computer matching is the use of computers to screen and match data about individual characteristics provided by a variety of
computer-based information systems and databases in order to identify individuals for business, government, or other purposes.
Unauthorized use or mistakes in the computer matching of personal data can be a threat to privacy. For example, an individual’s
personal profile may be incorrectly matched with someone else.

Privacy Laws:

In the US, the Federal Privacy Act strictly regulates the collection and use of personal data by governmental agencies. The law
specifies that individuals have the right to inspect their personal records, make copies, and correct or remove erroneous or misleading
information.

Federal Privacy Act specifies that federal agencies:

 Must annually disclose the types of personal data files they maintain.
 Cannot disclose personal information on an individual to any other individual or agency except under certain strict conditions.
 Must inform individuals of the reasons for requesting personal information from them.
 Must retain personal data records only if it is “relevant and necessary to accomplish” an agency’s legal purpose.
 Must establish appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of records.

The U.S. Congress enacted the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act in 1986. These
federal privacy laws are a major attempt to enforce the privacy of computer-based files and communications. These laws prohibit
intercepting data communications messages, stealing or destroying data, or trespassing in federal-related computer systems.

Computer Libel and Censorship

The opposite side of the privacy debate is:

 The right of people to know about matters others may want to keep private (freedom of information)
 The right of people to express their opinions about such matters (freedom of speech)
 The right of people to publish those opinions (freedom of the press).

Some of the biggest battlegrounds in the debate are the bulletin boards, e-mail boxes, and online files of the Internet and public
information networks, such as America Online and the Microsoft Network. The weapons being used in this battle include spamming,
flame mail, libel laws, and censorship.

Spamming - is the indiscriminate sending of unsolicited e-mail messages (spam) to many Internet users. Spamming is the favorite
tactic of mass-mailers of unsolicited advertisements, or junk e-mail. Cyber criminals to spread computer viruses or infiltrate many
computer systems have also used Spamming.
182
Flaming - is the practice of sending extremely critical, derogatory, and often vulgar e-mail messages (flame mail), or newsgroup
postings to other users on the Internet or online services. Flaming is especially prevalent on some of the Internet’s special interest
newsgroups. The Internet is very vulnerable to abuse, as it currently lacks formal policing, and lack of security.

Other Challenges:
The uses of information technologies in e-business systems include ethical and societal impacts of e-business in the areas of
employment, individuality, working conditions, and health.

Employment Challenges:

The impact of IT on employment is a major ethical concern and is directly related to the use of computers to achieve automation of
work activities. The use of e-business technologies has created new jobs and increased productivity. However, it has also caused a
significant reduction in some types of job opportunities.

Computer Monitoring:

One of the most explosive ethical issues concerning the quality of working conditions in e-business is computer monitoring.
Computers are being used to monitor the productivity and behavior of employees while they work. Supposedly, computer monitoring
is done so employers can collect productivity data about their employees to increase the efficiency and quality of service.

Computer monitoring has been criticized as unethical because:

 It is used to monitor individuals, not just work, and is done continually, thus violating workers’ privacy and personal freedom.
 Is considered an invasion of the privacy of employees, because in many cases, they do not know that they are being monitored, or
don’t know how the information is being used.
 Employee’s right of due process may be harmed by the improper use of collected data to make personnel decisions.
 It increases the stress on employees who must work under constant electronic surveillance.
 It has been blamed for causing health problems among monitored workers.
 Blamed for robbing workers of the dignity of their work.

Challenges in Working Conditions:

Information technology has eliminated some monotonous or obnoxious tasks in the office and the factory that formerly had to be
performed by people. Thus, IT can be said to upgrade the quality of work. Though, many automated operations are also criticized for
relegating people to a “do-nothing” standby role.

Challenges to Individuality:

A frequent criticism of e-business systems concerns their negative effect on the individuality of people. Computer-based systems are
criticized as:
 Being impersonal systems that dehumanize and depersonalize activities, since they eliminate the human relationships present in
noncomputer systems. Humans feel a loss of identity.
 Humans feel a loss of individuality as some systems require a regimentation of the individual, and demanding strict adherence to
detailed procedures.

Computer-based systems can be ergonomically engineered to accommodate human factors that:

 Minimize depersonalization and regimentation.
 Design software that is “people-oriented” and “user-friendly.”

183
Health Issues: [Figure 11.12]

The use of IT in the workplace raises a variety of health issues. Heavy use of computers is reportedly causing health problems such
as:
 Job stress
 Damaged arm and neck muscles
 Eye strain
 Radiation exposure
 Death by computer-caused accidents

Ergonomics:

Solutions to some health problems are based on the science of ergonomics, sometimes called human factors engineering. The goal of
ergonomics is to design healthy work environments that are safe, comfortable, and pleasant for people to work in, thus increasing
employee morale and productivity.

Ergonomics stresses the healthy design of the workplace, workstations, computers and other machines, and even software packages.
Other health issues may require ergonomic solutions emphasizing job design, rather than workplace design.

Societal Solutions
Computers and networks like the Internet, and other information technology can have many beneficial effects on society. Information
technology can be used to solve human and societal problems through societal solutions such as:
 Medical diagnosis
 Computer-assisted instruction
 Governmental program planning
 Environmental quality control
 Law enforcement

184
Security Management of Information Technology
Introduction

There are many significant threats to the security of information systems in business. Business managers and professionals alike are
responsible for the security, quality, and performance of the e-business systems in their business units.

Analyzing Geisinger Health Systems and Du Pont

We can learn a lot from this case about the security management issues and challenges in securing company data resources and
process control networks. Take a few minutes to read it, and we will discuss it (See Geisinger Health Systems and Du Pont: Security
Management in Section IX).

Tools of Security Management

The goal of security management is the accuracy, integrity, and safety of all e-business processes and resources. Effective security
management can minimize errors, fraud, and losses in the internetworked computer-based systems that interconnect today’s e-
business enterprises.

Internetworked Security Defense

Security of today’s internetworked e-business enterprises is a major management challenge. Vital network links and business flows
need to be protected from external attack by cyber criminals or subversion by the criminal or irresponsible acts of insiders. This
requires a variety of security tools and defensive measures and a coordinated security management program.

Encryption

Encryption of data has become an important way to protect data and other computer network resources especially on the Internet,
intranets, and extranets.

Encryption characteristics include:

 Passwords, messages, files, and other data can be transmitted in scrambled form and unscrambled by computer systems for
authorized users only.
 Encryption involves using special mathematical algorithms, or keys, to transform digital data into a scrambled code before they
are transmitted, and to decode the data when they are received.
 The most widely used encryption method uses a pair of public and private keys unique to each individual. For example: e-mail
could be scrambled and encoded using a unique public key for the recipient that is known to the sender. After the e-mail is
transmitted, only the recipient’s secret private key could unscramble the message.
 Encryption programs are sold as separate products or built into other software used for the encryption process.
 There are several competing software encryption standards, but the top two are RSA and PGP.

Firewalls

Another important method for control and security on the Internet and other networks is the use of firewall computers and software.
A network fire wall can be a communications processor, typically a router, or a dedicated server, along with fire wall software.

Fire wall computers and software characteristics include:

 A fire wall serves as a “gatekeeper” computer system that protects a company’s intranets and other computer networks from
intrusion by serving as a filter and safe transfer point for access to and from the Internet and other networks.
 A fire wall computer screens all network traffic for proper passwords and other security codes, and only allows authorized
transmissions in and out of the network.
 Fire walls have become an essential component of organizations connecting to the Internet, because of its vulnerability and lack
of security.
 Fire walls can deter, but not completely prevent, unauthorized access (hacking) into computer networks. In some cases, a fire
wall may allow access only from trusted locations on the Internet to particular computers inside the fire wall. Or it may allow
185
 only “safe” information to pass.
 In some cases, it is impossible to distinguish safe use of a particular network service from unsafe use and so all requests must be
blocked. The fire wall may then provide substitutes for some network services that perform most of the same functions but are
not as vulnerable to penetration.

Denial of Service Defenses

The Internet is extremely vulnerable to a variety of assaults by criminal hackers, especially denial of service (DOS) attacks. Denial of
service assaults via the Internet depend on three layers of networked computer systems, and these are the basic steps e-business
companies and other organizations can take to protect their websites form denial of service and other hacking attacks.
 The victim’s website
 The victim’s Internet service provider (ISP)
 The sites of “zombie” or slave computers that were commandeered by the cyber criminals.

e-Mail Monitoring

Internet and other online e-mail systems are one of the favorite avenues of attack by hackers for spreading computer viruses or
breaking into networked computers. E-mail is also the battleground for attempts by companies to enforce policies against illegal,
personal, or damaging messages by employees, and the demands of some employees and others, who see such policies as violations of
privacy rights.

Virus Defenses

Many companies are building defenses against the spread of viruses by centralizing the distribution and updating of antivirus
software, as a responsibility of there IS departments. Other companies are outsourcing the virus protection responsibility to their
Internet service providers or to telecommunications or security management companies.

Other Security Measures:

A variety of security measures are commonly used to protect e-business systems and networks. These include both hardware and
software tools like fault-tolerant computers and security monitors, and security policies and procedures like passwords and backup
files.

186
Security Codes:

Typically, a multilevel password system is used for security management.

 First, an end user logs on to the computer system by entering his or her unique identification code, or user ID. The end user is
then asked to enter a password in order to gain access into the system.
 Next, to access an individual file, a unique file name must be entered.

Backup Files

Backup files, which are duplicate files of data or programs, are another important security measure.
 Files can be protected by file retention measures that involve storing copies of files from previous periods.
 Several generations of files can be kept for control purposes.

Security Monitors

System security monitors are programs that monitor the use of computer systems and networks and protect them from unauthorized
use, fraud, and destruction.
 Security monitor programs provide the security measures needed to allow only authorized users to access the networks.
 Security monitors also control the use of the hardware, software, and data resources of a computer system.
 Security monitors can be used to monitor the use of computer networks and collect statistics on any attempts at improper use.

Biometric Security

These are security measures provided by computer devices, which measure physical traits that make each individual unique. This
includes:
 Voice verification
 Fingerprints
 Hand geometry
 Signature dynamics
 Keystroke analysis
 Retina scanning
 Face recognition
 Genetic pattern analysis

Computer Failure Controls:

A variety of controls are needed to prevent computer failure or to minimize its effects. Computer systems may fail due to:
 Power failure
 Electronic circuitry malfunctions
 Telecommunications network problems
 Hidden programming errors
 Computer operator errors
 Electronic vandalism

The information services department typically takes steps to prevent equipment failure and to minimize its detrimental effects.

For example:
 Programs of preventative maintenance of hardware and management of software updates are commonplace
 Using computers equipped with automatic and remote maintenance capabilities
 Establishing standards for electrical supply, air conditioning, humidity control, and fire prevention standards
 Arrange for a backup computer system capability with disaster recovery organizations.
 Scheduling and implementing major hardware or software changes to avoid problems.
 Training and supervision of computer operators.
 Using fault tolerant computer systems (fail-safe and fail-soft capabilities)
187
Fault Tolerant Systems : [Figure 11.21]

Many firms use fault tolerant computer systems that have redundant processors, peripherals, and software that provide a fail-over
capability to back up components in the event of system failure.
 Fail-Safe - Fail-Safe refers to computer systems that continue to operate at the same level of performance after a major failure.

 Fail-Soft - Fail-soft refers to computer systems that continue to operate at a reduced but acceptable level after a system failure.

Disaster Recovery

Hurricanes, earthquakes, fires, floods, criminal and terrorist acts, and human error can all severely damage an organization's
computing resources, and thus the health of the organization itself. Many companies, especially online e-commerce retailers and
wholesalers, airlines, banks, and Internet service providers, for example, are crippled by losing even a few hours of computing power.
That is why it is important for organizations to develop disaster recovery procedures and formalize them in a disaster recovery plan.
It specifies which employees will participate in disaster recovery, and what their duties will be; what hardware, software, and facilities
will be used; and the priority of applications that will be processed. Arrangements with other companies for use of alternative
facilities as a disaster recovery site and off site storage of an organization's databases are also part of an effective recovery effort.

System Controls and Audits [Figure 11.22]:

188
The development of information system controls and the accomplishment of e-business systems audits are two other types of security
management.

Information Systems Controls:

Information systems controls are methods and devices that attempt to ensure the accuracy, validity, and propriety of information
system activities. Information System (IS) controls must be developed to ensure proper data entry, processing techniques, storage
methods, and information output. IS controls are designed to monitor and maintain the quality and security of the input, processing,
output, and storage activities of any information system.

Auditing IT Systems

 E-business systems should be periodically examined, or audited, by a company’s internal auditing staff or external auditors from
professional accounting firms. Such audits should review and evaluate whether proper and adequate security measures and
management policies have been developed and implemented.

An important objective of e-business system audits is testing the integrity of an application audit trail. An audit trail can be defined
as the presence of documentation that allows a transaction to be traced through all stages of its information processing. The audit trail
of manual information systems was quite visible and easy to trace; however, computer-based information systems have changed the
form of the audit trail.

189