700-900 Word answer
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Ninth Edition
Ralph M. Stair Professor Emeritus, Florida State University
George W. Reynolds Instructor, Strayer University
Fundamentals of Information Systems
Australia • Brazil • Mexico • Singapore • United Kingdom • United States
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Fundamentals of Information Systems, Ninth Edition Ralph M. Stair & George W. Reynolds
Vice President, General Manager, Science, Technology and Math: Balraj Kalsi
Senior Product Director: Kathleen McMahon
Product Team Manager: Kristin McNary
Associate Product Manager: Kate Mason
Senior Director, Development: Julia Caballero
Content Development Manager: Leigh Hefferon
Senior Content Developer: Michelle Ruelos Cannistraci
Product Assistant: Jake Toth
Marketing Manager: Scott Chrysler
Art and Cover Direction, Production Management, and Composition: Lumina Datamatics, Inc.
Intellectual Property Analyst: Brittani Morgan
Project Manager: Kathy Kucharek
Manufacturing Planner: Ron Montgomery
Cover Image: Rawpixel.com/Shutterstock
© 2018, 2016 Cengage Learning
ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be reproduced or distributed in any form or by any means, except as permitted by U.S. copyright law, without the prior written permission of the copyright owner.
For product information and technology assistance, contact us at Cengage Learning Customer & Sales Support, 1-800-354-9706
For permission to use material from this text or product, submit all requests online at www.cengage.com/permissions
Further permissions questions can be emailed to [email protected]
Library of Congress Control Number: 2016963470
Student Edition:
ISBN: 978-1-337-09753-6
Loose-leaf Edition:
ISBN: 978-1-337-09904-2
Cengage Learning 20 Channel Center Street Boston, MA 02210 USA
Cengage Learning is a leading provider of customized learning solutions with employees residing in nearly 40 different countries and sales in more than 125 countries around the world. Find your local representative at www.cengage.com.
Cengage Learning products are represented in Canada by Nelson Education, Ltd.
To learn more about Cengage Learning Solutions, visit www.cengage.com
Purchase any of our products at your local college store or at our preferred online store www.cengagebrain.com
Printed in the United States of America Print Number: 01 Print Year: 2017
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
For Lila and Leslie —RMS
To my grandchildren: Michael, Jacob, Jared, Fievel, Aubrey, Elijah, Abrielle, Sofia, Elliot, Serina, and Kendall
—GWR
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Brief Contents
PART 1 Information Systems in Perspective 1
Chapter 1 An Introduction to Information Systems in Organizations 2
PART 2 Information Technology Concepts 43
Chapter 2 Hardware and Software 44
Chapter 3 Database Systems and Big Data 110
Chapter 4 Networks and Cloud Computing 156
PART 3 Business Information Systems 213
Chapter 5 Electronic Commerce and Enterprise Systems 214
Chapter 6 Business Intelligence and Analytics 270
Chapter 7 Knowledge Management and Specialized Information Systems 296
PART 4 System Development 343
Chapter 8 System Acquisition and Development 344
v Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
PART 5 Information Systems in Business and Society 401
Chapter 9 Cybercrime and Information System Security 402
Chapter 10 Ethical, Legal, and Social Issues of Information Systems 440
Glossary 478 Subject Index 487 Company Index 501
vi BRIEF CONTENTS
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Contents
Preface xiii
PART 1 Information Systems in Perspective 1
1 An Introduction to Information Systems in Organizations 2 An Introduction to Information Systems 4 Data, Information, and Knowledge 4 The Value of Information 6 Characteristics of Quality Information 6 What Is an Information System? 7 Three Fundamental Types of Information Systems 8
Information Systems in Organizations 10 Value Chains 11 Change in the Organization 13 Soft Side of Implementing Change 15 Careers in Information Systems 21 Finding a Job in IS 29 Certification 30
CASE ONE: BMW: Automaker Competes on the Digital Front 38
CASE TWO: Railroads Struggle to Implement Positive Train Control 39
PART 2 Information Technology Concepts 43
2 Hardware and Software 44 Anatomy of a Computer 46 Processor 46 Memory 48 Secondary Data Storage Devices 49 Enterprise Storage Options 51 Input and Output Devices 52 Output Devices 57
Computer System Types 60 Mobile Computers 61 Thin Clients, Desktops, and Workstations 62 Servers, Mainframes, and Supercomputers 64
Server Farms, Data Centers, and Green Computing 66 Server Farms 66 Data Center 67 Green Computing 67
vii Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
An Overview of Software 69 Software Sphere of Influence 69
Systems Software 71 Operating Systems 71 Utility Programs 81 Middleware 81
Application Software 83 Overview of Application Software 84 Personal Application Software 85 Workgroup Application Software 91 Enterprise Application Software 91 Programming Languages 92
Software Issues and Trends 93 Software Bugs 93 Copyrights and Licenses 94 Open-Source Software 94 Software Upgrades 95 Global Software Support 95
CASE ONE: Vivobarefoot Upgrades Technology Infrastructure 105
CASE TWO: Société de transport de Montréal (STM) Implements Innovative Mobile App 106
3 Database Systems and Big Data 110 Data Fundamentals 112 Hierarchy of Data 113 Data Entities, Attributes, and Keys 113 The Database Approach 115
Data Modeling and Database Characteristics 117 Data Modeling 117 Relational Database Model 119 Data Cleansing 122
Relational Database Management Systems (DBMSs) 124 SQL Databases 124 Database Activities 125 Database Administration 130 Popular Database Management Systems 131 Using Databases with Other Software 132
Big Data 133 Characteristics of Big Data 134 Sources of Big Data 134 Big Data Uses 135 Challenges of Big Data 136 Data Management 137
Technologies Used to Process Big Data 140 Data Warehouses, Data Marts, and Data Lakes 140 NoSQL Databases 142 Hadoop 144 In-Memory Databases 145
CASE ONE: WholeWorldBand: Digital Recording Studio 152
CASE TWO: Mercy’s Big Data Project Aims to Boost Operations 153
viii CONTENTS
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
4 Networks and Cloud Computing 156 Network Fundamentals 159 Network Topology 159 Network Types 160 Client/Server Systems 162 Channel Bandwidth 162 Communications Media 163 Communications Hardware 169 Communications Software 169
The Internet and World Wide Web 171 How the Internet Works 173 Accessing the Internet 175 How the Web Works 177 Web Programming Languages 179 Web Services 180 Developing Web Content and Applications 180 Internet and Web Applications 181 Intranets and Extranets 192
The Internet of Things 194
Cloud Computing 197 Public Cloud Computing 199 Private Cloud Computing 201 Hybrid Cloud Computing 201 Autonomic Computing 201
CASE ONE: Cloud Helps Fight Cancer 209
CASE TWO: Globacom Invests in Its Mobile Network Infrastructure in Africa 210
PART 3 Business Information Systems 213
5 Electronic Commerce and Enterprise Systems 214 An Introduction to Electronic Commerce 216 Business-to-Business E-Commerce 217 Business-to-Consumer E-Commerce 217 Consumer-to-Consumer E-Commerce 219 E-Government 219 Mobile Commerce 220 Advantages of Electronic and Mobile Commerce 221 E-Commerce Challenges 222
Electronic and Mobile Commerce Applications 224 Manufacturing 224 Marketing 225 Advertising 225 Bartering 226 Retargeting 227 Price Comparison 228 Couponing 228 Investment and Finance 228 Banking 228
Technology Infrastructure Required to Support E-Commerce and M-Commerce 229
CONTENTS ix
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Hardware 230 Web Server Software 231 E-Commerce Software 231 Mobile Commerce Hardware and Software 231 Electronic Payment Systems 231
Transaction Processing Systems 235 Traditional Transaction Processing Methods and Objectives 236 Transaction Processing Systems for Small- and Medium-Sized Enterprises 240 Transaction Processing Activities 241
Enterprise Systems 244 Enterprise Resource Planning 245 Advantages of ERP 245 Leading ERP Systems 247 Customer Relationship Management 249 Product Lifecycle Management (PLM) 252 Overcoming Challenges in Implementing Enterprise Systems 256 Hosted Software Model for Enterprise Software 257
CASE ONE: Facebook Moves into E-Commerce 265
CASE TWO: Dunkin’ Donuts Prepares for Rapid Growth 266
6 Business Intelligence and Analytics 270 What Are Analytics and Business Intelligence? 272 Benefits Achieved from BI and Analytics 273 The Role of a Data Scientist 274 Components Required for Effective BI and Analytics 275
Business Intelligence and Analytics Tools 276 Spreadsheets 276 Reporting and Querying Tools 277 Data Visualization Tools 277 Online Analytical Processing 279 Drill-Down Analysis 280 Linear Regression 281 Data Mining 282 Dashboards 283 Self-Service Analytics 285
CASE ONE: Analytics Used to Predict Patients Likely to Be Readmitted 292
CASE TWO: Sunny Delight Improves Profitability with a Self-Service BI Solution 293
7 Knowledge Management and Specialized Information Systems 296 What Is Knowledge Management? 298 Knowledge Management Applications and Associated Benefits 300 Best Practices for Selling and Implementing a KM Project 301 Technologies That Support KM 303
Overview of Artificial Intelligence 309 Artificial Intelligence in Perspective 310 Nature of Intelligence 310 Brain-Computer Interface 312 Expert Systems 312
x CONTENTS
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Robotics 316 Vision Systems 317 Natural Language Processing 317 Learning Systems 318 Neural Networks 318 Other Artificial Intelligence Applications 319
Multimedia and Virtual Reality 320 Overview of Multimedia 321 Overview of Virtual Reality 323 Interface Devices 324 Forms of Virtual Reality 325 Virtual Reality Applications 325
Other Specialized Systems 327 Assistive Technology Systems 327 Game Theory 328 Informatics 329
CASE ONE: The NASA Knowledge Map 337
CASE TWO: Doctor on Demand Enables Physicians to Make House Calls 338
PART 4 System Development 343
8 System Acquisition and Development 344 Buy versus Build 346
Waterfall System Development Process 348 System Investigation 349 System Analysis 356 System Design 363 Construction 368 Integration and Testing 371 Implementation 372 System Operation and Maintenance 376
Agile Development 381
Buying Off-the-Shelf Software 384 Package Evaluation Phase 385 Finalize Contract 387 Integration and Testing 388 Implementation 388
CASE ONE: Etsy Uses DevOps for Rapid Deployment 397
CASE TWO: British Telecom Spreading Agile Development across the Globe 398
PART 5 Information Systems in Business and Society 401
9 Cybercrime and Information System Security 402 The Threat Landscape 404 Why Computer Incidents Are So Prevalent 404 Types of Exploits 407 Federal Laws for Prosecuting Computer Attacks 418
CONTENTS xi
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Implementing Secure, Private, Reliable Computing 419 Risk Assessment 419 Establishing a Security Policy 421 Educating Employees and Contract Workers 421 Prevention 422 Detection 425 Response 426 Using a Managed Security Service Provider (MSSP) 428 Computer Forensics 428
CASE ONE: Fairplay Turns to a Managed Security Service Provider 435
CASE TWO: Sony’s Response to North Korea’s Cyberattack 436
10 Ethical, Legal, and Social Issues of Information Systems 440 Computer Waste and Mistakes 442 Computer Waste 442 Computer-Related Mistakes 443 Preventing Computer-Related Waste and Mistakes 445
Privacy Issues 448 Privacy and the Federal Government 448 Privacy at Work 451 Privacy and Email 452 Privacy and Instant Messaging 453 Privacy and Personal Sensing Devices 453 Privacy and the Internet 454 Privacy and Internet Libel Concerns 455 Privacy and Fairness in Information Use 456 Privacy and Filtering and Classifying Internet Content 456 Corporate Privacy Policies 457 Individual Efforts to Protect Privacy 459
Work Environment 460 Health Concerns 461 Avoiding Health and Environmental Problems 461
Ethical Issues in Information Systems 464 What Is Ethics? 464 Codes of Ethics 466
CASE ONE: FBI Orders Apple to Unlock iPhone 473
CASE TWO: Protecting Health Care Privacy 474
Glossary 478 Subject Index 487 Company Index 501
xii CONTENTS
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Preface
As organizations and entrepreneurs continue to operate in an increasingly competitive and global marketplace, workers in all business areas including accounting, customer service, distribution, finance, human resources, informa- tion systems, logistics, marketing, manufacturing, research and development, and sales must be well prepared to make the significant contributions required for success. Regardless of your future role, even if you are an entre- preneur, you need to understand what information systems can and cannot do and be able to use them to help you achieve personal and organizational goals. You will be expected to discover opportunities to use information sys- tems and to participate in the design and implementation of solutions to busi- ness problems employing information systems. To be successful, you must be able to view information systems from the perspective of business and organi- zational needs. For your solutions to be accepted, you must recognize and address their impact on coworkers, customers, suppliers, and other key busi- ness partners. For these reasons, a course in information systems is essential for students in today’s high-tech world.
Fundamentals of Information Systems, Ninth Edition, continues the tradi- tion and approach of previous editions. Our primary objective is to provide the best information systems text and accompanying materials for the first information systems course required for all business students. We want you to learn to use information systems to ensure your personal success in your current or future role and to improve the success of your organization. Through surveys, questionnaires, focus groups, and feedback that we have received from current and past adopters, as well as others who teach in the field, we have been able to develop the highest-quality set of teaching materi- als available to help you achieve these goals.
Fundamentals of Information Systems, Ninth Edition, stands proudly at the beginning of the IS curriculum and remains unchallenged in its position as the only IS principles text offering basic IS concepts that every business student must learn to be successful. Instructors of the introductory course faced a dilemma. On one hand, experience in business organizations allows students to grasp the complexities underlying important IS concepts. For this reason, many schools delayed presenting these concepts until students com- pleted a large portion of their core business requirements. On the other hand, delaying the presentation of IS concepts until students have matured within the business curriculum often forces the one or two required introduc- tory IS courses to focus only on personal computing software tools and, at best, merely to introduce computer concepts.
This text has been written specifically for the introductory course in the IS curriculum. Fundamentals of Information Systems, Ninth Edition, addresses the appropriate computer and IS concepts while also providing a strong man- agerial emphasis on meeting business and organizational needs.
xiii Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Approach of This Text
Fundamentals of Information Systems, Ninth Edition, offers the traditional coverage of computer concepts, but places the material within the context of meeting business and organizational needs. Placing information systems concepts within this context and taking a management perspective has always set this text apart from other computer texts, thus making it appeal- ing not only to MIS majors but also to students from other fields of study. The text is not overly technical, but rather deals with the role that informa- tion systems play in an organization and the key principles a manager or technology specialist needs to grasp to be successful. The principles of IS are brought together and presented in a way that is understandable, rele- vant, and interesting. In addition, the text offers an overview of the entire IS discipline, while giving students a solid foundation for further study in more advanced IS courses such as programming, systems analysis and design, project management, database management, data communications, Web site design and development, information system security, big data and analytics, electronic and mobile commerce, and informatics. As such, it serves the needs of both general business managers and those who aspire to become IS professionals.
The overall vision, framework, and pedagogy that made the previous editions so popular have been retained in the Ninth Edition, offering a number of benefits to students and instructors. While the fundamental vision of this market-leading text remains unchanged, the Ninth Edition more clearly highlights established principles and draws on new ones that have emerged as a result of business, organizational, technological, and societal changes.
IS Principles First, Where They Belong Exposing students to basic IS principles is an advantage even for those stu- dents who take no IS courses beyond the introductory IS course. Since most functional areas of the business rely on information systems, an understand- ing of IS principles helps students in their other course work. In addition, introducing students to the principles of information systems helps future business managers and entrepreneurs employ information systems success- fully and avoid mishaps that often result in unfortunate consequences. Fur- thermore, presenting IS concepts at the introductory level creates interest among students who may later choose information systems as their field of concentration.
Author Team Ralph Stair and George Reynolds have decades of academic and industrial experience. Ralph Stair brings years of writing, teaching, and academic expe- rience to this text. He wrote numerous books and a large number of articles while at Florida State University. George Reynolds brings a wealth of informa- tion systems and business experience to the project, with more than 30 years of experience working in government, institutional, and commercial IS organi- zations. He has written numerous IS texts and has taught the introductory IS course at the University of Cincinnati, Mount St. Joseph University, and Strayer University. The Stair and Reynolds team presents a solid conceptual foundation and practical IS experience to students.
xiv PREFACE
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Goals of This Text
Because Fundamentals of Information Systems, Ninth Edition, is written for business majors, we believe that it is important not only to present a realistic perspective on IS in business but also to provide students with the skills they can use to be effective business leaders in their organizations. To that end, Fundamentals of Information Systems, Ninth Edition, has three main goals:
1. To provide a set of core IS principles that prepare students to function more efficiently and effectively as workers, managers, decision makers, and organizational leaders
2. To provide insights into the challenging and changing role of the IS pro- fessional so that students can better appreciate the role of this key individual
3. To show the value of the IS discipline as an attractive field of specializa- tion so that students can evaluate this as a potential career path
IS Principles Fundamentals of Information Systems, Ninth Edition, although comprehen- sive, cannot cover every aspect of the rapidly changing IS discipline. The authors, having recognized this, provide students with an essential core of guiding IS principles to use as they strive to use IS systems in their academic and work environment. Think of principles as basic truths or rules that remain constant regardless of the situation. As such, they provide strong guidance for tough decision making. A set of IS principles is highlighted at the beginning of each chapter. The use of these principles to solve real-world problems is driven home from the opening examples of cutting edge applications to the dozens of real-world examples of organizations applying these principles interspersed throughout each chapter to the interesting and diverse end-of-chapter material. The ultimate goal of Fundamentals of Information Systems, Ninth Edition, is to develop effective, thinking, action-oriented students by instilling them with principles to help guide their decision making and actions.
Survey of the IS Discipline Fundamentals of Information Systems, Ninth Edition, not only offers the tra- ditional coverage of computer concepts but also provides a broad framework to impart students with a solid grounding in the business uses of technology, the challenges of successful implementation, the necessity for gaining broad adop- tion of information systems, and the potential ethical and societal issues that may arise. In addition to serving general business students, this book offers an overview of the entire IS discipline and solidly prepares future IS professionals for advanced IS courses and careers in the rapidly changing IS discipline.
Changing Role of the IS Professional As business and the IS discipline have changed, so too has the role of the IS professional. Once considered a technical specialist, today the IS professional operates as an internal consultant to all functional areas of the organization, being knowledgeable about their needs and competent in bringing the power of information systems to bear throughout the entire organization. The IS pro- fessional must view issues through a global perspective that encompasses the entire enterprise and the broader industry and business environment in which it operates.
The scope of responsibilities of an IS professional today is not confined to just his or her organization but encompasses the entire ecosystem of
PREFACE xv
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
employees, contractors, suppliers, customers, competitors, regulatory agen- cies, and other entities, no matter where they are located. This broad scope of responsibilities creates a new challenge: how to help an organization sur- vive in our highly interconnected, highly competitive global environment. In accepting that challenge, the IS professional plays a pivotal role in shaping the business itself and ensuring its success. To survive, businesses must strive for the highest level of customer satisfaction and loyalty through innovative products and services, competitive prices, and ever-improving product and service quality. The IS professional assumes a critical role in determining the organization’s approach to both overall cost and quality performance and therefore plays an important role in the ongoing growth of the organization. This new duality in the role of the IS worker—a professional who exercises a specialist’s skills with a generalist’s perspective—is reflected throughout Fun- damentals of Information Systems, Ninth Edition.
IS as a Field of Study Computer science and business were ranked #1 and #4, respectively, in the 2016 Princeton Review list of top 10 college majors based on research cover- ing job prospects, alumni salaries, and popularity. A 2016 U.S. News & World Report study placed computer systems analyst, software developer, and Web developer as three of the top 20 best jobs for 2016 based on hiring demand, median salary, employment rate, future job prospects, stress level, and work– life balance. The U.S. Bureau of Labor Statistics identified software develo- pers, computer systems analysts, and computer support specialists as among the fastest growing occupations for the period 2012 and 2022. Clearly, the long-term job prospects for skilled and business-savvy information systems professionals is good. Employment of such workers is expected to grow faster than the average for all occupations through the year 2022. Upon graduation, IS graduates at many schools are among the highest paid of all business graduates.
A career in IS can be exciting, challenging, and rewarding! Today, per- haps more than ever before, the IS professional must be able to align IS and organizational goals and to ensure that IS investments are justified from a business perspective. The need to draw bright and interested students into the IS discipline is part of our ongoing responsibility. Throughout this text, the many challenges and opportunities available to IS professionals are highlighted and emphasized.
Changes in the Ninth Edition
A number of exciting changes have been made to the text based on user feed- back on how to align the text even more closely with changing IS needs and capabilities of organizations. Here is a summary of those changes:
● Did You Know? Each chapter begins with two or three examples of cut- ting edge applications illustrating the concepts covered in the chapter.
● Critical Thinking Exercises. Each exercise features a scenario followed by two review and two critical thinking questions. Placed at the end of each major section of each chapter, these exercises test the student’s grasp of the material just read. Students must analyze a real-life scenario and synthesize the information provided to develop a recommendation of what needs to be done. The exercises can also be used to stimulate class discussion or as additional “mini cases” that may be assigned as individual or team exercises.
xvi PREFACE
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
● Updated case studies. Two end-of-chapter case studies for each chapter provide a wealth of practical information for students and instructors. Each case explores a chapter concept or problem that a real-world organi- zation has faced. The cases can be assigned as individual or team home- work exercises or serve as the basis for class discussion.
● Updated summary linked to objectives. Each chapter includes a detailed summary, with each section of the summary updated as needed and tied to an associated information system principle.
● Updated end-of-the chapter questions and exercises. More than half of the extensive end-of-chapter exercises (Self-Assessment Test, Review Questions, Discussion Questions, Problem-Solving Exercises, Team Activi- ties, Web Exercises, and Career Exercises) are new.
● New chapters covering the latest IS developments. New chapters include Database Systems and Big Data, Business Intelligence and Analyt- ics, System Acquisition and Development, and Cybercrime and Informa- tion System Security. These chapters cover important topics such as data governance, Hadoop, NoSQL databases, Cross-Industry Process for Data Mining, various business analytics techniques, self-service analytics, agile development, DevOps, extreme programming, Pareto principle, advanced persistent threat, cyberterrorism, next-generation firewall, risk assessment, and zero-day attack.
● Extensive changes and updates in each chapter. The remaining chap- ters in the text have all been extensively updated to provide the latest information available on a wide range of IS-related topics including hun- dreds of new and current examples of organizations and individuals illus- trating the principles presented in the text. In addition, a strong effort was made to update the art work and figures with over 50 new figures and images.
Online Solutions
MindTap™ MindTap for Stair/Reynolds Fundamentals of Information Systems, Ninth Edi- tion, is a truly innovative reading experience with assignments that guide stu- dents to analyze, apply, and improve thinking! Relevant readings, multimedia, and activities are designed to move students up the levels of learning, from basic knowledge and comprehension to application, analysis, synthesis, and evaluation. Embedded within the eReader, ConceptClips focus on the chal- lenge of understanding complicated IS terminology and concepts. Student- tested and approved, the videos are quick, entertaining, and memorable visual and auditory representations of challenging topics.
MindTap allows instructors to measure skills and outcomes with ease. Personalized teaching becomes yours through a Learning Path built with key student objectives and the ability to control what students see and when they see it. Analytics and reports provide a snapshot of class progress, time in course, engagement, and completion rates.
ConceptClips ConceptClip videos help students learn and comprehend intro-level informa- tion systems terminology by introducing new terms in a friendly and memora- ble way. Thirteen new concept clips have been created for a total of 41 concept clips.
PREFACE xvii
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Adaptive Test Prep This application allows students to take sample tests designed specifically to mimic the test bank question instructors use to build real exams. Over 540 questions are included.
Student Resources
Accessible through CengageBrain.com, the student companion Web site con- tains the following study tools (and more!) to enhance one’s learning experience:
PowerPoint Slides Direct access is offered to the book’s PowerPoint presentations that cover the key points of each chapter.
Classic Cases A frequent request from adopters is that they’d like a broader selection of cases to choose from. To meet this need, a set of over 50 cases from the previ- ous two editions of the text are included here. These are the author’s choices of the “best cases” from these editions and span a broad range of profit, non- profit, small, medium, and large organizations in a broad range of industries.
Instructor Resources
Instructor Companion Site As always, we are committed to providing the best teaching resource packages available in this market. All instructor materials can be found on the password-protected Web site at http://login.cengage.com. Here you will find the following resources:
● Instructor’s Manual The comprehensive manual provides valuable chap- ter overviews; highlights key principles and critical concepts; offers sam- ple syllabi, learning objectives, and discussion topics; and features possible essay topics, further readings, cases, and solutions to all of the end-of-chapter questions and problems, as well as suggestions for con- ducting the team activities. Additional end-of-chapter questions are also included.
● Sample Syllabus A sample syllabus for both a quarter and semester length course is provided with sample course outlines to make planning your course that much easier.
● PowerPoint Presentations A set of impressive Microsoft PowerPoint slides is available for each chapter. These slides are included to serve as a teaching aid for classroom presentation, to make available to students on the network for chapter review, or to be printed for classroom distribu- tion. The goal of the presentations is to help students focus on the main topics of each chapter, take better notes, and prepare for examinations. Instructors can add their own slides for additional topics they introduce to the class.
● Figure Files Figure files allow instructors to create their own presenta- tions using figures taken directly from the text.
xviii PREFACE
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Test Bank and Cengage Learning Testing Powered by Cognero Cognero is a full-featured, online-assessment system that allows instructors to manage test bank content, quickly create multiple test versions, deliver tests in several forms including from an LMS, and create test banks anywhere with Internet access!
To access Cognero, log into your Cengage Learning instructor account at http://login.cengage.com. Add this title to the bookshelf. Once the title is prop- erly added to the bookshelf, a link to access Cognero will appear alongside the link to the instructor companion site. Technical questions, guides, and tutor- ials are hosted on Cengage Learning Technical Support Web site—http:// support.cengage.com.
Acknowledgments
Creation of a text of this scope takes a strong team effort. We would like to thank all of our fellow teammates at Cengage Learning for their dedication and hard work. We would like to thank Joe Sabatino and Kristin McNary, our Product Directors, for their overall leadership and guidance on this effort. Special thanks to Jonathan Gross and Michelle Ruelos Cannistraci, our Content Developers who shepherded the text through the production process and kept us on track. We are grateful for the excellent work by Michelle Ruelos Cannistraci in managing the creation of the many supplements to accompany the text. Our appreciation also goes to Arul Joseph Raj, Joseph Malcolm, Brit- tani Morgan, Jennifer Ziegler, Aruna Sekar, Kathy Kucharek, and Mathangi Anantharaman.
We would also like to thank Kristen Maxwell of Evil Cyborg Productions for creating the ConceptClips videos that so humorously bring many key terms found in the text to life.
We would especially like to thank Mary Pat Schaffer for her outstanding work in editing the text and keeping track of the many revisions and changes. She also did an outstanding job in writing many of the end-of-chapter cases and creating initial drafts of four of the chapters.
Our Commitment
We are committed to listening to our adopters and readers in order to develop creative solutions to meet their needs. The field of IS continually evolves, and we strongly encourage your participation in helping us provide the freshest, most relevant information possible.
We welcome your input and feedback. If you have any questions or com- ments regarding Fundamentals of Information Systems, Ninth Edition, please contact us through your local representative.
PREFACE xix
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
PART 1 Information Systemsin Perspective Chapter 1 An Introduction to Information Systems in Organizations
Rawpixel.com/Shutterstock.com
1 Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
CHAPTER
1 An Introduction to Information Systems in Organizations
Syda Productions/Shutterstock.com
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Know?Did Yo u
• A significant contributor to project failures is overlooking the need to address employee adoption and resistance jointly. One resource claims that 30 to 70 percent of large information systems projects fail, at least in part, due to a failure to prepare the business users for the actual change to come.
• Technology is one of the fastest-growing areas in the U.S. economy, and information systems professionals such as software developers, computer systems ana- lysts, and computer support specialists are in high demand.
Principles Learning Objectives • The value of information is directly linked to how it
helps decision makers achieve the organization’s goals.
• Distinguish data from information and knowledge, and describe the characteristics of quality data.
• Information systems are composed of fundamen- tal components that must be carefully assembled and integrated to work well together.
• Identify the fundamental components of an information system and describe their function.
• Managers have an essential role to play in the successful implementation and use of information systems—that role changes depending on which type of IS system is being implemented.
• Identify the three fundamental information system types and explain what organizational comple- ments must be in place to ensure successful implementation and use of the system.
• Information systems must be implemented in such a manner that they are accepted and work well within the context of an organization and support its fundamental business goals and strategies.
• Define the term “the soft side of implementing change,” and explain why it is a critical factor in the successful adoption of any major change.
• Identify and briefly describe five change models that can be used to increase the likelihood of successfully introducing a new information sys- tem into an organization.
• The information system worker functions at the intersection of business and technology and designs, builds, and implements solutions that allow organizations to effectively leverage infor- mation technology systems.
• Define the types of roles, functions, and careers available in the field of information systems.
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Why Learn about Information Systems? We live in an information economy. Information itself has real value, and in order to stay competitive, organizations require a steady flow of information about their business partners, competitors, customers, employees, markets, and suppliers. Information systems are increasingly being used to gather, store, digest, analyze, and make sense out of all this information. Indeed, information systems are even embedded in and control many of the products we use on a daily basis. Using information systems, individuals communicate instantaneously with one another; consumers make purchases online using mobile devices; project members dispersed globally and across multiple organizations collaborate effectively; financial institutions manage billions of dollars in assets around the world; and manufacturers partner with suppliers and customers to track inventory, order supplies, and distribute goods faster than ever before.
Information systems will continue to change businesses and the way we live. Indeed, many corporate leaders are using technology to rework every aspect of their organization from product and service creation through production, delivery, and customer service. To prepare to participate in and lead these innovations, you must be familiar with fundamental information concepts. Regardless of your college major or chosen career, knowledge of information systems is indispensable in helping you land your first job. The ability to recognize and capitalize on information system opportunities can make you an even more valuable member of your organization and will ultimately help advance your career.
As you read this chapter, consider the following:
• How are organizations using information systems to accomplish their objectives and meet ever-changing business needs?
• What role might you have in identifying the need for, acquiring, or using such systems?
An Introduction to Information Systems
Information is a central concept of this book. The term is used in the title of the book, in this section, and in every chapter. To be an effective manager in any area of business, you need to understand that information is one of an organization’s most valuable resources. Information is not the same thing as data, and knowledge is different from both data and information. These con- cepts will now be explained.
Data, Information, and Knowledge Data consists of raw facts, such as an employee number, total hours worked in a week, an inventory part number, or the number of units produced on a produc- tion line. As shown in Table 1.1, several types of data can represent these facts. Information is a collection of data organized and processed so that it has addi- tional value beyond the value of the individual facts. For example, a sales man- ager may want individual sales data summarized so it shows the total sales for the month. Providing information to customers can also help companies increase revenues and profits. For example, social shopping Web site Kaboodle brings
TABLE 1.1 Types of data Data Represented By
Alphanumeric data Numbers, letters, and other characters
Audio data Sounds, noises, or tones
Image data Graphic images and pictures
Video data Moving images or pictures
data: Raw facts such as an employee number or total hours worked in a week.
information: A collection of data organized and processed so that it has additional value beyond the value of the individual facts.
4 PART 1 • Information Systems in Perspective
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
shoppers and sellers together electronically so they can share information and make recommendations while shopping online. The free exchange of informa- tion stimulates sales and helps ensure shoppers find better values.
Another way to appreciate the difference between data and information is to think of data as the individual items in a grocery list—crackers, bread, soup, cereal, coffee, dishwashing soap, and so on. The grocery list becomes much more valuable if the items in the list are arranged in order by the aisle in which they are found in the store—bread and cereal in aisle 1, crackers and soup in aisle 2, and so on. Data and information work the same way. Rules and relation- ships can be set up to organize data so it becomes useful, valuable information.
The value of the information created depends on the relationships defined among existing data. For instance, you could add specific identifiers to the items in the list to ensure that the shopper brings home the correct item—whole wheat bread and Kashi cereal in aisle 1, saltine crackers and chicken noodle soup in aisle 2, and so on. By doing so, you create a more useful grocery list.
Turning data into information is a process, or a set of logically related tasks performed to achieve a defined outcome. The process of defining relationships among data to create useful information requires knowledge, which is the awareness and understanding of a set of information and the ways in which that information can be made useful to support a specific task or reach a decision. In other words, information is essentially data made more useful through the appli- cation of knowledge. For instance, there are many brands and varieties of most items on a typical grocery list. To shop effectively, the grocery shopper needs to have an understanding of the needs and desires of those being shopped for so that he knows to purchase one can of Campbell’s (not the store brand!) low- sodium chicken noodle soup for the family member who is diabetic along with two cans of Campbell’s regular chicken noodle soup for everyone else.
In some cases, people organize or process data mentally or manually. In other cases, they use a computer. This transformation process is shown in Figure 1.1.
FIGURE 1.1 Process of transforming data into information Transforming data into information starts by selecting data, then organizing it, and finally manipulat- ing the data.
Select data
Organize data
Data (2,1)
Data (3,1)
Data (n,1)
Data (2,2)
Data (3,2)
Manipulate data
Total 1 Total 2 Total 3
Data (2,3)
Data (3,3)
Data (n,2) Data (n,3)
Data Data
Data
Data (1,1) Data (1,2) Data (1,3)
process: A set of logically related tasks performed to achieve a defined outcome.
knowledge: The awareness and understanding of a set of information and the ways that information can be made useful to support a specific task or reach a decision.
CHAPTER 1 • An Introduction to Information Systems in Organizations 5
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
The Value of Information The value of information is directly linked to how it helps decision makers achieve their organization’s goals. Valuable information can help people per- form tasks more efficiently and effectively. Many businesses assume that reports are based on correct, quality information, but, unfortunately, that is not always true. For example, Experian (a global information services firm that provides credit services, marketing services, decision analytics, and consumer services) estimates that on average, 22 percent of an organization’s customer contact data is wrong.1 Companies can easily waste over $100 per inaccurate customer con- tact data record on direct-mail marketing sent to wrong addresses and the inabil- ity to properly track leads. For example, an organization with 100,000 customers and a 22 percent error rate projects to a loss of $2.2 million.2
Characteristics of Quality Information Fundamental to the quality of a decision is the quality of the information used to reach that decision. Any organization that stresses the use of advanced infor- mation systems and sophisticated data analysis before information quality is doomed to make many wrong decisions. Table 1.2 lists the characteristics that determine the quality of information. The importance of each of these charac- teristics varies depending on the situation and the kind of decision you are try- ing to make. For example, with market intelligence data, some inaccuracy and incompleteness is acceptable, but timeliness is essential. Market intelligence data may alert you that a competitor is about to make a major price cut. The exact details and timing of the price cut may not be as important as being
TABLE 1.2 Characteristics of quality information Characteristic Definition
Accessible Information should be easily accessible by authorized users so they can obtain it in the right for- mat and at the right time to meet their needs.
Accurate Accurate information is error free. In some cases, inaccurate information is generated because inac- curate data is fed into the transformation process. This is commonly called garbage in, garbage out.
Complete Complete information contains all the important facts. For example, an investment report that does not include all important costs is not complete.
Economical Information should also be relatively economical to produce. Decision makers must always balance the value of information with the cost of producing it.
Flexible Flexible information can be used for a variety of purposes. For example, information on how much inventory is on hand for a particular part can be used by a sales representative in closing a sale, by a production manager to determine whether more inventory is needed, and by a financial execu- tive to determine the amount of money the company has invested in inventory.
Relevant Relevant information is important to the decision maker. Information showing that lumber prices might drop is probably not relevant to a computer chip manufacturer.
Reliable Reliable information can be trusted by users. In many cases, the reliability of the information depends on the reliability of the data-collection method. In other instances, reliability depends on the source of the information. A rumor from an unknown source that oil prices might go up may not be reliable.
Secure Information should be secure from access by unauthorized users.
Simple Information should be simple, not complex. Sophisticated and detailed information might not be needed. In fact, too much information can cause information overload, whereby a decision maker has too much information and is unable to determine what is really important.
Timely Timely information is delivered when it is needed. Knowing last week’s weather conditions will not help when trying to decide what coat to wear today.
Verifiable Information should be verifiable. This means that you can check it to make sure it is correct, per- haps by checking many sources for the same information.
6 PART 1 • Information Systems in Perspective
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
warned far enough in advance to plan how to react. On the other hand, accu- racy and completeness are critical for data used in accounting for the manage- ment of company assets, such as cash, inventory, and equipment.
What Is an Information System? Another central concept of this book is that of an information system. People and organizations use information systems every day. An information system (IS) is a set of interrelated components that collect, process, store, and disseminate data and information; an information system provides a feedback mechanism to monitor and control its operation to make sure it continues to meet its goals and objectives. The feedback mechanism is critical to helping organizations achieve their goals, such as increasing profits or improving customer service.
A computer-based information system (CBIS) is a single set of hard- ware, software, databases, networks, people, and procedures that are config- ured to collect, manipulate, store, and process data into information. Increasingly, companies are incorporating computer-based information systems into their products and services. Investment companies offer their customers a wide range of powerful investment tools, including access to extensive online research. Automobiles are available with advanced navigation systems that not only guide you to your destination but also incorporate information regarding the latest weather and traffic conditions to help you avoid congestion and traf- fic delays. Watches, digital cameras, mobile phones, music players, and other devices rely on CBIS to bring their users the latest and greatest features.
The components of a CBIS are illustrated in Figure 1.2. An organization’s technology infrastructure includes all the hardware, software, databases, networks, people, and procedures that are configured to collect, manipulate,
Software
D u
ke s/
S h
u tt
e rs
to ck
.c o
m
S a sh
ki n
/S h
u tt
e rs
to ck
.c o
m
D u
si t/
S h
u tt
e rs
to ck
.c o
m
N a so
n o
v V
a si
li y /S
h u
tt e rs
to ck
.c o
m
N o
o lw
le e /S
h u
tt e rs
to ck
.c o
m
Networks
HardwareDatabases
A n
d re
sr /S
h u
tt e rs
to ck
.c o
m
People
Procedures
© va rio us
sh ut te rs to ck
ph ot os
FIGURE 1.2 Components of a computer-based information system Hardware, software, networks, people, and procedures are part of a business’s technology infrastructure.
information system (IS): A set of interrelated components that collect, process, store, and disseminate data and information; an information system provides a feedback mechanism to monitor and control its operation to make sure it continues to meet its goals and objectives.
computer-based information system (CBIS): A single set of hardware, software, databases, net- works, people, and procedures that are configured to collect, manipulate, store, and process data into information.
technology infrastructure: All the hardware, software, databases, networks, people, and procedures that are configured to collect, manipulate, store, and process data into information.
CHAPTER 1 • An Introduction to Information Systems in Organizations 7
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
store, and process data into information. The technology infrastructure is a set of shared IS resources that form the foundation of each computer-based infor- mation system.
People make the difference between success and failure in all organiza- tions. Jim Collins, in his book, Good to Great, said, “Those who build great companies understand that the ultimate throttle on growth for any great com- pany is not markets, or technology, or competition, or products. It is one thing above all others: the ability to get and keep enough of the right people.”3 Thus, it comes as no surprise that people are the most important element in computer-based information systems.
Good systems can enable people to produce extraordinary results. They can also boost job satisfaction and worker productivity.4 Information systems personnel include all the people who manage, run, program, and maintain the system, including the chief information officer (CIO), who leads the IS organization. End users are people who work directly with information sys- tems to get results. They include financial executives, marketing representa- tives, and manufacturing line operators.
A procedure defines the steps to follow to achieve a specific end result, such as enter a customer order, pay a supplier invoice, or request a current inventory report. Good procedures describe how to achieve the desired end result, who does what and when, and what to do in the event something goes wrong. When people are well trained and follow effective procedures, they can get work done faster, cut costs, make better use of resources, and more easily adapt to change. When procedures are well documented, they can greatly reduce training costs and shorten the learning curve.
Using a CBIS involves setting and following many procedures, including those for the operation, maintenance, and security of the system. For exam- ple, some procedures describe how to gain access to the system through the use of some log-on procedure and a password. Others describe who can access facts in the database or what to do if a disaster, such as a fire, earth- quake, or hurricane, renders the CBIS unusable. Good procedures can help companies take advantage of new opportunities and avoid lengthy business disruptions in the event of natural disasters. Poorly developed and inade- quately implemented procedures, however, can cause people to waste their time on useless rules or result in inadequate responses to disasters.
Three Fundamental Types of Information Systems Most organizations have a number of different information systems. When considering the role of business managers in working with IS, it is useful to divide information systems into three types: personal IS, group IS, and enter- prise IS.
Personal IS includes information systems that improve the productivity of individual users in performing stand-alone tasks. Examples include per- sonal productivity software, such as word-processing, presentation, and spreadsheet software.
In today’s fast-moving, global work environment, success depends on our ability to communicate and collaborate with others, including colleagues, cli- ents, and customers. Group IS includes information systems that improve communications and supports collaboration among members of a workgroup. Examples include Web conferencing software, wikis, and electronic corporate directories.
Enterprise IS includes information systems that organizations use to define structured interactions among their own employees and/or with exter- nal customers, suppliers, government agencies, and other business partners. Successful implementation of these systems often requires the radical redesign of fundamental work processes and the automation of new processes. Target
procedure: A set of steps that need to be followed to achieve a specific end result, such as enter a customer order, pay a supplier invoice, or request a current inventory report.
personal IS: An information system that improves the productivity of indi- vidual users in performing stand-alone tasks.
group IS: An information system that improves communications and supports collaboration among members of a workgroup.
enterprise IS: An information sys- tem that an organization uses to define structured interactions among its own employees and/or with external custo- mers, suppliers, government agencies, and other business partners.
8 PART 1 • Information Systems in Perspective
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
processes may include purely internal activities within the organization (such as payroll) or those that support activities with external customers and suppliers (order processing and purchasing). Three examples of enter- prise IT are transaction processing, enterprise, and interorganizational systems.
For each type of IS, certain key organizational complements must be in place to ensure successful implementation and use of the system. These com- plements include:
● Well-trained workers. Employees must be well trained and under- stand the need for the new system, what their role is in using or operating the system, and how to get the results they need from the system.
● System support. Trained and experienced users who can show others how to gain value from the system and overcome start-up problems.
● Better teamwork. Employees must understand and be motivated to work together to achieve the anticipated benefits of the system.
● Redesigned processes. New systems often require radical redesign of existing work processes as well as the automation of new processes.
● New decision rights. Employees must understand and accept their new roles and responsibilities including who is responsible for making what decisions. Roles and responsibilities often change with introduction of a new system.
Managers have an essential role to play in the successful implementation and use of information systems. That role changes depending on which type of IS system is being implemented, as shown in Table 1.3, which also high- lights other characteristics and provides examples of each type.
Kroger’s QueVision System Improves Customer Service Kroger has annual sales in excess of $100 billion and operates stores across the United States under various names, including Kroger’s, Ralph’s, and Harris Teeter.
TABLE 1.3 Examples and characteristics of each type of information system Personal IS Group IS Enterprise IS
Examples Personal productivity soft- ware, decision-support system
Email, instant messaging, project management software
Transaction processing systems, enterprise sys- tems, interorganizational systems
Benefits Improved productivity Increased collaboration Increased standardization and ability to monitor work
Organizational comple- ments (including well- trained workers, system support, better team- work, redesigned pro- cesses, and new decision rights)
Does not bring comple- ments with it Partial benefits can be achieved without all complements being in place
At least some complements must be in place when IS “goes live” Allows users to implement and modify complements over time
Full complements must be in place when IS “goes live”
Manager’s role Ensure that employees understand and connect to the change Encourage use Challenge workers to find new uses
Demonstrate how tech- nology can be used Set norms for participation
Identify and put into place the full set of organizational complements prior to adoption Intervene forcefully and continually to ensure adoption
organizational complement: A key component that must be in place to ensure successful implementation and use of an information system.
CHAPTER 1 • An Introduction to Information Systems in Organizations 9
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
In surveys, Kroger’s customers have consistently rated waiting at the check- out lane as the worst part of the grocery shopping experience. In response, Kroger developed its QueVision computer-based information system, which relies on real-time data feeds from point-of-sale systems as well as infrared sensors over store doors and cash registers to count customers entering the store and standing at checkout lanes. The system also uses historical point- of-sale records to forecast the number of shoppers that can be expected and, therefore, the number of cashiers that will be needed. All this was done to achieve the goal of ensuring that customers never have more than one per- son ahead of them in the checkout lane. The system provides feedback by displaying customer checkout time on a screen that both employees and cus- tomers can see—delivering a visible measure of how well the whole system is working. The system is now deployed at over 2,300 stores in 31 states and has cut the average time a customer must wait to begin checkout from four minutes to 30 seconds.5
You are a new store manager at a Kroger store where the QueVision system has been deployed for two years. Unfortunately, since you took charge of this store two weeks ago, you have received numerous complaints about the system from store cashiers and baggers. These employees are requesting that you either turn off the screen that displays customer checkout time or add more cashiers and baggers to each shift to reduce checkout times, which are currently averaging over six minutes.
Review Questions 1. Would you classify the QueVision system as personal, group, or enterprise
information system? 2. Five key organizational complements must be in place to ensure successful
implementation and use of a new system. Which two of these components seem to be missing at your store?
Critical Thinking Questions 1. Employees are requesting that you turn off the screen that displays customer
checkout time or add more cashiers and baggers to each shift to reduce wait times. What action would you take to address the concerns of the cashiers and baggers?
a. Turn off the QueVision system now. b. Add more cashiers and baggers to each shift as soon as possible. c. Observe the checkout process and performance of cashiers and baggers
for a few days before taking action. d. Tell the cashiers and baggers their performance is unacceptable and to
“step it up.”
2. Provide a brief rationale for your recommended course of action.
Information Systems in Organizations
An organization is a group of people that is structured and managed to meet its mission or set of group goals. “Structured” means that there are defined rela- tionships between members of the organization and their various activities, and that procedures are defined that assign roles, responsibilities, and authority to complete the various activities. In many cases, the processes are automated using well-defined information systems. Organizations are considered to be open systems, meaning that they affect and are affected by their surrounding environment. See Figure 1.3.
organization: A group of people that is structured and managed to meet its mission or set of group goals.
10 PART 1 • Information Systems in Perspective
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Value Chains Providing value to a stakeholder—customer, supplier, partner, shareholder, or employee—is the primary goal of any organization. The value chain, first described by Michael Porter in a classic 1985 Harvard Business Review article titled “How Information Gives You Competitive Advantage,” reveals how organizations can add value to their products and services. The value chain is a series (chain) of activities that an organization performs to transform inputs into outputs in such a way that the value of the input is increased. An organization may have many value chains, and different organizations in different industries will have different value chains. As an example of a simple value chain, the gift wrapping department of an upscale retail store takes packages from customers, covers them with appropriate, decorative wrapping paper, and gives the package back to the customer, thus increasing the customer’s (and the recipient’s) perceived value of the gift.
In a manufacturing organization, the supply chain is a key value chain whose primary activities include inbound logistics, operations, outbound logistics, marketing and sales, and service. See Figure 1.4. These primary activities are directly concerned with the creation and/or delivery of the prod- uct or service. The supply chain also includes four main areas of support activities, including technology infrastructure, human resource management, accounting and finance, and procurement. (Technology infrastructure includes not only research and development but also information systems hardware, software, databases, and networks.)
The concept of value chain is also meaningful to companies that don’t manufacture products, including tax preparers, restaurants, book publishers, legal firms, and other service providers. By adding a significant amount of value to their products and services, companies ensure their success.
Environment - Customers - Suppliers - Technology
Inputs - Capital - Equipment - Facilities - Materials - Supplies - Labor - Knowledge
Transformation process - Alteration - Manufacture - Transportation - Storage
Corrective actions
Feedback data
Goods and services
Corrective actions
Feedback data
Monitoring and control
Outputs - Goods - Services - Feedback
- Economy - Business partners - Industry
- Competition - Shareholder - Governments
FIGURE 1.3 General model of an organization Information systems support and work within the automated portions of an organizational process.
value chain: A series (chain) of activities that an organization performs to transform inputs into outputs in such a way that the value of the input is increased.
supply chain: A key value chain whose primary activities include inbound logistics, operations, outbound logistics, marketing and sales, and service.
CHAPTER 1 • An Introduction to Information Systems in Organizations 11
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Supply chain management (SCM) encompasses all the activities required to get the right product into the right consumer’s hands in the right quantity at the right time and at the right cost—from the identification of suppliers and the acquisition of raw materials through manufacture and customer deliv- ery. The organizations that compose the supply chain are “linked” together through both physical flows and information flows. Physical flows involve the transformation, movement, and storage of supplies and raw materials. Information flows allow participants in the supply chain to communicate their plans, coordinate their work, and manage the efficient flow of goods and material up and down the supply chain. See Figure 1.5.
Organizations are constantly fine-tuning and adjusting their supply chain. For example, many companies are increasing their use of free shipping to cus- tomers in hopes of increasing sales and profits. Amazon is experimenting with AmazonFresh, a Web site that offers fast, free delivery of groceries on orders over $35 and other products in the Los Angeles and Seattle areas. Customers can
FIGURE 1.4 Supply chain The primary and support activities of the manufacturing supply chain are concerned with creating or deliver- ing a product or service.
Suppliers Raw material Transportation Storage
Inbound logistics
Outbound logistics
Marketing and sales Services
Technology infrastructure, including information systems
Human resource management
Accounting and finance
Procurement
Operations
Customer serviceAdvertising Promoting Selling
Receiving Storage Manufacturing
Storage Shipping
FIGURE 1.5 Ford Motor Company assembly line Ford Motor Company’s use of infor- mation systems is a critical support activity of its supply chain. The com- pany gives suppliers access to its inventory system so that the suppliers can monitor the database and auto- matically send another shipment of parts, such as engine parts or bum- pers, eliminating the need for pur- chase orders. This procedure speeds delivery and assembly time and low- ers Ford’s inventory-carrying costs. ©
N at al iy a H or a/ Sh ut te rs to ck .c om
Supply chain management (SCM): The management of all the activities required to get the right prod- uct into the right consumer’s hands in the right quantity at the right time and at the right cost—from the identification of suppliers and the acquisition of raw materials through manufacture and customer delivery.
12 PART 1 • Information Systems in Perspective
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
place an order by 10 am and have it by dinner; orders placed by 10 pm will be delivered by breakfast time. The e-commerce giant is also experimenting with a new drive-up store concept that will allow consumers to order grocery items online and then schedule a pickup at a dedicated facility. Many organizations are also outsourcing much of their outbound distribution activities, including the storage and shipping of finished products to customers and the return of items from customers. Amazon, DHL, FedEx, Rakuten, Shipwire, UPS, and other com- panies are highly skilled and efficient at performing these functions.
Change in the Organization Your organization’s current products, services, and ways of accomplishing work are doomed to obsolescence. Fail to change and your competition will take away your customers and your profits. Positive change is a key ingredient for any successful organization. This section will discuss important topics related to change including innovation, reengineering, and continuous improvement.
Innovation Innovation is the application of new ideas to the products, processes, and activities of a firm, leading to increased value. Innovation is the catalyst for the growth and success of any organization. It can build and sustain profits, create new challenges for the competition, and provide added value for custo- mers. Innovation and change are absolutely required in today’s highly com- petitive global environment; without both, the organization is at risk of losing its competiveness and becoming obsolete. The following is a list of just a few of today’s most innovative products:
● Tile is an innovative new product that helps solve a universal problem that we all encounter—occasionally misplacing everyday items and wast- ing time trying to find them. Tile is a smartphone app combined with small devices (tiles) that consumers can stick on their keys, TV remote controls, purses, and wallets. A proximity sensor plays a musical sound through the smartphone app when you come within 100 feet of the tile, so you can walk around to see if the missing item is hiding nearby.
● Healthcare technology company iHealth has introduced several different sen- sors that can measure and report on a wide array of biometric data, including steps taken, distance covered, and calories burned; sleep efficiency; blood pressure; glucose level; and blood oxygen saturation level and pulse rate.
● Butterfleye offers a new, economical home security product that employs a megapixel camera smart enough to recognize you, members of your family, and even your pets. If a stranger is caught inside your home within view of the camera, Butterfleye uses your home Wi-Fi system to alert you via an app.
● NeuroMetrix created Quell, an FDA-approved device that stimulates the brain to block pain receptors for patients with chronic conditions. The device is worn around the calf and calibrated to the user’s body to ensure that it deli- vers the exact amount of relief needed. Quell performs functions similar to existing devices that today must be surgically implanted at much higher cost.
Various authors and researchers have identified different ways of classify- ing innovation. A simple classification developed by Clayton Christensen, a leading researcher in this field, is to think of two types of innovation— sustaining and disruptive.6
Sustaining innovation results in enhancements to existing products, ser- vices, and ways of operating. Such innovations are important because they enable an organization to continually increase profits, lower costs, and gain market share. Procter and Gamble has invested hundreds of millions of dol- lars into making sustaining innovations to its leading laundry detergent, Tide, which was first introduced in 1946. The innovations include: the
Innovation: The application of new ideas to the products, processes, and activities of a firm, leading to increased value.
CHAPTER 1 • An Introduction to Information Systems in Organizations 13
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
reformulation of Tide so it works as well in cold water as it does in hot water; the creation of concentrated Tide, which reduces packaging and dis- tribution costs; and the addition of scent, which makes clothes smell fresher. These innovations have allowed Tide to remain one of the leading deter- gents for several decades, with around $5 billion in worldwide annual sales.7 The brand currently holds a 38 percent share of the North American laundry soap business.8
A disruptive innovation is one that initially provides a lower level of per- formance than the marketplace has grown to accept. Over time, however, the disruptive innovation is improved to provide new performance characteristics, becoming more attractive to users in a new market. As it continues to improve and begins to provide a higher level of performance, it eventually displaces the former product or way of doing things. The cell phone is a good example of a disruptive innovation. The first commercial handheld cell phone was invented in 1973. It weighed 2.5 pounds, had a battery life of less than 30 minutes, cost more than $3,000, and had extremely poor sound quality.9 Compare that with today’s ubiquitous cell phones that have one-tenth the weight, one-fifteenth the cost, and 25 times longer battery life; smartphones can not only place calls but also serve as a camera, a video recorder, and a handheld computer that can run applications and access the Internet.
Reengineering and Continuous Improvement To stay competitive, organizations must occasionally make fundamental changes in the way they do business. In other words, they must innovate and change the activities, tasks, or processes they use to achieve their goals. Reengineering, also called process redesign and business process reengineering (BPR), involves the radical redesign of business processes, organizational structures, information systems, and values of the organization to achieve a breakthrough in business results. See Figure 1.6. Successful reengineering can reduce delivery time, increase product and service quality, enhance customer satisfaction, and increase revenues and profitability.
General Electric employs a strategy it calls GE Advantage to reengineer business processes to increase its speed to market, improve the quality of its products and services, reduce costs, and achieve competitive advantage. This strategy has been applied to its new product introduction process to reduce
FIGURE 1.6 Reengineering Reengineering involves the radical redesign of business processes, organizational structure, information systems, and the values of an orga- nization to achieve a breakthrough in business results.
Reengineering— Business process redesign
Changes to organizational structure
Changes to organizational values
Changes to information systems
reengineering (process redesign/business process reengineering (BPR)): The radical redesign of business processes, organizational structures, information systems, and values of the organization to achieve a breakthrough in business results.
14 PART 1 • Information Systems in Perspective
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
the time it takes to bring a new product to market (in some cases by more than 50 percent), improve the quality of its designs, and lower development costs.
In contrast to reengineering, the idea of continuous improvement (often referred to by the Japanese word “Kaizen”) is a form of innovation that constantly seeks ways to improve business processes and add value to products and services. This continual change will increase customer satisfac- tion and loyalty and ensure long-term profitability. Manufacturing companies make continual product changes and improvements. Service organizations regularly find ways to provide faster and more effective assistance to custo- mers. By doing so, organizations increase customer loyalty, minimize the chance of customer dissatisfaction, and diminish the opportunity for compet- itive inroads.
Boeing has a long tradition and culture supportive of continuous improve- ment, which has yielded many positive results. For example, the time to assemble its popular long-range, wide-body, twin-engine 777 jet airliner has been reduced almost in half through the implementation of many small improvements—from 71 days in 1998 to just 37 days today.10 Table 1.4 compares the strategies of business process reengineering and continuous improvement.
Soft Side of Implementing Change Implementing change, such as a new information system introduces conflict, confusion, and disruption. People must stop doing things the way they are accustomed to and begin doing them differently. Successful implementation of change only happens when people accept the need for change and believe that the change will improve their productivity and enable them to better meet their customers’ needs. The so-called soft side of implementing change involves work designed to help employees embrace a new informa- tion system and way of working. This effort represents the biggest challenge to successful change implementation; yet, it is often overlooked or down- played, resulting in project failure. Indeed, both the Standish Group and Gart- ner, two highly respected organizations that track project implementations globally, believe that a significant contributor to project failures is overlooking the need to address employee adoption and resistance jointly.11 Another resource claims that 30 to 70 percent of large information systems projects fail, at least in part, due to a failure to prepare the business users for the actual change to come.12
TABLE 1.4 Comparing business process reengineering with continuous improvement
Business Process Reengineering Continuous Improvement
Strong action taken to solve serious problem
Routine action taken to make minor improvements
Top-down change driven by senior executives
Bottom-up change driven by workers
Broad in scope; cuts across departments
Narrow in scope; focuses on tasks in a given area
Goal is to achieve a major breakthrough
Goal is continuous, gradual improvements
Often led by resources from outside the company
Usually led by workers close to the business
Information systems are integral to the solution
Information systems provide data to guide the improvement team
continuous improvement: Constantly seeking ways to improve business processes and add value to products and services.
soft side of implementing change: The work designed to help employees embrace a new information system and way of working.
CHAPTER 1 • An Introduction to Information Systems in Organizations 15
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
The California Department of Consumer Affairs is made up of more than 40 entities (including multiple boards, bureaus, committees, and one com- mission) that regulate and license professional and vocational occupations that serve the people of California. Each year, the department processes over 350,000 applications for professional licensure along with some 1.2 mil- lion license renewals. The BreEZe project was initiated in 2009 to streamline the way the department does its business and interacts with its license appli- cants and consumers.13 The resulting information system was intended to eliminate many paper-based processes and speed up the entire licensing process. Unfortunately, the project team failed to adequately involve the business users in the definition of the system requirements and instead made many erroneous decisions about how the system should work. The initial cost estimate for the system was $28 million; however, as of early 2015, project costs exceeded $37 million and less than half the licensing and regulatory boards were using the system. It is estimated that it will cost a total of $96 million to complete the project. Much of the delay and over- spending could have been avoided had the project team worked better with the business users to understand their needs.14
The dynamics of how change is implemented can be viewed in terms of a change management model. A change management model describes the phases an individual or organization goes through in making a change and outlines principles for successful implementation of change. A number of models for dealing with the soft side of implementing change will now be introduced.
Lewin’s Change Model Kurt Lewin and Edgar Schein proposed a three-stage approach for change called Lewin’s change model. See Figure 1.7. The first stage, unfreezing, is ceasing old habits and creating a climate that is receptive to change. Moving, the second stage, involves learning new work methods, behaviors, and sys- tems. The final stage, refreezing, involves reinforcing changes to make the new process second nature, accepted, and part of the job.
FIGURE 1.7 Lewin’s change model Change involves three stages: unfreezing (preparing for change), moving (making the change), and refreezing (institutionalizing the change).
Moving Making the change
Unfreezing Preparing for change
Refreezing Institutionalizing
Key Tasks
Monitor progress against success criteria
Establish processes, systems to institutionalize change
Establish controls to ensure change is occurring
Recognize and reward individuals for exhibiting new behavior
Provide feedback, motivation, additional training to individuals not exhibiting new behavior
Key Tasks
Motivate individuals involved or affected
Coach, train, lead, encou- rage, manage
Provide appropriate resources
Provide on-going feedback
Key Tasks
Communicate what, why, when, who, how
Draw on others, and seek input, ideas
Define objectives, success criteria, resources, schedule, budget
Finalize work plans
Assign leaders and implementation teams
change management model: A description of the phases an individual or organization goes through in making a change and outlining principles for successful implementation of change.
Lewin’s change model: A three- stage approach for implementing change that involves unfreezing, mov- ing, and refreezing.
16 PART 1 • Information Systems in Perspective
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Lewin’s Force Field Analysis A frequently encountered stumbling block to the successful implementation of change, including the implementation of a new system, is negative user reac- tion. People affected by the change may fear that their positions may be elim- inated or their work altered in a way they do not like. Or they may see the introduction of a new information system as a threat to their power and influ- ence. Such fears can lead to resentment, lack of cooperation, or outright resis- tance. Any of these reactions can doom a change project, no matter how carefully the rest of the project is planned.
Lewin extended his change model theory to include force field analysis, which identifies both the driving (positive) and restraining (negative) forces that influence whether change can occur. The driving forces are beliefs, expectations, and cultural norms that tend to encourage a change and give it momentum. Restraining forces are those that make it difficult to accept a change or to work to implement a change. For a change to occur, the strength of the driving forces must exceed the strength of the restraining forces. This can be done in one of two ways: first, by creating new driving forces or mak- ing existing driving forces stronger and, second, by eliminating or weakening existing restraining forces.15
Figure 1.8 is an example of a force-field analysis of a group of workers after they first learn that a new information system is to be installed. The feel- ings shown on the left side are restraining forces against the change. The feel- ings shown on the right side are driving forces that support the change. The length of the arrow represents the relative strength of that feeling. In this example, fear of loss of job is the strongest restraining force.
Negative feelings must be reduced or eliminated in order for a new sys- tem to gain acceptance. The fear of losing one’s job can be eliminated by making it clear that the individual will remain employed by the company. The fear of major changes in one’s job can be reduced by allowing the indi- vidual to participate in developing one’s own new job description. If this is not possible, the person should be thoroughly informed of the new job requirements and provided any necessary training. The positive impact of the change should be stressed.
FIGURE 1.8 Lewin’s force field analysis before addressing concerns Many strong restraining forces will make it difficult to implement this change.
Driving forcesRestraining forces
Fear of loss of job Somehow this may be best for the organization
Uncomfortable with changes in job
Requires training
Distrust of project team
force field analysis: An approach to identifying both the driving (positive) and restraining (negative) forces that influence whether change can occur.
driving forces: The beliefs, expec- tations, and cultural norms that tend to encourage a change and give it momentum.
restraining forces: Forces that make it difficult to accept a change or to work to implement a change.
CHAPTER 1 • An Introduction to Information Systems in Organizations 17
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
It is not enough to reduce or neutralize negative feelings. Positive feelings must also be created to truly motivate the individual. Managers must take the time to explain the many tangible and intangible benefits for the organization as well as for the individual. For instance, in many information system efforts, the new system may lead to job enrichment by enabling the individual to take on more responsibility or to work in a new and more interesting way.
Figure 1.9 is an example of a force field analysis of workers after man- agers have effectively prepared them to accept the system. At this point, the workers should recognize several things: (1) their role is essential to the suc- cess of the system, and they are making an important contribution to the organization, (2) the development of new skills and knowledge will enhance their career growth, and (3) each individual has an important responsibility to perform within the project to secure the potential benefits for both the indi- vidual and the organization.
Leavitt’s Diamond Leavitt’s diamond is another organizational change model that is extremely helpful in successfully implementing change. Leavitt’s diamond proposes that every organizational system is made up of four main components— people, tasks, structure, and technology—that all interact; any change in one of these elements will necessitate a change in the other three elements. Thus, to successfully implement a new information system, appropriate changes must be made to the people, structure, and tasks affected by the new system. See Figure 1.10.
People are the key to the successful implementation of any change. They must be convinced to adopt a positive attitude about the change and be will- ing to exhibit new behaviors consistent with the change. This is likely to require a change in the reward system to recognize those who exhibit the desired new behaviors. Thorough training in any required new skills is also needed.
The organization structure must be modified with appropriate changes in roles, responsibilities, and lines of authority. Along with these changes are required changes in communication patterns, relationships, and coordination among those affected by the change.
FIGURE 1.9 Lewin’s force field analysis after addressing concerns Restraining forces have been weak- ened and driving forces strength- ened so there is a much likelihood of successfully implementing this change.
Driving forcesRestraining forces
Fear of loss of job
Uncomfortable with changes in job
Requires training
Distrust of project team
Will improve my productivity and enable me to better serve our customers
Provides opportunity to perform work in a new and interesting way
There are many benefits for the organization
Leavitt’s diamond: An organiza- tional change model that proposes that every organizational system is made up of four main components—people, tasks, structure, and technology—that all interact; any change in one of these elements will necessitate a change in the other three elements.
18 PART 1 • Information Systems in Perspective
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
The tasks required to complete the work and the flow of work between tasks also need to be changed. For each task, standards on how the work is to be performed and measures for the quality of completion need to be estab- lished. New tools may be required to perform the tasks.
As a result, the major challenges to successful implementation of an infor- mation system are often more behavioral issues than technical. Successful introduction of an information system into an organization requires a mix of both good organizational change skills and technical skills. Strong, effective leadership is required to overcome the behavioral resistance to change and achieve a smooth and successful system introduction.
User Satisfaction and Technology Acceptance Reengineering and continuous improvement efforts (including implementa- tion of new information systems) must be adopted and used to achieve the defined business objectives by targeted users. The technology acceptance model (TAM) specifies the factors that can lead to better attitudes about the use of a new information system, along with its higher acceptance and usage. See Figure 1.11. In this model, “perceived usefulness” is defined as the degree
FIGURE 1.10 Leavitt’s diamond Any change in technology, people, task, or structure will necessitate a change in the other three components.
People - Attitudes - Behavior
- Skills - Reward system
Information system
- Hardware - Software - Network
Tasks - Workflow
- Tools - Standards - Measures
Structure - Roles
- Responsibilities - Authority
External variables
Perceived usefulness (U)
Attitude toward
using (A)
Behavioral intention to
use (BI)
Actual system use
Perceived ease of use (E)
FIGURE 1.11 Technology acceptance model Perceived usefulness (U) and perceived ease of use (E) strongly influence whether someone will use an informa- tion system. Management can improve that perception by demonstrating that others have used the system effec- tively and by providing user training and support.
technology acceptance model (TAM): A model that specifies the factors that can lead to better attitudes about an information system, along with higher acceptance and usage of it.
CHAPTER 1 • An Introduction to Information Systems in Organizations 19
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
to which individuals believe that use of the system will improve their perfor- mance. The “perceived ease of use” is the degree to which individuals believe that the system will be easy to learn and use. Both the perceived usefulness and ease of use can be strongly influenced by the expressed opinions of others who have used the system and the degree to which the organization supports use of the system (e.g., providing incentives and offering training and coaching from key users). Perceived usefulness and ease of use in turn influence an individual’s attitude toward the system, which affect their behav- ioral intention to use the system.16
Avon Products is an international manufacturer and direct seller of beauty, household, and personal care products. Avon products are sold through six million independent and mostly part-time sales representatives worldwide who sell directly to family, friends, and personal contacts.17 In 2013, Avon piloted a new sales system in Canada. The system was intended to streamline the ordering process through the use of iPads, which would allow the sales rep to display products to customers and then check inventory and place orders online. It was estimated that the project would generate some $40 million per year in cost savings and increased sales. Unfortunately, the system was poorly designed and did not meet the sales rep’s expectations in terms of ease of use. Sales reps were often unable to log in to the system, and when they did get logged in, the system frequently would not accept orders, save orders correctly, or reserve inventory based on the orders placed. The system was neither useful nor easy to use. As a result, one Avon execu- tive sales manager estimates that as many as 16,000 Canadian sales reps quit in large part out of frustration with the new system. The pilot was such a disaster that Avon wrote off the project at a cost of nearly $125 million.18
Diffusion of Innovation Theory The diffusion of innovation theory was developed by E.M. Rogers to explain how a new idea or product gains acceptance and diffuses (or spreads) through a specific population or subset of an organization. A key point of this theory is that adoption of any innovation does not happen all at once for all members of the targeted population; rather, it is a drawn-out process, with some people quicker to adopt the innovation than others. See Figure 1.12. Rogers defined five categories of adopters, shown in Table 1.5, each with
Innovators 2.5% Early
adopters 13.5%
Early majority 34%
Late majority 34%
Laggards 16%
FIGURE 1.12 Innovation diffusion Adoption of any innovation does not happen all at once for all members of the targeted population; rather, it is a drawn-out process, with some people quicker to adopt the innovation than others. Source: Everett Rogers, Diffusion of Innovations.
diffusion of innovation theory: A theory developed by E.M. Rogers to explain how a new idea or product gains acceptance and diffuses (or spreads) through a specific population or subset of an organization.
20 PART 1 • Information Systems in Perspective
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
different attitudes toward innovation. When promoting an innovation to a tar- get population, it is important to understand the characteristics of the target population that will help or hinder adoption of the innovation and then to apply the appropriate strategy. This theory can be useful in planning the roll- out of a new information system.
Careers in Information Systems Today, most organizations cannot function or compete effectively without computer-based information systems. Indeed, organizations often attribute their productivity improvement, superior customer service, or competitive advantage in the marketplace to their information systems. The information system worker functions at the intersection of business and technology and designs and builds the solutions that allow organizations to effectively lever- age information technology.
Successful information system workers must enjoy working in a fast- paced, dynamic environment where the underlying technology changes all the time. They must be comfortable with meeting deadlines and solving unex- pected challenges. They need good communication skills and often serve as translators between business needs and technology-based solutions. Success- ful information systems workers must have solid analytical and decision- making skills and be able to translate ill-defined business problems and opportunities into effective technology-based solutions. They must develop effective team and leadership skills and be adept at implementing organiza- tional change. Last, but not least, they need to be prepared to engage in life- long learning in a rapidly changing field.
Specific technical skills that some experts believe are important for IS workers to possess include the following, all of which are discussed in var- ious chapters throughout this book:
● Capability to analyze large amounts of structured and unstructured data ● Ability to design and build applications for mobile devices ● Traditional programming and application development skills ● Technical support expertise ● Project management skills ● Knowledge of networking and cloud computing ● Ability to audit systems and implement necessary security measures ● Web design and development skills ● Knowledge of data center operations
Technology is one of the fastest-growing areas of the U.S. economy, and information systems professionals are in high demand. The U.S. Bureau of
TABLE 1.5 Five categories of innovation adopters Adopter Category Characteristics Strategy to Use
Innovator Risk takers; always the first to try new products and ideas
Simply provide them with access to the new system and get out of their way
Early adopter Opinion leaders whom others listen to and follow; aware of the need for change
Provide them assistance getting started
Early majority Listen to and follow the opinion leaders Provide them with evidence of the system’s effectiveness and success stories
Late majority Skeptical of change and new ideas Provide them data on how many others have tried this and have used it successfully
Laggards Very conservative and highly skeptical of change
Have their peers demonstrate how this change has helped them and bring pressure to bear from other adopters
CHAPTER 1 • An Introduction to Information Systems in Organizations 21
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Labor Statistics (BLS) forecasts an increase of 1.2 million new computing jobs in the time period 2012 to 2022, an average of 124,000 new jobs per year.
While a career in information systems can be challenging, exciting, and rewarding, there are also some drawbacks to such a career. As reliance on technol- ogy increases, organizations have increasing expectations of their information system workers—so that many workers feel constant pressure to increase produc- tivity, take on new tasks, and work more than 40 hours per week. A high degree of stress can accompany the responsibility to fix major systems or network pro- blems that are impacting a large number of users. One must often interact with end users or customers who are frustrated and not in the best of moods.
Figure 1.13 identifies the occupations that the BLS predicts will be the fastest-growing IS positions from 2012 to 2022 along with the median salary for those positions in 2015 (half the people employed in this position make more than this amount; half make less).
Opportunities in information systems are also available to people from foreign countries. The U.S. L-1 and H-1B visa programs seek to allow skilled employees from foreign lands into the United States. Opportunities in these programs, however, are limited and are usually in high demand. The L-1 visa program is often used for intracompany transfers for multinational companies. The H-1B program can be used for new employees. The United States distri- butes its annual 85,000 allotment of visas via a lottery system wherein small tech companies submitting a single H-1B visa application must compete
$100,000
$90,000
$80,000
$70,000
$60,000
$50,000
$40,000
$30,000
$20,000
$10,000
$0 0.0 50.0 100.0 150.0 200.0 250.0
Expected new job openings 2012–2022
20 15
M ed
ia n
sa la
ry
Web developer
Information security analyst
Database administrator
Computer programmer
Application software developer
Computer systems analyst
Computer support specialist
FIGURE 1.13 Occupational outlook for selected information systems positions This chart shows the IS positions that BLS predicts will be among the fastest growing in the near future, along with the median salary for those positions in 2015.
22 PART 1 • Information Systems in Perspective
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
against large organizations that submit thousands of applications to increase their odds of winning the lottery.19
As part of the application process to obtain H-1B approval from the Labor Department, an employer is required to attest that the H-1B workers will not adversely affect the working conditions of workers similarly employed. How- ever, in some cases, it appears that companies are hiring lower-paid H-1B workers to replace existing employees. For instance, in 2015, about 400 infor- mation system workers at Southern California Edison were fired and their work was shifted to H-1B contractors from Tata and Infosys. Another 100 or so information system workers at Northeast Utilities in Connecticut also lost their jobs to H-1B contractors.20 Proponents of the H-1B program believe that it is invaluable to the U.S. economy and its competitiveness.
Roles, Functions, and Careers in IS IS offers many exciting and rewarding careers. Professionals with careers in information systems can work in an IS department or outside a traditional IS department as Web developers, computer programmers, systems analysts, com- puter operators, and in many other positions. Opportunities for IS professionals also exist in the public sector. In addition to technical skills, IS professionals need skills in written and verbal communication, an understanding of organiza- tions and the way they operate, and the ability to work with people and in groups. At the end of every chapter in this book, you will find career exercises that will help you explore careers in IS and career areas that interest you.
Most medium to large organizations manage information system resources through an IS department. In smaller businesses, one or more people might manage information resources, with support from outsourced services. As shown in Figure 1.14, the typical IS organization is divided into three main functions: operations, development, and support.
Chief information officer
Chief technology officer
Operations
Systems analyst
Database administrator
Help desk support specialist
Programmer
Web developer
Development Support
Data center manager
System operator
Information systems security analyst
LAN administrator
System developer
FIGURE 1.14 Three primary functions of the information systems organization Each of these functions—operations, development, and support—encompasses several different IS roles.
CHAPTER 1 • An Introduction to Information Systems in Organizations 23
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Typical IS Titles and Functions The organizational chart shown in Figure 1.14 is a simplified model of an IS department in a typical medium-sized or large organization. The following sections provide a brief description of these roles. Smaller firms often com- bine the roles shown in Figure 1.14 into fewer formal positions.
Chief Information Officer The role of the chief information officer (CIO) is to employ an IS department’s equipment and personnel to help the organization attain its goals. CIOs also understand the importance of finance, accounting, and return on investment. They can help companies avoid damaging ethical challenges by monitoring how their firms are complying with a large number of laws and regulations. A good CIO is typically a visionary who provides leadership and direction to the IS department to help an organization achieve its goals. CIOs need technical, business, and personal skills.
Senior IS Manager A large organization may have several people employed in senior IS managerial levels with job titles such as vice president of information systems, manager of information systems, and chief technology officer (CTO). A central role of all these people is to communicate with other areas of the organization to determine changing business needs. Managers outside the IS organization may be part of an advisory or steering committee that helps the CIO and other IS managers make decisions about the use of information sys- tems. Together, they can best decide what information systems will support corporate goals. The CTO, for example, typically works under a CIO and spe- cializes in networks and related equipment and technology.
Operations The operations group is responsible for the day-to-day running of IS hardware to process the organization’s information systems workload. It must also do capacity planning to expand and upgrade equipment to meet changing business needs. The operations group is constantly looking for ways to reduce the overall cost and increase the reliability of the organiza- tion’s computing. This group is also responsible for protecting the company’s IS systems and data from unauthorized access. Professionals in the operations group include those in the following positions:
● Data center manager. Data center managers are responsible for the maintenance and operation of the organization’s computing facilities that may house a variety of hardware devices—mainframe and or supercom- puters, large numbers of servers, storage devices, and networking equip- ment. Data center managers supervise other operations workers to accomplish the day-to-day work needed to support business operations as well as complete software and hardware upgrades. They also plan for capacity changes and develop business contingency plans in the event of a business disruption due to a fire, power outage, or natural disaster.
● System operator. System operators run and maintain IS equipment. They are responsible for efficiently starting, stopping, and correctly operating mainframe systems, networks, tape drives, disk devices, printers, and so on. Other operations include scheduling, maintaining hardware, and pre- paring input and output.
● Information systems security analyst. IS security analysts are responsi- ble for maintaining the security and integrity of their organizations’ sys- tems and data. They analyze the security measures of the organization and identify and implement changes to make improvement. Security analysts are responsible for developing and delivering training on proper security measures. They also are responsible for creating action plans in the event of a security breach.
● LAN administrator. Local area network (LAN) administrators set up and manage network hardware, software, and security processes. They
24 PART 1 • Information Systems in Perspective
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
manage the addition of new users, software, and devices to the network. They also isolate and fix operations problems.
Development Roles The development group is responsible for implementing the new information systems required to support the organization’s existing and future business needs. Importantly, they must also modify existing infor- mation systems as the needs of the organization evolve and change. They are constantly on the watch for new ways to use information systems to improve the competitiveness of the firm. Professionals in the development group include those in the following positions: ● Software developer. These individuals are involved in writing the soft-
ware that customers and employees use. This includes testing and debug- ging the software as well as maintaining and upgrading software after it is released for operation. Software developers frequently collaborate with management, clients, and others to build a software product from scratch, according to a customer’s specifications, or to modify existing software to meet new business needs.
● Systems analyst. Systems analysts frequently consult with management and users, and they convey system requirements to software developers and net- work architects. They also assist in choosing and configuring hardware and software, matching technology to users’ needs, monitoring and testing the system in operation, and troubleshooting problems after implementation.
● Programmer. Programmers convert a program design developed by a systems analyst or software developer into one of many computer lan- guages. To do this, they must write, debug, and test the program to ensure that it will operate in a way that it will meet the users’ needs.
● Web developers. These professionals design and maintain Web sites, including site layout and function, to meet the client’s requirements. The
© sc yt he r5
FIGURE 1.15 Web developers Web developers create and maintain company Web sites.
CHAPTER 1 • An Introduction to Information Systems in Organizations 25
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
creative side of the job includes creating a user-friendly design, ensuring easy navigation, organizing content, and integrating graphics and audio (Figure 1.15). The more technical responsibilities include monitoring Web site performance and capacity.
Support The support group provides customer service for the employees, customers, and business partners who rely on the firm’s information systems and service to accomplish their work. The support group responds to queries from these constituents and attempts to be proactive in eliminating problems before they occur. They often develop and provide training to users to enable them to better use information systems services and equipment. Professionals in the support group include those in the following positions:
● Database administrator. Database administrators (DBAs) design and set up databases to meet an organization’s needs. DBAs ensure that the data- bases operate efficiently, and they perform fine-tuning, upgrading, and testing modifications as needed. They are also responsible for implement- ing security measures to safeguard the company’s most sensitive data.
● System support specialist. These skilled specialists respond to telephone calls, electronic mail, and other inquiries from computer users regarding hardware, software, networking, or other IS-related problems or needs. System support specialists diagnose the problem through dialogue with the user, research solutions, and implement a plan to resolve the problem or refer the issue to specialized IS staff. Many organizations set up “drop- in” centers, where users can come to meet face-to-face with the help desk specialists to get help.
Other IS Careers In addition to working for an IS department in an organization, IS personnel can work for large consulting firms, such as Accenture, IBM, and Hewlett- Packard. Some consulting jobs entail frequent travel because consultants are assigned to work on various projects, wherever the client is. Such jobs require excellent project management and people skills in addition to IS technical skills. Related career opportunities include computer training, com- puter and computer-equipment sales, and computer equipment repair and maintenance.
Other IS career opportunities include being employed by technology com- panies, such as Oracle, IBM, HP, Microsoft, Google, and Dell. Such a career enables an individual to work on the cutting edge of technology, which can be challenging and exciting.
As some computer companies cut their services to customers, new com- panies are being formed to fill the need. With names such as Speak with a Geek and Geek Squad, these companies are helping people and organiza- tions with computer-related problems that computer vendors are no longer solving.
Some people decide to start their own IS businesses rather than continue to work for someone else. One such entrepreneur, Lavanya Purushothaman, started ATS Solutions, a UK-based company that offers software develop- ment services and consulting to a wide range of industries and business areas. Small business owners like Purushothaman often prefer to be their own boss, with the freedom to think innovatively and take on new chal- lenges.21 Other people become IS entrepreneurs or freelancers, working from home writing programs, working on IS projects with larger businesses, or developing new applications for the iPhone or similar devices. Some Internet sites, such as www.freelancer.com, post projects online and offer information and advice for people working on their own. Many freelancers
26 PART 1 • Information Systems in Perspective
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
work for small- to medium-sized enterprises in the U.S. market. People doing freelance or consulting work must be creative in pursuing new busi- ness, while also protecting themselves financially. Freelancers and consul- tants must aggressively market their talents, and to ensure they are paid, should insist that some or all of their fees for a given project are put into an escrow account.
IS-Related Roles Outside the IS Organization In addition to IS workers placed within the IS organization, some companies have people who take on IS-related roles but reside outside the IS organiza- tion. For example, data scientists, can be found in the marketing, sales, and supply chain management departments of large organizations. Data scientists are responsible for understanding the business analytics technology as well as the business, and then putting all of that together to deliver improvements in decision making.
Based on a recent survey of 165 organizations representing over $45 bil- lion in information technology spending in Europe and the United States, only about 60 percent of all information technology outlays are controlled by the information systems department. This means other business units are responsible for 40 percent of the total information technology costs within an organization.22 Shadow IT is a term used to describe the information systems and solutions built and deployed by departments other than the information systems department. In many cases, the information systems department may not even be aware of these efforts.
At one time, shadow IT was limited to employee or departmental pur- chases of nonstandard computing devices and off-the-shelf software from office supply stores. However, the scope of shadow IT spending has greatly expanded, largely due to cloud computing and the availability of enterprise software, file-sharing apps, and collaboration tools as a service. Cloud service providers can deliver increasing amounts of computing, network, and storage capacity on demand and without requiring any capital investment on the part of the cloud users. These cloud providers typically offer a monthly or annual subscription service model; they may also provide training, support, and data integration services. All of this makes it easier for department managers to skirt formal procedures associated with the purchase of large capital expense items—including scrutiny by the information system department.
Shadow IT enables business managers to quickly create highly innovative solutions to real business problems and to test out these solutions. Such sys- tems may serve as prototypes that evolve into future approved IT solutions. However, shadow IT solutions frequently employ nonapproved vendors, soft- ware, or hardware and may not meet the IS department standards for control, documentation, security, support, and reliability. This raises security risks and issues in regard to compliance with essential government and industry stan- dards, such as Basel III (international standards for the banking industry), FISMA (Federal Information Security Management Act of 2002), GAAP (Gener- ally Accepted Accounting Principles), HIPAA (Health Insurance Portability and Accountability Act), IFRS (International Financial Reporting Standards), and Sarbanes-Oxley Act (accounting regulations for publicly traded companies).
Issues often arise when a shadow IT solution “breaks” and questions are raised about who is responsible for fixing it and supporting the end users. The IS department may not have developed it, or even been not aware of it, but business users expect their help in “fixing” it. Table 1.6 presents a sum- mary of the pros and cons associated with shadow IT.
The information systems department may become more comfortable with shadow IT if it sees the IS department’s role as maximizing the effective use of technology in the company rather than controlling the use of technology.
shadow IT: The information systems and solutions built and deployed by departments other than the information systems department. In many cases, the information systems department may not even be aware of these efforts.
CHAPTER 1 • An Introduction to Information Systems in Organizations 27
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Also shadow IT provides another source of funds to tackle high-priority projects.
Working in Teams Most IS careers involve working in project teams that can consist of many of the positions and roles discussed earlier. Thus, it is always good for IS profes- sionals to have good communication skills and the ability to work with other people. Many colleges and universities have courses in information systems and related areas that require students to work in project teams. At the end of every chapter in this book are team activities that require teamwork to com- plete a project. You may be required to complete one or more of these team- oriented assignments.
A virtual team is a group of individuals whose members are distributed geographically, but who collaborate and complete work through the use of information systems. The virtual team may be composed of individuals from a single organization or from multiple organizations. The team can consist of just two people up to hundreds of team members. One benefit of virtual teams is that they enable organizations to enlist the best people in different geographical regions to solve important organizational problems. Another benefit is that they provide the ability to staff a team with people who have a range of experience and knowledge that stems from a variety of professional experiences and cultural backgrounds.
Often, it is difficult for members of a large virtual organization to meet at a time that is convenient for everyone on the team due to the time zone dif- ferences in their various geographic locations. Thus, members of a virtual team may seldom meet face to face. However, quick communication exchanges among members can be key to project success. Thus, virtual team members may need to continually monitor their email, instant messages, and team Web site and be prepared to participate in an audio or video teleconfer- ence on short notice. See Figure 1.16. Virtual team members must be pre- pared to do work anywhere, anytime. As a result, members of a virtual team may feel that their work day never ends.
TABLE 1.6 Pros and cons of shadow IT efforts Pros Cons
Enables the business to test quick solutions to business needs without delays brought on by involvement of the information systems department
The systems and processes developed may lack necessary levels of security required to meet compliance standards
Can create an innovative, synergistic partnership between the information systems department and other business units
Can create tension between the CIO who has responsibility for technology within the organization and business managers who want more of a role in the information system decisions
Provides the opportunity to evaluate and test many more information sys- tem initiatives
Individual departments may buy ser- vices, software, and hardware that the company could get a better deal through central purchasing.
May be wasteful and duplicate work already being done by the IS organization
Issues can arise over responsibility to fix “nonapproved” solutions
virtual team: A group of individuals whose members are distributed geo- graphically, but who collaborate and complete work through the use of information systems technology.
28 PART 1 • Information Systems in Perspective
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Communications are greatly improved when participants can see one another and pick up facial expressions and body language. Thus, even with sophisticated information system tools, virtual teams still benefit from occa- sional face-to-face meetings. This is particularly true at the beginning of new projects when the team is just forming and defining goals, roles, and expecta- tions on how its members will work together. Virtual organization members must also be sensitive to the different cultures and practices of the various team members to avoid misunderstandings that can destroy team chemistry. It helps if virtual team members take the time to get to know one another by sharing experiences and personal background information.
International advertising, marketing, and public relations firm Ogilvy & Mather maintains offices in 161 cities all over the world and employs some 15,000 workers. The firm promotes the brands of its multinational clients by combining local market know-how with a worldwide network of resources to build powerful campaigns that address local market needs while also reinfor- cing global brand identity. The firm relies on multiple virtual teams across the organization to implement this strategy.23
Finding a Job in IS Traditional approaches to finding a job in the information systems area include attending on-campus visits from recruiters and getting referrals from professors, friends, and family members. People who have quit jobs or been laid off often use informal networks of colleagues or business acquaintances from their previous jobs to help find new jobs.
© A nd re y Bu rm ak in
FIGURE 1.16 Group videoconference A virtual organizational structure allows collaborative work in which managers and employees can effectively work in groups, even those composed of members from around the world.
CHAPTER 1 • An Introduction to Information Systems in Organizations 29
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Many colleges and universities have excellent programs to help students develop résumés and conduct job interviews. Developing an online résumé can be critical to finding a good job. Many companies only accept résumés online and screen job candidates using software to search for key words and skills. Consequently, mentioning the right key words and skills can mean the difference between getting and not getting a job interview. Some corporate recruiters, however, are starting to actively search for employees rather than sifting through thousands of online résumés or posting jobs on their Web sites. Instead, these corporate recruiters do their own Internet searches and check with professional job sites such as www.branchout.com, www.indeed. com, www.linkedin.com, and www.ziprecruiter.com to name just a few. Other companies hire college students to help them market products and ser- vices to other students. In addition to being paid, students can get invaluable career experience. In some cases, it can help them get jobs after graduation.
Students who use the Internet to access other nontraditional sources to find IS jobs have more opportunities to land a job. Many Web sites, such as Mon- ster, Career Builders, Indeed, Simply Hired, Snagged a Job, TheLadders, Linke- dIn, and ComputerJobs, post job opportunities for information system careers as well as more traditional careers. Most large companies list job opportunities on their corporate Web sites. These sites allow prospective job hunters to browse job opportunities and get information on job location, salary, and bene- fits. In addition, some sites allow job hunters to post their résumés. Many peo- ple use social networking sites such as Facebook to help get job leads. Corporate recruiters also use the Internet and social network sites to gather information on current job candidates or to locate new job candidates.
Many professional organizations and online user groups can be helpful in finding a job, staying current once employed, and seeking new career oppor- tunities. These groups include the Association for Computer Machinery (ACM: www.acm.org), the Association of Information Technology Professionals (AITP: www.aitp.org), Apple User Groups (www.apple.com/usergroups), and Linux user groups based in various countries around the world.
Many companies use Twitter to advertise job openings in industries such as advertising and public relations, consulting, consumer products, and education, among others. Many organizations in the information systems industry, includ- ing Google (@googlejobs), Intel (@jobsatIntel), Microsoft (@Microsoft_Jobs), and Yahoo (@EngRecruiter), also use Twitter to advertise job openings.
Students should review and edit what is posted about them on social media sites, as employers often search the Internet to get information about potential employees before they make hiring decisions. Over 90 percent of respondents to a recent survey either use or plan to use some form of social media—such as Facebook, LinkedIn, or Twitter—in their recruiting.24
Certification Often, the people-filling IS roles have completed some form of certification. Certification is a process for testing skills and knowledge; successful comple- tion of a certification exam results in an endorsement by the certifying authority that an individual is capable of performing particular tasks or jobs. Certification frequently involves specific, vendor-provided, or vendor-endorsed coursework. Popular certification programs include Microsoft Certified Systems Engineer (MCSE), Certified Information Systems Security Professional (CISSP), Oracle Certified Professional, and Cisco Certified Security Professional (CCSP). Getting certified from a software, database, or network company may open the door to new career possibilities or result in an increase in pay. According to a recent survey, 65 percent of employers use IT certifications to differentiate between equally qualified candidates, while 72 percent of employers require some form of IT certification as a requirement for certain job roles. In some organizations,
certification: A process for testing skills and knowledge; successful com- pletion of a certification exam results in a statement by the certifying authority that confirms an individual is capable of performing particular tasks.
30 PART 1 • Information Systems in Perspective
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
earning certain certifications can result in a pay increase or eligibility for a new role. The following is a list of some of the more in demand certifications.25
● Citrix Certified Enterprise Engineer ● Comp TIA Security+ ● GIAC Certified Windows System Administrator ● Certified Computer Examiner ● AWS Certified SysOps Administrator-Associate (Cloud) ● EC-Council Certified Security Analyst ● Mongo DB Certified DBA ● Microsoft Certified Solution Developer: Applications Lifecycle Management ● Cisco Certified Design Associate
Reducing New Product Stockouts at Coles You have been employed in the supply chain management organization of Coles for the past two years. You are very excited when you are asked to join a team being formed to address serious inventory management problems often associated with the introduction of new products. Too often, customers who make a trip to Coles to pur- chase a highly advertised new product are disappointed to find the store is out of stock of that particular item. Such stockouts result in lost sales for both Coles and the product supplier and the potential loss of customers as shoppers look elsewhere to find the new product. The resulting loss of customer goodwill can have a long- term effect on sales. Solving this problem will require a balancing act; the company needs to carry sufficient inventory of new products to meet customer demand while avoiding excessive inventory levels that increase costs.
The team you have joined consists of nine people representing the finance, marketing, and supply chain management organizations at both Coles and two of Coles’ largest suppliers. The team is charged with looking at a wide range of solu- tions, including improved analytics and forecasting systems, customer-loyalty anal- ysis tools to provide insights into customer buying patterns, and improved distribution methods to cut costs and delivery times.
Review Questions 1. Identify some of the advantages of running a virtual team such as this. What
are some of the keys to success when working with a virtual team? 2. What sort of complications might be expected when forming a multiorganiza-
tional virtual team?
Critical Thinking Questions 1. The leader of the team has asked that each member share a brief personal
background paragraph that outlines the individual’s knowledge and experi- ence relevant to solving this problem. Create a paragraph for a team member who is a well-qualified, but relatively inexperienced representative of the Coles supply chain management organization.
2. What actions would you recommend to minimize potential start-up issues for this virtual team?
Summary
Principle: The value of information is directly linked to how it helps decision makers achieve the organization’s goals.
CHAPTER 1 • An Introduction to Information Systems in Organizations 31
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Data consists of raw facts; information is a collection of data organized and processed so that it has additional value beyond the value of the individ- ual facts. The value of information created depends on the relationships defined among existing data. Turning data into information is a process per- formed to achieve a defined outcome. This process requires knowledge, which is the awareness and understanding of a set of information and the ways in which that information can be made useful to support a specific task or reach a decision.
Information has many different characteristics. It can be accessible, accu- rate, complete, economical to produce, flexible, relevant, reliable, secure, sim- ple to understand, timely, and verifiable. The importance of each of these characteristics varies depending on the situation and the kind of decision you are trying to make. The value of information is directly linked to how it helps people achieve their organizations’ goals.
Principle: Information systems are composed of fundamental components that must be carefully assembled and integrated to work well together.
An information system (IS) is a set of interrelated components that collect, process, store, and disseminate data and information; an information system provides a feedback mechanism to monitor and control its operation to make sure it continues to meet its goals and objectives.
A computer-based information system (CBIS) is a single set of hardware, software, databases, networks, people, and procedures that are configured to collect, manipulate, store, and process data into information.
An organization’s technology infrastructure includes all the hardware, soft- ware, databases, networks, people, and procedures that are configured to col- lect, manipulate, store, and process data into information.
Principle: Managers have an essential role to play in the successful implementation and use of information systems—that role changes depending on which type of IS system is being implemented.
When considering the role of business managers in working with IS, it is useful to divide information systems into three types: personal IS, group IS, and enterprise IS.
For each type of IS, certain key organizational complements must be in place to ensure successful implementation and use of the system. These complements include well-trained workers, system support, better teamwork, redesigned processes, and new decision rights.
Principle: Information systems must be implemented in such a manner that they are accepted and work well within the context of an organization and support its fundamental business goals and strategies.
An organization is a group of people that is structured and managed to meet its mission or set of group goals. Organizations affect and are affected by their environment.
The value chain is a series of activities that an organization performs to transform inputs into outputs in such a way that the value of the input is increased.
The supply chain is a key value chain whose primary activities include inbound logistics, operations, outbound logistics, marketing and sales, and ser- vice. Supply chain management encompasses all the activities required to get
32 PART 1 • Information Systems in Perspective
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
the right product into the right consumer’s hands in the right quantity at the right time and at the right cost.
Information systems have transformed the nature of work and the shape of organizations themselves. They are often so intimately involved in the activities of the value chain that they are a part of the process itself.
A virtual team is a group of individuals whose members are distributed geographically, but who collaborate and complete work through the use of information systems.
Innovation is the application of new ideas to the products, processes, and activities of a firm, leading to increased value. Innovation is the catalyst for the growth and success of any organization. Innovation may be classified as sus- taining or disruptive.
Business process reengineering is a form of innovation that involves the radical redesign of business processes, organizational structures, information systems, and values of the organization to achieve a breakthrough in results. Continuous improvement is a form of innovation that continually improves business processes to add value to products and services.
Organizational culture consists of the major understandings and assump- tions for a business, a corporation, or an organization. According to the concept of organizational learning, organizations adapt to new conditions or alter prac- tices over time.
Organizational change deals with how organizations successfully plan for, implement, and handle change. The ability to introduce change effectively is critical to the success of any information system project.
Several change models can be used to increase the likelihood of success- fully introducing a new information system into an organization.
Lewin’s three-stage organization change model divides the change imple- mentation process into three stages: unfreezing, moving, and refreezing. The model also identifies key tasks that need to be performed during each stage.
Lewin’s force field analysis is an approach to identifying the driving (posi- tive) and restraining (negative) forces that influence whether change can occur.
Leavitt’s diamond proposes that every organizational system is made up of four main components—people, tasks, structure, and technology—that all interact. To successfully implement a new information system, appropriate changes must be made to the people, structure, and tasks affected by the new system.
The user satisfaction and technology acceptance model specifies the factors that can lead to better attitudes about the use of a new information system, along with higher acceptance and use of it.
The diffusion of innovation theory explains how a new idea or product gains acceptance and diffuses through a specific population or subset of an organization. A key point of this theory is that adoption of any innovation does not happen all at once for all people; rather, it is a drawn-out process, with some people quicker to adopt the innovation than others. The theory groups adopters into five categories and recommends a different adoption strategy for each category.
Principle: The information system worker functions at the intersection of business and technology and designs, builds, and implements solutions that allow organizations to effectively leverage information technology systems.
Successful information system workers need to have a variety of personal characteristics and skills, including the ability to work well under pressure, good communication skills, solid analytical and decision-making skills, effec- tive team and leadership skills, and adeptness at implementing organizational change.
CHAPTER 1 • An Introduction to Information Systems in Organizations 33
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Technology is one of the fastest-growing areas of the U.S. economy, which has a strong demand for information system workers.
Opportunities in information systems are available to people from foreign countries under the H-1B and L-1 visa programs.
The IS organization has three primary functions: operations, development, and support.
Typical operations roles include data center manager, system operator, information system security analyst, and LAN administrator.
Typical development roles include software developer, systems analyst, programmer, and Web developer.
Typical support roles include database administrator and system support specialist.
Only about 60 percent of all information technology outlays are controlled by the information systems department. Shadow IT is a term used to describe the information systems and solutions built and deployed by departments other than the information systems department. In many cases, the information sys- tems department may not even be aware of these efforts.
Besides working for an IS department in an organization, IS personnel can work for a large consulting firm or a hardware or software manufacturer. Developing or selling products for a hardware or software vendor is another IS career opportunity.
Certification is a process for testing skills and knowledge; successful com- pletion of a certification exam results in an endorsement by the certifying authority that an individual is capable of performing particular tasks or jobs. Certification frequently involves specific, vendor-provided, or vendor-endorsed coursework.
Key Terms
business process reengineering (BPR)
certification
change management model
computer-based information system
continuous improvement
data
diffusion of innovation theory
driving forces
enterprise information system
force field analysis
group information system
information
information system
innovation
knowledge
Leavitt’s diamond
Lewin’s change model
organization
organizational complement
personal information system
procedure
process
process redesign
reengineering
restraining forces
shadow IT
soft side of implementing change
supply chain
supply chain management (SCM)
technology acceptance model (TAM)
technology infrastructure
value chain
virtual team
34 PART 1 • Information Systems in Perspective
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Chapter 1: Self-Assessment Test
The value of information is directly linked to how it helps decision makers achieve the organization’s goals.
1. is a collection of raw facts organized and processed so that it has additional value beyond the value of the individual facts. a. Data b. Information c. Knowledge d. Expertise
2. Turning data into information is a , or a set of logically related tasks performed to achieve a defined outcome.
3. Two quality characteristics that are critical for data used in accounting for the management of company assets, such as cash, inventory, and equipment are . a. flexibility and accuracy b. security and relevancy c. accuracy and completeness d. relevancy and economical
Information systems are composed of fundamental components that must be carefully assembled and integrated to work well together.
4. Technology infrastructure includes all the hardware, software, , networks, people, and procedures that are configured to collect, manipu- late, store, and process data into information.
5. According to Jim Collins in his book Good to Great, those who build great companies under- stand that the ultimate throttle on growth for any great company is not markets, or technology, or competition, or products; rather, it is one thing above all others: . a. great customers b. great systems c. great leadership d. great people
Managers have an essential role to play in the suc- cessful implementation and use of information systems—that role changes depending on which type of IS system is being implemented.
6. When considering the role of business managers in working with IS, it is useful to divide informa- tion systems into these three types: . a. enterprise IS, group IS, and personal IS b. small and simple, medium and multifaceted,
and large and complex c. operational, tactical, and strategic d. management support, operational, and enter-
prise systems
7. Which of the following is not a key organizational complement that must be in place to ensure suc- cessful implementation and use of the system? a. well-trained workers b. better teamwork c. the latest technology d. new decision rights
Information systems must be implemented in such a manner that they are accepted and work well within the context of an organization and support its fundamental business goals and strategies.
8. Organizations are considered to be systems, meaning that can affect and are affected by their surrounding environment.
9. The is a series of activities that an organization performs to transform inputs into outputs in such a way that the value of the input is increased. a. supply chain b. inbound logistics c. value chain d. manufacturing
10. encompasses all the activities required to get the right product into the right customer’s hands in the right quantity at the right time and at the right cost.
11. Which of the following is not a true statement regarding the use of virtual teams? a. Virtual teams enable the organization to enlist
the best people in different geographical regions to solve important organizational problems.
b. The use of virtual teams provides the ability to staff a team with people who have a wide range of experience and knowledge that stems from a variety of professional experi- ences and cultural backgrounds.
c. It is usually easy and convenient for all mem- bers of a virtual team to meet at the same time and physical location.
d. Members of a virtual team may feel that their work day never ends.
12. Continuous enhancement of an existing product is an example of innovation.
13. of large information system pro- jects fail, at least in part, due to a failure to pre- pare business users for the actual change to come. a. Less than 15 percent b. Over 80 percent c. About 48 percent d. Between 30 and 70 percent
CHAPTER 1 • An Introduction to Information Systems in Organizations 35
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
14. The three stages of Lewin’s change model include (1) ceasing old habits and creating a climate that is receptive to change; (2) learning new work methods, behaviors, and systems; and (3) . a. reinforcing changes to make the new process
second nature, accepted, and part of the job b. fine-tuning existing work processes and sys-
tems so they become more streamlined and efficient
c. replacing existing users that refuse to accept the change
d. rewarding those responsible for the change 15. The change model is helpful in
identifying and addressing negative feelings that make it difficult for users to accept the move to a new information system. a. Leavitt’s diamond b. Lewin’s force field analysis c. Diffusion of innovation theory d. Lewin’s change model
The information system worker functions at the intersection of business and technology and designs, builds, and implements solutions that allow organizations to effectively leverage informa- tion technology systems.
16. The Bureau of Labor Statistics forecasts an increase of new computing jobs in the time period 2012 to 2022. a. .12 million b. .5 million c. 1.0 million d. 1.2 million
17. The typical information systems organization is typically divided into three functions, including support, development, and .
18. is a process for testing skills and knowledge; successful completion of a certifica- tion exam results in an endorsement by the cer- tifying authority that an individual is capable of performing particular tasks or jobs.
Chapter 1: Self-Assessment Test Answers
1. b 2. procedure 3. c 4. databases 5. d 6. a 7. c 8. open 9. c
10. supply chain management 11. c 12. sustaining 13. d 14. a 15. b 16. d 17. operations 18. certification
Review Questions
1. How is data different from information? How is information different from knowledge?
2. Identify and briefly define six characteristics that describe the quality of data.
3. What is an information system? What is the role of feedback in a system?
4. Identify the six basic components of any computer-based information system.
5. What is meant by an organization’s technology infrastructure?
6. When considering the role of business managers in working with IS, it is useful to divide informa- tion systems into three types. Name and briefly describe those three types.
7. Identify and briefly describe the five key organizational complements that must be in
place to ensure successful implementation and use of an information system.
8. What is the difference between a value chain and a supply chain?
9. What activities are encompassed by supply chain management?
10. What are some of the characteristics of a virtual team?
11. Identify and briefly describe the differences between the two types of innovation discussed in the chapter.
12. Briefly define the term “business process reengineering.”
13. What is meant by continuous improvement? 14. What is meant by the term “the soft side of
implementing change”? 15. Sketch and briefly describe Leavitt’s diamond.
36 PART 1 • Information Systems in Perspective
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
16. List and describe three popular job-finding Web sites.
17. Describe the role of a CIO within an organization. 18. What is meant by the term “shadow IT?
Discussion Questions
1. What do you hope to learn from this course that will make it worthwhile for you? Do you think a basic understanding of information systems is important to you? Why or why not?
2. Describe how you might use information systems in a career area of interest to you.
3. How might completing this course help you in some of the courses you will take during your academic career?
4. Discuss a value chain of which you are a part. What is the purpose of the value chain? What is your role? How do you interact with other mem- bers of the value chain? How is the effectiveness of the value chain measured?
5. Discuss a virtual team of which you are a mem- ber. What is the role of the team? How were the members of the team chosen, and what unique skills and experiences does each member bring to the team? How does the team communicate and share information?
6. What things might managers in an organization do that could unintentionally discourage innova- tion by their employees? How can innovation be encouraged?
7. Identify several aspects of the culture shared by members of a group to which you belong. Are
there any aspects of this culture that you think are negative and detract from what the group is trying to accomplish?
8. Your manager has asked for your input on ideas for how to improve the likelihood of successful adoption of a major new information system that will be used by members of the company’s finance department. What suggestions would you offer?
9. You have been asked to assess the success of a recently implemented system that has been deployed across the entire supply chain of a large organization. How might you go about trying to measure the technology diffusion of this system? How else might you assess the success of this system?
10. Describe the advantages and disadvantages of using the Internet to search for a job.
11. Assume you are a member of a committee responsible for replacing your organization’s retiring CIO. What characteristics would you want in a new CIO? How would you go about identifying qualified candidates?
12. Identify several personal characteristics needed to be successful in an information system career. Which of these characteristics do you think you possess?
Problem-Solving Exercises
1. Figure 1.13 presents the occupational outlook (median salary and number of job openings) for selected information systems positions. Obtain data from the U.S. Bureau of Labor Statistics and use a spreadsheet program to create a similar figure for five occupations of your choice.
2. Create a table that lists 10 or more possible career areas—including estimated annual sala- ries and brief job descriptions. Rate how much you think you would like each potential career area on a scale from 1 (“don’t like”) to 10 (“like
the most”). Sort the careers from high to low rating and print the results. Sort the table according to annual salaries, from high to low, and then print the resulting table. Sort the table from the most liked to least liked, and then print the results.
3. Use presentation software to create a set of three slides that identifies the top three things you hope to learn from this course and why each is important to you. If requested, share your find- ings with the instructor and/or class.
Team Activities
1. Before you can do a team activity, you need a team. As a class member, you might create your own team, or your instructor might assign mem- bers to groups. After your group has been formed, meet and introduce yourselves to each
other. Find out the first name and contact infor- mation for each member. Find out one interesting fact about each member of your team as well. Brainstorm a name for your team. Put the infor- mation on each team member into a database and
CHAPTER 1 • An Introduction to Information Systems in Organizations 37
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
print enough copies for each team member and your instructor.
2. Develop a set of interview questions and outline a process that you and your team might follow to assess the degree of user satisfaction and tech- nology acceptance of a major new system. Use these questions to interview workers who have recently begun using a new information system. Summarize your findings.
3. With your team, use an Internet search engine or skim through several business periodicals
(Bloomberg Businessweek, Computerworld, Forbes, InformationWeek, PC World, Wall Street Journal, Wired, etc.) to find recent arti- cles that describe potential social or ethical issues related to the use of the Internet of Things. Use word-processing software to write a one-page report summarizing your findings. Identify one or two issues that you think are most significant.
Web Exercises
1. Computerworld does an annual survey to identify the top-ranked places to work as an IS profes- sional. Go online to find the results of the latest survey. What makes these places so attractive? Are these features and benefits of importance to you?
2. Do research on the Web to learn about how recruiters use social network data to help screen job applicants. Does what you learn
raise any concerns about how you could be viewed?
3. Go to the Web site for the U.S. Bureau of Labor Statistics, and find information about the occu- pations with the greatest projected job growth in terms of the number of people who will be needed. Use a graphics program to illustrate the growth of the 10 fastest growing occupations. Write a brief summary of your findings.
Career Exercises
1. In the Career Exercises section found at the end of every chapter, you will explore how material in the chapter can help you excel in your college major or chosen career. Identify 10 job charac- teristics that are important to you in selecting your career (e.g., involves travel to foreign coun- tries, requires working in a project team). Place these characteristics in rank order based on their relative importance to you.
2. For you, what would be the most positive aspects of a career in information systems? What would be the least positive aspects of such a career?
3. Use presentation software (e.g., Microsoft PowerPoint) to prepare a brief slide presentation that describes your ideal job in terms of role, responsibilities, interaction with others, degree of decision-making authority, and other characteris- tics important to you.
Case Studies
Case One
BMW: Automaker Competes on the Digital Front One of the biggest trends driving competition in the auto industry in recent years is the race to offer new and better “connected-car” technologies—including those that enhance safety, monitor maintenance requirements, provide Internet connectivity, and offer seamless integration with smartphones and wearable devices. A 2015 study of the worldwide auto industry projected that customer spending on connected-car technologies will exceed €40 billion ($42 billion) in 2016; that number is expected to more than triple to €122 billion ($129 billion) by 2021. Tech-savvy consumers increasingly expect their cars to serve as extensions of their personal technology, and one company working hard to exceed those expectations is German automaker Bayerische Motoren Werke AG—or BMW, as it is more commonly known.
BMW was founded in 1916 as a manufacturer of aircraft engines, but the company soon branched out into other areas. Today, the BMW Group manufactures motorcycles in addition to its three premium car brands (BMW, MINI, and Rolls-Royce), and it is now represented in over 140 countries—including 30 production locations in 14 countries. With close to 2 million cars sold in 2014, BMW is one of the world’s most-recognized luxury car brands, with a reputation for consistently delivering high-quality cars built on a foundation of advanced mechanical engineering. To maintain its edge, BMW is now expanding its focus to find ways to improve its cars through cutting-edge technological innovations.
According to Dieter May, BMW’s digital business models senior vice president, “Our competitor is not Audi, Jaguar Land Rover or Mercedes, but the space of consumer electronics players.” As May sees it, one of the biggest questions facing BMW—and other auto makers—in the
38 PART 1 • Information Systems in Perspective
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
coming years is “How do we take the connected home, personal digital assistants, and advanced sensor technology, and connect all these trends?”
BMW has responded to this question by building an extensive array of new technologies into its latest models. Through BMW’s iDrive information and entertainment system, drivers can access ConnectedDrive, a portal offering a wide range of location-based services, including concierge services, real-time traffic information, and access to more than 12.6 million searchable “points of interest,” ranging from gas stations to restaurants to tourist attractions. Another ConnectedDrive feature, the Head-Up Display, projects important driving information—such as current speed and warnings from the car’s night vision system—on the windshield, allowing the driver to keep his or her eyes on the road. The Speed Limit Info feature uses a car-mounted camera along with data from the navigation system to keep drivers informed of current speed limits, including those in effect due to road construction and weather conditions. ConnectedDrive, which can be controlled from the driver’s smartphone, also offers mobile office features, such the ability to dictate and send messages, and a ConnectedDrive Store, where users can purchase apps and services directly through the iDrive interface. And at the high end of BMW’s model line, the 7 Series full-size sedan, BMW’s flagship vehicle, is the first model to accept gesture-control commands for the iDrive display as well as a completely automated self-park feature that can be operated when the driver is outside the vehicle.
BMW is also working to ensure that the car-buying experience is keeping up with customers’ expectation by encouraging its dealerships to create more digital showrooms, with flat screen displays and virtual demonstrations to appeal to the many customers who are accustomed to the online shopping experience. In addition, BMW is adding “product geniuses”—like those found in Apple’s retail stores—to its showrooms. The specialists have no responsibility to sell; their job is simply to spend whatever time is necessary to explain and demonstrate each car’s various technological features to potential BMW customers.
To continue to develop the complex technological innovations it needs to maintain its edge over competitors, BMW has explored possible partnerships with technology companies such as Apple. Currently, however, the auto maker is focused on building up its in-house expertise and speeding up its internal software development cycles. In 2014, BMW spent over €4.5 billion ($4.75 billion) on research and development, and it spent, on average, more than €6,000 ($6,370) per car on connected-car technology. BMW is making it clear to potential customers and competitors alike that is committed to competing and winning on the digital front.
Critical Thinking Questions 1. Other than selling more cars, what potential benefits
do connected-car technologies offer auto makers such as BMW in terms of enhancing long-term customer relationships?
2. What responsibilities does BMW have to its customers regarding the data it captures via the various con- nected car technologies that it builds into its cars?
3. Visit a BMW showroom and spend time with one of the “product geniuses” to learn more about the latest BMW technological innovations. Write a brief para- graph or two providing your critique of these innovations.
SOURCES: Muller, Joann, “5 Big Trends Driving The Auto Industry in 2015,” Forbes, January 19, 2015, www.forbes.com/sites/joannmuller /2015/01/05/5-big-trends-driving-the-auto-industry-in-2015; Vierecki, Richard, Ahlemann, Dietmar, Koster, Alex, and Jursch, Sebastian, “Connected Car Study 2015: Racing Ahead with Autonomous Cars and Digital Innovation,” Strategy&, September 15, 2015, www.strategyand. pwc.com/global/home/what-we-think/reports-white-papers/article-dis play/connected-car-2015-study; “Annual Report 2014,” BMW Group, www.bmwgroup.com/e/0_0_www_bmwgroup_com/investor_relations /finanzberichte/geschaeftsberichte/2014/_pdf/12507_GB_2014_en_ Finanzbericht_Online.pdf, accessed November 23, 2015; Murphy, Margi, “BMW Internalizes IT to Claw Back Customer Data,” Computer- worldUK, June 24, 2015, www.computerworlduk.com/news/data/bmw -our-competitor-is-not-audi-jaguar-land-rover-or-mercedes-but-consu mer-electronics-players-3616944; Green, Chloe, “Rise of the Intelligent Car,” InformationAge, July 7, 2015, www.information-age.com/industry /software/123459790/rise-intelligent-car-how-digital-technologies-are -creating-third-wave-car-makers; “BMW ConnectedDrive,” BMW USA, www.bmwusa.com/standard/content/innovations/bmwconnecteddrive /connecteddrive.aspx#home, accessed November 28, 2015; “7 Series,” BMW USA, www.bmwusa.com/bmw/7series, accessed November 28, 2015; Taylor, Edward, Love, Julia, “Tim Cook Visited BMW in Germany to Learn How to Build an Electric Car,” Business Insider, July 31, 2015, www.businessinsider.com/r-apple-bmw-in-courtship-with-an-eye-on -car-collaboration-2015-7; “BMW Tosses Salesmen for ‘Geniuses,” Wall Street Journal, February 19, 2014, www.wsj.com/articles/SB10001 424052702304450904579364833799765354.
Case Two
Railroads Struggle to Implement Positive Train Control Positive train control (PTC) is a complex system designed to prevent the human errors that cause roughly 40 percent of train accidents, including train-to-train collisions, derailments caused by excess speed, train movement through track switches left in the wrong position, and unauthorized incursion into work zones. PTC uses wireless communications to relay visual and audible data to train crew members regarding when the train needs to be slowed or stopped. This guidance is based on several factors, including the train’s location and speed, as determined by GPS, track geometry, the status and position of approaching switches, and speed limits at approaching curves, crossings, and other speed- restriction areas. PTC communicates with the train’s onboard computer, which audibly warns the engineer and displays the train’s safe-braking distance, based on conditions at that time. Should the engineer fail to respond appropriately, the onboard computer will activate the brakes and safely slow or stop the train.
The National Transportation Safety Board (NTSB) has investigated 145 “PTC-preventable” railroad accidents that occurred since 1969. The NTSB estimates that some 300 deaths and over 6,700 injuries could have been prevented had PTC systems been in place. Congress mandated in the Rail Safety Improvement Act of 2008 that railroads implement PTC systems on rail lines that (1) carry more than 5 million tons annually, (2) carry poisonous or toxic
CHAPTER 1 • An Introduction to Information Systems in Organizations 39
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
materials, or (3) carry commuter rail passenger service. The act specified a deadline of December 31, 2015, for implementation of PTC.
Metrolink is a commuter rail system serving southern California and the greater Los Angeles area. A 2008 Metrolink accident that killed 25 and injured 100 is often cited as the event that drove Congress to pass the Rail Safety Improvement Act. In that accident, a Metrolink commuter train collided head-on with a Union Pacific train because the Metrolink engineer, who had been texting, failed to stop for a red signal.
An executive of the Association of American Railroads estimates that PTC has been installed on 8,200 miles out of the 60,000 miles where PTC technology is mandated. He also believes that, for a number of reasons, the railroads cannot complete the installation of PTC until the end of 2018 and that it will take an additional two years to test that all the system components work together correctly.
The Federal Railroad Administration (FRA) estimates the cost of the PTC system to be $52,000 per mile of track—for a total of more than $3 billion for the 60,000 miles of track to be covered. Meanwhile, the railroads estimate the total cost will be more than $9 billion and claim they have spent $5.2 billion on this effort already.
One complicating factor relates to the fact that PTC systems require access to a wireless frequency in order to operate. The Federal Communications Commission regulates the use of radio frequencies and grants exclusive access or licenses to certain frequencies. This ensures that operators don’t interfere with one another by broadcasting signals over the same frequency. Demand for access to frequencies in the wireless broadband spectrum has soared due to the rapid growth in use of cell phones, smartphones, and mobile computing devices. The railroads must acquire a license to operate their wireless PTC system at a certain frequency, but another company may already own the rights to that frequency band in a certain area. In some cases, railroads have struggled for years to buy the rights to airwaves to operate their PTC equipment.
Tracks on which multiple carriers operate present a higher risk of collisions. The continued smooth, uninterrupted operations of each PTC system as the train crosses tracks operated by different rail carriers is critical even when that carrier’s PTC system is built on hardware, software, and track switches from an entirely different set of vendors.
Critical Thinking Questions 1. Develop a force field analysis that approximates the
strength of the driving and restraining forces for PTC. 2. The high cost of implementing changes to infrastruc-
ture always raises questions about priorities. Should investments in infrastructure be made to address high- impact, low-probability events (such as human- error-caused accidents) or should investments be focused on low-impact, high-probability events (such as the need for ongoing cleaning and maintenance of train stations and installing air conditioning)? Make an argument in favor of accelerating deployment of PTC giving three strong reasons supporting this decision. Now take the other side and present a strong argument against PTC deployment and offering an alternative solution.
3. Do research to determine the current status of PTC deployment. Summarize your findings in a couple of paragraphs.
SOURCES: “An Introduction to Positive Train Control,” metrolinktrains.com /agency/page/title/ptc, accessed October 3, 2015; “Report to Congress on the Status of Positive Train Control Implementation,” U.S. Department of Transportation Federal Railroad Administration, August 7, 2015, www.fra .dot.gov/eLib/details/L16962; Shear, Michael D. and Mouawad, Jad, “Amtrak Says Shortfalls and Rules Delayed Its Safety System,” New York Times, May 14, 2015, nytimes.com/2015/05/15/us/amtrak-says-it-was-just-months-away -from-installing-safety-system.html?_r=0; “Investigating the Philadelphia Amtrak Train Derailment,” New York Times, May 12, 2015, nytimes.com/interactive/2015/05/13/us/investigating-the-philadelphia -amtrak-train-crash.html; “About Us,” www.metrolinktrains.com/agency /page/title/member_agencies, accessed October 3, 2015.
Notes
1. Haselkorn, Erin, “To Be a Marketing Master Mind, You Need Quality Data,” Experian Marketing Services, April 15, 2014, www.experian.com/blogs/marketing-forward /2014/04/15/to-be-a-marketing-mastermind-you-need -quality-data.
2. Thomas C. Redman, “Bad Data Costs the U.S. $3 Trillion Per Year,” Harvard Business Review, September 22, 2016, https://hbr.org/2016/09/bad-data-costs-the-u-s -3-trillion-per-year.
3. Collins, Jim, Good to Great: Why Some Companies Make the Leap and Others Don’t, New York: Harper Business, 2001.
4. Carroll, Ron, “People Are the Most Important System Component,” Box Theory, www.boxtheorygold.com /blog/bid/12164/People-Are-the-Most-Important-System -Component, accessed June 10, 2015.
5. Laurianne McLaughlin, “Kroger Solves Top Customer Issue: Long Lines,” InformationWeek, April 2, 2014, www.informationweek.com/strategic-cio/executive
-insights-and-innovation/kroger-solves-top-customer -issue-long-lines/d/d-id/1141541.
6. Christensen, Clayton, “Disruptive Innovation,” Clayton Christensen, www.claytonchristensen.com/key-concepts, accessed July 29, 2015.
7. “P&G,” ad brands.net, www.adbrands.net/us/pg_us .htm, accessed August 18, 2015.
8. “P&G Boosts Prices to Offset Cheaper Tide,” Cincinnati Business Enquirer, February 11, 2014, www.bizjournals .com/cincinnati/morning_call/2014/02/pg-boosts-prices -to-offset-cheaper-tide.html.
9. Buck, Stephanie, “Cell-ebration! 40 Years of Cellphone History,” Mashable, April 3, 2013, http://mashable.com /2013/04/03/anniversary-of-cellphone.
10. Phillips, Abagail, “Continuous Innovation at Boeing Leads to Success in a Highly Competitive Industry,” Lean, October 24, 2014, www.manufacturingglobal .com/lean/199/Continuous-innovation-at-Boeing-leads -to-success-in-a-highly-competitive-industry.
40 PART 1 • Information Systems in Perspective
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
11. Hornstein, Henry, “The Need to Integrate Project Management and Organizational Change,” Ivey Business Journal, March/April 2012, http://iveybusinessjournal .com/publication/the-need-to-integrate-project-management -and-organizational-change.
12. Zhu, Pearl, “Five ‘Super Pitfalls’ Why Large IT Projects Fail, Future CIO, May 2014, http://futureofcio.blogspot .com/2013/03/five-super-pitfalls-why-large-it.html.
13. “California Department of Consumer Affairs’ BreEZe System,” California State Auditor, www.auditor.ca.gov /reports/summary/2014-116, accessed August 11, 2015.
14. Ortiz, Jon, “$96 Million California IT Project Late, Flawed, Busting Budget,” State Worker, February 12, 2015, www.sacbee.com/news/politics-government/the -state-worker/article9918857.html.
15. Kaminski, June, “Theory Applied to Informatics—Lewin’s Change Theory,” Canadian Journal of Nursing, Winter 2011, http://cjni.net/journal/?p=1210.
16. Davis, F. D., “Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology,” MIS Quarterly, Volume 13 Issue 3, pp. 319–339.
17. “Investor Relations,” Avon, http://investor.avoncompany .com/CorporateProfile.aspx?iid=3009091, accessed August 12, 2015.
18. “Avon Products,” Why Projects Fail Blog, January 21, 2014, http://calleam.com/WTPF/?p=6248.
19. Thibodeau, Patrick and Machlis, Sharon, “Despite H-1B Lottery, Offshore Firms Dominate Visa Use,”
Computerworld, July 30, 2015, www.computerworld. com/article /2954612/it-outsourcing/despite-h-1b-lottery-offshore -firms-dominate-visa-use.html.
20. Thibodeau, Patrick, “Southern California Edison IT Workers ’Beyond Furious’ over H-1B Replacements,” Computerworld, February 14, 2015, www.computer world.com/article/2879083/southern-california-edison -it-workers-beyond-furious-over-h-1b-replacements.html.
21. “Starting an Information Technology Business,” Female Entrepreneur Association, August 28, 2014, femaleentrepreneurassociation.com/2014/08/starting -an-information-technology-business.
22. Groenfeldt, Tom, “40 Percent of IT Spending Is outside CIO Control,” Forbes, December 2, 2013, www.forbes .com/sites/tomgroenfeldt/2013/12/02/40-percent-of-it -spending-is-outside-cio-control/2.
23. “Ogilvy & Mather Worldwide,” Ogilvy & Mather World- wide, www.wpp.com/wpp/companies/ogilvy-mather -worldwide, accessed July 28, 2015.
24. Smith, Darrell, “Job Front: Social Media Expected to Play Bigger Role in Hiring,” Sacramento Bee, February 4, 2013.
25. Hein, Rich, “IT Certification Hot List 2015: 10 That Deliver Higher Pay,” CIO, March 3, 2015, www.cio.com /article/2891552/careers-staffing/it-certification-hot-list -2015-10-that-deliver-higher-pay.html.
CHAPTER 1 • An Introduction to Information Systems in Organizations 41
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
PART 2 InformationTechnology Concepts
Chapter 2 Hardware and Software
Chapter 3 Database Systems and Big Data
Chapter 4 Networks and Cloud Computing
Macrovector/Shutterstock.com
43 Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
CHAPTER
2 Hardware and Software
sStephenCoburn/Shutterstock.com
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Know?Did Yo u
• The World Computing Grid (WCG) was launched by IBM in 2004 and now relies on some 750,000 indivi- duals contributing idle computing time on their devices to solve research problems. The WCG is now being used to fight the fast-spreading Zika virus by identifying candidate drugs that exhibit antiviral properties against the Zika organism.
• Biomedical engineers are exploring a process called bioprinting, which uses 3D printers to create living tissue capable of naturally integrating into the body. This will
eventually enable the construction of fully functional human organs.
• Know how you’re constantly updating and upgrading programs on your computer and devices? You can thank IBM for that. They birthed the software industry in 1969 when they decided to charge customers sepa- rately for software and services. Although business computers had been in use since the mid-1950s, hard- ware manufacturers had bundled software with their hardware without charging for it.
Principles Learning Objectives • The computer hardware industry is rapidly
changing and highly competitive, creating an environment ripe for technological breakthroughs.
• Identify and briefly describe the functions of the primary components of a computer.
• Computer hardware must be carefully selected to meet the evolving needs of the organization, its workers, and its supporting information systems.
• Identify the characteristics of various classes of single-user and multiuser computer systems, and discuss the usage of each class of system.
• The computer hardware industry and users are implementing green computing designs and products.
• Identify some of the challenges and trade-offs that must be considered in implementing a data center.
• Define the term “green computing” and identify the primary goals of this program.
• Software is invaluable in helping individuals, workgroups, and entire enterprises achieve their goals.
• Identify the two basic types of software.
• Define the term “sphere of influence,” and describe how it can be used to classify software.
• The operating system is called the “soul of the computer” because it controls how you enter data and commands to your computer, perform mean- ingful work, and obtain results.
• Identify and briefly describe the functions per- formed by the operating system, utility programs, and middleware.
• Organizations typically use off-the-shelf applica- tion software to meet common business needs and proprietary application software to meet unique business needs and provide a competitive advantage.
• Discuss how application software can support personal, workgroup, and enterprise business objectives.
• Identify programming languages commonly in use today.
• The software industry continues to undergo con- stant change; computer users need to be aware of recent trends and issues in the software industry to be effective in their business and personal life.
• Identify several key software issues and trends that have an impact on organizations and individuals.
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Why Learn about Hardware and Software? Organizations invest in computer hardware and software to improve worker productivity, increase revenue, reduce costs, provide better customer service, speed up time to market, and facilitate collaboration among employees. Those that don’t may be stuck with outdated hardware and software that is unreliable and that cannot take advantage of the latest advances. As a result, the organization may be placed at a competitive disadvantage. Managers, no matter what their career field and educational background, are expected to help define the business needs that hardware and software must meet. In addition, managers must be able to ask relevant questions and evaluate options when considering hardware and software investments for their areas of the business. This need is especially true in small organizations, which might not employ information system specialists. Managers in marketing, sales, and human resources often help IS specialists assess opportunities to apply computer hardware and software and evaluate the various options and features. Managers in finance and accounting must keep an eye on the bottom line—guarding against overspending—yet be willing to invest in computer hardware and software when and where business conditions warrant it.
As you read this chapter, consider the following:
• Can organizations gain a major competitive advantage from the effective use of computer hardware and software?
• What impact do the increasing capabilities and decreasing costs of hardware over time have on how organizations are using information system hardware?
Hardware consists of computer equipment used to perform input, proces- sing, storage, and output activities. The trend in the computer industry is to produce smaller, faster, and more mobile hardware, such as smartphones, lap- tops, and tablet computers. In addition, hardware manufacturers and entre- preneurs are hard at work developing innovative new hardware devices, such as advanced keyboards that turn individual keys on a keyboard into trackpad- covered buttons where certain dual-purpose keys can be depressed to multi- ple levels to complete different tasks; the spacebar, for example, can serve its usual purpose. But add capacitive touch and it becomes a cursor; press a little harder to generate a mouse click.
Anatomy of a Computer
Computer system hardware components include devices that perform input, processing, data storage, and output, as shown in Figure 2.1. These include the processor, memory, and input/output devices, all of which are discussed in this section.
Processor The central processing unit (CPU) or simply processor is the part of a com- puter that sequences and executes instructions. Memory provides the proces- sor with a working storage area to hold program instructions and data. It rapidly provides data and instructions to the processor. Input/output devices provide data and instructions to the computer and receive results from it. Data and instructions are routed to and from the various components over the bus, a set of electronic circuits.
The components of the computer work together to complete the instruc- tions (e.g., add, multiply, divide, subtract, compare) of a computer program to accomplish the goals of the user (e.g., send/receive email, develop a profit forecast, pay an invoice). Completing an instruction involves two phases (instruction and execution) consisting of several steps.
hardware: Computer equipment used to perform input, processing, storage, and output activities.
central processing unit (CPU): The part of a computer that sequences and executes instructions.
memory: A component of the com- puter that provides the processor with a working storage area to hold program instructions and data.
input/output device: A computer component that provides data and instructions to the computer and receives results from it.
bus: A set of electronic circuits used to route data and instructions to and from the various components of a computer.
46 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Each processor produces a series of electronic pulses at a predetermined rate, called the clock speed, which governs the speed at which these steps are completed. Clock speed is measured in gigahertz (GHz), which is a unit of frequency that is equal to one billion cycles per second. Many of today’s personal computers operate in the 1 to 4 GHz range. The higher the clock speed, the shorter the interval between pulses and the faster the instructions can be completed.
Multiprocessing Multiprocessing involves the simultaneous execution of two or more instruc- tions at the same time. One form of multiprocessing uses coprocessors. A coprocessor speeds processing by executing specific types of instructions while the CPU works on another processing activity. Coprocessors can be internal or external to the CPU and can have different clock speeds than the CPU. Each type of coprocessor performs a specific function. For example, a math coprocessor chip speeds mathematical calculations, while a graphics coprocessor chip decreases the time it takes to manipulate graphics.
A multicore processor has two or more independent processing units, called cores, which are capable of sequencing and executing instructions. The multiple cores can run multiple instructions at the same time, thereby increas- ing the amount of processing that can be completed in a given amount of time.
Parallel Computing Parallel computing is the simultaneous execution of the same task on multi- ple processors to obtain results more quickly. Systems with thousands of such processors are known as massively parallel processing system, a form of multiprocessing that speeds processing by linking hundreds or even thou- sands of processors to operate at the same time, or in parallel, with each pro- cessor having its own bus, memory, disks, copy of the operating system, and applications. The processors might communicate with one another to coordi- nate when executing a computer program, or they might run independently of one another under the direction of another processor that distributes the work to the various processors and collects their results.
FIGURE 2.1 Basic anatomy of a computer Computer hardware components include the processor (CPU), memory, address and data bus, and input/output devices.
CPU Main
memory
Address bus
Data bus
Input/ output devices
clock speed: A series of electronic pulses produced at a predetermined rate that affects machine cycle time.
gigahertz (GHz): A unit of frequency that is equal to one billion cycles per second; a measure of clock speed.
multiprocessing: The simultaneous execution of two or more instructions at the same time.
coprocessor: The part of the com- puter that speeds processing by exe- cuting specific types of instructions while the CPU works on another pro- cessing activity.
multicore processor: A micropro- cessor that has two or more indepen- dent processing units, called cores, which are capable of sequencing and executing instructions.
parallel computing: The simulta- neous execution of the same task on multiple processors to obtain results faster.
massively parallel processing system: A system that speeds processing by linking hundreds or thousands of processors to operate at the same time, or in parallel, with each processor having its own bus, memory, disks, copy of the operating system, and applications.
CHAPTER 2 • Hardware and Software 47
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
The most frequent uses for parallel computing include modeling, simula- tion, and analyzing large amounts of data. For example, parallel computing is used in medicine to develop new imaging systems that complete ultrasound scans in less time and with greater accuracy, enabling doctors to provide bet- ter, more timely diagnoses to patients. Instead of building physical models of new products, engineers can create virtual models and use parallel computing to test how the products work and then change design elements and materials as needed.
Grid computing is the use of a collection of computers, often owned by multiple individuals or organizations, that work in a coordinated manner to solve a common problem. Grid computing is a low-cost approach to parallel computing. The grid can include dozens, hundreds, or even thousands of computers that run collectively to solve extremely large processing problems. Key to the success of grid computing is a central server that acts as the grid leader and traffic monitor. This controlling server divides the computing task into subtasks and assigns the work to computers on the grid that have (at least temporarily) surplus processing power. The central server also monitors the processing, and if a member of the grid fails to complete a subtask, the server restarts or reassigns the task. When all the subtasks are completed, the controlling server combines the results and advances to the next task until the whole job is completed.
The World Computing Grid (WCG) was launched by IBM in 2004 and now relies on some 750,000 individuals contributing idle computing time on their devices to solve research problems. The WCG is now being used to fight the fast-spreading Zika virus by identifying candidate drugs that exhibit anti-viral properties against the Zika organism. More than 20 mil- lion compounds from existing databases will be screened against models of Zika protein structures. Because this problem can be broken down into small pieces that can be processed independently, it is an ideal prob- lem to be solved using the loosely constructed grid of distributed computers.1
Memory Main memory provides the CPU with a working storage area for program instructions and data. The chief function of memory is to rapidly provide data and instructions to the CPU. In order for their systems to run efficiently, orga- nizations must invest in a sufficient amount of main memory. Organizations also need large amounts of secondary storage to hold the huge quantities of data that cannot fit within the limits of main memory.
Like the CPU, memory devices contain thousands of circuits imprinted on silicon chips. Each circuit is either conducting electrical current (on) or not conducting current (off). Data is stored in memory as a combination of on or off circuit states. Usually, 8 bits are used to represent a character, such as the letter A. Eight bits together form a byte (B). In most cases, storage capacity is measured in bytes, with 1 byte equivalent to one character of data. It is esti- mated that all the words ever spoken by humans represented in text form would equal about 5 exabytes of information.2 Table 2.1 lists units for mea- suring computer storage.
Types of Memory Computer memory can take several forms. Instructions or data can be tempo- rarily stored in and read from random access memory (RAM). As currently designed, RAM chips are volatile storage devices, meaning they lose their con- tents if the current is turned off or disrupted, which can be caused by a power surge, a brownout, or electrical noise generated by lightning or nearby machines. RAM chips are mounted directly on the computer’s main circuit
grid computing: The use of a col- lection of computers, often owned by multiple individuals or organizations, that work in a coordinated manner to solve a common problem.
main memory: The component of a computer that provides the CPU with a working storage area for program instructions and data.
byte (B): Eight bits that together rep- resent a single character of data.
random access memory (RAM): A form of memory in which instructions or data can be temporarily stored.
48 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
board or in other chips mounted on peripheral cards that plug into the main circuit board. These RAM chips consist of millions of switches that are sensi- tive to changes in electric current.
RAM comes in many varieties: Static random access memory (SRAM) is byte-addressable storage used for high-speed registers and caches; dynamic random access memory (DRAM) is byte-addressable storage used for the main memory in a computer; and double data rate synchronous dynamic ran- dom access memory (DDR SDRAM) is an improved form of DRAM that effec- tively doubles the rate at which data can be moved in and out of main memory. DDR has been superseded by second-, third-, and fourth-generation DDR called DDR2, DDR3, and DDR4, respectively. DDR3 requires 1.5 volts of electrical power to operate, while DDR4 needs just 1.2 volts. This means lon- ger battery life for portable computer users and lower electric bills for organi- zations that operate servers farms.3
Read-only memory (ROM), another type of memory, is nonvolatile, meaning that its contents are not lost if the power is turned off or interrupted. ROM provides permanent storage for data and instructions that do not change, such as programs and data from the computer manufacturer, includ- ing the instructions that tell the computer how to start up when power is turned on. ROM memory also comes in a couple of varieties. Programmable read-only memory (PROM) is used to hold data and instructions that can never be changed.
Secondary Data Storage Devices Storing data safely and effectively is critical to an organization’s success. Driven by many factors—such as needing to retain more data longer to meet government regulatory concerns, storing new forms of digital data such as audio and video, and keeping systems running under the onslaught of increasing volumes of email—the world’s information is more than doubling every two years. Nearly 6 zettabytes (6 � 1021 bytes) of information was created and stored in 2013 alone.4 It is mainly unstruc- tured digital content such as video, audio, and image objects that is fuel- ing this growth. It is estimated that more than 80 percent of the 2.5 billion gigabytes of data created every day comes in the form of unstruc- tured data.5
For most organizations, the best overall data storage solution is likely a combination of different secondary storage options that can store large amounts of data, instructions, and information more permanently than allowed with main memory. Compared with memory, secondary storage
TABLE 2.1 Computer storage units Name Abbreviation Number of Bytes
Byte B 1
Kilobyte KB 1,000
Megabyte MB 1,0002
Gigabyte GB 1,0003
Terabyte TB 1,0004
Petabyte PB 1,0005
Exabyte EB 1,0006
Zettabyte ZB 1,0007
Yottabyte YB 1,0008
read-only memory (ROM): A non- volatile form of memory.
secondary storage: A device that stores large amounts of data, instruc- tions, and information more perma- nently than allowed with main memory.
CHAPTER 2 • Hardware and Software 49
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
offers the advantages of nonvolatility, greater capacity, and greater economy. On a cost-per-megabyte basis, secondary storage is considerably less expen- sive than primary memory. The selection of secondary storage media and devices requires understanding their primary characteristics: access method, capacity, and portability.
Secondary data storage is not directly accessible by the CPU. Instead, computers usually use input/output channels to access secondary storage and then transfer the desired data using intermediate areas in primary storage. The most common forms of secondary storage devices are magnetic, optical, and solid state.
Magnetic Secondary Storage Devices Magnetic storage uses tape or disk devices covered with a thin magnetic coat- ing that enables data to be stored as magnetic particles. Magnetic tape is a type of secondary storage medium, which is frequently used for storing back- ups of critical organizational data in the event of a disaster. Examples of tape storage devices include cassettes and cartridges measuring a few millimeters in diameter, requiring very little storage space. Magnetic tape has been used as storage media since the time of the earliest computers, such as the 1951 Univac computer.6 Continuing advancements have kept magnetic tape as a viable storage medium.
A hard disk drive (HDD) is a direct access storage device used to store and retrieve data from rapidly rotating disks coated with magnetic material. A hard disk represents bits of data with small magnetized areas and uses a read/write head to go directly to the desired piece of data. Because direct access allows fast data retrieval, this type of storage is used by organizations that need to respond quickly to customer requests, such as airlines and credit card firms. For example, information on the credit history of a cus- tomer or the seat availability on a particular flight would likely be stored on a direct-access hard disk drive so that a customer-service representative or manager could obtain that data in seconds. Hard disk drives vary widely in capacity and portability.
Putting an organization’s data online involves a serious business risk—the loss of critical data can put a corporation out of business. The concern is that the most critical mechanical components inside a HDD storage device—the disk drives, the fans, and the read/write heads—can fail. Thus, organizations now require that their data storage devices be fault tolerant, that is, they can continue with little or no loss of performance if one or more key components fail. In response, disk manufacturers are continually developing new technol- ogies that will improve the performance and reliability of their hard disk drives.
Virtual tape is a storage technology suitable for less frequently needed data. With virtual tape systems, data appears to be stored entirely on tape car- tridges, although some parts might actually be located on faster hard disks. The software associated with a virtual tape system is sometimes called a virtual tape server. Virtual tape can be used with a sophisticated storage- management system that moves data to slower but less costly forms of storage media as people use the data less often. Virtual tape technology can decrease data access time, lower the total cost of ownership, and reduce the amount of floor space consumed by tape operations.
Optical Secondary Storage Devices An optical storage device uses special lasers to read and write data. The lasers record data by physically burning pits in the disc. Data is directly accessed from the disc by an optical disc device, which operates much like a compact disc player. The optical disc device uses a low-power laser that measures the difference in reflected light caused by a pit (or lack thereof) on the disc.
magnetic tape: A type of sequential secondary storage medium, now used primarily for storing backups of critical organizational data in the event of a disaster.
hard disk drive (HDD): A direct access storage device used to store and retrieve data from rapidly rotating disks coated with magnetic material.
virtual tape: A storage device for less frequently needed data. With vir- tual tape systems, data appears to be stored entirely on tape cartridges, although some parts of it might actually be located on faster hard disks.
50 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Compact disc read-only memory (CD-ROM), digital video disc (DVD), and Blu-ray high-definition video disc are different forms of optical storage devices. Scientists are experimenting with more advanced storage technolo- gies, including the use of DNA molecules to store vast amounts of data for long periods of time. One gram of DNA is capable of holding 455 exabytes (one exabyte is equivalent to a billion gigabytes).7 In addition, data could be stored in DNA for thousands of years. It will likely be a decade or more before the technology evolves to the point where DNA data storage is practical.8
Solid State Secondary Storage Devices A solid state storage device (SSD) stores data in memory chips rather than on hard disk drives or optical media. These memory chips require less power and provide much faster data access than magnetic data storage devices. In addition, SSDs have no moving parts, so they are less fragile than hard disk drives. All these factors make the SSD a preferred choice over hard disk drives for mobile computers.
A universal serial bus (USB) flash drive is one example of a commonly used SSD. USB flash drives are external to the computer and are removable and rewritable. Most weigh less than an ounce and can provide a wide range of storage capacity.
Enterprise Storage Options Businesses need to store the large amounts of data created throughout an organization. Such large-scale secondary storage is called enterprise storage with storage area networks (SANs) and cloud computing storage two of the most commonly used forms.
Storage Area Networks A storage area network (SAN) is a high-speed, special-purpose network that integrates different types of data storage devices (e.g., hard disk drives, mag- netic tape, solid state secondary storage devices) into a single storage system and connects that to computing resources across an entire organization. See Figure 2.2. SANs can provide important capabilities such as disk mirroring, data backup and restore, data archiving, data migration from one storage device to another, and the sharing of data among computing devices con- nected to the network.
FIGURE 2.2 Storage area network A SAN provides high-speed con- nections among data storage devices and computers over a network.
Computer 1
Computer 2
Computer 3
Storage device 1
Storage device 2
Storage device 3
Storage area
network
solid state storage device (SSD): A storage device that stores data in memory chips rather than on hard disk drives or optical media.
storage area network (SAN): A high-speed, special-purpose network that integrates different types of data storage devices (e.g., hard disk drives, magnetic tape, solid state secondary storage devices) into a single storage system and connects that to computing resources across an entire organization.
CHAPTER 2 • Hardware and Software 51
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Using a SAN, an organization can centralize the people, policies, proce- dures, and practices for managing storage, and a data storage manager can apply the data consistently across an enterprise. This centralization eliminates inconsistent treatment of data by different system administrators and users, providing efficient and cost-effective data storage practices. SAN manufacturers include EMC, Hitachi Data Systems Corporation, NetApp, Xiotech, and IBM.
Storage as a Service Storage as a service is a data storage model in which a data storage service provider rents space to people and organizations. Users access their rented data storage via the Internet. Such a service enables the users to store and back up their data without requiring a major investment to create and main- tain their own data storage infrastructure. Businesses can also choose pay- per-use services, where they rent space on massive storage devices housed either at a service provider (such as Hewlett-Packard or IBM) or on the custo- mer’s premises, paying only for the amount of storage they use. This approach makes sense for many organizations, especially those with wildly fluctuating storage needs, such as those involved in the testing of new drugs or in developing software.
Increasingly, individuals and organizations expect to be able to access data, documents, databases, presentations, and spreadsheets from anywhere, with any sort of Internet-enabled device, such as a smartphone, tablet, or lap- top. In response to this need, numerous cloud-based storage services have emerged, including Amazon’s Elastic Compute Cloud, Apple iCloud, Dropbox, Google Drive, Microsoft SkyDrive, and Mozy. These services provide data storage at a rate of $2 or less per gigabyte a year.
Social media start-up, Pinterest, operates a photo-sharing Web site where users create personalized boards with visual bookmarks—called pins—that link back to the sites they came from. Individuals and businesses use Pinterest to discover and save creative ideas—or to be discovered by the site’s more than 100 million active users.9 The site’s infrastructure growth is fueled by its user growth, and from the beginning, Pinterest has used Amazon Web Ser- vices, including the Amazon S3 data storage service, where it now stores over 8 billion objects and more than 10 petabytes of data. Pinterest logs approxi- mately 14 terabytes of data each day, and the Amazon S3 service offers the company the scale and flexibility it requires to operate a large and rapidly growing consumer Internet service.10,11,12
Input and Output Devices Input and output devices are the gateways to the computer system—you use them to provide data and instructions to the computer and receive results from it. Input and output devices are part of a computer’s user interface, which includes other hardware devices and software that allow you to interact with a computer system.
As with other computer system components, an organization should keep its business goals in mind when selecting input and output devices. For exam- ple, many restaurant chains use handheld input devices or computerized terminals that let food servers enter orders and transfer them to the kitchen efficiently and accurately. These systems have also cut costs by helping restau- rants track inventory and market to customers.
Data entry and input devices come in many forms. They range from special-purpose devices that capture specific types of data to more general- purpose input devices. Some of the special-purpose data entry and input devices are discussed later in this chapter. First, we focus on devices used to enter and input general types of data, including text, audio, images, and video for personal computers.
storage as a service: A data stor- age model where a data storage ser- vice provider rents space to individuals and organizations.
52 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Common Personal Computer Input Devices A keyboard and a computer mouse are common devices used for entry and input of data, such as characters, text, and basic commands. Some companies manufacture keyboards that are more comfortable, more easily adjusted, and faster to use than standard keyboards. These ergonomic keyboards, such as the split keyboard, are designed to help users avoid wrist and hand injuries caused by hours of typing. Other keyboards include touch pads, which let you enter sketches on the touch pad while still using keys to enter text. See Figure 2.3. A mouse is used to point to and click symbols, icons, menus, and commands on the screen. The computer takes a number of actions in response, such as entering data into the computer system. Wireless mice and keyboards help to keep a physical desktop free from clutter.
Speech-Recognition Technology Using speech-recognition technology, a computer can interpret human speech as an alternative means of providing data or instructions. The most basic systems are designed to support a limited conversation on a fixed topic. For example, your insurance provider may employ a speech-recognition sys- tem to support calls to its billing department. The scope of the conversation is very limited, and the caller is guided to make one of a few possible and very distinct responses. For example, a typical prompt is “Do you wish to inquire about your monthly bill or make a payment?” More advanced systems can recognize continuous speech and convert it to text such as in closed- caption live TV broadcasts, sometimes with amusing results when key words are not properly converted to text.
Nurses at the Hudson Valley Heart Center in Poughkeepsie, New York, now use speech-recognition technology to record all of their patient history and progress notes, physical exam results, and discharge summaries. The soft- ware, which makes use of natural language-processing technology, automati- cally updates the hospital’s electronic health record (EHR) system when a nurse adds new information for a patient. The hospital expects the new sys- tem to cut down on the amount of time nurses spend on documentation (cur- rently estimated at 19 percent of their day, nationally).13
Motion-Sensing Input Devices The major video game makers Microsoft, Nintendo, and Sony all have game controllers based on motion-sensing input devices. These manufacturers hope that their motion-sensing input devices will broaden their user base beyond the typical gamer and increase their market share. However, such input devices may also prove useful in the operation of business information systems.
FIGURE 2.3 Drawing pad and integrated keyboard A drawing pad and integrated keyboard can replace a traditional keyboard and mouse for input. ©
iS to ck ph ot o/ fo to st or m
speech-recognition technology: Input devices that recognize human speech.
CHAPTER 2 • Hardware and Software 53
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Scanning Devices Scanning devices capture image and character data. Both page and handheld scanners can convert monochrome or color pictures, forms, text, and other images into machine-readable digits. Considering that U.S. enterprises gener- ate an estimated 1 billion pieces of paper daily, many companies are looking to scanning devices to help them manage their documents and reduce the high cost of using and processing paper.
Optical Data Readers Individuals and organizations can also use a special scanning device called an optical data reader to scan documents. The two categories of optical data readers are optical mark recognition (OMR) and optical character recognition (OCR). OMR readers are used for tasks such as grading tests and scanning forms. With this technology, pencils are used to fill in bubbles or check boxes on OMR paper, which is also called a “mark sense form.” OMR systems are used in standardized tests, including the SAT and GMAT tests, and to record votes in elections.
In contrast, most OCR readers use reflected light to recognize and scan various machine-generated characters. With special software, OCR readers can also convert handwritten or typed documents into digital data so that it can be shared, modified, and distributed over computer networks to hundreds or thousands of people.
Magnetic Ink Character Recognition (MICR) Devices In the 1950s, the banking industry was becoming swamped with paper checks, loan applications, bank statements, and so on. The result was the development of magnetic ink character recognition (MICR), a system for reading banking data quickly. With MICR, data is placed on the bottom of a check or other form using a special magnetic ink. Using a special character set, data printed with this ink is readable by both people and computers. See Figure 2.4.
Magnetic Stripe Cards A magnetic stripe card stores a limited amount of data by modifying the magnetism of tiny iron-based particles contained in a band on the card. The magnetic stripe is read by physically swiping the card at a terminal. For this reason, such cards are called contact cards. Magnetic stripes are commonly used in credit cards, transportation tickets, and driver’s licenses.
Magnetic stripe technology is being phased out because the magnetic stripe is not a secure place for sensitive consumer information. The magnetic stripes on traditional credit and debit cards store contain unchanging data. Whoever accesses that data gains the sensitive card and cardholder information necessary to make purchases. The data on the stripe can be lifted from an existing card and copied onto a new card and used to make fraudulent purchases. Almost half of the world’s credit card fraud now happens in the United States—even though only a quarter of all credit card transactions happen here.14
An employee of an Apple store in Queens, New York, was arrested and charged with using fraudulent credit cards to buy almost $1 million worth of
FIGURE 2.4 Checks employ MICR to speed processing Magnetic ink character recognition technology codes data on the bot- tom of a check or other form using special magnetic ink, which is read- able by people and computers.
magnetic stripe card: A type of card that stores a limited amount of data by modifying the magnetism of tiny iron-based particles contained in a band on the card.
54 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Apple gift cards. The man sold each $2,000 Apple gift card to a third party for $200. When he was arrested, the alleged fraudster was in possession of more than 50 American Express and Visa gift, debit, and prepaid credit cards with re-encoded magnetic stripes.15
Chip Cards Credit cards with only magnetic stripes are finally being phased out in the United States. After October 1, 2015, a liability shift occurred—merchants who accept payments made via a chip card’s magnetic stripe can continue to do so; however, they must accept responsibility for any fraudulent purchases. This provides a strong incentive for merchants to move to new payment term- inals that accept the chip card.
Credit cards with chips employ the EMV (Europay, Mastercard, Visa) global standard for enabling chip cards to work at point-of-sale systems and automated teller machines. Unlike with magnetic stripe cards, every time an EMV card is used for payment, the card chip creates a unique transaction code that can never be used again. If a hacker somehow steals the chip infor- mation from one specific point of sale, typical card duplication will not work because the stolen transaction number created in that instance is not usable again and the card would just get denied.
Point-of-Sale Devices Point-of-sale (POS) devices are devices used to capture data. They are fre- quently used in retail operations to enter sales information into computer sys- tems. The POS device computes the total charges, including tax. In medical settings, POS devices are often used for remote monitoring in hospitals, clinics, laboratories, doctors’ offices, and patients’ homes. With network-enabled POS equipment, medical professionals can instantly get an update on the patient’s condition from anywhere at any time via a network or the Internet. POS devices use various types of input and output devices, such as keyboards, bar- code readers, scanning devices, printers, and screens. Much of the money that businesses spend on computer technology involves POS devices.
Restaurants, bars, and retail shops are switching from traditional cash reg- isters and costly credit card terminals to simpler devices that plug into smart- phones and tablets. For example, a device called the Square Stand includes a built-in card reader that connects to an iPad and a hub device that connects to accessories, including a cash drawer, receipt printer, and scanner. With this device, a small retailer can have a cash register that keeps track of inven- tory and provides instant sales analysis for the cost of an iPad and $450 for the Square Stand, printer, and cash drawer, plus a per-transaction fee of 2.75 percent. PayPal and Groupon also offer similar devices.16
Automated Teller Machine (ATM) Devices The automated teller machine (ATM), another type of special-purpose input/ output device, is a terminal that bank customers use to perform transactions with their bank accounts. Other types of companies also use various ATM devices, sometimes called kiosks, to support their business processes. Some can dispense tickets, such as for airlines, concerts, and soccer games. Some colleges use them to produce transcripts.
Bar-Code Scanners A bar-code scanner employs a laser scanner to read a bar-coded label and pass the data to a computer. The bar-code reader may be stationary or hand- held to support a wide variety of uses. This form of input is used widely in store checkouts and warehouse inventory control. Bar codes are also used in hospitals, where a nurse scans a patient’s wristband and then a bar code on
point-of-sale (POS) devices: A device used to enter data into a com- puter system.
CHAPTER 2 • Hardware and Software 55
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
the medication about to be administered to prevent medication errors. Several companies have created applications that convert a cell phone camera into a bar-code reader. You can scan a bar code from a print ad, packaging, or label to launch Web sites and buy items with a few clicks.
Radio Frequency Identification (RFID) Devices Radio frequency identification (RFID) is a technology that employs a microchip with an antenna to broadcast its unique identifier and location to receivers. The purpose of an RFID system is to transmit data by a mobile device, called a tag (see Figure 2.5), which is read by an RFID reader and processed according to the needs of a computer program. One popular application of RFID is to place microchips on retail items and install in-store readers that track the inventory on the shelves to determine when shelves should be restocked. The RFID tag chip includes a special form of EPROM memory that holds data about the item to which the tag is attached. A radio frequency signal can update this memory as the status of the item changes. The data transmitted by the tag might provide identification, location informa- tion, or details about the product tagged, such as date of manufacture, retail price, color, or date of purchase.
Target Corporation is slowly rolling out RFID technology in its stores, starting with key vendors in high-priority categories, such as women’s and kids’ apparel and home décor. The retailer will use RFID smart labels attached to price tags in an effort that is expected to help the company improve inven- tory accuracy throughout its supply chain and better fulfill orders placed on its Web site for store pickup.17,18
Pen Input Devices By touching the screen with a pen input device, you can activate a command or cause the computer to perform a task, enter handwritten notes, and draw objects and figures. Pen input requires special software and hardware. Hand- writing recognition software, for example, converts onscreen handwriting into text. Many tablet computers can transform handwriting into typed text and store the “digital ink” just the way a person writes it. People can use a pen to write and send email, add comments to documents, mark up presenta- tions, and even hand draw charts in a document. The data can then be moved, highlighted, searched, and converted into text. If perfected, this inter- face is likely to become widely used. Pen input is especially attractive to peo- ple who are uncomfortable using a keyboard. The success of pen input depends on how accurately and at what cost handwriting can be read and translated into digital form.
FIGURE 2.5 RFID tag An RFID tag is small compared with current bar-code labels used to identify items. ©
iS to ck ph ot o/ al bi n
radio frequency identification (RFID): A technology that employs a microchip with an antenna to broadcast its unique identifier and location to receivers.
56 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Touch Screens Advances in screen technology allow display screens to function as input as well as output devices. By touching certain parts of a touch-sensitive screen, you can start a program or trigger other types of action. Touch screens can remove the need for a keyboard, which conserves space and increases porta- bility. Touch screens are frequently used at gas stations to allow customers to select grades of gas and request a receipt; on photocopy machines for select- ing options; at fast-food restaurants for entering customer choices; at informa- tion centers for finding facts about local eating and drinking establishments; and at amusement parks to provide directions to patrons. They also are used in kiosks at airports and department stores. Touch screens are also being used for gathering votes in elections.
Application developers are busy trying to find ways to take advantage of Apple’s 3D Touch feature, which the company introduced in the fall of 2015 with its iPhone 6s smartphone. 3D Touch uses a pressure-sensitive touch screen that measures how forcefully you press down on the screen. The new feature adds “peek” and “pop” gestures to the tap, swipe, and pinch gestures with which most smartphone users are familiar.19 OpenTable, an online restaurant-reservation and review service, has included 3D Touch features in the latest version of its iPhone apps. Users can 3D Touch the app’s icon to quickly view favorite restaurants and upcoming reservations. Within the app, users can “peek” at a restaurant’s details by pressing lightly on the name of the restaurant in a list of search results. Swiping up offers the ability to instantly see available reservation times, and pressing harder on a restaurant name “pops” a user to the restaurant’s full profile.20
Output Devices Computer systems provide output to decision makers at all levels of an orga- nization, so they can solve a business problem or capitalize on a competitive opportunity. In addition, output from one computer system can provide input into another computer system. The desired form of this output might be visual, audio, or even digital. Whatever the output’s content or form, output devices are designed to provide the right information to the right person in the right format at the right time.
Display Screens The display screen is a device used to show the output from the computer. Today a variety of flat-panel display screens are far lighter and thinner than the traditional cathode-ray tubes (CRTs) associated with early computers. Table 2.2 compares types of flat-panel display screens.
TABLE 2.2 Various types of flat-panel displays Type Description Noteworthy Feature
Liquid crystal display (LCD)
Uses several layers of charged liquid crystals placed between clear plates that are lit from behind by a fluorescent light to create light and images
The viewing angle tends to be worse than that of plasma displays
Light-emitting diode (LED)
An LCD display that uses light-emitting diodes (LEDs) as backlight on the screen rather than a fluorescent lamp
Provides better contrast and lower energy consumption than LCDs
Organic light-emitting diode (OLED)
Functions by exciting organic compounds with electric current to produce bright, sharp images
Does not employ a backlight, which enables improved contrast and lower power consumption than LCD and LED LCD displays
Plasma Uses electricity to excite gas atoms to light up appropriate phosphors on the screen to emit light and color
Performs well in dark conditions but not as well in well-lit rooms
CHAPTER 2 • Hardware and Software 57
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
The quality of a screen image is largely determined by the number of hor- izontal and vertical pixels used to create it. The images shown on your display device are composed of a million or more pixels. Resolution is the total num- ber of pixels contained in the display; the more pixels, the clearer and sharper the image. A common resolution is 2,040 horizontal pixels � 1,536 vertical pixels. The size of the display monitor also affects the quality of the viewing. The same pixel resolution on a small screen is sharper than on a larger screen, where the same number of pixels is spread out over a larger area. Because many users leave their computers on for hours at a time, power usage is an important factor when deciding which type of display to pur- chase. Although power usage varies from model to model, OLED displays are the most energy efficient, with LCD monitors generally consuming between 35 and 50 percent less power than plasma screens.
Printers and Plotters The two main types of printers are laser printers and inkjet printers, and they are available with different speeds, features, and capabilities. Some can be set up to accommodate paper forms, such as blank check forms and invoice forms. Newer printers allow businesses to create full-color, customized, and individualized printed output using standard paper and data input. Ticket- receipt printers, such as those used in restaurants, ATMs, and point-of-sale systems are in wide-scale use.
The speed of a printer is typically measured by the number of pages printed per minute (ppm). Similar to a display screen, the quality, or resolu- tion, of a printer’s output depends on the number of dots printed per inch (dpi). A 600-dpi printer prints more clearly than a 300-dpi printer. A recurring cost of using a printer is the inkjet or laser cartridge that must be replaced periodically—every few thousand pages for laser printers and every 500 to 1000 pages for inkjet printers.
Inkjet printers that can print 10 to 40 ppm for black-and-white output and 5 to 20 ppm for color output are available for less than $175. With an initial cost much less than color laser printers, inkjet printers can print vivid hues and can produce high-quality banners, graphics, greeting cards, letters, text, and photo prints.
Laser printers are generally faster than inkjet printers and can handle a heavier print load volume. A monochrome laser printer can print 25 to 45 ppm and cost anywhere from $200 to $700. Color laser printers can print color pages at a rate of 10 to 35 ppm and are available in a wide range of prices—from $350 to more than $3,500 for a high-quality color laser printer.
Plotters are a type of hard-copy output device used for general design work. Businesses typically use plotters to generate paper or acetate blue- prints, schematics, and drawings of buildings or new products. Standard plot widths are 24 inches and 36 inches, and the length can be whatever meets the need—from a few inches to many feet.
3D Printers 3D printers have created a major breakthrough in how many items will be “manufactured.” See Figure 2.6. 3D printing technology takes a three-dimensional model of an object stored on a computer and sends it to a 3D printer to create the object using strands of a plastic filament or synthetic powder. The fila- ment comes in spools of various colors and is fed through a heated extruder that moves in several directions to place super thin layers on top of each other. The stacks are then bonded together, often using ultraviolet light, to create a 3D object. 3D printers come with a wide range of capabilities in terms of how fast they can build objects and how large of an object they can build. 3D printers for home use typically run $1,000 and up, while commer- cial 3D printers can cost tens of thousands of dollars.21
58 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
3D printing is commonly used by aerospace firms, auto manufacturers, and other design-intensive companies. It is especially valuable during the con- ceptual stage of engineering design when the exact dimensions and material strength of the prototype are not critical. Some architectural design firms are using 3D printers to create full color models of their projects to show clients. Cincinnati Children’s Hospital uses 3D printing to create models of patients’ hearts so that physicians can plan their surgery.22
3D printing can cut costs and reduce the waste and carbon footprint associ- ated with traditional manufacturing. With 3D printing, production and assembly can be local, with no need to ship products thousands of miles to their destina- tion. Only the raw materials needed to create the object—be it carbon fiber, metal powder, plastic filament, or some other substance—are used. Product parts can be replaced using parts manufactured with 3D printing, so the entire product doesn’t have to be disposed of and replaced each time it malfunctions.23
Biomedical engineers are exploring a process called bioprinting, which uses 3D printers to build human parts and organs from actual human cells. For example, bioprinting is being used to create custom breast implants and grafts for cancer patients using the recipient’s own fat and skin cells.24 Regen- erative medicine pioneer Organovo is able to build blood vessels and cardiac tissue via a 3D printer that dispenses cells instead of ink. The firm plans to begin selling 3D printed liver tissue.25
Choosing Your Next Computer You are looking for the latest and greatest portable computer to replace your five-year-old laptop. You will use this computer for both work and personal com- puting tasks—everything from creating documents, spreadsheets, and presenta- tions to surfing the Web and editing videos of your friends and family.
Review Questions 1. You want a computer that is powerful, lightweight, and comes with a long
battery life. How do you make the trade-off among these three parameters? Must you sacrifice in one area to get what you want and the other area?
2. How much and what sort of main memory should you seek?
Critical Thinking Questions 1. What sort of secondary storage devices would most economically meet your needs? 2. Which input and output devices would be most useful to you?
FIGURE 2.6 3D printer 3D print technology is making it possible to print objects ranging from everyday objects to houses. dre
am ni ko n/ iS to ck /G et ty
Im ag es
bioprinting: The use of 3D printers to build human parts and organs from actual human cells.
CHAPTER 2 • Hardware and Software 59
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Computer System Types
General-purpose computer systems can be divided into two major groups: systems used by one user at a time and systems used by multiple concurrent users. Table 2.3 shows the general ranges of capabilities and costs for various types of computer systems.
TABLE 2.3 Types of computer systems Single-user computer systems can be divided into two groups: mobile computers and nonmobile computers.
Single-User Computers
Mobile Computers
Factor Smartphone Laptop Notebook/ Ultrabook Tablet
Cost $150–$1,000 $300–$3,000 $300–$800 $75–$1,500
Weight (pounds)
<0.5 <6 <3 <2
Screen size (inches)
2–5.5 <20 <12 <13
Typical use Combines a cell phone with a handheld com- puter; run apps and text messaging ser- vices; access network and the Internet wirelessly
Run worker pro- ductivity software, access the Internet, play games, listen to music, and watch videos
Smaller version of a laptop, with suffi- cient processing power to run nearly every business application
Capture data at the point of contact, read email, access the Internet, read e-books, view photos, play games, listen to music, and watch videos
Nonmobile Computers
Factor Thin Client (may also be mobile) Desktop Nettop Workstation
Cost $200–$500 $500–$3,000 $150–$350 $1,500–$9,500
Weight (pounds)
<3 20–30 <5 <20–35
Typical use Enter data and access applications via the Internet
Run worker pro- ductivity software, access the Internet, play games, listen to music, and watch videos
Small, limited capac- ity desktop com- puter; performs basic tasks such as Internet surfing, accessing Web-based applica- tions, document pro- cessing, and audio/ video playback
Powerful desktop capable of performing engineering, com- puter aided design, and software develop- ment functions
Multiple-user computer systems include servers, mainframes, and supercomputers.
Multiple-User Computers
Factor Server Mainframe Supercomputer
Cost >$500 >$75,000 >$250,000
Weight (pounds) >25 >100 >100
Typical use Execute network and Internet applications
Execute computing tasks for large organizations and provide massive data storage
Run scientific applications; perform intensive number crunching
60 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Mobile Computers Many computer manufacturers offer a variety of mobile computers small enough to be carried easily. Mobile computers include smartphones, laptops, notebooks, ultrabooks, and tablets.
Smartphones While features and capabilities vary from model to model and manufacturer to manufacturer, with most smartphones you can place calls, download and run apps (e.g., games, a contact list manager, and personal and business finance managers), send and receive text messages and email, view documents and files, take and send photos and videos, get driving directions via GPS, browse Web sites, and create a playlist of digital tunes. Smartphones employ a combi- nation chipset called a system on a chip which includes processor cores, RAM and ROM memory, interface controllers, and voltage regulators. With system on a chip, all the critical components of the smartphone are located in a relatively small area, making the device faster and more energy efficient and reducing assembly costs.
Laptops, Notebooks, and Tablets A laptop is a personal computer designed for use by mobile users, being small and light enough to sit comfortably on a user’s lap. Laptops use a vari- ety of flat-panel technologies to produce lightweight and thin display screens with good resolution. In terms of computing power, laptops can match most desktop computers as they come with powerful CPUs as well as large- capacity primary memory and disk storage. This type of computer is highly popular among students and mobile workers who carry their laptops on trips and to meetings and classes. Most users now prefer a laptop over a desktop because of its portability, lower energy usage, and smaller space requirements.
Numerous mobile computers are smaller than the typical laptop and have various names, including notebook and the even smaller ultrabook. The new- est notebook computers with a natural user interface including both voice control integration and touch screens; high-quality display screens; always on, always connected capabilities; all day battery life; and processing power suffi- cient to run most business applications and games.
Tablets are portable, lightweight computers that can come with or without a keyboard and allow you to roam the office, home, or factory floor, carrying the device like a clipboard. You can enter text with a writing stylus directly on the screen, thanks to built-in handwriting-recognition software. Other input methods include an onscreen keyboard and speech recognition. Tablets that support input only via a writing stylus are called slate computers. The convertible tablet PC comes with a swivel screen and can be used as a traditional notebook or as a pen-based tablet PC. Most new tablets come with a front-facing camera for videoconferencing and a second camera for snapshot photos and videos. Tablets are especially pop- ular with students and gamers. They are also frequently used in the health- care, retail, insurance, and manufacturing industries because of their versatility.
The Apple iPad is a tablet capable of running the same software that runs on the Apple iPhone and iPod touch devices, giving it a library of well over a million applications. It also runs software developed specifically for the iPad. The device supports Internet access over both wireless and cellular networks, and it includes an onscreen keypad, although a physical keyboard can also be attached. Apple offers a variety of iPad models, ranging from the iPad
mobile computers: A computer small enough to carry easily.
system on a chip: A combination chipset which includes processor cores, RAM and ROM memory, inter- face controllers, and voltage regulators.
laptop: A personal computer designed for use by mobile users, being small and light enough to sit comfortably on a user’s lap.
tablets: A portable, lightweight com- puter with no keyboard that allows you to roam the office, home, or factory floor carrying the device like a clipboard.
CHAPTER 2 • Hardware and Software 61
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
mini, which weighs 0.73 pounds and has a 7.9-inch screen, up to the iPad Pro, which weighs 1.5 pounds and has a 12.9-inch screen.
A number of computer companies offer tablets to compete with Apple’s iPad, including the Amazon Fire, the Inspiron and Venue by Dell, the Nexus and Pixel from Google, the Tab 2 and Yoga from Lenovo, the Surface Pro from Microsoft, the Shield from Nvidia, the Tablet S and Xperia from Sony, the Encore and Excite by Toshiba, the Galaxy Tab and Galaxy Note from Sam- sung (see Figure 2.7), and the low-cost (less than $75) Aakash and Ubislate from the India-based company Quad.
Thin Clients, Desktops, and Workstations Nonmobile single-user computers include desktop computers, nettop, and workstations. Thin clients may be mobile or nonmobile.
A thin client is a low-cost, centrally managed computer with no internal or external attached drives for data storage. As stripped-down computers, they do not have the storage capacity or computing power of typical desktop computers, nor do they need it for the role they play. With no hard disk, they never pick up viruses or suffer a hard disk crash. Unlike personal computers, thin clients download data and software from a network when needed, mak- ing support, distribution, and updating of software applications much easier
FIGURE 2.7 Tablet The Samsung Galaxy Note 10.1 Android tablet has a large touch screen and a quad-core processor. ©
iS to ck ph ot o/ m ix m ik e
thin client: A low-cost, centrally managed computer with no internal or external attached drives for data storage.
62 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
and less expensive. Thin clients work well in a cloud-computing environment to enable users to access the computing and data resources available within the cloud. The Chromebook, which runs the Chrome OS operating system, is a highly portable device, is widely used in many schools, and is an example of a portable thin client.
Desktop computers are single-user computer systems that are highly versatile. Named for their size, desktop computers can provide sufficient computing power, memory, and storage for most business computing tasks.
The Apple iMac is a family of Macintosh desktop computers first intro- duced in 1998 in which all the components (including the CPU and the disk drives) fit behind the display screen. Intel’s Core i7 High-end Desktop Proces- sor family of computers has eight cores, 20MB of cache memory, and sup- ports DDR4 memory. The CPU operates at a base clock frequency of 3.0GHz making it a popular choice for gamers.
While desktop, laptop, and tablet computers continue to be used in a variety of settings, smartphones have become the primary device used by people around the world to communicate, go online, and access and share information. For the first time in 2013, the number of smartphone users exceeded the number of personal computer users, and the gap keeps growing, with the number of smartphones sold worldwide far exceeding the combined sale of desktops, laptops, and tablets as shown in Figure 2.8. This rapid growth has been spurred by the improving afford- ability and capability of smartphones, the increasing speed and coverage of wireless networks, longer battery life, and the availability of hundreds of thousands of smartphone applications and games. For many people in developing countries, a smartphone is their first computer and their only Internet-connected device. For those in developed countries, it is common for individuals who do have a computer to also have a smartphone. It is projected that roughly one-third of the world’s population will own a smartphone by 2018.26
A nettop computer is a very small, inexpensive desktop computer typi- cally used for Internet access, email, accessing Web-based applications, docu- ment processing, and audio/video playback. A key feature of nettop computers is that they require perhaps one-tenth the amount of power to operate as a typical desktop computer.
FIGURE 2.8 Millions of computing devices sold worldwide27 The number of smartphones sold worldwide far exceeds the combined number of desktop, laptop, and tablet computers.
2013 2014 2015 2016 2017 Year
1800
M il
li on
s of
u ni
ts s
ol d
1600
1400
1200
1000
800
600
400
200
0
Smartphone Desktop Laptop Tablet
desktop computers: A nonporta- ble computer that fits on a desktop and provides sufficient computing power, memory, and storage for most business computing tasks.
nettop computer: A very small, inexpensive desktop computer typically used for Internet access, email, acces- sing Web-based applications, docu- ment processing, and audio/video playback.
CHAPTER 2 • Hardware and Software 63
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Workstations are more powerful than personal computers but still small enough to fit on a desktop. They are used to support engineering and technical users who perform heavy mathematical computing, computer-assisted design (CAD), video editing, and other applications requiring a high-end processor. Such users need very powerful CPUs, large amounts of main memory, and extremely high-resolution graphic displays. Workstations are typically more expensive than the average desktop com- puter. Some computer manufacturers are now providing laptop versions of their powerful desktop workstations. The Mac Pro is a series of worksta- tion and server computers based on the high-performance Intel Xeon processor.
Larson & Darby Group is an architectural, engineering, interiors, and technology design firm that uses powerful HP Z workstations to run Autodesk AutoCAD and related software. Larson & Darby needs high-performance com- puting to meet the challenging demands of creating 3D models and then ren- dering those models to put design options in front of clients. If the computer hardware runs slowly, then designers must wait for drawings to regenerate when changes are made and this eats into design time. Reliability is also criti- cal. Rendering can take hours on many projects and a hardware failure can mean losing a full day’s worth of work.28
Servers, Mainframes, and Supercomputers Servers, mainframes, and supercomputers are designed to support work- groups from a small department of two or three workers to large organiza- tions with tens of thousands of employees and millions of customers.
A server is a computer employed by many users to perform a specific task, such as running network or Internet applications. While almost any computer can run server operating system and server applications, a server computer usually has special features that make it more suitable for operat- ing in a multiuser environment. These features include greater memory and storage capacities, faster and more efficient communications abilities, and reliable backup capabilities. A Web server is one specifically designed to handle Internet traffic and communications. An enterprise server stores and provides access to programs that meet the needs of an entire organization. A file server stores and coordinates program and data files. Server systems consist of multiuser computers, including supercomputers, mainframes, and other servers.
Servers offer great scalability, the ability to increase the processing capa- bility of a computer system so that it can handle more users, more data, or more transactions in a given period. Scalability is achieved by adding more, or more powerful, processors. Scaling up adds more powerful processors, and scaling out adds many processors to increase the total data-processing capacity.
A mainframe computer is a large, powerful computer shared by dozens or even hundreds of concurrent users connected to the machine over a net- work. Mainframe computers have been the workhorses of corporate comput- ing for more than 50 years. They can support thousands of users simultaneously and can handle all of the core functions of a corporation. Mainframe computers provide the data-processing power and data-storage capacity that enables banks and brokerage firms to deliver new mobile ser- vices, credit card companies to detect identity theft, and government agencies to better serve citizens. Examples of companies using mainframe technology include ADP, which processes payroll for millions of employees at over 610,000 client companies; Mastercard, which manages 2 billion accounts and tracks $4.1 trillion of spending in 150 different currencies in 210 countries
workstations: A more powerful personal computer used for mathemat- ical computing, computer-assisted design, and other high-end processing but still small enough to fit on a desktop.
server: A computer employed by many users to perform a specific task, such as running network or Internet applications.
scalability: The ability to increase the processing capability of a computer system so that it can handle more users, more data, or more transactions in a given period.
mainframe computer: A large, powerful computer often shared by hundreds of concurrent users con- nected to the machine over a network.
64 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
around the world; and UPS, which tracks the route of 18 million packages and documents each day in 200 countries and territories.29,30,31
Supercomputers are the most powerful computers with the fastest pro- cessing speed and highest performance. They are special-purpose machines designed for applications that require extensive and rapid computational capabilities. Originally, supercomputers were used primarily by government agencies to perform the high-speed number crunching needed in weather forecasting, earthquake simulations, climate modeling, nuclear research, study of the origin of matter and the universe, and weapons development and testing. They are now used more broadly for commercial purposes in the life sciences and the manufacture of drugs and new materials. For exam- ple, Procter & Gamble uses supercomputers in the research and develop- ment of many of its leading commercial brands, such as Tide and Pampers, to help develop detergent with more soapsuds and improve the quality of its diapers. And supercomputers are also used to help establish the safety ratings for vehicles sold in the United States. The ratings are based on sophisticated computer simulations, during which supercomputers crunch equations involving many different variables. These computer-generated simulations are combined with data taken from actual crash tests and ana- lyzed to determine safety ratings that many consumers use as one factor in determining which car to buy.
The speed of supercomputers is measured in PetaFLOPS or 1015 floating point operations per second. The fastest supercomputer in the world as of November 2015 is the Tianhe-2 built by the National University of Defense Technology located in Hunan Province, China. It was built at an estimated cost of about $3 billion and is expected to be used for simulations, analysis, and government security applications.32
Upgrading an Organization’s Computers Your organization earns $50 million in annual sales, has 500 employees, and plans to acquire 250 new mobile computers this year along with another 250 next year. The goal is to issue every employee a company-owned computer, which they can use at work and at home. The computers will be loaded with antivirus software and productivity software to meet each employee’s busi- ness needs. Your organization has decided it will purchase the computers from the same manufacturer to obtain a quantity purchase discount. To the extent possible, the goal is to have the same hardware and software for everyone to simplify the troubleshooting and support of the computers. The chief financial officer has asked you to lead a project team to define users’ computer hardware needs and recommend the most cost-effective solution for meeting those needs.
Review Questions 1. Which classes of mobile computers could meet the needs of your
organization? 2. What are the pros and cons of each class of portable computer?
Critical Thinking Questions 1. Who else (role, department) and how many people would you select to be
a member of the team? How would your team go about defining users’ needs?
2. Do you think that only one manufacturer and model of portable computer will meet everyone’s needs, or should you define multiple mobile computers based on the needs of various classes of end user?
supercomputer: The most powerful computer system with the fastest pro- cessing speeds.
CHAPTER 2 • Hardware and Software 65
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Server Farms, Data Centers, and Green Computing
This section will cover three topics that provide a good overview of what the computer industry and various organizations are doing to meet their comput- ing needs in a more efficient and environmentally friendly manner.
Server Farms Often, an organization will house a large number of servers in the same room, where access to the machines can be controlled and authorized support per- sonnel can more easily manage and maintain the servers. Such a facility is called a server farm. Apple, Google, Microsoft, the U.S. government, and many other organizations have built billion-dollar server farms in small rural communities where both land and electricity are cheap.
Server manufacturers are competing heavily to reduce the power required to operate their servers and are making “performance per watt” a key part of their product differentiation strategy. Low power usage is a critical factor for organizations that run server farms made up of hundreds or even thousands of servers. The annual power savings from low-energy usage servers can amount to hundreds of thousands of dollars for operators of a large server farm. Server farm operators are also looking for low-cost, clean, renewable energy sources. For example, Apple runs a server farm in Maiden, North Caro- lina, on 167 million kilowatt hours of power generated from a 100-acre solar energy facility—enough power to operate 17,600 homes for a year.33
A virtual server is an approach to improving hardware utilization by log- ically dividing the resources of a single physical server to create multiple logi- cal servers, each acting as its own dedicated machine, as shown in Figure 2.9. The server on which one or more virtual machines is running is called the host server. Each virtual server is called a virtual machine and includes its own operating system to manage the user interface and control how the vir- tual machine uses the host server’s hardware. The use of virtual servers is growing rapidly.34 In a typical server farm deployment of several hundred ser- vers, companies using virtualization can build 12 virtual machines for every actual server, with a resulting savings in capital and operating expenses (including energy costs) of millions of dollars per year. The hypervisor is a virtual server program that controls the host processor and resources, allo- cates the necessary resources to each virtual system, and ensures that they do not disrupt each other.
Cognizant, an IT, consulting, and business process outsourcing company based in New Jersey, is making use of virtual servers in some of its 100
FIGURE 2.9 Virtual server Virtualization is an approach to improving hardware utilization by logically dividing the resources of a single physical server to create multiple logical servers.
Physical server #1
Virtual server #1
Virtual server #2
Virtual server #3Physical
server #2
Physical server #3
Hypervisor
Without virtualization - Three physical servers
each running at low level of utilization
With virtualization - Single physical server
running at high level of utilization
Single physical server serving as host for 3
virtual servers
server farm: A facility that houses a large number of servers in the same room, where access to the machines can be controlled and authorized sup- port personnel can more easily manage and maintain the servers.
virtual server: A method of logically dividing the resources of a single physical server to create multiple logi- cal servers, each acting as its own dedicated machine.
66 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
development and delivery centers worldwide. At one point, the company had almost 7,000 physical servers, which became unstainable in terms of cost and management time. To address this problem, Cognizant utilized virtual server technology to reduce its number of physical servers by 90 percent. It now runs 8,000 virtual servers, representing 85 percent of its server capacity.35
Data Center A data center is a climate-and-access-controlled building or a set of buildings that houses the computer hardware that delivers an organization’s data and information services.
The rapid growth in the demand for additional computing capacity is causing an explosion in the growth of new and existing data centers. Rack- space is a major cloud-computing service provider that manages over 112,000 servers supporting its more than 300,000 cloud and hosting customers.36 Goo- gle spends on the order of $4 billion a year on building data centers in an attempt to keep up with the burgeoning demand of its existing and new cus- tomers.37 Apple is spending $2 billion to build one data center in Mesa, Ari- zona, to serve as a command center for its global networks.38
Some organizations are consolidating their data centers from many loca- tions down to just a few locations to lower ongoing operating costs—less spending on utilities, property taxes, and labor. General Motors consolidated 23 data center locations into just two, reducing both its operating costs and energy usage.39 The General Accounting Office reports that the federal gov- ernment saved $2 billion between 2011 and 2014 from its data center consoli- dation efforts.40
Traditional data centers consist of warehouse-size buildings filled with row upon row of server racks and powerful air conditioning systems designed to remove dust and humidity from the air and offset the heat generated by the processors. Such data centers can use as much energy as a small city and run up a power bill of millions of dollars per year. Indeed, energy costs can amount to 25 percent of the total cost of operating a data center, with hard- ware expenses and labor costs the other 75 percent.
The ability to absorb the impact of a disaster (e.g., hurricane, earthquake, terrorism attack, or war) and quickly restore services is a critical concern when it comes to the planning for new data centers. As a result, data centers of large information systems service organizations are often distributed among multiple locations in different areas of the country or even different countries to ensure continuous operations in the event of a disaster. If one data center in such an arrangement is affected by a disaster, its work load could be redirected to one or more of the distributed data centers not affected. IBM offers an extreme example of distributed data centers. Since 2009, IBM has opened nine data centers in Brazil, Mexico, Costa Rica, Chile, Colombia, Peru, and Uruguay to ensure around-the-clock services to its Latin American customers. Globally, IBM has more than 400 widely distributed data centers to meet the needs of its customers.41 In addition to the distribu- tion strategy, most data centers have implemented some form of backup gen- erator or uninterruptible power supply in the event that the local power provider fails.
Green Computing Electronic devices such as computer hardware and smartphones contain hun- dreds or even thousands of components. The components, in turn, are com- posed of many different materials, including some that are known to be potentially harmful to humans and the environment, such as beryllium, cad- mium, lead, mercury, brominated flame retardants (BFRs), selenium, and polyvinyl chloride.42 Electronics manufacturing employees and workers at all
data center: A climate- and-access-controlled building or a set of buildings that houses the computer hardware that delivers an organiza- tion’s data and information services.
CHAPTER 2 • Hardware and Software 67
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
steps along the supply chain and manufacturing process are at risk of unhealthy exposure to these raw materials. Users of these products can also be exposed to these materials when using poorly designed or improperly manufactured devices. Care must also be taken when recycling or destroying these devices to avoid contaminating the environment.
Green computing is concerned with the efficient and environmentally responsible design, manufacture, operation, and disposal of IS-related pro- ducts, including all types of computing devices (from smartphones to super- computers), printers, printer materials such as cartridges and toner, and storage devices. Many business organizations recognize that going green is in their best interests in terms of public relations, safety of employees, and the community at large. They also recognize that green computing presents an opportunity to substantially reduce total costs over the life cycle of their IS equipment. Green computing has three goals: reduce the use of hazardous material, allow companies to lower their power-related costs, and enable the safe disposal or recycling of computers and computer-related equipment.
Because it is impossible for manufacturers to ensure safe recycling or dis- posal, the best practice would be for them to eliminate the use of toxic sub- stances, particularly since recycling of used computers, monitors, and printers has raised concerns about toxicity and carcinogenicity of some of the sub- stances. However, until manufacturers stop using these toxic substances, safe disposal and reclamation operations must be carried out carefully to avoid exposure in recycling operations and leaching of materials, such as heavy metals, from landfills and incinerator ashes. In many cases, recycling compa- nies export large quantities of used electronics to companies in undeveloped countries. Unfortunately, many of these countries do not have strong environ- mental laws, and they sometimes fail to recognize the potential dangers of dealing with hazardous materials. In their defense, these countries point out that the United States and other first-world countries were allowed to develop robust economies and rise up out of poverty without the restrictions of strict environmental policies.
Electronic Product Environmental Assessment Tool (EPEAT) is a sys- tem that enables purchasers of electronic products to evaluate, compare, and select products based on a set of environmental criteria. EPEAT was first implemented in 2006 with Computer and Displays (IEEE 1680.1 standard) and has now expanded to Imaging Equipment, under the IEEE 1680.2 stan- dard from January 2013. Products are ranked in EPEAT according to three tiers of environmental performance: bronze, silver, and gold. See Table 2.4.43
Individual purchasers as well as corporate purchasers of computers, printers, scanners, and multifunction devices can use the EPEAT Web site (www.epeat .net) to screen manufacturers and models based on environmental attributes.44
Computer manufacturers such as Apple, Dell, and Hewlett-Packard have long competed on the basis of price and performance. As the difference among the manufacturers in these two arenas narrows, support for green computing is emerging as a new business strategy for these companies to dis- tinguish themselves from the competition. Apple claims to have the “greenest
TABLE 2.4 EPEAT product tiers for computers
Tier Number of Required Criteria That Must Be Met
Number of Optional Criteria That Must Be Met
Bronze All 23 None
Silver All 23 At least 50%
Gold All 23 At least 75%
green computing: A program con- cerned with the efficient and environ- mentally responsible design, manufacture, operation, and disposal of IS-related products.
Electronic Product Environmental Assessment Tool (EPEAT): A system that enables purchasers to evaluate, com- pare, and select electronic products based on a set of environmental criteria.
68 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
lineup of notebooks” and is making progress at removing toxic chemicals from its manufacturing process. Dell is focused on becoming “the greenest technology company on Earth.” Hewlett-Packard often highlights its long tra- dition of environmentalism and is improving its packaging to reduce the use of materials. It is also urging computer users around the world to shut down their computers at the end of the day to save energy and reduce carbon emissions.
Moving to Green Computing Your organization is a leader in the development of renewable energy sources based on enhanced geothermal systems and is viewed as a champion in the fight to reduce carbon emissions. The organization employs over 25,000 people world- wide and operates three global data centers, one each in the United States, Eur- ope, and Southeast Asia. The CEO has asked all her C level executives for input on a proposed strategy to become a leader in green computing.
Review Questions 1. In what ways is a move toward green computing consistent with your organi-
zation’s mission of developing renewable energy sources? 2. One green computing proposal is to consolidate the three data centers into
one. Discuss the pros and cons of this approach.
Critical Thinking Questions 1. Identify two additional tactics the organization might take to accelerate its
move toward green computing? 2. Identify the pros and cons or any issues associated with your proposed tactics.
An Overview of Software
Software consists of computer programs that control the workings of com- puter hardware. Software can be divided into two types: systems software and application software. System software includes operating systems, utili- ties, and middleware that coordinate the activities and functions of the hard- ware and other programs throughout the computer system. Application software consists of programs that help users solve particular computing pro- blems. Examples include a spreadsheet program or a program that captures and displays data that enables monitoring of a manufacturing process.
The effective use of software can have a profound impact on individuals and organizations. It can make the difference between profits and losses and between financial health and bankruptcy. Globally, spending on software now exceeds other categories of IT expenditures, including spending on com- puter hardware. This is far different from when computers first were avail- able; software was given away and customers paid only for the hardware.45
Indeed, the software industry was born in 1969 when IBM decided to unbundle—and charge customers separately for—its software and services. Although business computers had been in use since the mid-1950s, hardware manufacturers had previously bundled software with their hardware without charging separately for it.
Software Sphere of Influence Every organization relies on the contributions of individuals and groups across the enterprise to achieve its business objectives. One useful way of classifying the many potential uses of information systems is to identify the
system software: Software that includes operating systems, utilities, and middleware that coordinate the activities and functions of the hardware and other programs throughout the computer system.
application software: Programs that help users solve particular com- puting problems.
CHAPTER 2 • Hardware and Software 69
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
scope of the problems and opportunities that the software addresses. This scope is called the sphere of influence and includes the personal, work- group, and enterprise spheres of influence. Table 2.5 shows how various kinds of software support these three spheres.
Information systems that operate within the personal sphere of influence serve the needs of individual users. These information systems help users improve their personal effectiveness, increasing the amount and quality of work they can do. Such software is often called personal productivity soft- ware. For example, VIP Organizer is personal productivity software designed to help users develop to do lists, categorize tasks, keep notes and records in a single database, report on performance, and set deadlines and priorities.46
When two or more people work together to achieve a common goal, they form a workgroup. Workgroups include large, formal, permanent organiza- tional entities, such as sections or departments, as well as temporary groups formed to complete a specific project. An information system in the workgroup sphere of influence helps workgroup members attain their com- mon goals. IBM Notes is an application in the workgroup sphere of influence that provides collaboration features such as team calendars, email, to-do lists, contact management, discussion forums, file sharing, microblogging, instant messaging, blogs, and user directories.47 JGC Corporation is an engineering construction company with operations in more than 70 different countries. Many of its projects cost over $15 billion, last for 10 years or more, and involve hundreds of partner companies. JGC employs IBM Notes to coordi- nate the work of project teams and relay information about project status, changes in work plans, and other critical information.48
Information systems that operate within the enterprise sphere of influence support an organization in its interactions with its environment, including customers, suppliers, shareholders, competitors, special-interest groups, the financial community, and government agencies. The enterprise sphere of influence for a company might include business partners such as suppliers that provide raw materials, retail companies that store and sell a company’s products, and shipping companies that transport raw materials to the plant and finished goods to retail outlets. Many organizations use SAP enterprise resource planning software to capture customer orders, manage inventory, plan and ship customer orders, bill customers, and manage accounts payable and accounts receivable.
Establishing a Corporate App Store You are a new hire in the finance organization of a large retail firm. You are amazed to see the number of different software applications (apps) employed by your coworkers, who use them for everything from maintaining personal
TABLE 2.5 Software supporting individuals, workgroups, and enterprises Software Type Personal Workgroup Enterprise
Systems software Smartphone, tablet, personal computer, and workstation operating systems
Network operating systems Server and mainframe operating systems
Application software
Word-processing, spreadsheet, database, and graphics programs
Email, group-scheduling, shared-work, and collabo- ration applications
General-ledger, order- entry, payroll, and human- resources applications
sphere of influence: The scope of the problems and opportunities that the software addresses.
personal sphere of influence: The sphere of influence that serves the needs of an individual user.
personal productivity software: Software that enables users to improve their personal effectiveness, increasing the amount of work and quality of work they can do.
workgroup sphere of influence: The sphere of influence that helps workgroup members attain their com- mon goals
enterprise sphere of influence: The sphere of influence that serves the needs of an organization in its interac- tions with its environment.
70 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
calendars to calculating the rate of return on projects to forecasting sales and financial data. It seems that everyone has a favorite app for doing each of these tasks. For example, in the few weeks you have been here, you identified over half a dozen different apps that are being used to calculate the rate of return on projects and investments. Your coworkers download these apps from the Internet or build them using spreadsheet software. You previously worked as an intern at another large retailer that had established a corporate app store, which employees accessed to download corporate-approved apps that had been vetted and recom- mended for use for specific tasks. You wonder if such an approach should be implemented at your current employer.
Review Questions 1. Give an example of two tasks that an employee in the finance organization of
this retail firm might perform that would have an impact restricted to their own personal sphere of influence.
2. Identify two tasks that an employee might perform that would have an impact on the workgroup and two that would have an impact on the enterprise sphere of influence.
Critical Thinking Questions 1. What risks are associated with letting employees use their favorite app to per-
form various tasks? Are these risks associated with tasks in the personal, workgroup, or enterprise sphere of influence?
2. Can you identify some advantages and disadvantages of establishing a corpo- rate app store?
Systems Software
The primary role of system software is to control the operations of computer hardware. System software also supports the problem-solving capabilities of application programs. System software can be divided into three types: oper- ating systems, utility programs, and middleware.
Operating Systems An operating system (OS) is a set of programs that controls a computer’s hardware and acts as an interface with application software; see Figure 2.10. An operating system can control one or more computers, or it can allow mul- tiple users to interact with one computer. The various combinations of OSs, computers, and users include the following:
● Single computer with a single user. This system is commonly used in per- sonal computers, tablets, and smartphones that support one user at a time. Examples of OSs for this setup include Microsoft Windows, Mac OS X, and Google Android.
● Single computer with multiple simultaneous users. This type of system is used in larger server or mainframe computers that support hundreds or thousands of people, all using the computer at the same time. Examples of OSs that support this kind of system include UNIX, z/OS, and HP-UX.
● Multiple computers with multiple users. This type of system is used in computer networks, including home networks with several computers attached as well as large computer networks with hundreds of computers attached, supporting many users, who may be located around the world. Network server OSs include Red Hat Enterprise Linux Server, Windows Server, and Mac OS X Server.
operating system (OS): A set of computer programs that controls the computer hardware and acts as an interface to application software.
CHAPTER 2 • Hardware and Software 71
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
● Special-purpose computers. This type of system is typical of a number of computers with specialized functions, such as those that control sophisti- cated military aircraft, digital cameras, or home appliances. Examples of OSs designed for these purposes include Windows Embedded, Symbian, and some distributions of Linux.
The OS, which plays a central role in the functioning of a computer sys- tem, is usually stored on a hard drive in general-purpose computers and in solid state memory on mobile computers such as tablets and smartphones. After you start, or boot up, a computer system, the kernel of the OS is loaded into primary storage and remains there for as long as the computer is pow- ered on. The kernel, as its name suggests, is the heart of the OS and controls its most critical processes. The kernel ties all of the OS components together and regulates other programs.
Other portions of the OS are transferred to memory as the system needs them. OS developers are continually working to shorten the time required to boot devices after they are shut down and to wake devices from sleep mode.
Functions Performed by the Operating System The programs that make up the OS perform a variety of activities, including the following:
● Control common computer hardware functions ● Provide a user interface and manage input/output ● Provide a degree of hardware independence ● Manage system memory ● Manage processing tasks ● Provide networking capability ● Control access to system resources ● Manage files
Common Hardware Functions The OS enables applications to perform a variety of hardware-related tasks, such as the following:
● Get input from the keyboard or another input device ● Retrieve data from disks ● Store data on disks ● Display information on a monitor or printer
FIGURE 2.10 Role of operating systems The role of the operating system is to act as an interface between appli- cation software and hardware.
User interface
Application program interface
Operating system kernel and utilities
Hardware drivers
Hardware
kernel: The heart of the operating system that controls the most critical processes of the OS.
72 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Each of these tasks requires a detailed set of instructions. The OS converts a basic request into instructions that the hardware can process. In effect, the OS acts as an intermediary between the application and the hardware. The OS uses special software (called hardware drivers) provided by device manu- facturers to communicate with and control a device. Hardware drivers are typ- ically downloaded from the device manufacturer’s Web site or read from an installation DVD and installed when the hardware is first connected to the computer system.
User Interface and Input/Output Management One of the most important func- tions of any OS is providing a user interface, which allows people to access and interact with the computer system. The first user interfaces for mainframe and personal computer systems were command based. A command-based user interface requires you to give text commands to the computer to per- form basic activities. For example, the command ERASE 00TAXRTN would cause the computer to erase a file named 00TAXRTN. Today’s systems engi- neers and administrators often use a command-based user interface to control the low-level functioning of computer systems. Most modern OSs (including those with graphical user interfaces, such as Windows) provide a way to inter- act with the system through a command line. See Figure 2.4.
A graphical user interface (GUI) displays pictures (called icons) and menus that people use to send commands to the computer system. GUIs are more intuitive to use than command-based interfaces because they try to anticipate the user’s needs and they provide easy-to-recognize options. Micro- soft Windows is one popular operating system with a GUI. As the name sug- gests, Windows is based on the use of a window, or a portion of the display screen dedicated to a specific application. The screen can display several win- dows at once.
Recent technologies allow people to use touch screens and spoken com- mands. Today’s mobile devices and some PCs, for example, use a touch user interface—also called a natural user interface (NUI) or multitouch interface.
Microsoft and other operating system manufacturers have developed voice- command computer control software. Microsoft employs a special programming
FIGURE 2.11 Command-based and graphical user interfaces A Windows file system viewed with a GUI (a) and from the command prompt (b).
(a)
(b) M ic ro so ft pr od uc t sc re en sh ot s us ed
w ith
pe rm is si on
fr om
M ic ro so ft Co rp or at io n
user interface: The element of the operating system that allows people to access and interact with the computer system.
command-based user interface: A user interface that requires you to give text commands to the computer to perform basic activities.
graphical user interface (GUI): An interface that displays pictures (icons) and menus that people use to send commands to the computer system.
CHAPTER 2 • Hardware and Software 73
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
language called Speech Application Program Interface (SAPI) to associate your voice commands with specific actions performed by the computer. Apple’s OpenEars makes it simple for you to add speech recognition and text to speech to your iPhone, iPad, or iPod. Siri, the personal assistant that acts as an app on the Apple iOS operating system, uses a natural language user interface to answer questions. Adacel is a company that develops advanced simulation and control systems for aviation and defense. It is working on a voice-activated control sys- tem to operate the display system on aircrafts.
Some operating systems provide sight interfaces that enable a computer to perform different commands or operations depending on where a person is looking on the screen. Some companies are also experimenting with sen- sors attached to the human brain (brain interfaces) that can detect brain waves and control a computer as a result. Sight and brain interfaces can be very helpful to disabled individuals.
Hardware Independence An application programming interface (API) is a set of programming instructions and standards that enable one software pro- gram to access and use the services of another software program. An API pro- vides a software-to-software interface, not a user interface. The API also provides software developers tools that allow them to build application soft- ware without needing to understand the inner workings of the OS and hard- ware. Software applications are designed to run on a particular OS by using the operating system’s
Memory Management The OS also controls how memory is accessed, maxi- mizing the use of available memory and storage to provide optimum effi- ciency. The memory-management feature of many OSs allows the computer to execute program instructions effectively and to speed processing. One way to increase the performance of an old computer is to upgrade to a newer OS and increase the amount of memory.
Most OSs support virtual memory, which allocates space on the hard disk to supplement the immediate, functional memory capacity of RAM. Virtual memory works by swapping programs or parts of programs between memory and one or more disk devices—a concept called paging. This procedure reduces CPU idle time and increases the number of jobs that can run in a given time span.
Processing Tasks Operating systems use the following five basic approaches to task management to increase the amount of processing that can be accom- plished in a given amount of time:
● Multiuser. Allows two or more users to run programs at the same time on the same computer. Some operating systems permit hundreds or even thousands of concurrent users. The ability of the computer to handle an increasing number of concurrent users smoothly is called scalability.
● Multiprocessing. Supports running a program on more than one CPU. ● Multitasking. Allows more than one program to run concurrently. ● Multithreading. Allows different threads of a single program to run con-
currently. A thread is a set of instructions within an application that is independent of other threads. For example, in a spreadsheet program, the thread to open the workbook is separate from the thread to sum a col- umn of figures.
● Real time. Responds to input instantly. To do this, the operating system task scheduler can stop any task at any point in its execution if it deter- mines that another higher priority task needs to run immediately. Real- time operating systems are used to control the operation of jet engines, the deployment of air bags, and the operation of antilock braking systems—among other uses.
application programming interface (API): A set of programming instructions and standards that enables one software program to access and use the services of another software program.
74 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Not all operating systems employ all these approaches to task manage- ment. For example, the general-purpose operating systems with which we are most familiar (e.g., Windows, Mac OS, and Linux) cannot support real-time processing.
Networking Capability Most operating systems include networking capabilities so that computers can join together in a network to send and receive data and share computing resources. Operating systems for larger server compu- ters are designed specifically for computer networking environments.
Access to System Resources and Security Because computers often handle sen- sitive data that can be accessed over networks, the OS needs to provide a high level of security against unauthorized access to the users’ data and pro- grams. Typically, the OS establishes a logon procedure that requires users to enter an identification code, such as a user name, and a password. Operating systems may also control what system resources a user may access. When a user successfully logs on to the system, the OS permits access to only the por- tions of the system for which the user has been authorized. The OS records who is using the system and for how long, and it reports any attempted breaches of security.
File Management The OS manages files to ensure that files in secondary stor- age are available when needed and that they are protected from access by unauthorized users. Many computers support multiple users who store files on centrally located disks or tape drives. The OS keeps track of where each file is stored and who is cleared to access them.
Current Operating Systems Today’s operating systems incorporate sophisticated features and impressive graphic effects. Table 2.6 classifies a few current operating systems by sphere of influence.
From time to time, software manufacturers drop support for older operat- ing systems—meaning that although computers and software running under these operating system will continue to run, the operating system manufac- turer will no longer provide security fixes and updates. Without such patches, the users’ computers are more susceptible to being infected by viruses and malware. For example, Google announced that in 2016 it would be ending its support for its Chrome browser on Windows XP and Vista as well as on Mac OS X 10.6, 10.7, and 10.8. Google chose to drop support for these operating systems because they are no longer actively supported by Microsoft and Apple, respectively.49
TABLE 2.6 Operating systems by sphere of influence Personal Workgroup Enterprise
Microsoft Windows Microsoft Windows Server Microsoft Windows Server
Mac OS X, iOS Mac OS X Server
Linux Linux Linux
Google Android, Chrome OS
UNIX UNIX
HP webOS HP-UX HP-UX
IBM i and z/OS IBM i and z/OS
CHAPTER 2 • Hardware and Software 75
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Personal Computing Operating Systems This section summarizes information about several operating systems that are found on personal computers, portable computers, and mobile devices.
Microsoft PC Operating Systems In 1980, executives from IBM approached Microsoft’s Bill Gates regarding the creation of an operating system for IBM’s first personal computer. That operating system, which was ultimately called Microsoft Disk Operating System (MS-DOS), was based on Microsoft’s pur- chase of the Quick and Dirty Operating System (QDOS) written by Tim Pater- son of Seattle Computer Products. Microsoft bought the rights to QDOS for $50,000. QDOS, in turn, was based on Gary Kildall’s Control Program for Microcomputers (CP/M). As part of its agreement with Microsoft, IBM allowed Microsoft to retain the rights to MS-DOS and to market MS-DOS separately from the IBM personal computer. The rest is history, with Gates and Microsoft earning a fortune from the licensing of MS-DOS and its descendants.50 MS- DOS, which had a command-based interface that was difficult to learn and use, eventually gave way to the more user-friendly Windows operating sys- tem, which opened the PC market to everyday users. See Figure 2.12.
With its launch of Windows 10, Microsoft announced that it is moving away from its usual practice of releasing major new versions of its Windows operating system every few years. Instead, the company will be providing ongoing, incremental upgrades and improvements, rolled out automatically, perhaps as often as monthly for individual consumers. Organizations, whose information systems professionals desire minimal change in order to ensure reliable operations of corporate applications, may elect to opt out of such fre- quent updates. Microsoft hopes that the automatic, rapid update cycle will force users to stay current and discontinue use of older operating systems. One benefit of this approach is that it will allow Microsoft to gradually shift some of its resources away from updating and maintaining earlier versions of Windows. Ideally, those resources will instead be refocused on efforts to improve Windows 10. Microsoft also plans to make Windows 10 a common platform with a single app store for any machine—smartphone, laptop,
FIGURE 2.12 Microsoft Windows 10 Windows 10 brings back the familiar Start menu, replaces the Explorer browser with the Edge browser, and provides the Cortana personal assistant. Mi
cr os of t pr od uc t sc re en sh ot s us ed
w ith
pe rm is si on
fr om
M ic ro so ft Co rp or at io n
Cr ed it:
om ih ay /S hu tt er st oc k. co m
76 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
desktop, xBox game station, etc. (with variations to allow for differing screen sizes and uses).51
Apple Computer Operating Systems In July 2001, Mac OS X was released as an entirely new operating system for the Mac. Based on the UNIX operating sys- tem, Mac OS X included a new user interface with luminous and semi- transparent elements, such as buttons, scroll bars, and windows along with fluid animation to enhance the user’s experience.
Since its first release, Apple has upgraded OS X multiple times. OS X 10.11 El Capitan is Apple’s latest operating system. See Figure 2.13. It offers enhanced security features as well as the ability to launch the iBooks app, and books you’ve already downloaded to your iPad, iPhone, or iPod Touch will appear in your library. Directions, bookmarks, and recent searches are automatically passed on to all your iOS devices, and you can now use natural language when using the Spotlight search feature (e.g., “spreadsheet I worked on yesterday”). The new Split View feature automatically positions two app windows side by side in full screen so you can work with both apps at the same time. Power-saving technology enables you to browse longer, and upgraded graphics-rendering technology has improved overall system perfor- mance compared to previous versions.52
Because Mac OS X runs on Intel processors, Mac users can set up their computers to run both Windows and Mac OS X and select the platform they want to work with when they boot their computers. Such an arrangement is called dual booting. While Macs can dual boot into Windows, the opposite is not true. OS X cannot be run on any machine other than an Apple device. However, Windows PCs can dual boot with Linux and other OSs.
Linux Linux is an OS developed in 1991 by Linus Torvalds as a student in Finland. The OS is distributed under the GNU General Public License, and its source code is freely available to everyone. It is, therefore, called an open- source operating system.
Individuals and organizations can use the open-source Linux code to cre- ate their own distribution (flavor) of Linux. A distribution consists of the Linux kernel (the core of the operating system)—which controls the hard- ware, manages files, separates processes, and performs other basic
FIGURE 2.13 Mac OS X El Capitan El Capitan incorporates many fea- tures of Apple’s mobile devices into its desktop operating system. ©
A pp le , In c.
CHAPTER 2 • Hardware and Software 77
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
functions—along with other software. This other software defines the terminal interface and available commands, produces the graphical user interface, and provides other useful utility programs. A Linux distributor takes all the code for these programs and combines it into a single operating system that can be installed on a computer. The distributor may also add finishing touches that determine how the desktop looks like, what color schemes and character sets are displayed, and what browser and other optional software are included with the operating system. Typically, the distribution is “optimized” to per- form in a particular environment, such as for a desktop computer, server, or TV cable box controller.
More than 100 distributions of Linux have been created.53 Many distribu- tions are available as free downloads. Three of the most widely used distribu- tions come from software companies Red Hat, SUSE, and Canonical. Although the Linux kernel is free software, both Red Hat and SUSE produce retail ver- sions of the operating system that earn them revenues through distribution and service of the software. openSUSE is the distribution sponsored by SUSE. See Figure 2.14.
Google Chrome Over the years, Google has extended its reach beyond its popular search engine (Google) to offer application software (Google Docs), email services (Gmail), a mobile operating system (Android), Web browser (Chrome), and, more recently, a PC operating system—Chrome OS.
Chrome OS is a Linux-based operating system for notebooks and desktop PCs primarily used to access Web-based information and services such as email, Web browsing, social networks, and Google online applications. The OS is designed to run on inexpensive low-power computers. Chrome OS for personal computers is designed to start fast and provide quick access to appli- cations through the Internet. An open-source version of Chrome OS, named Chromium OS, was made available at the end of 2009. Because it is open- source software, developers can customize the source code to run on different platforms, incorporating unique features.
Workgroup Operating Systems To keep pace with user demands, business technology must be able to sup- port an environment in which network usage, data storage requirements, and data-processing speeds are increasing at a dramatic rate. Powerful and
FIGURE 2.14 openSUSE operating system openSUSE is a distribution of Linux available as a free download. Co
ur te sy
of op en SU
SE
78 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
sophisticated operating systems are needed to run the servers that meet these business needs for workgroups.
Windows Server Microsoft designed Windows Server to perform a host of tasks that are vital for Web sites and corporate Web applications. For exam- ple, Microsoft Windows Server can be used to coordinate and manage large data centers. Windows Server delivers benefits such as a powerful Web server management system, virtualization tools that allow various operating systems to run on a single server, advanced security features, and robust administra- tive support. Windows Home Server allows individuals to connect multiple PCs, storage devices, printers, and other devices into a home network. Win- dows Home Servers provides a convenient way for home users to store and manage photos, video, music, and other digital content. It also provides backup and data recovery functions.
UNIX UNIX is a powerful OS originally developed by AT&T for minicomputers— the predecessors of servers, which were larger than PCs and smaller than mainframes. UNIX can be used on many computer system types and plat- forms, including workstations, servers, and mainframe computers. UNIX also makes it easy to move programs and data among computers or to connect mainframes and workstations to share resources. There are many variants of UNIX, including HP-UX from Hewlett-Packard, AIX from IBM, and Solaris from Oracle. The UNIX platform (a computer capable of running the UNIX operating system plus the operating system itself) is considered a high-cost platform compared to Linux and Windows Server.
Red Hat Linux Red Hat Software offers Red Hat Enterprise Linux Server, an operating system that is very efficient at serving Web pages and can manage a cluster of several servers. Distributions such as Red Hat have proven Linux to be a very stable and efficient OS. Red Hat Enterprise Virtualization (RHEV) software provides virtualization capabilities for servers and desktop compu- ters to enable the hardware to run more than one operating system. See Figure 2.15.
Casio is a multinational electronics manufacturing company headquar- tered in Japan. Its products include calculators, mobile phones, cameras, musical instruments, and watches. Casio migrated to RHEV, and its virtual ser- vers now use only 60 percent of the resources used by physical servers. The firm has also been able to ensure that in the event of a server failure, other servers will have the capacity to pick up the load without a serious effect on the entire system.54
Mac OS X Server The Mac OS X Server is the first modern server OS from Apple Computer, and it is based on the UNIX OS. Designed for OS X and iOS, OS X Server makes it easy to collaborate, develop software, host Web sites and wikis, configure Mac and iOS devices, and remotely access a net- work. Smartphone users running iOS can now open, edit, and save docu- ments on OS X Server.
Enterprise Operating Systems Mainframe computers, often referred to as “Big Iron,” provide the computing and storage capacity required for massive data-processing environments, and they provide systems that can support many users while delivering high per- formance and excellent system availability, strong security, and scalability. A wide range of application software has been developed to run in the main- frame environment, making it possible to purchase software to address almost any business problem. Examples of mainframe OSs include z/OS from IBM, HP-UX from Hewlett-Packard, and Linux. The z/OS is IBM’s first 64-bit
CHAPTER 2 • Hardware and Software 79
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
enterprise OS and is capable of handling very heavy workloads, including serving thousands of concurrent users and running an organization’s critical applications. (The z stands for zero downtime.)
Smartphone Operating Systems Smartphones now employ full-fledged personal computer operating systems such as the Google Android and Apple iOS that determine the functionality of your phone and the applications that you can run. The Google Android oper- ating system dominates the global smartphone market with roughly an 80 percent market share compared to about 14 percent for the Apple iOS operat- ing system.55
Embedded Operating Systems An embedded system is a computer system (including some sort of proces- sor) that is implanted in and dedicated to the control of another device. Embedded systems control many devices in common use today, including TV cable boxes, smartphones, digital watches, digital cameras, MP3 players, cal- culators, microwave ovens, washing machines, and traffic lights. The typical car contains many embedded systems, including those that control antilock brakes, air bag deployment, fuel injection, active suspension devices, trans- mission control, and cruise control. A global positioning system (GPS) device uses an embedded system to help people find their way around town or more remote areas. See Figure 2.16.
FIGURE 2.15 Red Hat Linux Red Hat Enterprise Virtualization (RHEV) software provides virtualization capabilities for servers and desktop computers. ww
w .r e d h a t. c o m
embedded system: A computer system (including some sort of proces- sor) that is implanted in and dedicated to the control of another device.
80 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Because embedded systems are usually designed for a specific purpose in a specific device, they are usually proprietary or custom-created and owned by the manufacturer. Linux is a popular choice for embedded sys- tems because it is free and highly configurable. It has been used in many embedded systems, including e-book readers, ATMs, smartphones, network- ing devices, and media players. Windows Embedded is a family of Microsoft operating systems included with or embedded into TV set-top boxes, auto- mated industrial machines, media players, medical devices, digital cameras, PDAs, GPS receivers, ATMs, gaming devices, and business devices such as cash registers.
Utility Programs A utility program performs a variety of tasks typically related to system maintenance or problem correction. For example, there are utility programs designed to merge and sort sets of data, keep track of computer jobs being run, compress data files before they are stored or transmitted over a network (thus saving space and time), and perform other important tasks.
Just as your car engine runs best if it has regular tune-ups, computers also need regular maintenance to ensure optimal performance. Over time, your computer’s performance can start to diminish as system errors occur, files clutter your hard drive, and security vulnerabilities materialize. Sysinternals Suite is a collection of Windows utilities that can be downloaded for free from the Microsoft Technet Web site. These utilities can be used to boost the performance of a slow PC, repair errors in the registry and on a hard drive, remove unnecessary files, improve system security and privacy, and optimize sluggish system processes as shown in Figure 2.17.56
Middleware Middleware is software that provides messaging services that allow different applications to communicate and exchange data. This systematic tying together of disparate applications, often through the use of middleware, is known as enterprise application integration (EAI). It is implemented to address situations in which a company acquires different types of information
FIGURE 2.16 GPS devices use embedded operating systems A GPS device uses an embedded system to acquire information from satellites, display your current location on a map, and direct you to your destination.
utility program: A program that helps to perform maintenance or cor- rect problems with a computer system.
middleware: Software that allows various systems to communicate and exchange data.
enterprise application integration (EAI): The systematic tying together of disparate applications so that they can communicate.
CHAPTER 2 • Hardware and Software 81
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
systems—often through mergers, acquisitions, or expansion—that need to share data and interact. Middleware can also serve as an interface between the Internet and private corporate systems. For example, it can be used to transfer a request for information from a corporate customer on the company Web site to a traditional database on a mainframe computer and to return the results of that information request to the customer on the Internet.
The use of middleware to connect disparate systems has evolved into an approach for developing software and systems called SOA. Service-oriented architecture (SOA) is a software design approach based on the use of dis- crete pieces of software (modules) to provide specific functions (such as dis- playing a customer’s bill statement) as services to other applications. Each module is built in such a way that ensures that the service it provides can exchange information with any other service without human interaction and without the need to make changes to the underlying program itself. In this manner, multiple modules can be combined to provide the complete function- ality of a large, complex software application. Systems developed with SOA are highly flexible, as they allow for the addition of new modules that provide new services required to meet the needs of the business as they evolve and change over time.
Netflix, which describes itself as the world’s leading Internet television net- work, has 70 million members in 60 countries watching more than 100 million hours of streaming TV shows and movies each day.57 Recently, the company shifted its development approach to an SOA approach, with many small engi- neering teams responsible for the development of hundreds of microservices that work together to stream content to customers. Each microservice represents a single-product feature that can be updated independently. This approach, along with Netflix’s continuous delivery approach to development, means that microservices can be upgraded and debugged on their own schedules, improv- ing performance and reliability for the company’s millions of customers.58,59
FIGURE 2.17 Sysinternals Suite Sysinternals Suite is a collection of utilities for troubleshooting and maintaining a Windows system. M
ic ro so ft pr od uc t sc re en sh ot s us ed
w ith
pe rm is si on
fr om
M ic ro so ft Co rp or at io n
service-oriented architecture (SOA): A software design approach based on the use of discrete pieces of software (modules) to provide specific functions as services to other applications.
82 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
Migration to New Operating System The information systems support organization of your firm is keen to migrate all employees from whatever operating system they have now (mostly Windows 8) to Microsoft Windows 10. Making such a change can be a big deal for employees and can require them to get comfortable with a new user interface and ways of accomplishing their work.
Review Questions 1. What are some of the advantages of such a move? 2. What are some potential issues that could arise from this change?
Critical Thinking Questions 1. What are some of the negative forces that will cause employees to resist this
change? 2. What are some creative things the IS team could do to overcome resistance to
this change?
Application Software
The primary function of application software is to apply the power of a com- puter system to enable people, workgroups, and entire organizations to solve problems and perform specific tasks. Millions of software applications have been created to perform a variety of functions on a wide range of operating systems and device types. The following are some of the dozens of categories of applications:
Business Genealogy Personal information manager
Communications Language Photography
Computer-aided design Legal Science
Desktop publishing Library Simulation
Educational Multimedia Video
Entertainment Music Video games
In almost any category of software, you will find many options from which to choose. For example, Microsoft Internet Explorer and Edge, Mozilla Firefox, Google Chrome, Apple Safari, and Opera are all popular Web brow- sers that enable users to surf the Web. The availability of many software options enables users to select the software that best meets the needs of the individual, workgroup, or enterprise. For example, Procter & Gamble (P&G), a large, multinational organization, chose the SAP Enterprise Resource Plan- ning software with its vast array of options, features, and functionality to meet its complex global accounting needs. However, a small, neighborhood bakery might decide that Intuit’s QuickBooks, an accounting software pack- age designed for small businesses, meets its simple accounting needs. Before a person, a group, or an enterprise decides on the best approach for acquiring application software, they should carefully analyze computing goals, needs, and budget.
CHAPTER 2 • Hardware and Software 83
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Overview of Application Software Proprietary software and off-the-shelf software are two important types of application software. Proprietary software is one-of-a-kind software designed for a specific application and owned by the company, organization, or person that uses it. Proprietary software can give a company a competitive advantage by providing services or solving problems in a unique manner— better than methods used by a competitor. Off-the-shelf software is produced by software vendors to address needs that are common across busi- nesses, organizations, or individuals. For example, Amazon.com uses the same off-the-shelf payroll software as many businesses, but on its Web site, the company uses custom-designed proprietary software, which allows visi- tors to more easily find items to purchase. The relative advantages and disad- vantages of proprietary software and off-the-shelf software are summarized in Table 2.7.
Many companies use off-the-shelf software to support business processes. Key questions for selecting off-the-shelf software include the following:
● Will the software run on the OS and hardware you have selected? ● Does the software meet the essential business requirements that have
been defined? ● Is the software manufacturer financially solvent and reliable? ● Does the total cost of purchasing, installing, and maintaining the software
compare favorably to the expected business benefits?
TABLE 2.7 Comparison of proprietary and off-the-shelf software Proprietary Software Off-the-Shelf Software
Advantages Disadvantages Advantages Disadvantages
You can get exactly what you need in terms of features, reports, and so on.
It can take a long time and a significant amount of resources to develop required features.
The initial cost is lower because the software firm can spread the develop- ment costs across many customers.
An organization might have to pay for features that it does not require and never uses.
Being involved in the development offers more control over the results.
In-house system develop- ment staff may be hard- pressed to provide the required level of ongoing support and maintenance because of pressure to move on to other new projects.
The software is likely to meet the basic business needs. Users have the op- portunity to more fully an- alyze existing features and the performance of the package before purchasing.
The software might lack important features, thus requiring future modifi- cation or customization, which can be very ex- pensive, and because users will eventually be required to adopt future releases of the software, the customization work might need to be repeated.
You can more easily mod- ify the software and add features that you might need to counteract an ini- tiative by competitors or to meet new supplier or cus- tomer demands.
The features and perfor- mance of software that has yet to be developed pre- sents more potential risk.
The package is likely to be of high quality because many customer firms have tested the software and helped identify its bugs.
The software might not match current work pro- cesses and data standards.
proprietary software: One- of-a-kind software designed for a specific application and owned by the company, organization, or person that uses it.
off-the-shelf software: Software produced by software vendors to address needs that are common across businesses, organizations, or individuals.
84 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Software as a Service Workers in many organizations operate in a cloud-computing environment in which software, data storage, and other services are provided over the Inter- net (“the cloud”); the services are run on another organization’s computer hardware, and both software and data are easily accessed over the Internet. Examples of public cloud service providers, which make their services avail- able to the general public, include Amazon Elastic Compute Cloud (EC2), IBM’s Blue Cloud, Sun Cloud, Google Cloud Platform, Rackspace’s Managed Cloud, and Windows Azure Services Platform. Public cloud users can realize a considerable cost savings because the very high initial hardware, application, and bandwidth costs are paid for by the service provider and passed along to users as a relatively small monthly fee or per-use fee. Furthermore, companies can easily scale up or down the amount of services used, depending on user demand for services. Cloud computing also provides the benefit of being able to easily collaborate with others by sharing documents on the Internet.
Cloud services are often given popular acronyms such as SaaS (software as a service), PaaS (platform as a service), IaaS (infrastructure as a service), and HaaS (hardware as a service). Software as a service (SaaS) allows orga- nizations to subscribe to Web-delivered application software. In most cases, the company pays a monthly service charge or a per-use fee. Many business activities are supported by SaaS. SaaS vendors include Oracle, SAP, NetSuite, Salesforce, and Google. Each year, The Container Store sells over $200 million worth of storage and organization products through its 70 retail stores.60 The retail chain has grown rapidly, and it is committed to maintaining satisfaction for its 4,000 employees—a goal that was becoming more difficult to achieve given the limited resources of the company’s IT, benefits, and payroll depart- ments. In order to free up some of those internal resources, The Container Store migrated its payroll and benefit processes to UltiPro HCM, a SaaS pro- vided by Ultimate Software. The SaaS solution helped the company streamline its payroll and benefits administration while increasing employee satisfaction by providing them real-time, online access to up-to-date salary and benefits information.61
Google’s Chromebook line of personal computers is an example of a consumer-focused implementation of the SaaS model. Built by Samsung and Acer, Chromebooks include only an Internet browser—with all software appli- cations accessed through an Internet connection. Rather than installing, stor- ing, and running software on the Chromebook, users access software that is stored on and delivered from a Web server. Typically the data generated by the software is also stored on the Web server.
While SaaS and cloud computing offer many benefits, these software delivery models also involve some risks. For example, sensitive information could be compromised by unauthorized access by employees or computer hackers. In addition, the company providing the hosting services might not keep its computers and network up and running as consistently as necessary, or a disaster could disable the host’s data center, temporarily putting an orga- nization out of business. Some companies also find it is difficult to integrate the SaaS approach with existing software.
Personal Application Software Hundreds of thousands personal software applications are available to meet the needs of individuals at school, home, and work—with new applications released on a daily basis. New computer software under development, along with existing GPS technology, for example, will enable people to see 3D views of where they are, along with directions and 3D maps to where they would like to go. The features of some popular types of personal application software are summarized in Table 2.8. In addition to these general-purpose
Software as a service (SaaS): A service that allows businesses to sub- scribe to Web-delivered application software.
CHAPTER 2 • Hardware and Software 85
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
programs, thousands of other personal computer applications perform spe- cialized tasks that help users prepare their taxes, get in shape, lose weight, get medical advice, write wills and other legal documents, repair their compu- ters, fix their cars, write music, and edit pictures and videos. This type of soft- ware, often called user software or personal productivity software, includes the general-purpose tools and programs that support individual needs.
The following sections discuss some of the most popular types of per- sonal application software currently available.
Word Processing Word-processing applications are installed on most PCs today. These applica- tions come with a vast array of features, including those for checking spelling, creating tables, inserting formulas, and creating graphics. Much of the work
TABLE 2.8 Examples of personal application software Type of Software Use Example
Word processing Create, edit, and print text documents Apache OpenOffice Writer
Apple Pages Corel Write Google Docs Microsoft Word WordPerfect
Spreadsheet Perform statistical, financial, logical, database, graphics, and date and time calculations using a wide range of built- in functions
Apache OpenOffice Calc Apple Numbers Google Sheets IBM Lotus 1-2-3 Microsoft Excel
Database Store, manipulate, and retrieve data Apache OpenOffice Base Microsoft Access IBM Lotus Approach
Graphics Develop graphs, illustrations, drawings, and presentations Adobe FreeHand Adobe Illustrator Apache OpenOffice Impress
Microsoft PowerPoint
Personal information management
Helps people, groups, and organizations store useful information, such as a list of tasks to complete or a set of names and addresses
Google Calendar Microsoft Calendar Microsoft Outlook One Note
Project management Plan, schedule, allocate, and control people and resources (money, time, and technology) needed to complete a proj- ect according to schedule
Microsoft Project Scitor Project Scheduler
Financial management Track income and expenses and create reports to create and monitor budgets (some programs also have investment portfolio management features)
GnuCash Intuit Mint Intuit Quicken Moneydance You Need a Budget (YNAB)
Desktop publishing (DTP) Use with personal computers and high-resolution printers to create high-quality printed output, including text and graphics; various styles of pages can be laid out; art and text files from other programs can also be integrated into published pages
Adobe InDesign Apple Pages Corel Ventura Publisher Microsoft Publisher QuarkXpress
86 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
required to create this book involved the use of the popular word-processing software, Microsoft Word.
A team of people can use a word-processing program to collaborate on a project. The authors and editors who developed this book, for example, used the Track Changes and Review features of Microsoft Word to track and make changes to chapter files. With these features, you can add comments or make revisions to a document that a coworker can review and either accept or reject. Some cloud-based word-processing applications, such as Google Docs, allow multiple authors to collaborate in real time.
Spreadsheet Analysis Many individuals and organizations use spreadsheet applications that offer powerful tools for manipulating and analyzing numbers and alphanumeric data. Common spreadsheet features include statistical analysis tools, built-in formulas, chart- and graphics-creation tools, and limited database capabilities. See Figure 2.18. Business functions include those that calculate depreciation, present value, internal rate of return, and the monthly payment on a loan. Optimization is another powerful feature of many spreadsheet programs that allows the spreadsheet to maximize or minimize a quantity subject to certain constraints. For example, a small furniture manufacturer that produces chairs and tables might want to maximize its profits. The constraints could be a lim- ited supply of lumber, a limited number of workers who can assemble the chairs and tables, or a limited amount of available hardware fasteners. Using an optimization feature, such as Solver in Microsoft Excel, the spreadsheet can determine the number of chairs and tables that should be produced— given the labor and material constraints—to maximize profits.
Database Applications Database applications are ideal for storing, organizing, and retrieving data. These applications are particularly useful when you need to manipulate a large amount of data and produce reports and documents. Database manipu- lations include merging, editing, and sorting data, and database applications can be used in a variety of ways. You could use a database application to keep track of a CD collection, the items in your apartment, tax records, and
FIGURE 2.18 Spreadsheet program Consider using a spreadsheet pro- gram, such as Microsoft Excel, when calculations are required. Mi
cr os of t pr od uc t sc re en sh ot
us ed
w ith
pe rm is si on
fr om
M ic ro so ft Co rp or at io n
CHAPTER 2 • Hardware and Software 87
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
expenses. A student club could use a database to store names, addresses, phone numbers, and dues paid. In business, a database application could be used to help process sales orders, control inventory, order new supplies, send letters to customers, and pay employees. Database management systems can be used to track orders, products, and customers; analyze weather data to make forecasts; and summarize medical research results. A database can also be a front end to another application. For example, you can use a database application to enter and store income tax information and then export the stored results to other applications, such as a spreadsheet or tax-preparation application.
Presentation Graphics Program It is often said that a picture is worth a thousand words. With today’s avail- able graphics programs, it is easy to develop attractive graphs, illustrations, and drawings that help communicate important information. The category of presentation graphics applications includes programs that can be used to per- form a variety of tasks, including creating advertising brochures, event announcements, and full-color presentations; some presentation graphics pro- grams can also be used to organize and edit photographic images. And if you need to make a presentation at school or work, you can use a special type of graphics program called a presentation application—–such as Microsoft PowerPoint—to develop slides and then display them while you are speaking. Because of their popularity, many colleges and departments require students to become proficient at using presentation graphics programs.
Many presentations consist of a series of slides with each slide displayed on a computer screen, printed as a handout, or (more commonly) projected onto a large viewing screen for audiences. You can select a template designed for a specific type of presentation, such as recommending a strategy for man- agers, communicating news to a salesforce, giving a training presentation, or facilitating a brainstorming session. The software includes powerful built-in features that let you create a presentation step-by-step, including applying color and attractive formatting. You can also design a custom presentation using the many types of charts, drawings, and formatting available. Most pre- sentation graphics programs also provide access to online clip art and photos, such as drawings and photos of people meeting, medical equipment, telecom- munications equipment, entertainment, and much more.
Software Suites and Integrated Software Packages A software suite is a collection of programs packaged together and sold in a bundle. A software suite might include a word processor, a spreadsheet pro- gram, a database management system, a graphics program, communications and note-taking tools, and organizers. Some suites support the development of Web pages, and some offer a speech-recognition feature—so that applica- tions in the suite can accept voice commands and record dictation. Software suites offer many advantages. The software programs within a suite have been designed to work similarly so that after you learn the basics for one application, the other applications are easy to learn and use. Buying software in a bundled suite is cost effective; the programs usually sell for a fraction of what they would cost individually.
Table 2.9 lists the most popular general-purpose software suites for per- sonal computer users. Microsoft Office has the largest market share. Most of these software suites include a spreadsheet program, a word processor, a database program, and graphics presentation software. All can exchange documents, data, and diagrams. In other words, you can create a spreadsheet and then cut and paste that spreadsheet into a document created using the word-processing application.
software suite: A collection of programs packaged together and sold in a bundle.
88 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
The H.J. Heinz Company, now part of Kraft Heinz Company, sells baby food, frozen entrees, ketchup, mustard, sauces, and other products in more than 200 countries. The firm wanted to help employees spend less time travel- ing and make it easier for them to share best practices, solve business pro- blems, and come up with new ideas, regardless of their geographical locations. This led Heinz to adopt Microsoft Office 365 for its more than 20,000 employees who will use Exchange Online for email and calendaring, Sync for Business for conferencing and instant messaging, and Yammer (an enterprise social network) to share ideas and collaborate on projects. Heinz is also making the Office desktop suite available to its employees through Office 365 ProPlus.62
Other Personal Application Software In addition to the software already discussed, many other useful application software tools are available for personal and business use. TurboTax, for example, is a popular tax-preparation program that annually saves millions of people many hours and even dollars in preparing their taxes. With just a quick online search, you can find software for creating Web sites, composing music, and editing photos and videos. Many people use educational and refer- ence software and software for entertainment, games, and leisure activities.
TABLE 2.9 Major components of leading software suites Personal Productivity Function
Microsoft Office and Office 365
Corel WordPerfect Office
Apache OpenOffice Apple iWork Google Apps
Word processing Word WordPerfect Writer Pages Docs
Spreadsheet Excel Quattro Pro Calc Numbers Spreadsheet
Presentation graphics
PowerPoint Presentations Impress and Draw
Keynote Presentation
Database Access Base
FIGURE 2.19 Web-based application suite Microsoft Office 365 is a Web-based application suite that offers basic software suite features over the Internet using cloud computing. M
ic ro so ft sc re en sh ot
us ed
w ith
pe rm is si on
fr om
M ic ro so ft Co rp or at io n
CHAPTER 2 • Hardware and Software 89
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Game-playing software is popular and can be very profitable for companies that develop games and various game accessories, including virtual avatars such as colorful animals, fish, and people. Some organizations have launched programs designed to promote physical activity by incorporating the use of active video games (e.g., Wii Boxing and DanceDance Revolution) into broader physical education programs.63 Engineers, architects, and designers often use computer-assisted design (CAD) software to design and develop buildings, electrical systems, plumbing systems, and more. Autosketch, Corel- CAD, and AutoCAD are examples of CAD software. Two popular statistical analytics applications are SPSS and SAS.
Mobile Application Software The number of applications (apps) for smartphones and other mobile devices has exploded in recent years. Besides the proprietary apps that come with these devices, hundreds of thousands of mobile apps have been developed by third parties. As of June 2016, Apple’s App Store had over 1.8 million apps and an additional 0.5 million games available for iOS device users, and Android users could choose from over 2.2 million mobile apps on Google’s Play Store.64 Microsoft and other software companies are also investing in mobile applications for devices that run on their software. For example, Sce- neTap, an application for iPhones and Android devices, can determine the number of people at participating bars, pubs, or similar establishments and the ratio of males to females. The application uses video cameras and facial- recognition software to identify males and females. SocialCamera, an applica- tion for Android phones, allows people to take a picture of someone and then search their Facebook friends for a match. However, many people con- sider facial-recognition software a potential invasion to privacy.
Table 2.10 lists a few mobile application categories. Many apps are free, whereas others range in price from 99 cents to hundreds of dollars.
TABLE 2.10 Categories of mobile applications Category Description
Books and reference Access e-books, subscribe to journals, or look up information on the Merriam-Webster or Wikipedia Web sites
Business and finance Track expenses, trade stocks, and access corporate information systems
Entertainment Access all forms of entertainment, including movies, television programs, music videos, and information about local night life
Games Play a variety of games, from 2D games such as Pacman and Tetris to 3D games such as Need for Speed, Call of Duty, and Minecraft
Health and fitness Track workout and fitness progress, calculate calories, and even monitor your speed and progress from your wirelessly connected Nike shoes
Lifestyle Find good restaurants, make a dinner reservation, select wine for a meal, and more
Music Find, listen to, and create music
News and weather Access major news and weather providers, including Reuters, AP, the New York Times, and the Weather Channel
Photography Organize, edit, view, and share photos taken on your phone’s camera
Productivity and utilities
Create grocery lists, practice PowerPoint presentations, work on spreadsheets, synchronize with PC files, and more
Social networking Connect with others via major social networks, including Facebook, Twitter, and Instagram
Sports Keep up with your favorite team or track your own golf scores
Travel and navigation Use the GPS in your smartphone to get turn-by-turn directions, find interesting places to visit, access travel itineraries, and more
90 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Workgroup Application Software Workgroup application software is designed to support teamwork, whether team members are in the same location or dispersed around the world. This support can be accomplished with software known as groupware, which helps groups of people work together effectively. Microsoft Exchange Server, for example, has groupware and email features. Also called collaborative soft- ware, workgroup software allows a team to work together remotely, sharing ideas and work via connected computer systems.
Examples of workgroup software include group-scheduling software, electronic mail, and other software that enables people to share ideas. Web- based software is ideal for group use. Because documents are stored on an Internet server, anyone with an Internet connection can access them easily. Google provides workgroup options in its online applications, which allow users to share documents, spreadsheets, presentations, calendars, and notes with other specified users or everyone on the Web. This sharing makes it con- venient for several people to contribute to a document without concern for software compatibility or storage. Google also provides a tool for creating Web-based forms and surveys. When invited parties fill out the form, the data is stored in a Google spreadsheet.
Clark Realty Capital is a national real estate firm with nine offices across the United States. Its agents are constantly on the move, and in the past, they had difficulty staying connected to the latest version of important documents. This created problems because the firm’s agents are constantly working to close deals on tight deadlines, which requires the ability to frequently and quickly update documents related to a transaction. The firm began sharing files via Google Drive to provide employees real-time access to the current version of each document, thus eliminating the need for email attachments and managing multiple versions of a file. Employees use Google Apps to cre- ate, access, and update these documents.65
Enterprise Application Software Software that benefits an entire organization—enterprise application software—can be developed specifically for the business or purchased off the shelf. There are many categories of enterprise software, including the following:
Accounts payable Accounts receivable Airline industry operations Automatic teller systems Cash-flow analysis Check processing Credit and charge card administration Distribution control Fixed asset accounting General ledger Human resource management Inventory control
Invoicing Manufacturing control Order entry Payroll Receiving Restaurant management Retail operations Sales ordering Savings and time deposits Shipping Stock and bond management Tax planning and preparation
The total cost, ease of installation, ease of management, and the ability to integrate the software with other enterprise applications are the major consid- erations of organizations when selecting enterprise software. The ability to extend enterprise applications so that they can run on smartphones and other mobile devices is increasingly becoming a priority for many organizations.
Advantage Sign & Graphic Solutions, based in Grand Rapids, Michigan, sells equipment and supplies to businesses in the sign and graphics industry.
workgroup application software: Software that supports teamwork, whether team members are in the same location or dispersed around the world.
CHAPTER 2 • Hardware and Software 91
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
The company operates 10 regional facilities that allow it to provide next-day delivery of most supplies to customers around the country.66 In order to improve its profitability and attract more customers, the company implemen- ted several NetSuite enterprise applications, including NetSuite ERP, CRMþ, E-commerce, and Advanced Shipping. With the NetSuite software, Advantage was able to launch a new e-commerce site, reduce order-processing time by 65 percent, and decrease its on-hand inventory by 15 percent. Implementing an integrated set of enterprise applications simplified the company’s opera- tions and helped it better connect with customers.67
Enterprise software also helps managers and workers stay connected. At one time, managers and workers relied on email to stay in touch with each other, but business collaboration and enterprise social networking tools— such as Asana, blueKiwi, Yammer, and Jive—are replacing traditional email and text messaging.
But how are all these systems actually developed and built? The answer is through the use of programming languages, some of which are discussed in the next section.
Programming Languages Both system and application software are written using programming languages that provides instructions to the computer so that it can perform a processing activity. Like writing a report or a paper in English, writing a computer program in a programming language requires the programmer to follow a set of rules. Each programming language uses symbols, key- words, and commands that have special meanings and usage. Each lan- guage also has its own set of rules, called the syntax of the language. The language syntax dictates how the symbols, keywords, and commands should be combined into statements capable of conveying meaningful instructions to the CPU. Rules such as “statements must terminate with a semicolon,” and “variable names must begin with a letter,” are examples of a language’s syntax. Table 2.11 lists some of the most commonly used pro- gramming languages.
TABLE 2.11 Commonly used programming languages for new software development Language Description
COBOL An English language-like programming language designed for business use, COBOL has been in use since 1959. Billions of lines of COBOL code are still in use in systems around the world, including credit card systems, ATMs, retail/POS systems, banking and payroll systems, healthcare systems, government systems, reservation systems, and traffic signal systems. Due to its declining popularity and the retirement of experienced COBOL programmers, COBOL programs are gradually being migrated to new platforms, rewritten in modern languages, or replaced with soft- ware packages.
C Developed in the early 1970s, C is the base for other popular languages, such as C#, Java, JavaScript, and Python. C is mostly used for implementing operating systems and embedded applications. Because it provides the foundation for many other languages, it is advisable to learn C (and Cþþ) before moving onto other languages.
Cþþ Originally designed to enhance the C language, Cþþ is used to develop systems software, applica- tion software, high-performance server and client applications, and video games.
Java Java is a programming language developed by Sun Microsystems in the 1990s, and it is still widely used in the development of enterprise software, Web-based content, and games. Java is also used for mobile apps that run on the Android operating system.
JavaScript A scripting language developed by Netscape, JavaScript derives much of its syntax from C. JavaScript can be used across multiple Web browsers and is considered essential for developing interactive or animated Web functions. It is also used in game development and for writing desktop applications.
programming languages: Sets of keywords, commands, symbols, and rules for constructing statements by which humans can communicate instructions to a computer.
syntax: A set of rules associated with a programming language.
92 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
Walmart’s VMI System Walmart employs a special kind of enterprise system called an interorganizational information system it calls vendor-managed inventory (VMI) to improve product flow and lower its store inventories. Under this program, suppliers are responsi- ble for managing the inventory of their products in Walmart’s warehouses. Suppli- ers are granted access to a Walmart database that contains item-level sales and inventory data for their products only, which help the vendors develop product demand projections using a collaborative planning, forecasting, replenishment process. Each link in the supply chain is interconnected using information tech- nology that includes a central database, store-level-point-of-sale systems, and a satellite network for fast and reliable communications.
Review Questions 1. Do you think that the VMI software is off-the-shelf or proprietary software?
Why? 2. Should Walmart allow the suppliers to take a major role in defining and cus-
tomizing the features and capabilities of this system or should they insist on a “one size fits all” approach?
Critical Thinking Questions 1. What special issues and considerations are likely to arise in the operation and
support of an interorganizational system? 2. Given the business criticality of this system, would it make sense for Walmart
to consider moving this system into a public cloud environment? What would be the advantages and disadvantage of such a move?
Software Issues and Trends
Because software is such an important part of today’s computer systems, issues such as software bugs, copyrights and licensing, freeware and open- source software, upgrades, and global software support are receiving increased attention. These topics are covered in the following sections.
Software Bugs A software bug is a defect in a computer program that keeps it from perform- ing as its users expect it to perform. While some bugs are subtle—allowing
TABLE 2.11 Commonly used programming languages for new software development (continued) Language Description
PHP (Hypertext Preprocessor)
A popular programming language for Web developers, PHP is used to create dynamic Web sites and to develop apps. PHP is used in more than 200 million Web sites, including WordPress, Digg, and Facebook.
Python Python is another scripting language used to develop Web sites and mobile apps. Python is consid- ered a fairly easy language for beginners to learn due to its readability and compact syntax, and it is used in Web apps for Google, Instagram, NASA, Pinterest, and Yahoo!
Ruby Ruby is a scripting language designed to be simple and easy to use for developing Web sites and mobile apps. It powers the Ruby on Rails (or Rails) framework, which is used on Scribd, GitHub, Groupon, and Shopify.
SQL A language for accessing data in relational database management systems, SQL is most commonly used for its “Query” function, which searches relational databases. SQL was standardized in the 1980s by the American National Standards Institute (ANSI) and the International Organization for Standardization (ISO).
CHAPTER 2 • Hardware and Software 93
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
errors to creep into your work undetected—other bugs are very obvious, causing programs to terminate unexpectedly. For example, not all goes smoothly when users upgrade to a new operating system. Applications that used to run without a problem under the old operating system may begin to experience difficulty. Users of Microsoft’s Office for MAC 2016 who upgraded to Apple’s El Capitan OS initially experienced application crashes for Micro- soft Outlook, Excel, PowerPoint, and Word. Although the bugs were eventu- ally fixed, many users spent weeks dealing with the crashes.68
Most computer and software vendors say that as long as people design and program hardware and software, bugs are inevitable. The following list summarizes tips for reducing the impact of software bugs:
● Register all software so that you receive bug alerts, fixes, and patches. ● Check the manual or read-me files for solutions to known problems. ● Access the support area of the manufacturer’s Web site for patches. ● Install the latest software updates. ● Before reporting a bug, make sure that you can recreate the circum-
stances under which it occurs. ● After you can recreate the bug, call the manufacturer’s tech support line. ● Consider waiting before buying the latest release of software to give the
vendor a chance to discover and remove bugs. Many schools and busi- nesses don’t purchase software until the first major revision with patches is released.
Copyrights and Licenses Most companies aggressively guard and protect the source code of their soft- ware from competitors as well as customers. As a result, most software pro- ducts are protected by law using copyright or licensing provisions. Those provisions can vary, however. In some cases, users are given unlimited use of software on one or two computers. This stipulation is typical for applications developed for personal computers. In other cases, users pay based on usage: If you use the software more, you pay more. This approach is becoming pop- ular, with software placed on networks or larger computers. Most of these protections prevent you from copying software and giving it to others. Some software now requires that you register or activate it before it can be fully used. This requirement is another way software companies prevent illegal dis- tribution of their products.
In a recent survey of 50 companies with more than 10,000 employees, 10 percent of the respondents indicated that their firm had been fined, assessed additional fees, or required to purchase backdated maintenance as a result of license compliance issues uncovered in a software audit. The costs ranged from less than $100,000 to more than $1 million.69
When people purchase software, they don’t actually own the software, but rather they are licensed to use the software on a computer. This is called a single-user license. A single-user license permits you to install the software on one or more computers, used by one person. A single-user license does not allow you to copy and share the software with others. Licenses that accommodate multiple users are usually provided at a discounted price.
Open-Source Software Some software developers are not concerned about profiting from their intel- lectual property, which has given rise to alternative copyrights and licensing agreements. Open-source software is distributed, typically for free, with the source code also available so that it can be studied, changed, and improved by its users. Over time, open-source software evolves in response to the com- bined contributions of its users. The Code For America (CFA) organization, for
single-user license: A software license that permits you to install the software on one or more computers, used by one person.
94 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
example, used open-source software to develop a map-based app for the city of Boston that allows individuals, small businesses, and community organiza- tions to volunteer to shovel out specific hydrants that might be completely covered with snow in the winter. After creating the app for Boston, CFA made its efforts available for free to other cities and municipalities.
Why would an organization run its business using software that’s free? Can something that’s given away over the Internet be stable, reliable, or suffi- ciently supported to place at the core of a company’s day-to-day operations? The answer is surprising—many believe that open-source software is often more reliable and secure than commercial software. How can this be? First, because a program’s source code is readily available, users can fix any pro- blems they discover. A fix is often available within hours of a problem’s dis- covery. Second, because the source code for a program is accessible to thousands of people, the chances of a bug being discovered and fixed before it does any damage are much greater than with traditional software packages.
However, using open-source software does have some disadvantages. Although open-source systems can be obtained for next to nothing, the up- front costs are only a small piece of the total cost of ownership that accrues over the years that the system is in place. Some claim that open-source systems contain many hidden costs, particularly in terms for user support and debug- ging. Licensed software comes with guarantees and support services, whereas open-source software does not. Still, many businesses appreciate the addi- tional freedom that open-source software provides. The question of software support is typically the biggest stumbling block to the acceptance of open- source software at the corporate level. Getting support for traditional software packages is easy—you call a company’s toll-free support number or access its Web site. But how do you get help if an open-source package doesn’t work as expected? Because the open-source community lives on the Internet, you look there for help. Through the use of Internet discussion areas, you can commu- nicate with others who use the same software, and you might even reach someone who helped develop it. Ideally, users of popular open-source packages can get correct answers to their technical questions within a few hours of asking for help on the appropriate Internet forum. Another approach is to contact one of the many companies emerging to support and service such software—for example, Red Hat for Linux and Sendmail, Inc., for Sendmail. These companies offer high-quality, for-pay technical assistance.
Software Upgrades Software companies revise their programs periodically. Software upgrades, which are an important source of increased revenue for software manufac- turers, vary widely in the benefits that they provide, and what some people call a benefit, others might call a drawback. Deciding whether to upgrade to a new version of software can be a challenge for corporations and people with a large investment in software. Some users choose not to immediately download the most current software version or upgrade unless it includes sig- nificant improvements or capabilities. Developing an upgrading strategy is important for many businesses. American Express, for example, has standard- ized its software upgrade process around the world to make installing updated software faster and more efficient. The standardized process also helps the company make sure that updated software is more stable, with fewer errors and problems.
Global Software Support Large global companies have little trouble persuading vendors to sell them software licenses for even the most far-flung outposts of their company. But can those same vendors provide adequate support for their software
CHAPTER 2 • Hardware and Software 95
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
customers in all locations? Supporting local operations is one of the biggest challenges IS teams face when putting together standardized companywide systems. Slower technology growth markets, such as Eastern Europe and Latin America, might not have any official vendor presence. Instead, large vendors such as Sybase, IBM, and Hewlett-Packard typically contract with local providers to support their software in such regions.
One approach that has been gaining acceptance in North America is to outsource global support to one or more third-party distributors. The user company still negotiates its license with the software vendor directly, but it then hands the global support contract to a third-party supplier. The supplier acts as a middleman between the software vendor and user, often providing distribution, support, and invoicing.
In today’s computer systems, software is an increasingly critical compo- nent. Whatever approach people and organizations take to acquire software, everyone must be aware of the current trends in the industry. Informed users are wise consumers.
Organization Weighs Use of Open Source Software You began operating a small general electric contracting company two years ago. Originally, it was just you and your cousin, but it has grown to five licensed elec- tricians, plus one office manager who takes calls from customers, schedules the work, and orders parts and supplies. Your company handles a wide range of work, including installing new circuit breaker panels, rewiring existing electrical systems for renovations and additions, and installing residential light fixtures, security lighting systems, swimming pool lighting, and ceiling fans. Business has really taken off, and your current manual systems and procedures can no longer keep pace. The office manager has been exploring several options and has identi- fied three different software packages designed for small contractors. Each one of the packages includes software designed for managing parts and supplies inven- tory, scheduling jobs, and invoicing customers. Two of the software packages are from large, well-known companies, and each has an initial licensing cost of roughly $550 plus $100 per year for software support. The other software pack- age is open-source software, with no initial cost and no support cost. The office manager is unsure how to proceed.
Review Questions 1. What is the primary difference between purchasing licensed software from a
software manufacturer and using open-source software? 2. What are the pros and cons of using open-source software?
Critical Thinking Questions 1. What risks and start-up issues are associated with the use of any new software
that is designed to replace manual procedures? 2. What actions can be taken to reduce these risks?
Summary
Principle: The computer hardware industry is rapidly changing and highly competi- tive, creating an environment ripe for technological breakthroughs.
Computer hardware should be selected to meet specific user and business requirements. These requirements can evolve and change over time.
96 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
The central processing unit, memory, input/output devices, and the bus cooperate to execute program instructions.
Computer system processing speed is affected by clock speed, which is measured in gigahertz (GHz).
A multicore processor is one that combines two or more independent pro- cessors into a single computer so that the independent processors can share the workload.
Parallel computing is the simultaneous execution of the same task on multiple processors to obtain results more quickly. Massively parallel proces- sing involves linking many processors to work together to solve complex problems.
Grid computing is the use of a collection of computers, often owned by multiple individuals or organizations, that work in a coordinated manner to solve a common problem.
Main memory provides the CPU with working storage for program instructions and data. The chief function of memory is to rapidly provide data and instructions to the CPU. Memory storage capacity is measured in bytes.
Computer systems can store larger amounts of data and instructions in sec- ondary storage, which is less volatile and has greater capacity than memory. The primary characteristics of secondary storage media and devices include access method, capacity, portability, and cost. Common forms of secondary storage include magnetic storage devices such as tape, hard disk drives, and virtual tape; optical storage devices such as CD-ROMs and digital video discs (DVDs); and solid state storage devices (SSDs) such as flash drives.
A storage area network (SAN) is an alternative form of data storage that enable an organization to share data storage resources among a much larger number of computers and users for improved storage efficiency and greater cost effectiveness.
Storage as a service is a data storage model in which a data storage ser- vice provider rents space to people and organizations.
Input and output devices allow users to provide data and instructions to the computer for processing and allow subsequent storage and output. These devices are part of a user interface through which human beings interact with computer systems.
Common input devices include a keyboard, a mouse, speech-recognition technology, motion-sensing input devices, scanning devices, optical data read- ers, magnetic ink character recognition (MICR) devices, magnetic stripe cards, chip cards, contactless payment cards, point-of-sale (POS) devices, bar-code scanners, radio frequency identification (RFID) devices, pen input devices, and touch-sensitive screens.
There are numerous flat-panel display screens, including liquid crystal dis- play (LCD), light-emitting diode (LED), organic light-emitting diode (OLED), and plasma devices. Other output devices include printers, plotters, digital audio players, and e-book readers.
3D printing has created a major breakthrough in how many items will be manufactured. Biomedical engineers are exploring a process called bio- printing, which uses 3D printers to build human parts and organs from actual human cells.
Principle: Computer hardware must be carefully selected to meet the evolving needs of the organization, its workers, and its supporting information systems.
Computer systems are generally divided into two categories: single user and multiple users.
CHAPTER 2 • Hardware and Software 97
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Single-user systems include mobile computers, such as wearable compu- ters, smartphones, laptops, notebooks, and tablets.
Nonportable single-user systems include thin client, desktop, nettop, and workstation computers. Some thin clients (e.g., the Chromebook) are designed to be highly portable.
Multiuser systems include servers, mainframes, and supercomputers. Scalability is the ability to increase the processing capability of a com-
puter system so that it can handle more users, more data, or more transac- tions in a given period.
A mainframe computer is a large, powerful computer shared by dozens or even hundreds of concurrent users connected to the machine over a network.
Supercomputers are the most powerful computers with the fastest proces- sing speed and highest performance.
Principle: The computer hardware industry and users are implementing green computing designs and products.
A server farm houses a large number of servers in the same room, where access to the machines can be controlled and authorized support personnel can more easily manage and maintain the servers.
A virtual server is an approach to improving hardware utilization by logi- cally dividing the resources of a single physical server to create multiple logi- cal servers, each acting as its own dedicated machine.
A data center is a climate-and-access-controlled building or a set of buildings that houses the computer hardware that delivers an organiza- tion’s data and information services. The rapid growth in data centers is stimulated by the increased demand for additional computing and data storage capacity and by the trend toward consolidating from many data centers down to a few.
Organizations and technology vendors are trying a number of strategies to lower the ongoing cost of data center operations.
The ability to absorb the impact of a disaster and quickly restore services is a critical concern when it comes to planning for new data centers.
Green computing is concerned with the efficient and environmentally responsible design, manufacture, operation, and disposal of IT-related products.
Many business organizations recognize that going green can reduce costs and is in their best interests in terms of public relations, safety of employees, and the community at large.
Three specific goals of green computing are to reduce the use of hazard- ous material, lower power-related costs, and enable the safe disposal and/or recycling of IT products.
The Electronic Product Environmental Assessment Tool can be used by purchasers of electronic products to evaluate, compare, and select products based on a set of environmental criteria.
Principle: Software is invaluable in helping individuals, workgroups, and entire enterprises achieve their goals.
Software consists of programs that control the workings of the computer hardware. Software can be divided into two types: systems software, which consists of operating systems, utilities, and middleware, and application soft- ware, which consists of programs that help users solve particular computing problems.
98 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
One useful way of classifying the many potential uses of information systems is to identify the scope of problems and opportunities addressed by a particular organization or its sphere of influence. For most companies, the spheres of influence are personal, workgroup, and enterprise.
Principle: The operating system is called the “soul of the computer” because it con- trols how you enter data into your computer, perform meaningful work, and obtain results.
An operating system is a set of programs that controls a computer’s hard- ware and acts as an interface with application software.
The kernel is the heart of the operating system and controls its most criti- cal processes.
The operating system performs a myriad of functions including control- ling common hardware functions, providing a user interface and input/output management, providing a degree of hardware independence, managing sys- tem memory, managing processing tasks, providing networking capability, controlling access to system resources, and managing files.
Operating systems use multitasking, multiprocessing, and multithreading to increase the amount of processing that can be accomplished in a given amount of time. With multitasking, users can run more than one application at a time. Multiprocessing supports running a program on more than one CPU. Multithreading allows different threads of a single program to run concurrently.
The ability of a computer to handle an increasing number of concurrent users smoothly is called scalability, a feature critical for systems expected to handle a large number of users.
Over the years, many OSs have been developed for the individual sphere of influence including Microsoft Windows, the Mac OS X, Linux, and Google Android and Chrome.
Microsoft Windows Server, UNIX, Red Hat Linux, Mac OS X Server, and HP-UX are operating systems used for workgroups.
IBM z/os, HP-UX, and Linux are operating systems used in the enterprise sphere of influence.
Smartphones now employ full-fledged personal computer operating sys- tems such as the Google Android and Apple iOS.
An embedded system is a computer system (including some sort of processor) that is implanted in and dedicated to the control of another device.
Mac iOS, Windows Embedded, Symbian, Android, and variations of Linux have been developed to support mobile communications and consumer appliances.
Utility programs can perform many useful tasks, typically related to sys- tem resource maintenance and management, and often come installed on computers along with the OS. This type of software is used to merge and sort sets of data, keep track of computer jobs being run, compress files of data, protect against harmful computer viruses, monitor hardware and network per- formance, and perform dozens of other important tasks.
Virtualization software simulates a computer’s hardware architecture in software so that computer systems can run operating systems and software designed for other architectures, or run several operating systems simulta- neously on one system.
Middleware is software that allows different systems to communicate and transfer data back and forth.
CHAPTER 2 • Hardware and Software 99
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Principle: Organizations typically use off-the-shelf application software to meet com- mon business needs and proprietary application software to meet unique business needs and provide a competitive advantage.
Proprietary software is one-of-a-kind software designed for a specific appli- cation and owned by the company, organization, or person that uses it.
Off-the-shelf-software is produced by software vendors to address needs that are common across businesses, organizations, or individuals.
The software as a service (SaaS) model and recent Web-development technol- ogies have led to a new paradigm in computing called cloud computing. “Cloud computing” refers to the use of computing resources, including software and data storage, on the Internet (the cloud), rather than on local computers. Instead of installing, storing, and running software on your own computer, with cloud com- puting, you access software stored on and delivered from a Web server.
Personal application software includes general-purpose programs that enable users to improve their personal effectiveness, increasing the quality and amount of work that can be done. Word-processing, spreadsheet analysis, database, presentation graphics, and personal information management appli- cations are examples of this type of software. Sometimes these applications are bundled together and sold in what is called a software suite.
Software that helps groups work together is often called workgroup appli- cation software. The category of software includes group-scheduling software, electronic mail, and other software that enables people to share ideas.
Software that benefits an entire organization—enterprise application software—can be developed specifically for the business or purchased off the shelf. There are many categories of enterprise software that support common business activities, such as accounts receivable, accounts payable, inventory control, and other management activities.
All software applications are written in coding schemes called program- ming languages, which are sets of keywords, commands, symbols, and rules for constructing statements to provide instructions to a computer to perform some processing activity.
Today, many software applications are being written or maintained using the following programming languages: COBOL, C, Cþþ, Java, Java Script, PHP, Python, Ruby, and SQL.
Principle: The software industry continues to undergo constant change; computer users need to be aware of recent trends and issues in the software indus- try to be effective in their business and personal life.
Software bugs, software copyrights and licensing, freeware and open- source software, software upgrades, and global software support are all impor- tant software issues and trends.
A software bug is a defect in a computer program that keeps it from per- forming in the manner intended. Software bugs are common, even in key pieces of business software.
Most companies aggressively guard and protect the source code of their software from competitors as well as customers. As a result, most software products are protected by law using copyright or licensing provisions.
Open-source software is freeware that also has its source code available so that others may modify it. Open-source software development and mainte- nance is a collaborative process, with developers around the world using the Internet to download the software, communicate about it, and submit new ver- sions of it.
100 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Software upgrades are an important source of increased revenue for soft- ware manufacturers and can provide useful new functionality and improved quality for software users.
Global software support is an important consideration for large global companies putting together standardized companywide systems. A common solution is to outsource global support to one or more third-party software distributors.
Key Terms
application programming interface (API)
application software
bioprinting
bus
byte (b)
central processing unit (CPU)
clock speed
command-based user interface
coprocessor
data center
desktop computer
Electronic Product Environmental Assessment Tool (EPEAT)
embedded system
enterprise application integration (EAI)
enterprise sphere of influence
gigahertz (GHz)
green computing
graphical user interface (GUI)
grid computing
hard disk drive (HDD)
input/output device
kernel
laptop
magnetic stripe card
magnetic tape
main memory
mainframe computer
massively parallel processing system
memory
middleware
multicore processor
multiprocessing
off-the-shelf software
operating system (OS)
parallel computing
personal productivity software
personal sphere of influence
point-of-sale (POS) device
mobile computer
programming language
proprietary software
radio frequency identification (RFID)
random access memory (RAM)
read-only memory (ROM)
scalability
secondary storage
server
server farm
service-oriented architecture (SOA)
single-user license
software as a service (SaaS)
software suite
solid state storage device (SSD)
speech-recognition technology
sphere of influence
storage area network (SAN)
storage as a service
supercomputer
syntax
system software
tablet
thin client
user interface
utility program
virtual server
virtual tape
workstation
CHAPTER 2 • Hardware and Software 101
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Chapter 2: Self-Assessment Test
The computer hardware industry is rapidly chang- ing and highly competitive, creating an environ- ment ripe for technological breakthroughs.
1. The is the part of the computer that sequences and executes instructions. a. CPU b. memory c. bus d. input/output devices
2. Clock speed is measured in GHz or . a. millions of instructions per second b. millions of cycles per second c. billions of cycles per second d. millions of floating point instructions per second
3. The use of a collection of computers, often owned by multiple individuals or organizations, to work in a coordinated manner to solve a com- mon problem is called . a. parallel computing b. massively parallel processing c. multicore processing d. grid computing
4. A high-speed, special-purpose network that inte- grates different types of data storage devices into a single storage system and connects them to computing resources across an entire organiza- tion is called a(n) . a. network-attached storage b. storage area network c. storage as a service d. enterprise data storage solution
5. is a process that uses 3D printers to build human body parts and organs from actual human cells.
Computer hardware must be carefully selected to meet the evolving needs of the organization, its workers, and its supporting information systems.
6. A combination chipset called a includes processor cores, RAM and ROM mem- ory, interface controllers, and voltage regulators.
7. A is a low-cost, centrally managed computer with no internal or external attached drives for data storage. a. tablet b. thin client c. nettop computer d. workstation
8. Servers offer great , the ability to increase the processing capability of a computer system so it can handle more users, more data, or more transactions in a given period.
The computer industry and users are implementing green computer designs and products.
9. is an approach to improving hardware utilization by logically dividing the resources of a single physical server to create multiple logical servers each with its own dedi- cated machine. a. Server farm b. Multiprocessing c. Virtual server d. Hypervisor
10. Green computing is about saving the environ- ment; there are no real business benefits associ- ated with this program. True or False?
Software is valuable in helping individuals, work- groups, and entire enterprises achieve their goals.
11. The two main categories of software are : a. enterprise and workgroup b. operating system and application c. application and system d. utilities and operating system
12. Application software that enables users to develop a spreadsheet for tracking their exercise and eating habits is software for the workgroup sphere of influence. True or False?
The operating system is called the “soul of the com- puter” because it controls how you enter data into your computer, perform meaningful work, and obtain results.
13. The heart of the operating system that controls its most critical processes is called the .
14. Software applications use the OS by requesting services through a(n) . a. integrated development environment b. application program interface c. utility program d. software development kit
15. is an operating system that can run in all three spheres of influence. a. IBM z/os b. Windows 10 c. MAC iOS d. Linux
16. A(n) machine simulates a compu- ter’s hardware architecture in software so that a single server can run operating systems and soft- ware designed for other architectures, or run several operating systems simultaneously on one system.
102 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Organizations typically use off-the-shelf application software to meet common business needs and pro- prietary application software to meet unique busi- ness needs and provide a competitive advantage.
17. software is one-of-a-kind software designed for a specific application and owned by the company, organization, or person that uses it.
18. computing refers to the use of computing resources, including software and data storage, on the Internet, rather than on local computers.
19. Software that enables users to improve their per- sonal effectiveness, increasing the amount of work they can do and its quality, is called . a. workgroup software b. enterprise software c. utility software d. personal application software
20. Each programming language has its own set of rules, called the of the language.
The software industry continues to undergo con- stant change; computer users need to be aware of recent trends and issues in the software industry to be effective in their business and personal life.
21. is software that makes its source code available so that others may modify it. a. Freeware b. Off-the-shelf software c. Open-source software d. Software in the public domain
22. Software are an important source of increased revenue for software manufacturers and can provide useful new functionality and improved quality for software users. a. bugs b. upgrades c. open source licenses d. third-party distributors
Chapter 2: Self-Assessment Test Answers
1. a 2. c 3. d 4. b 5. Bioprinting 6. system on a chip 7. b 8. scalability 9. c 10. False 11. c
12. False 13. kernel 14. b 15. d 16. virtual 17. Proprietary 18. cloud 19. d 20. syntax 21. c 22. b
Review Questions
1. Identify four fundamental components of every computer.
2. How does clock speed govern the execution of instructions by a computer?
3. What is a multicore processor? 4. How does the role of main memory differ from
the role of secondary storage? 5. Identify and briefly discuss the fundamental charac-
teristic that distinguishes RAM from ROM memory. 6. What is a solid state storage device? 7. When speaking of computers, what is meant by
scalability? 8. What is a virtual machine? 9. Identify and briefly describe the various classes of
single-user, mobile computers. 10. Define the term “green computing,” and state its
primary goals.
11. Outline how the Electronic Product Environment Assessment Tool (EPEAT) can be used for rating computers.
12. Identify and briefly discuss the three spheres of influence used to identify the scope of problems and opportunities that software addresses.
13. What is the role of the computer operating system? Identify several tasks performed by this key piece of software.
14. What is an application programming interface (API)? What purpose does it serve?
15. What is the kernel of the operating system? 16. Identify and briefly describe the five basic
approaches to task management employed in operating systems.
17. The Mac OS X supports dual booting. What is this, and what benefits does it provide?
CHAPTER 2 • Hardware and Software 103
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
18. What is an embedded system? Give three exam- ples of such a system.
19. Distinguish between proprietary software and off-the-shelf software.
20. What is middleware? 21. What is software as a service (SaaS)?
22. What is open-source software? What are the ben- efits and drawbacks for a business that uses open-source software?
23. Briefly discuss the advantages and disadvantages of frequent software upgrades.
Discussion Questions
1. Discuss the role a business manager should take in helping determine the computer hardware to be used by the organization.
2. Identify the similarities and differences between massively parallel processing systems and grid computing.
3. Briefly describe the concept of multiprocessing. How does parallel processing differ from multiprocessing?
4. Discuss some of the technical and nontechnical issues that might come up in trying to establish a large grid computing project such as the World Computing Grid.
5. What is 3D printing? Discuss what you think the future is for 3D printing.
6. Identify and briefly discuss the advantages and disadvantages of solid state secondary storage devices compared with magnetic secondary stor- age devices.
7. Fully discuss why some organizations are con- solidating many data centers into a few. Are there any potential drawbacks to this strategy?
8. How does Microsoft envision the future for Windows 10? Do you support this vision? Why or why not?
9. Assume that you must take a computer- programming language course next semester. How would you decide which language would be best for you to study? Do you think that a
professional programmer needs to know more than one programming language? Why or why not?
10. Assume you are going to buy a personal com- puter. What operating system features are important to you? What operating system would you select and why?
11. You have been asked to develop a user interface for a person with limited sight—someone without the ability to recognize letters or shapes on a computer screen. Describe the user interface you would recommend.
12. You are using a new release of an application software package. You think that you have dis- covered a bug. Outline the approach that you would take to confirm that it is indeed a bug. What actions would you take if it truly were a bug?
13. What are some of the advantages and disadvan- tages of employing software as a service (SaaS)? What precautions might you take to minimize the risk of using one?
14. If you were the IS manager for a large manufacturing company, what concerns might you have about your organization using open- source software? What advantages might there be for use of such software?
15. How can virtualization save an organization money?
Problem-Solving Exercises
1. Do research to find the total worldwide sales for hard disk drives and solid state storage devices over a five-year or more period. Try to get figures for the number of units sold as well as total storage capacity in some unit, such as gigabytes. Use graphing software to develop a chart showing these sales figures. Write a few paragraphs stating your conclusions about the future of the hard disk drive market versus solid state storage.
2. Develop a spreadsheet that compares the features, initial purchase price, and a two-year estimate of operating costs (paper, cartridges, and toner) for three different color laser printers. Assume that you will print 50 color pages and 100 black-and-white
pages each month. Now do the same comparison for three inkjet printers. Write a brief memo on which of the six printers you would choose and why. Develop a second spreadsheet for the same printers, but this time assume that you will print 250 color pages and 500 black-and-white pages per month. Now which of the printers would you buy and why?
3. Do research to compare the costs and features as well as the pros and cons of using Microsoft Office versus Office 365. Summarize your results using a spreadsheet. Which choice is the best solution for you? Why? Using presentation software, outline your thought process and key points in three or four slides.
104 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Team Activities
1. Have you and your team do research on the Web to identify three large grid computing projects of interest to the team. Visit the home page for each of these projects to learn more about the goals of the project, results to date, and what is required if you wish to volunteer to help this project. Choose one of the projects, and volunteer to have your computer added to the grid. Write a brief paper summarizing why your team chose this particular grid computing project, what was required for your computer to join the grid, and how being a mem- ber of the grid affected your use of your computer.
2. With one or two of your classmates, visit three dif- ferent retail stores or Web sites in search of your ideal smart watch. Document the costs, features,
advantages, and disadvantages of three different watches using a spreadsheet program. Analyze your data, and write a recommendation on which one you would buy. Be sure to clearly explain your decision.
3. “Spreadsheets, even after careful development, con- tain errors in 1 percent or more of all formula cells,” according to Ray Panko, a professor of IT manage- ment at the University of Hawaii and an authority on bad spreadsheet practices. This means that in large spreadsheets there could be dozens of undetected errors.70 Imagine that you and your team have been hired as consultants to a large organization. Outline several measures that the organization should take to ensure the accuracy of spreadsheets that are used to make key business decisions.
Web Exercises
1. Do research on the Web to find a description of Moore’s Law. What are the implications of this law? Are there any practical limitations to Moore’s Law?
2. Do research on the Web to learn more about bioprinting—both current and potential future applications.
3. Use the Internet to search for information on real-time operating systems. Identify the key differences between real-time and non–real- time operating systems. Identify three situa- tions in which real-time operating systems are needed.
Career Exercises
1. A friend of yours texted you that he is considering changing majors and becoming a computer hard- ware engineer. He wants to meet with you and get your input on this move. Do some research to find out just what is a computer hardware engineer and what do they do. What are the career prospects, and what sort of education and experience is required to become a computer hardware engineer?
2. How might supercomputers be employed in your current or future career field?
3. Identify three specific smartphone applications that would be of significant help to you in your current or next job. (You can include applications that already exist as well as ones that you wish existed.) Describe specific features of each appli- cation and how you would use them.
Case Studies
Case One
Vivobarefoot Upgrades Technology Infrastructure Vivobarefoot is an innovative shoe company that recently undertook a major review of its technology infrastructure to determine what changes needed to be made to support and accelerate the company’s already rapid growth. Vivobarefoot’s success is connected to the growing popularity of barefoot or “miminalist” running. In fact, the company lays claim to the first minimalist shoe, originally produced in 2004, offering an ultrathin, puncture-resistant sole that provides “maximum sensory feedback and maximum protection.”
The specialist shoe company is headquartered in the United Kingdom, but also has a team based in China, where all of its manufacturing takes place. Vivobarefoot sells it shoes online, through a variety of partnerships around the world,
and in its store in Covent Garden, a popular shopping district in London. According to founder Galahad Clark, the company went from selling 30,000 pairs of shoes per month to over 300,000 per month—over the course of just five years.
As with many companies that experience rapid growth, over the years, Vivobarefoot had acquired a hodgepodge of hardware and software that was no longer meeting its needs. According to Damian Peat, global operations director for the company, “We were working with some pretty archaic systems. We had three servers in our basement all running Windows Server 2003 and backed up to tape, and I would worry a lot about the chance of something not working.” Vivobarefoot employees were also using multiple versions of Microsoft Office, and staff in China were forced to use personal Gmail accounts because they could not reliably access the company’s Microsoft Exchange email server in London.
CHAPTER 2 • Hardware and Software 105
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Managing the variety of hardware and software systems was becoming time consuming and costly. And, like thousands of other companies, Vivobarefoot was also faced with the reality that it would soon be forced to migrate away from Windows Server 2003, as Microsoft was ending its support of the outdated server operating system. According to Peat, “Upcoming end of support for Windows Server 2003 gave us concerns around security patching and mounting management costs, and we already had significant risk around data security. … My priority became to get everything onto one safe, reliable platform as soon as possible.”
After a review of available technologies, Vivobarefoot chose to replace Windows Server 2003 with Windows Server 2012 R2 and Hyper-V hypervisor software, giving the company both physical and virtual server capabilities, including the capacity the company needs to host file servers and business-critical applications, such as accounting software and stock management systems. The company also migrated to Office 365 in both its London and China offices. Office 365 had particular appeal for the company because, as a global cloud service, it is easily accessible in China, where staff are now more easily able to communicate—using Vivobarefoot email addresses rather than Gmail accounts. Vivobarefoot staff are also making use of Microsoft’s OneDrive for Business, where they can store, share, and sync files. According to Peat, with these cloud-based upgrades, the company “can ensure everyone can see the same documents and access them whenever they need, which is really beneficial.” As part of a phased process, the company is also moving many employees to Windows 8.1 laptops and Surface Pro tablets.
As part of its efforts to streamline its IT infrastructure at all levels, Vivobarefoot has also moved away from tape backups to a remote hosted back-up service, and the upgraded server technology means that many other system management tasks have been simplified, as well. Data security has been improved, and IT staff have gained the ability to manage the company’s servers remotely. While Vivobarefoot still has work to do to migrate all of its technology to the same platform, the company’s efforts have gone a long way toward providing the company with an updated and more rational arrangement of hardware, software, and cloud computing.
Critical Thinking Questions 1. What are some of the competitive advantages Vivo-
barefoot gained through its infrastructure update? 2. One ongoing concern for Vivobarefoot is the quality
and speed of the Internet service available to its office in central London. Given that, do you think it made sense for the company to move more of its IT services to the cloud? Go online and do some research about Microsoft’s Office 365 product. What options does it offer for working offline if Internet service is not available? Does that change your opinion about Vivo- barefoot’s shift to the cloud?
3. Estimates for the number of computers still running Windows Server 2003 range from hundreds of thou- sands to several million—even though Microsoft has stopped supporting the product. What are the risks for companies that continue to use software or hardware technology after a vendor ends support for it?
SOURCES: “Frequently Asked Questions,” Vivobarefoot, “http://www .vivobarefoot.com/us/customer-services/frequently-asked-questions” \l “FAQST1” www.vivobarefoot.com/us/customer-services/frequently -asked-questions#FAQST1, accessed December 11, 2015; Ho, Geoff, “Shoe Manufacturer Vivobarefoot to Step It Up to Fund Expansion Plans,” Express, May 3, 2015, www.express.co.uk/finance/city/574639 /Shoe-manufacturer-Vivobarefoot-raise-money-fund-expansion-plans; Worth, Dan, “Windows Server 2003 Migration Helps Shoe Seller Vivobarefoot Put One Foot in the Cloud,” V3.co.uk, April 17, 2015, www .v3.co.uk/v3-uk/news/2404420/windows-server-2003-migration-helps -shoe-seller-vivobarefoot-put-one-foot-in-the-cloud; “Pioneering Foot- wear Brand Unites Teams for Secure, Remote Working,” Microsoft, www.microsoft.com/en-gb/smb/customer-success-stories/vivobarefoot -unites-global-teams, accessed December 11, 2015; Curtis, Joe, “How Vivobarefoot Escaped Windows Server 2003 in IT Upgrade,” IT Pro, July 8, 2015, www.itpro.co.uk/server/24948/how-vivobarefoot-escaped -windows-server-2003-in-it-upgrade.
Case Two
Société de transport de Montréal (STM) Implements Innovative Mobile App Montreal, in the Canadian province of Quebec, is considered one of the world’s most livable cities. The city, whose official language is French, is the culture capital of Canada with opera, museums of history and fine art, a symphony orchestra, cathedrals, many fine restaurants, and international jazz and comedy festivals. The Société de transport de Montréal (STM) is the bus and metro public transit system serving roughly 1.4 million daily passengers in the greater Montreal area. STM riders can use a rechargeable smart fare card—called Opus— on which riders can add and maintain a balance to cover their transit fares.
STM tracks use of the Opus card to capture passenger riding history. This data has revealed an alarming problem—STM is losing about 13 percent of its riders through attrition each year. Analysis shows that this attrition can be attributed to a variety of causes, including deaths and moves out of the city. STM also determined that some amount of attrition is due to university students who, upon graduation, quit riding the STM and purchase or lease an auto to commute to their job.
After a year of looking at options, STM decided to launch a six-month pilot loyalty project to combat this problem. The scope of the project, which is limited to about 20,000 current riders, will test if the proposed solution works, identify full implementation costs, and identify any potential barriers to success as well as unintended consequences of the program. Results from the pilot will be used to modify the initial solution and/or rollout plan. The pilot project must meet certain predefined success criteria in order to support a recommendation for a full rollout.
The foundation of the loyalty program is a mobile app called STM Merci, which presents riders with exclusive, personalized offers based on their user profiles, travel habits, and level of ridership: top-tier, mid-tier, and first-tier. For a particular offer, for example, tickets to the Opera de Montreal, 100 top-tier riders might receive an offer for free tickets, while 100 mid-tier riders are offered 50 percent off tickets and 100 first-tier riders are offered 20 percent off tickets. STM hopes to recruit a large number of event and commercial partners willing to participate in the program in return for the strong geomarketing opportunities
106 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
created from having riders view an offer on their mobile phones, often when they are literally feet from the promoted commercial location.
The STM Merci app can also communicate useful information to riders in real time. For example, it can let riders know that by taking a slightly later car from their usual station on a given day, they would have a much better chance of getting a seat. Or it could point out when they were spending more on single fares than the cost of a monthly pass (about $77 per month).
The app is carefully designed to allow riders to select how they want to interact with the STM Merci system. Riders who enter their Opus card number into the STM Merci app will receive more targeted and relevant offers based on the data in their profile. For example, riders whose profile indicates an interest in painting might receive an offer for a discount admission to Montreal Museum of Fine Art. Sushi lovers might get an offer for a free appetizer at a restaurant within a stop or two of their current location.
The data needed to support the STM Merci app is split into two separate databases to protect riders’ right to privacy. Data deemed critical to running the STM operation—such as a rider’s email address and ticket purchase history—are stored in one database under the rider’s first name. This data is used to notify riders about delays, closures, and other mission-critical issues. Noncritical rider profile data, including food preferences, hobbies, and interests, is stored in a second database under
the rider’s last name. No marketer can access the two databases and merge them to send messages to an individual rider. This separation of databases satisfies Quebec’s strict privacy laws, which prohibit collecting rider data beyond what is deemed critical for the organization.
Critical Thinking Questions 1. Identify four success criteria for the STM Merci pilot
project that address retention of riders, cost/benefits, recruitment of STM Merci partners, and usability of the application. The criteria should specific, quantifiable, and time constrained to occur within a certain time period.
2. Do you believe that the database design will safeguard the privacy of STM riders? Why or why not? If not, what further changes are needed?
3. How might STM Merci pilot project members identify additional capabilities or features that could be added to the STM Merci app to encourage increased ridership?
SOURCES: Murphy, Ken, “Société de transport de Montréal (STM) Aims to Boost Ridership by 40% With a Mobile App,” SAP Insider, January 1, 2014, http://sapinsider.wispubs.com/Assets/Case-Studies/2014.Jauuary/ STM; “About the STM,” Société de transport de Montréal, www.stm.info/ en/about/financial_and_corporate_information/about-stm, accessed November 14, 2015.
Notes
1. “Supercomputing Grid Takes Aim at Zika Virus,” Top 500 Supercomputing Sites, May 20, 2016, www.top500.org /blog/supercomputing-grid-takes-aim-at-zika-virus-1/.
2. Seubert, Curtis, “How Many Bytes Is an Exabyte,” eHow, www.ehow.com/about_6370860_many-bytes-exabyte_ .html, accessed August 8, 2013.
3. Patrizio, Andy, “All about DDR4, the Next-Gen Memory Coming Soon for PCs and Mobile Devices,” PC World, June 24, 2014, www.pcworld.com/article/2365823/next -gen-memory-is-coming-fast-here-s-what-you-need-to -know-about-ddr4.html.
4. Malle, Jean-Pierre, “Big Data: Farewell to Cartesian Think- ing?” Paris Tech Review, March 15, 2013, www.paristechre view.com/2013/03/15/big-data-cartesian-thinking.
5. “Media Alert: New IBM Cloud Service Enables Develo- pers to Create Apps That Tap into Vast Amounts of Unstructured Data,” IBM., December 7, 2015, www-03.ibm.com/press/us/en/pressrelease/48257.wss.
6. Mims, Christopher, “And the Longest Running Digital Storage Medium Is …,” MIT Technology Review, July 13, 2011, www.technologyreview.com/view/424669/and-the -longest-running-digital-storage-medium-is.
7. Shadbolt, Peter, “The Eternity Drive: Why DNA Could Be the Future of Data Storage,” CNN, February 25, 2015, www.cnn.com/2015/02/25/tech/make-create-innovate -fossil-dna-data-storage.
8. Keith, Jonathan, “DNA Data Storage: 100 Million Hours of HD Video in Every Cup,” Phys Org, January 25, 2013, http:// phys.org/news/2013-01-dna-storage-million-hours-hd.html.
9. Patel, Raj, “Discover Pinterest: Cloud Engineering,” Pin- terest, November 20, 2015, https://engineering.pinterest .com/blog/discover-pinterest-cloud-engineering.
10. Murphy, Margi, “Pinterest Nails down More Users after Building Apache HBase Analytics Tool,” TechWorld, April 16, 2015, www.techworld.com/news/big-data /pinterests-pinalytics-using-hadoop-get-grips-with-its -data-3608139.
11. Shahangian, Mohammad “Powering Big Data at Pinterest,” Pinterest, July 24, 2014, https://engineering .pinterest.com/blog/powering-big-data-pinterest.
12. “AWS Case Study: Pinterest,” Amazon Web Services, https://aws.amazon.com/solutions/case-studies/pinterest, accessed December 13, 2015.
13. Conn, Joseph, “Nurses Turn to Speech-Recognition Soft- ware to Speed Documentation,” Modern Healthcare, December 12, 2015, www.modernhealthcare.com /article/20151212/MAGAZINE/312129980.
14. “Everything You Need to Know about the Switch to Chip Cards,” https://squareup.com/townsquare/emv, accessed October 16, 2015.
15. Vaas, Lisa, “The $1 Million Apple iTunes Gift Card Scam,” Naked Security, October 23, 2015, https://naked security.sophos.com/2015/10/23/the-1m-apple-itunes -gift-card-scam.
16. “Square Helps More Sellers Grow Their Business Faster,” Square, https://squareup.com/?pcrid=3330880435&pdv= c&pkw=square+stand&pm=true&pmt=e, accessed October 17, 2015.
CHAPTER 2 • Hardware and Software 107
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
17. Gagliordi, Natalie, “Target Will Roll Out RFID Price Tags to Improve Inventory Management,” ZDNet, May 19, 2015, www.zdnet.com/article/target-will-roll-out-rfid -price-tags-to-improve-inventory-management.
18. Swedberg, Claire, Target Announces Nationwide RFID Rollout,” RFID Journal, May 20, 2015, www.rfidjournal .com/articles/view?13060.
19. “3D Touch,” Apple, www.apple.com/iphone-6s/3d-touch, accessed December 13, 2015,
20. Andrzejewski, Alexa, “OpenTable for iOS 9: The Shortest Path between You + Dining,” OpenTable, December 25, 2015, http://blog.opentable.com/2015/opentable-for-ios -9-the-shortest-path-between-you-dining.
21. Saker, Anne, “Printing a 3D Heart to Save a Heart,” Cincinnati.com, February 22, 2015, www.cincinnati .com/story/news/2015/02/21/printing-heart-save-heart /23825279/.
22. Saker, Anne, “Printing a 3D Heart to Save a Heart,” Cincinnati.com, February 22, 2015, www.cincinnati. com/story/news/2015/02/21/printing-heart-save-heart /23825279.
23. Gilpin, Lyndsey, “10 Industries 3D Printing Will Disrupt or Decimate,” Republic, February 25, 2014, www.techre public.com/article/10-industries-3d-printing-will -disrupt-or-decimate.
24. Benvin, Rich, “Biotech Startup Uses 3D Bioprinting to Create Custom Breast Implants and Grafts,” Bioprinting World, July 27, 2015, http://bioprintingworld.com /biotech-startup-uses-3d-bioprinting-to-create-custom -breast-implants-and-grafts.
25. Benvin, Rich, “3D Organ Bioprinting—Who Wants to Live Forever?,” Bioprinting World, March 24, 2015, http://bioprintingworld.com/3d-organ-bioprinting-who -wants-to-live-forever.
26. “2 Billion Consumers Worldwide to Get Smart(phones) by 2015,” eMarketer, December 11, 2014, www.emark eter.com/Article/2-Billion-Consumers-Worldwide-Smart phones-by-2016/1011694.
27. “Global Smartphone Shipments Forecast from 2010 to 2019 (in million units),” The Statistics Portal, www .statista.com/statistics/263441/global-smartphone-ship ments-forecast, accessed June 11, 2015 and “Forecast for Global Shipments Of Tablets, Laptops And Desktop PCs from 2010 to 2019 (in million units),” Statistica, www .statista.com/statistics/272595/global-shipments-forecast -for-tablets-laptops-and-desktop-pcs, accessed June 10, 2015.
28. “Case Study: Larson & Darby Group,” HP., www8 .hp.com/us/en/pdf/larson-darby-group-hi-res_tcm_245 _1814936.pdf, accessed November 2, 2015.
29. “About ADP.,” ADP., www.adp.com/who-we-are.aspx, accessed October 18, 2015.
30. “About Mastercard,” Mastercard, www.mastercard.us /en-us/about-mastercard/what-we-do/payment-processing .html, accessed October 18, 2015.
31. “About UPS,” UPS, www.ups.com/content/us/en/about /index.html?WT.svl=SubNav, accessed October 18, 2015.
32. Chen, Stephen, “World’s Fastest Computer, Tianhe-2, Might Get Very Little Use,” South China Morning Post, June 20, 2013, www.scmp.com/news/china/article/1264529/worlds -fastest-computer-tianhe-2-might-get-very-little-use.
33. “A Rare Look inside Apple’s Maiden, North Carolina Data Center [Video],” iClarified, posted April 25, 2014, www .iclarified.com/40226/a-rare-look-inside-apples-maiden -north-carolina-data-center-video.
34. “Guide to Virtualization Hypervisors,” Network Comput- ing, February 9, 2015, www.networkcomputing.com /data-centers/guide-to-virtualization-hypervisors/d/d-id /1318945.
35. “VMWare Case Study: Cognizant,” VMWare, October 27, 2015, www.vmware.com/files/pdf/customers/vmware -cognizant-15q1-cs-en.pdf?src=WWW_customers_ vmware-cognizant-15q1-cs-en.pdf.
36. Morgan, Timothy Prickett, “Inside the Rackspace Open- Power Megaserver,” The Platform, March 23, 2015, www.theplatform.net/2015/03/23/inside-the-rackspace -openpower-megaserver.
37. Arthur, Charles, “Technology Firms to Spend $150bn on Building New Data Centres,” Guardian, August 23, 2013, www.theguardian.com/business/2013/aug /23/spending-on-data-centres-reaches-150-billion -dollars.
38. Colt, Sam, “Apple is Building a $2 Billion Data Center in Arizona,” Business Insider, February 2, 2015, www.busi nessinsider.com/apple-is-building-a-2-billion-data-center -in-arizona-2015-2.
39. “GM’s Latest Michigan Data Center Gets LEED Gold,” Data Center Dynamics, September 13, 2013, www.data centerdynamics.com/focus/archive/2013/09/gms-latest -michigan-data-center-gets-leed-gold.
40. Boyd, Aaron, “Data Center Consolidation Biggest Money Saver among IT Reforms,” Federal Times, September 15, 2015, www.federaltimes.com/story/government/it/data -center/2015/09/15/data-center-biggest-saver/72325764.
41. “IBM Opens New Cloud Data Center in Peru to Meet Demand for Big Data Analytics,” IBM., August 22, 2013, www-03.ibm.com/press/us/en/pressrelease/41809.wss.
42. Wells, Brad, “What Truly Makes a Computer ‘Green’?” OnEarth (blog), September 8, 2008, www.onearth.org /node/658.
43. “EPEAT Environmental Criteria,” EPEAT., www.epeat .net/resources/criteria, accessed August 19, 2013.
44. “Electronic Environmental Assessment Tool,” EPEAT., www.zerowaste.org/epeat_devel/faq.htm, accessed October 18, 2015.
45. Devery, Quinn, “2012 Breakdown of Global IT Services, Software, and Hardware,” August 8, 2013, www.paranet. com/blog/bid/151090/2012-Breakdown-of-Global-IT-Ser vices-Software-and-Hardware-Spending.
46. “Personal Productivity Software: VIP Organizer Is the Best Personal Productivity Software,” VIP Quality Soft- ware, www.vip-qualitysoft.com/products/organizer/per sonal_productivity_software, accessed November 16, 2015.
47. “IBM Notes and Domino 9 Social Edition,” IBM., www-03.ibm.com/software/products/en/ibmnotes, accessed November 16, 2015.
48. “IBM Case Study: JGC Corporation,” IBM., www-01.ibm.com/common/ssi/cgi-bin/ssialias?subty pe=AB&infotype=PM&appname=SWGE_LO_LE_U SEN&htmlfid=LOC14428USEN&attachment=LOC14428U SEN.PDF, accessed November 16, 2015.
108 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
49. Olenick, Doug, “Google Drops Chrome Support for Older Microsoft and Apple Operating System,” SC Mag- azine, November 12, 2015, www.scmagazine.com /google-drops-chrome-support-for-older-microsoft-and -apple-operating-system/article/453592.
50. Bellis, Mary, “Putting Microsoft on the Map,” About.com, http://inventors.about.com/od/computersoftware/a/Put ting-Microsoft-On-The-Map.htm, accessed November 17, 2015.
51. Rash, Wayne, “Microsoft Says Windows 10 Will Be the Last OS Upgrade You’ll Ever Need,” eWeek, January 21, 2015, www.eweek.com/pc-hardware/microsoft-says-win dows-10-will-be-the-last-os-upgrade-youll-ever-need. html.
52. “OS X El Capitan Available as a Free Update Tomorrow,” Apple, September 29, 2015, www.apple.com/pr/library /2015/09/29OS-X-El-Capitan-Available-as-a-Free-Update -Tomorrow.html.
53. “Linux Definition,” The Linux Information Project, linfo.org/linuxdef.html, accessed November 20, 2015.
54. “Casio Strengthens Its Core IT Infrastructure with Red Hat Enterprise Virtualization,” Red Hat, www.redhat .com/en/files/resources/en-rhev-casio-strengthens-its -core-it-infrastructure-9296587.pdf, accessed November 23, 2015.
55. Taves, Max and Richard Nieva, “Google I/O by the Numbers: 1B Android Users, 900M on Gmail,” CNET, May 28, 2015, www.cnet.com/news/google-io-by-the -numbers-1b-android-users-900m-on-gmail.
56. “Using Sysinternals Tools Like a Pro,” How-To Geek School, www.howtogeek.com/school/sysinternals-pro /lesson1, accessed November 24, 2015.
57. “About Netflix,” Netflix, https://media.netflix.com/en, accessed January 9, 2016.
58. Mauro, Tony, “Adopting Microservices at Netflix: Les- sons for Architectural Design,” NGINX (blog), February 19, 2015, www.nginx.com/blog/microservices-at-netflix -architectural-best-practices.
59. Mauro, Tony, “Adopting Microservices at Netflix: Les- sons for Team and Process Design,” NGINX (blog), March 10, 2016, www.nginx.com/blog/adopting-micro services-at-netflix-lessons-for-team-and-process-design.
60. “The Container Store Group, Inc., Announces Fourth Quarter and Full Fiscal Year 2014 Financial Results,” The Container Store, April 27, 2015, http://investor.container store.com/press-releases/press-release-details/2015/The -Container-Store-GroupInc-Announces-Fourth-Quarter -and-Full-Fiscal-Year-2014-Financial-Results/default.aspx.
61. “The Container Store,” Ultimate Software, www.ultimate software.com/UltiPro-Case-Study-The-Container-Store, accessed January 8, 2016.
62. “Heinz—Global Food Leader Savors New Ideas and Cuts Costs with Office 365,” https://blogs.office.com/2014/05 /08/heinz-cuts-costs-with-office-365, accessed November 25, 2015.
63. “Games: Improving Health,” Entertainment Software Association, www.theesa.com/games-improving-what -matters/health.asp, accessed October 25, 2013.
64. “Number of Apps Available in Leading App Stores as of July 2015,” Statista, www.statista.com/statistics/276623 /number-of-apps-available-in-leading-app-stores, accessed November 16, 2015.
65. “Clark Realty Capital Goes Google,” Dito, www.ditoweb .com/resources/case-studies/clark-realty-capital-goes -google, accessed November 25, 2015.
66. “About Advantage Sign and Graphic Solutions,” Advan- tage Sign and Graphic Solutions, www.advantagesgs .com/About-Advantage-Sign-and-Graphic-Solutions, accessed January 10, 2016.
67. “Advantage Sign and Graphic Solutions,” NetSuite, www .netsuite.com/portal/customer-testimonials/advantage -sign-supply-wholesale-distribution.shtml, accessed January 10, 2016.
68. Keizer, Greg, “Microsoft Gets an Earful as Office for MAC 2016 Users Amp IRE over Crashes,” Computerworld, October 8, 2015, www.computerworld.com/article /2990427/mac-os-x/microsoft-gets-an-earful-as-office -for-mac-2016-users-amp-ire-over-crashes.html.
69. “CIO Quick Pulse: Putting Software Licenses to Work,” Aspera, www.aspera.com/en/resources/white-papers/cio -quickpulse, accessed November 28, 2015.
70. Olshan, Jeremy, “88% of Spreadsheets Have Errors,” MarketWatch, April 20, 2013, www.marketwatch.com /story/88-of-spreadsheets-have-errors-2013-04-17.
CHAPTER 2 • Hardware and Software 109
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
CHAPTER
3 Database Systems and Big Data
Rafal Olechowski/Shutterstock.com
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Know?Did Yo u
• The amount of data in the digital universe is expected to increase to 44 zettabytes (44 trillion gigabytes) by 2020. This is 60 times the amount of all the grains of sand on all the beaches on Earth. The majority of data generated between now and 2020 will not be produced by humans, but rather by machines as they talk to each other over data networks.
• Most major U.S. wireless service providers have implemented a stolen-phone database to report and track stolen phones. So if your smartphone or tablet
goes missing, report it to your carrier. If someone else tries to use it, he or she will be denied service on the carrier’s network.
• You know those banner and tile ads that pop up on your browser screen (usually for products and services you’ve recently viewed)? Criteo, one of many digital advertising organizations, automates the recommendation of ads up to 30 billion times each day, with each recommendation requiring a calculation involving some 100 variables.
Principles Learning Objectives
• The database approach to data management has become broadly accepted.
• Data modeling is a key aspect of organizing data and information.
• A well-designed and well-managed database is an extremely valuable tool in supporting decision making.
• We have entered an era where organizations are grappling with a tremendous growth in the amount of data available and struggling to understand how to manage and make use of it.
• A number of available tools and technologies allow organizations to take advantage of the opportunities offered by big data.
• Identify and briefly describe the members of the hier- archy of data.
• Identify the advantages of the database approach to data management.
• Identify the key factors that must be considered when designing a database.
• Identify the various types of data models and explain how they are useful in planning a database.
• Describe the relational database model and its funda- mental characteristics.
• Define the role of the database schema, data definition language, and data manipulation language.
• Discuss the role of a database administrator and data administrator.
• Identify the common functions performed by all data- base management systems.
• Define the term big data and identify its basic characteristics.
• Explain why big data represents both a challenge and an opportunity.
• Define the term data management and state its overall goal.
• Define the terms data warehouse, data mart, and data lakes and explain how they are different.
• Outline the extract, transform, and load process.
• Explain how a NoSQL database is different from an SQL database.
• Discuss the whole Hadoop computing environment and its various components.
• Define the term in-memory database and explain its advantages in processing big data.
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Why Learn about Database Systems and Big Data? Organizations and individuals capture prodigious amounts of data from a myriad of sources every day. Where does all this data come from, where does it go, how is it safeguarded, and how can you use it to your advantage? In this chapter, you will learn about tools and processes that enable users to manage all this data so that it can be used to uncover new insights and make effective decisions. For example, if you become a marketing manager, you can access a vast store of data related to the Web-surfing habits, past purchases, and even social media activity of existing and potential customers. You can use this information to create highly effective marketing programs that generate consumer interest and increased sales. If you become a biologist, you may use big data to study the regulation of genes and the evolution of genomes in an attempt to understand how the genetic makeup of different cancers influences outcomes for cancer patients. If you become a human resources manager, you will be able to use data to analyze the impact of raises and changes in employee-benefit packages on employee retention and long-term costs. Regardless of your field of study in school and your future career, using database systems and big data will likely be a critical part of your job. As you read this chapter, you will see how you can use databases and big data to extract and analyze valuable information to help you succeed. This chapter starts by introducing basic concepts related to databases and data management systems. Later, the topic of big data will be discussed along with several tools and technologies used to store and analyze big data.
As you read this chapter, consider the following:
• Why is it important that the development and adoption of data management, data modeling, and business information systems be a cross-functional effort involving more than the IS organization?
• How can organizations manage their data so that it is a secure and effective resource?
A database is a well-designed, organized, and carefully managed collection of data. Like other components of an information system, a database should help an organization achieve its goals. A database can contribute to organizational success by providing managers and decision makers with timely, accurate, and relevant information built on data. Databases also help companies ana- lyze information to reduce costs, increase profits, add new customers, track past business activities, and open new market opportunities.
A database management system (DBMS) consists of a group of pro- grams used to access and manage a database as well as provide an interface between the database and its users and other application programs. A DBMS provides a single point of management and control over data resources, which can be critical to maintaining the integrity and security of the data. A database, a DBMS, and the application programs that use the data make up a database environment.
Databases and database management systems are becoming even more important to organizations as they deal with rapidly increasing amounts of information. Most organizations have many databases; how- ever, without good data management, it is nearly impossible for anyone to find the right and related information for accurate and business-critical decision making.
Data Fundamentals
Without data and the ability to process it, an organization cannot successfully complete its business activities. It cannot pay employees, send out bills, order new inventory, or produce information to assist managers in decision making. Recall that data consists of raw facts, such as employee numbers and sales fig- ures. For data to be transformed into useful information, it must first be orga- nized in a meaningful way.
database: A well-designed, organized, and carefully managed collection of data.
database management system (DBMS): A group of programs used to access and manage a database as well as provide an interface between the database and its users and other application programs.
112 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Hierarchy of Data Data is generally organized in a hierarchy that begins with the smallest piece of data used by computers (a bit), progressing up through the hierarchy to a data- base. A bit is a binary digit (i.e., 0 or 1) that represents a circuit that is either on or off. Bits can be organized into units called bytes. A byte is typically eight bits. Each byte represents a character, which is the basic building block of most information. A character can be an uppercase letter (A, B, C, …, Z), a low- ercase letter (a, b, c, …, z), a numeric digit (0, 1, 2, …, 9), or a special symbol (., !, þ, �, /, etc.).
Characters are put together to form a field. A field is typically a name, a number, or a combination of characters that describes an aspect of a business object (such as an employee, a location, or a plant) or activity (such as a sale). In addition to being entered into a database, fields can be computed from other fields. Computed fields include the total, average, maximum, and mini- mum value. A collection of data fields all related to one object, activity, or individual is called a record. By combining descriptions of the characteristics of an object, activity, or individual, a record can provide a complete descrip- tion of it. For instance, an employee record is a collection of fields about one employee. One field includes the employee’s name, another field contains the address, and still others the phone number, pay rate, earnings made to date, and so forth. A collection of related records is a file—for example, an employee file is a collection of all company employee records. Likewise, an inventory file is a collection of all inventory records for a particular company or organization.
At the highest level of the data hierarchy is a database, a collection of inte- grated and related files. Together, bits, characters, fields, records, files, and databases form the hierarchy of data. See Figure 3.1. Characters are combined to make a field, fields are combined to make a record, records are combined to make a file, and files are combined to make a database. A database houses not only all these levels of data but also the relationships among them.
Data Entities, Attributes, and Keys Entities, attributes, and keys are important database concepts. An entity is a person, place, or thing (object) for which data is collected, stored, and main- tained. Examples of entities include employees, products, and customers. Most organizations organize and store data as entities.
bit: A binary digit (i.e., 0 or 1) that represents a circuit that is either on or off.
character: A basic building block of most information, consisting of upper- case letters, lowercase letters, numeric digits, or special symbols.
field: Typically a name, a number, or a combination of characters that describes an aspect of a business object or activity.
record: A collection of data fields all related to one object, activity, or individual.
file: A collection of related records.
hierarchy of data: Bits, characters, fields, records, files, and databases.
FIGURE 3.1 Hierarchy of data Together, bits, characters, fields, records, files, and databases form the hierarchy of data.
Database
Hierarchy of data Example
FilesFilesFiles
RecordsRecordsRecordsRecordsRecords
Fields
Each character is represented as
8 bits
Personnel file
Department file
Payroll file
(Project database)
(Personnel file)
(Record containing employee #, last and first name, hire date)
(Last name field)
098 - 40 - 1370 Fiske, Steven 01-05-2001
Fiske
(Letter F in ASCII)1000110
098 - 40 - 1370 Fiske, Steven 01-05-2001 549 - 77 - 1001 Buckley, Bill 02-17-1995 005 - 10 - 6321 Johns, Francine 10-07-2013
entity: A person, place, or thing for which data is collected, stored, and maintained.
CHAPTER 3 • Database Systems and Big Data 113
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
An attribute is a characteristic of an entity. For example, employee num- ber, last name, first name, hire date, and department number are attributes for an employee. See Figure 3.2. The inventory number, description, number of units on hand, and location of the inventory item in the warehouse are attributes for items in inventory. Customer number, name, address, phone number, credit rating, and contact person are attributes for customers. Attri- butes are usually selected to reflect the relevant characteristics of entities such as employees or customers. The specific value of an attribute, called a data item, can be found in the fields of the record describing an entity. A data key is a field within a record that is used to identify the record.
Many organizations create databases of attributes and enter data items to store data needed to run their day-to-day operations. For instance, database technology is an important weapon in the fight against crime and terrorism, as discussed in the following examples:
● The Offshore Leaks Database contains the names of some 100,000 secretive offshore companies, trusts, and funds created in locations around the world. Although creating offshore accounts is legal in most countries, offshore accounts are also established to enable individuals and organizations to evade paying the taxes they would otherwise owe. The database has been used by law enforcement and tax officials to identify potential tax evaders.1
● Major U.S. wireless service providers have implemented a stolen-phone database to report and track stolen 3G and 4G/LTE phones. The providers use the database to check whether a consumer’s device was reported lost or stolen. If a device has been reported lost or stolen, it will be denied service on the carrier’s network. Once the device is returned to the rightful owner, it may be reactivated. The next step will be to tie foreign service providers and countries into the database to diminish the export of stolen devices to markets outside the United States.2
● The Global Terrorism Database (GTD) is a database including data on over 140,000 terrorist events that occurred around the world from 1970 through 2014 (with additional annual updates). For each terrorist event, information is available regarding the date and location of the event, the weapons used, the nature of the target, the number of casualties, and, when identifiable, the group or individual responsible.3
● Pawnshops are required by law to report their transactions to law enforcement by providing a description of each item pawned or sold along with any identifying numbers, such as a serial number. LEADS Online is a nationwide online database system that can be used to fulfill this reporting responsibility and enable law enforcement officers to track merchandise that is sold or pawned in shops throughout the nation. For
FIGURE 3.2 Keys and attributes The key field is the employee number. The attributes include last name, first name, hire date, and department number.
Employee #
005-10-6321
549-77-1001
098-40-1370
Last name First name Hire date Dept. number
257
632
59801-05-2001
02-17-1995
10-07-2013Francine
Bill
StevenFiske
Buckley
Johns
ATTRIBUTES (fields)
KEY FIELD
E N
T IT
IE S
( re
co rd
s)
attribute: A characteristic of an entity.
data item: The specific value of an attribute.
114 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
example, if law enforcement has a serial number for a stolen computer, they can enter this into LEADS Online and determine if it has been sold or pawned, when and where the theft or transaction occurred, and, in the case of an item that was pawned, who made the transaction.4
As discussed earlier, a collection of fields about a specific object is a record. A primary key is a field or set of fields that uniquely identifies the record. No other record can have the same primary key. For an employee record, such as the one shown in Figure 3.2, the employee number is an example of a primary key. The primary key is used to distinguish records so that they can be accessed, organized, and manipulated. Primary keys ensure that each record in a file is unique. For example, eBay assigns an “Item number” as its primary key for items to make sure that bids are associated with the correct item. See Figure 3.3.
In some situations, locating a particular record that meets a specific set of criteria might be easier and faster using a combination of secondary keys rather than the primary key. For example, a customer might call a mail-order com- pany to place an order for clothes. The order clerk can easily access the custo- mer’s mailing and billing information by entering the primary key—usually a customer number—but if the customer does not know the correct primary key, a secondary key such as last name can be used. In this case, the order clerk enters the last name, such as Adams. If several customers have a last name of Adams, the clerk can check other fields, such as address and first name, to find the correct customer record. After locating the correct record, the order can be completed and the clothing items shipped to the customer.
The Database Approach At one time, information systems referenced specific files containing relevant data. For example, a payroll system would use a payroll file. Each distinct operational system used data files dedicated to that system.
Today, most organizations use the database approach to data manage- ment, where multiple information systems share a pool of related data.
FIGURE 3.3 Primary key eBay assigns an Item number as a primary key to keep track of each item in its database.
w w w .e ba y. co m
primary key: A field or set of fields that uniquely identifies the record.
database approach to data management: An approach to data management where multiple information systems share a pool of related data.
CHAPTER 3 • Database Systems and Big Data 115
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
A database offers the ability to share data and information resources. Federal databases, for example, often include the results of DNA tests as an attribute for convicted criminals. The information can be shared with law enforcement officials around the country. Often, distinct yet related databases are linked to provide enterprise-wide databases. For example, many Walgreens stores include in-store medical clinics for customers. Walgreens uses an electronic health records database that stores the information of all patients across all stores. The database provides information about customers’ interactions with the clinics and pharmacies.
To use the database approach to data management, additional software— a database management system (DBMS)—is required. As previously discussed, a DBMS consists of a group of programs that can be used as an interface between a database and the user of the database. Typically, this software acts as a buffer between the application programs and the database itself. Figure 3.4 illustrates the database approach.
Vehicle Theft Database You are a participant in an information systems project to design a vehicle theft database for a state law enforcement agency. The database will provide information about stolen vehicles (e.g., autos, golf carts, SUVs, and trucks), with details about the vehicle theft as well as the stolen vehicle itself. These details will be useful to law enforcement officers investigating the vehicle theft.
Review Questions 1. Identify 10 data attributes you would capture for each vehicle theft incident.
How many bytes should you allow for each attribute? 2. Which attribute would you designate as the primary key?
FIGURE 3.4 Database approach to data management In a database approach to data management, multiple information systems share a pool of related data.
Database management
system
Payroll data
Inventory data
Invoicing data
Other data
Payroll program
Reports
Inventory control
program
Management inquiries
Invoicing program
Database Interface Application programs
Users
Reports
Reports
Reports
116 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Questions 1. Should the database include data about the status of the theft investigation? If
so, what sort of data needs to be included? 2. Can you foresee any problems with keeping the data current? Explain.
Data Modeling and Database Characteristics
Because today’s businesses must keep track of and analyze so much data, they must keep the data well organized so that it can be used effectively. A database should be designed to store all data relevant to the business and to provide quick access and easy modification. More- over, it must reflect the business processes of the organization. When building a database, an organization must carefully consider the following questions:
● Content. What data should be collected and at what cost? ● Access. What data should be provided to which users and when? ● Logical structure. How should data be arranged so that it makes sense to
a given user? ● Physical organization. Where should data be physically located? ● Archiving. How long must this data be stored? ● Security. How can this data be protected from unauthorized access?
Data Modeling When organizing a database, key considerations include determining what data to collect, what the source of the data will be, who will have access to it, how one might want to use it, and how to monitor database performance in terms of response time, availability, and other factors. AppDynamics offers its i-nexus cloud-based business execution solution to clients for use in defining the actions and plans needed to achieve business goals. The service runs on 30 Java virtual machines and eight database servers that are constantly supervised using database perfor- mance monitoring software. Use of the software has reduced the mean time to repair system problems and improved the performance and responsiveness for all its clients.5
One of the tools database designers use to show the logical relationships among data is a data model. A data model is a diagram of entities and their relationships. Data modeling usually involves developing an understanding of a specific business problem and then analyzing the data and information needed to deliver a solution. When done at the level of the entire organiza- tion, this procedure is called enterprise data modeling. Enterprise data modeling is an approach that starts by investigating the general data and information needs of the organization at the strategic level and then moves on to examine more specific data and information needs for the functional areas and departments within the organization. An enterprise data model involves analyzing the data and information needs of an entire organization and provides a roadmap for building database and information systems by creating a single definition and format for data that can ensure compatibility and the ability to exchange and integrate data among systems. See Figure 3.5.
data model: A diagram of data enti- ties and their relationships.
enterprise data model: A data model that provides a roadmap for building database and information systems by creating a single definition and format for data that can ensure data compatibility and the ability to exchange and integrate data among systems.
CHAPTER 3 • Database Systems and Big Data 117
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
The IBM Healthcare Provider Data Model is an enterprise data model that can be adopted by a healthcare provider organization to organize and integrate clinical, research, operational, and financial data.6 At one time, the University of North Carolina Health Care System had a smorgasbord of information system hardware and software that made it difficult to integrate data from its existing legacy systems. The organization used the IBM Healthcare Provider Data Model to guide its efforts to simplify its informa- tion system environment and improve the integration of its data. As a result, it was able to eliminate its dependency on outdated technologies, build an environment that supports efficient data management, and integrate data from its legacy systems to create a source of data to support future analytics requirements.7
Various models have been developed to help managers and database designers analyze data and information needs. One such data model is an entity-relationship (ER) diagram, which uses basic graphical symbols to show the organization of and relationships between data. In most cases, boxes in ER diagrams indicate data items or entities contained in data tables, and lines show relationships between entities. In other words, ER diagrams show data items in tables (entities) and the ways they are related.
ER diagrams help ensure that the relationships among the data entities in a database are correctly structured so that any application programs developed are consistent with business operations and user needs. In addition, ER diagrams can serve as reference documents after a database is in use. If changes are made to the database, ER diagrams help design them. Figure 3.6 shows an ER diagram for an order database. In this database design, one salesperson serves many custo- mers. This is an example of a one-to-many relationship, as indicated by the one- to-many symbol (the “crow’s-foot”) shown in Figure 3.6. The ER diagram also shows that each customer can place one-to-many orders, that each order includes one-to-many line items, and that many line items can specify the same product
FIGURE 3.5 Enterprise data model The enterprise data model provides a roadmap for building database and information systems.
Supports
Supports
Systems and data
Enables capture of business opportunities Increases business effectiveness Reduces costs
Enables simpler system interfaces Reduces data redundancy Ensures compatible data
The enterprise
Data model
entity-relationship (ER) diagram: A data model that uses basic graphical symbols to show the organization of and relationships between data.
118 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
(a many-to-one relationship). This database can also have one-to-one relation- ships. For example, one order generates one invoice.
Relational Database Model The relational database model is a simple but highly useful way to organize data into collections of two-dimensional tables called relations. Each row in the table represents an entity, and each column represents an attribute of that entity. See Figure 3.7.
FIGURE 3.6 Entity-relationship (ER) diagram for a customer order database Development of ER diagrams helps ensure that the logical structure of application programs is consistent with the data relationships in the database.
Serves
Salesperson
Product
Customer
Orders
Places
Line items
Includes Specifies
Invoice
Generates
relational database model: A simple but highly useful way to organize data into collections of two-dimensional tables called relations.
FIGURE 3.7 Relational database model In the relational model, data is placed in two-dimensional tables, or relations. As long as they share at least one common attribute, these relations can be linked to provide output useful information. In this example, all three tables include the Dept. number attribute.
Data Table 1: Project Table
Project Description Dept. number
155 Payroll 257
498 Widgets 632
226 Sales manual 598
Data Table 2: Department Table
Dept. Dept. name Manager SSN
257 Accounting 005-10-6321
632 Manufacturing 549-77-1001
598 Marketing 098-40-1370
Data Table 3: Manager Table
SSN Last name First name
005-10-6321 Johns Francine
549-77-1001 Buckley Bill
098-40-1370 Fiske Steven
Hire date Dept. number
10-07-2013 257
02-17-1995 632
01-05-2001 598
CHAPTER 3 • Database Systems and Big Data 119
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Each attribute can be constrained to a range of allowable values called its domain. The domain for a particular attribute indicates what values can be placed in each column of the relational table. For instance, the domain for an attribute such as type employee could be limited to either H (hourly) or S (salary). If someone tried to enter a “1” in the type employee field, the data would not be accepted. The domain for pay rate would not include negative numbers. In this way, defining a domain can increase data accuracy.
Manipulating Data After entering data into a relational database, users can make inquiries and analyze the data. Basic data manipulations include selecting, projecting, and joining. Selecting involves eliminating rows according to certain criteria. Sup- pose the department manager of a company wants to use an employee table that contains the project number, description, and department number for all projects a company is performing. The department manager might want to find the department number for Project 226, a sales manual project. Using selection, the manager can eliminate all rows except the one for Project 226 and see that the department number for the department completing the sales manual project is 598.
Projecting involves eliminating columns in a table. For example, a department table might contain the department number, department name, and Social Security number (SSN) of the manager in charge of the project. A sales manager might want to create a new table that contains only the depart- ment number and the Social Security number of the manager in charge of the sales manual project. The sales manager can use projection to eliminate the department name column and create a new table containing only the depart- ment number and Social Security number.
Joining involves combining two or more tables. For example, you can combine the project table and the department table to create a new table with the project number, project description, department number, department name, and Social Security number for the manager in charge of the project.
As long as the tables share at least one common data attribute, the tables in a relational database can be linked to provide useful information and reports. Linking, the ability to combine two or more tables through common data attributes to form a new table with only the unique data attributes, is one of the keys to the flexibility and power of relational databases. Suppose the president of a company wants to find out the name of the manager of the sales manual project as well as the length of time the manager has been with the company. Assume that the company has Manager, Department, and Proj- ect tables as shown in Figure 3.7. These tables are related as depicted in Figure 3.8.
domain: The range of allowable values for a data attribute.
selecting: Manipulating data to eliminate rows according to certain criteria.
projecting: Manipulating data to eliminate columns in a table.
joining: Manipulating data to combine two or more tables.
linking: The ability to combine two or more tables through common data attributes to form a new table with only the unique data attributes.
FIGURE 3.8 Simplified ER diagram This diagram shows the relationship among the Manager, Department, and Project tables.
Supervises
Manager
Department
Project
Performs
120 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Note the crow’s-foot by the Project table. This symbol indicates that a department can have many projects. The manager would make the inquiry to the database, perhaps via a personal computer. The DBMS would start with the project description and search the Project table to find out the project’s department number. It would then use the department number to search the Department table for the manager’s Social Security number. The depart- ment number is also in the Department table and is the common element that links the Project table to the Department table. The DBMS uses the manager’s Social Security number to search the Manager table for the manager’s hire date. The manager’s Social Security number is the common element between the Department table and the Manager table. The final result is that the manager’s name and hire date are presented to the president as a response to the inquiry. See Figure 3.9.
One of the primary advantages of a relational database is that it allows tables to be linked, as shown in Figure 3.9. This linkage reduces data redundancy and allows data to be organized more logically. The ability to link to the manager’s Social Security number stored once in the Manager table eliminates the need to store it multiple times in the Project table.
The relational database model is widely used. It is easier to control, more flexible, and more intuitive than other approaches because it orga- nizes data in tables. As shown in Figure 3.10, a relational database manage- ment system, such as Microsoft Access, can be used to store data in rows and columns. In this figure, hyperlink tools available on the ribbon/toolbar can be used to create, edit, and manipulate the database. The ability to link relational tables also allows users to relate data in new ways without having to redefine complex relationships. Because of the advantages of the rela- tional model, many companies use it for large corporate databases, such as those for marketing and accounting.
FIGURE 3.9 Linking data tables to answer an inquiry To find the name and hire date of the manager working on the sales manual project, the president needs three tables: Project, Department, and Manager. The project descrip- tion (Sales manual) leads to the department number (598) in the Project table, which leads to the manager’s Social Security number (098-40-1370) in the Department table, which leads to the manager’s last name (Fiske) and hire date (01-05-2001) in the Manager table.
Data Table 1: Project Table Project number
155
498
226
Description
Payroll
Widgets
Sales manual
Dept. number
257
632
598
Data Table 2: Department Table
Dept. number
257
632
598
Dept. name
Accounting
Manufacturing
Marketing
Manager SSN
005-10-6321
549-77-1001
098-40-1370
Data Table 3: Manager Table
SSN
005-10-6321
549-77-1001
098-40-1370
Last name
Johns
Buckley
Fiske
First name
Francine
Bill
Steven
Hire date
10-07-2013
02-17-1995
01-05-2001
Dept. number
257
632
598
CHAPTER 3 • Database Systems and Big Data 121
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Databases based on the relational model include Oracle, IBM DB2, Micro- soft SQL Server, Microsoft Access, MySQL, Sybase, and others. The relational database model has been an outstanding success and is dominant in the com- mercial world today, although many organizations are beginning to use new nonrelational models to meet some of their business needs.
Data Cleansing Data used in decision making must be accurate, complete, economical, flexible, reliable, relevant, simple, timely, verifiable, accessible, and secure. Data cleansing (data cleaning or data scrubbing) is the process of detect- ing and then correcting or deleting incomplete, incorrect, inaccurate, or irrele- vant records that reside in a database. The goal of data cleansing is to improve the quality of the data used in decision making. The “bad data” may have been caused by user data-entry errors or by data corruption during data transmission or storage. Data cleansing is different from data validation, which involves the identification of “bad data” and its rejection at the time of data entry.
One data cleansing solution is to identify and correct data by cross- checking it against a validated data set. For example, street number, street name, city, state, and zip code entries in an organization’s database may be cross-checked against the United States Postal Zip Code database. Data cleansing may also involve standardization of data, such as the conversion of various possible abbreviations (St., St, st., st) to one standard name (Street).
Data enhancement augments the data in a database by adding related information—such as using the zip code information for a given record to append the county code or census tract code.
The cost of performing data cleansing can be quite high. It is prohibi- tively expensive to eliminate all “bad data” to achieve 100 percent database accuracy, as shown in Figure 3.11.
FIGURE 3.10 Building and modifying a relational database Relational databases provide many tools, tips, and shortcuts to simplify the process of creating and modifying a database.
Data cleansing (data cleaning or data scrubbing): The process of detecting and then correcting or delet- ing incomplete, incorrect, inaccurate, or irrelevant records that reside in a database.
M ic ro so ft pr od uc t sc re en sh ot s us ed
w ith
pe rm is si on
fr om
M ic ro so ft Co rp or at io n
122 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
Banco Popular is the largest bank in Puerto Rico. Some 3,000 bank employees in 200 branches use a customer database to obtain a complete view of 5.7 million personal and business accounts. The bank uses a data cleansing process to eliminate duplicate records and build an accurate and complete record of each customer, reflecting all of their various accounts (checking, savings, auto loan, credit card, etc.) with the bank. Part of this pro- cess includes identifying how many account holders live at the same address to eliminate duplicate mailings to the same household, thus saving over $840,000 in mailing expenses each year.8
Cleansing Weather Data The process of weather forecasting begins with the collection of as much data as possible about the current state of the atmosphere. Weather data (barometric pressure, humidity, temperature, and wind direction and speed) is collected from a variety of sources, including aircraft, automatic weather stations, weather balloons, buoys, radar, satellites, ships, and trained observers. Due to the variety of data types taken from multiple data sources, weather data is captured in a variety of data formats, primarily Binary Universal Form for the Representation of meteorological data (BUFR) and Institute of Electrical and Electronics Engineers (IEEE) binary. These observations are then converted to a standard format and placed into a gridded 3D model space called the Global Data Assimilation System (GDAS). Once this process is complete, the gridded GDAS output data can be used to start the Global Forecast System (GFS) model.
For purposes of this exercise, imagine that the accuracy of the weather forecasts has been slipping. In your role as project manager at the National Center for Environmental Information (NCEI), you have been assigned to lead a project reviewing the processing of the initial data and placing it into the GDAS.
Review Questions 1. NCEI is responsible for hosting and providing access to one of the most signif-
icant archives on Earth, with comprehensive oceanic, atmospheric, and geo- physical data. Good database design would suggest that an enterprise data model exists for the NCEI. Why?
FIGURE 3.11 Tradeoff of cost versus accuracy The cost of performing data cleans- ing to achieve 100 percent database accuracy can be prohibitively expensive.
100
C os
t
80
60
40
20
0 0% 20% 40% 60%
Accuracy 80% 100%
120
CHAPTER 3 • Database Systems and Big Data 123
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
2. Define the domain of acceptable values for barometric pressure, humidity, and temperature.
Critical Thinking Questions 1. What issues could cause the raw weather data received to be incomplete or
inaccurate? 2. How might incomplete or inaccurate data be identified and corrected or
deleted from the forecasting process? Are there risks in such data cleansing?
Relational Database Management Systems (DBMSs)
Creating and implementing the right database system ensures that the data- base will support both business activities and goals. But how do we actually create, implement, use, and update a database? The answer is found in the database management system (DBMS). As discussed earlier, a DBMS is a group of programs used as an interface between a database and application programs or between a database and the user. Database management systems come in a wide variety of types and capabilities, ranging from small inexpen- sive software packages to sophisticated systems costing hundreds of thou- sands of dollars.
SQL Databases SQL is a special-purpose programming language for accessing and manipulat- ing data stored in a relational database. SQL was originally defined by Donald D. Chamberlin and Raymond Boyce of the IBM Research Center and described in their paper “SEQUEL: A Structured English Query Language,” published in 1974. Their work was based on the relational database model described by Edgar F. Codd in his groundbreaking paper from 1970, “A Relational Model of Data for Large Shared Data Banks.”
SQL databases conform to ACID properties (atomicity, consistency, isola- tion, durability), defined by Jim Gray soon after Codd’s work was published. These properties guarantee database transactions are processed reliably and ensure the integrity of data in the database. Basically, these principles mean that data is broken down to atomic values—that is, values that have no compo- nent parts—such as employee_ID, last_name, first_name, address_line_1, address_line_2, and city. The data in these atomic values remains consistent across the database. The data is isolated from other transactions until the current transaction is finished, and it is durable in the sense that the data should never be lost.9
SQL databases rely upon concurrency control by locking database records to ensure that other transactions do not modify the database until the first transaction succeeds or fails. As a result, 100 percent ACID-compliant SQL databases can suffer from slow performance.
In 1986, the American National Standards Institute (ANSI) adopted SQL as the standard query language for relational databases. Since ANSI’s acceptance of SQL, interest in making SQL an integral part of relational databases on both mainframe and personal computers has increased. SQL has many built-in functions, such as average (AVG), the largest value (MAX), and the smallest value (MIN). Table 3.1 contains examples of SQL commands.
SQL: A special-purpose programming language for accessing and manipulating data stored in a relational database.
ACID properties: Properties (atom- icity, consistency, isolation, durability) that guarantee relational database transactions are processed reliably and ensure the integrity of data in the database.
124 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
SQL allows programmers to learn one powerful query language and use it on systems ranging from PCs to the largest mainframe computers. See Figure 3.12. Programmers and database users also find SQL valuable because SQL statements can be embedded into many programming languages, such as the widely used C++ and Java. Because SQL uses standardized and simplified procedures for retrieving, storing, and manipulating data, many programmers find it easy to understand and use—hence, its popularity.
Database Activities Databases are used to provide a user view of the database, to add and modify data, to store and retrieve data, and to manipulate the data and generate
FIGURE 3.12 Structured Query Language (SQL) SQL has become an integral part of most relational databases, as shown by this example from Microsoft Access 2013.
TABLE 3.1 Examples of SQL commands SQL Command Description
SELECT ClientName, Debt FROM Client WHERE Debt > 1000
This query displays clients (ClientName) and the amount they owe the company (Debt) from a database table called Client; the query would only display clients who owe the company more than $1,000 (WHERE Debt > 1000).
SELECT ClientName, ClientNum, OrderNum FROM Client, Order WHERE Client.Client- Num=Order.ClientNum
This command is an example of a join command that combines data from two tables: the Client table and the Order table (FROM Client, Order). The command creates a new table with the client name, client number, and order number (SELECT ClientName, ClientNum, OrderNum). Both tables include the client number, which allows them to be joined. This ability is indicated in the WHERE clause, which states that the client number in the Client table is the same as (equal to) the client number in the Order table (WHERE Client. ClientNum=Order.ClientNum).
GRANT INSERT ON Client to Guthrie
This command is an example of a security command. It allows Bob Guthrie to insert new values or rows into the Client table.
M ic ro so ft pr od uc t sc re en sh ot s us ed
w ith
pe rm is si on
fr om
M ic ro so ft Co rp or at io n
CHAPTER 3 • Database Systems and Big Data 125
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
reports. Each of these activities is discussed in greater detail in the following sections.
Providing a User View Because the DBMS is responsible for providing access to a database, one of the first steps in installing and using a large relational database involves “tell- ing” the DBMS the logical and physical structure of the data and the relation- ships among the data for each user. This description is called a schema (as in a schematic diagram). In a relational database, the schema defines the tables, the fields in each table, and the relationships between fields and tables. Large database systems, such as Oracle, typically use schemas to define the tables and other database features associated with a person or user. The DBMS can reference a schema to find where to access the requested data in relation to another piece of data.
Creating and Modifying the Database Schemas are entered into the DBMS (usually by database personnel) via a data definition language. A data definition language (DDL) is a collection of instructions and commands used to define and describe data and relationships in a specific database. A DDL allows the database’s creator to describe the data and relationships that are to be contained in the schema. In general, a DDL describes logical access paths and logical records in the database. Figure 3.13 shows a simplified example of a DDL used to develop a general schema. The use of the letter X in Figure 3.13 reveals where specific informa- tion concerning the database should be entered. File description, area descrip- tion, record description, and set description are terms the DDL defines and uses in this example. Other terms and commands can also be used, depend- ing on the DBMS employed.
Another important step in creating a database is to establish a data dictio- nary, a detailed description of all data used in the database. Among other things, the data dictionary contains the following information for each data item:
FIGURE 3.13 Data definition language (DDL) A data definition language (DDL) is used to define a schema.
SCHEMA DESCRIPTION SCHEMA NAME IS XXXX AUTHOR XXXX DATE XXXX FILE DESCRIPTION
FILE NAME IS XXXX ASSIGN XXXX
FILE NAME IS XXXX ASSIGN XXXX
AREA DESCRIPTION AREA NAME IS XXXX
RECORD DESCRIPTION RECORD NAME IS XXXX RECORD ID IS XXXX LOCATION MODE IS XXXX WITHIN XXXX AREA FROM XXXX THRU XXXX
SET DESCRIPTION SET NAME IS XXXX ORDER IS XXXX MODE IS XXXX MEMBER IS XXXX . . .
schema: A description that defines the logical and physical structure of the database by identifying the tables, the fields in each table, and the relation- ships between fields and tables.
data definition language (DDL): A collection of instructions and com- mands used to define and describe data and relationships in a specific database.
data dictionary: A detailed description of all the data used in the database.
126 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
● Name of the data item ● Aliases or other names that may be used to describe the item ● Range of values that can be used ● Type of data (such as alphanumeric or numeric) ● Amount of storage needed for the item ● Notation of the person responsible for updating it and the various users
who can access it ● List of reports that use the data item
A data dictionary can also include a description of data flows, information about the way records are organized, and the data-processing requirements. Figure 3.14 shows a typical data dictionary entry.
Following the example in Figure 3.14, the information in a data dictionary for the part number of an inventory item can include the following information:
● Name of the person who made the data dictionary entry (D. Bordwell) ● Date the entry was made (August 4, 2016) ● Name of the person who approved the entry (J. Edwards) ● Approval date (October 13, 2016) ● Version number (3.1) ● Number of pages used for the entry (1) ● Data element name is Part name (PARTNO) ● A description of the element ● Other names that might be used (PTNO) ● Range of values (part numbers can range from 0001 to 9999) ● Type of data (numeric) ● Storage required (four positions are required for the part number)
A data dictionary is a valuable tool for maintaining an efficient database that stores reliable information with no redundancy, and it simplifies the pro- cess of modifying the database when necessary. Data dictionaries also help computer and system programmers who require a detailed description of data elements stored in a database to create the code to access the data.
Adherence to the standards defined in the data dictionary also makes it easy to share data among various organizations. For example, the U.S. Depart- ment of Energy (DOE) developed a data dictionary of terms to provide a stan- dardized approach for the evaluation of energy data. The Building Energy Data Exchange Specification (BEDES) provides a common language of key data elements, including data formats, valid ranges, and definitions that are
FIGURE 3.14 Data dictionary entry A data dictionary provides a detailed description of all data used in the database.
NORTHWESTERN MANUFACTURING
PREPARED BY: D. BORDWELL DATE: 04 AUGUST 2016 APPROVED BY: J. EDWARDS DATE: 13 OCTOBER 2016 VERSION: 3.1 PAGE: 1 OF 1
DATA ELEMENT NAME: PARTNO DESCRIPTION: OTHER NAMES: PTNO VALUE RANGE: 100 TO 5000 DATA TYPE: NUMERIC POSITIONS: 4 POSITIONS OR COLUMNS
INVENTORY PART NUMBER
CHAPTER 3 • Database Systems and Big Data 127
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
designed to improve communications between contractors, software vendors, finance companies, utilities, and Public Utility Commissions. Adherence to these data standards allows information to be easily shared and aggregated without the need for extensive data scrubbing and translation. All stake- holders can use this standard set of data to answer key questions related to the energy savings and usage.10
Storing and Retrieving Data One function of a DBMS is to be an interface between an application program and the database. When an application program needs data, it requests the data through the DBMS. Suppose that to calculate the total price of a new car, a pricing program needs price data on the engine option—for example, six cylinders instead of the standard four cylinders. The application program requests this data from the DBMS. In doing so, the application program fol- lows a logical access path (LAP). Next, the DBMS, working with various sys- tem programs, accesses a storage device, such as a disk drive or solid state storage device, where the data is stored. When the DBMS goes to this storage device to retrieve the data, it follows a path to the physical location—physical access path (PAP)—where the price of this option is stored. In the pricing example, the DBMS might go to a disk drive to retrieve the price data for six- cylinder engines. This relationship is shown in Figure 3.15.
This same process is used if a user wants to get information from the database. First, the user requests the data from the DBMS. For example, a user might give a command, such as LIST ALL OPTIONS FOR WHICH PRICE IS GREATER THAN $200. This is the logical access path. Then, the DBMS might go to the options price section of a disk to get the information for the user. This is the physical access path.
Two or more people or programs attempting to access the same record at the same time can cause a problem. For example, an inventory control pro- gram might attempt to reduce the inventory level for a product by 10 units because 10 units were just shipped to a customer. At the same time, a pur- chasing program might attempt to increase the inventory level for the same product by 200 units because inventory was just received. Without proper database control, one of the inventory updates might be incorrect, resulting in an inaccurate inventory level for the product. Concurrency control can be used to avoid this potential problem. One approach is to lock out all other
FIGURE 3.15 Logical and physical access paths When an application requests data from the DBMS, it follows a logical access path to the data. When the DBMS retrieves the data, it follows a path to the physical access path to the data.
DBMS
Physical access path (PAP)
Logical access path (LAP)
Other software
Application programs
Management inquiries
Data on storage device
concurrency control: A method of dealing with a situation in which two or more users or applications need to access the same record at the same time.
128 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
application programs from access to a record if the record is being updated or used by another program.
Manipulating Data and Generating Reports After a DBMS has been installed, employees, managers, and other authorized users can use it to review reports and obtain important information. Using a DBMS, a company can manage this requirement. Some databases use Query by Example (QBE), which is a visual approach to developing database queries or requests. With QBE, you can perform queries and other database tasks by opening windows and clicking the data or features you want—similar to the way you work with Windows and other GUI (graphical user interface) operat- ing systems and applications. See Figure 3.16.
In other cases, database commands can be used in a programming lan- guage. For example, C++ commands can be used in simple programs that will access or manipulate certain pieces of data in the database. Here’s another example of a DBMS query:
SELECT * FROM EMPLOYEE WHERE JOB_CLASSIFICATION=“C2.”
The asterisk (*) tells the program to include all columns from the EMPLOYEE table. In general, the commands that are used to manipulate the database are part of the data manipulation language (DML). This specific language, provided with the DBMS, allows managers and other database users to access and modify the data, to make queries, and to generate reports. Again, the application programs go through schemas and the DBMS before getting to the data stored on a device such as a disk.
After a database has been set up and loaded with data, it can produce desired reports, documents, and other outputs. See Figure 3.17. These outputs usually appear in screen displays or on hard copy printouts. The output- control features of a database program allow a user to select the records and fields that will appear in a report. Formatting controls and organization options (such as report headings) help users customize reports and create flexible, convenient, and powerful information-handling tools.
FIGURE 3.16 Query by Example Some databases use Query by Example (QBE) to generate reports and information. M
ic ro so ft pr od uc t sc re en sh ot s us ed
w ith
pe rm is si on
fr om
M ic ro so ft Co rp or at io n
data manipulation language (DML): A specific language, provided with a DBMS, which allows users to access and modify the data, to make queries, and to generate reports.
CHAPTER 3 • Database Systems and Big Data 129
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
A DBMS can produce a wide variety of documents, reports, and other out- put that can help organizations make decisions and achieve their goals. Often, organizations have standard reports that are run on a regular basis. The most common reports select and organize data to present summary information about some aspect of company operations. For example, accounting reports often summarize financial data such as current and past due accounts. Many companies base their routine operating decisions on regular status reports that show the progress of specific orders toward completion and delivery.
Database Administration Database administrators (DBAs) are skilled and trained IS professionals who hold discussions with business users to define their data needs; apply database programming languages to craft a set of databases to meet those needs; test and evaluate databases; implement changes to improve their performance; and assure that data is secure from unauthorized access. Database systems require a skilled database administrator (DBA), who must have a clear understanding of the fundamental business of the organization, be proficient in the use of selected database management systems, and stay abreast of emerging technolo- gies and new design approaches. The role of the DBA is to plan, design, create, operate, secure, monitor, and maintain databases. Typically, a DBA has a degree in computer science or management information systems and some on-the-job training with a particular database product or more extensive experience with a range of database products. See Figure 3.18.
FIGURE 3.17 Database output A database application offers sophisticated formatting and organization options to produce the right information in the right format.
FIGURE 3.18 Database administrator The role of the database administrator (DBA) is to plan, design, create, operate, secure, monitor, and maintain databases.
database administrators (DBAs): Skilled and trained IS pro- fessionals who hold discussions with business users to define their data needs; apply database programming languages to craft a set of databases to meet those needs; test and evaluate databases; implement changes to improve the performance of databases; and assure that data is secure from unauthorized access.
iS to ck ph ot o. co m /O JO _I m ag es
M ic ro so ft pr od uc ts cr ee ns ho ts us ed
w ith
pe rm is si on
fr om
M ic ro so ft
Co rp or at io n
130 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
The DBA works with users to decide the content of the database—to determine exactly what entities are of interest and what attributes are to be recorded about those entities. Thus, not only is it important that a DBA understand the business of an organization, but personnel outside of IS must also have some idea of what the DBA does and why this function is important. The DBA can play a crucial role in the development of effective information systems to benefit the organization, employees, and managers.
The DBA also works with programmers as they build applications to ensure that their programs comply with database management system stan- dards and conventions. After the database has been built and is operating, the DBA monitors operations logs for security violations. Database perfor- mance is also monitored to ensure that the system’s response time meets users’ needs and that it operates efficiently. If there is a problem, the DBA attempts to correct it before it becomes serious.
An important responsibility of a DBA is to protect the database from attack or other forms of failure. DBAs use security software, preventive measures, and redundant systems to keep data safe and accessible. In spite of the best efforts of DBAs, database security breaches are all too common. For example, customer records of more than 83 million customers of JPMor- gan Chase were stolen between June 2014 and August 2014. This represents the largest theft of consumer data from a U.S. financial institution in history.11
Some organizations have also created a position called the data administrator, an individual responsible for defining and implementing consistent principles for a variety of data issues, including setting data standards and data definitions that apply across all the databases in an organization. For example, the data administrator would ensure that a term such as “customer” is defined and treated consistently in all corpo- rate databases. The data administrator also works with business managers to identify who should have read or update access to certain databases and to selected attributes within those databases. This information is then communicated to the database administrator for implementation. The data administrator can be a high-level position reporting to top-level managers.
Popular Database Management Systems Many popular database management systems address a wide range of individ- ual, workgroup, and enterprise needs as shown in Table 3.2. The complete
TABLE 3.2 Popular database management systems
Open-Source Relational DBMS
Relational DBMS for Individuals and Workgroups
Relational DBMS for Workgroups and Enterprise
MySQL Microsoft Access Oracle
PostgreSQL IBM Lotus Approach IBM DB2
MariaDB Google Base Sybase Adaptive Server
SQL Lite OpenOffice Base Teradata
CouchDB Microsoft SQL Server
Progress OpenEdge
data administrator: An individual responsible for defining and imple- menting consistent principles for a variety of data issues.
CHAPTER 3 • Database Systems and Big Data 131
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
DBMS market encompasses software used by people ranging from nontechni- cal individuals to highly trained, professional programmers and runs on all types of computers from tablets to supercomputers. The entire market gener- ates billions of dollars per year in revenue for companies such as IBM, Oracle, and Microsoft.
Selecting a DBMS begins by analyzing the information needs of the organization. Important characteristics of databases include the size of the database, the number of concurrent users, database performance, the ability of the DBMS to be integrated with other systems, the features of the DBMS, the vendor considerations, and the cost of the database management system.
CouchDB by Couchbase is an open-source database system used by Zynga, the developer of the popular Internet game FarmVille, to process 250 million visitors a month.
With database as a service (DaaS), the database is stored on a service provider’s servers and accessed by the service subscriber over the Internet, with the database administration handled by the service provider. More than a dozen companies are now offering DaaS services, including Amazon, Database.com, Google, Heroku, IBM, Intuit, Microsoft, MyOwnDB, Oracle, and Trackvia. Amazon Relational Database Service (Amazon RDS) is a DaaS that enables organizations to set up and operate their choice of a MySQL, Microsoft SQL, Oracle, or PostgreSQL relational database in the cloud. The service automatically backs up the database and stores those backups based on a user-defined retention period.
TinyCo is a mobile gaming firm whose games Tiny Monsters, Tiny Village, and Tiny Zoo Friends can be found at the Amazon, Google Play, and iTunes app stores.12 The company employs Amazon Web Services (AWS) to enable it to support the rapid growth in the number of its users without having to devote constant time and effort to organize and configure its information sys- tems infrastructure. This arrangement has allowed the company to focus its resources on developing and marketing its new games. TinyCo application data is stored in the Amazon Relational Database Service (Amazon RDS) for MySQL.13
Using Databases with Other Software Database management systems are often used with other software and to interact with users over the Internet. A DBMS can act as a front-end applica- tion or a back-end application. A front-end application is one that people interact with directly. Marketing researchers often use a database as a front end to a statistical analysis program. The researchers enter the results of market questionnaires or surveys into a database. The data is then trans- ferred to a statistical analysis program to perform analysis, such as determin- ing the potential for a new product or the effectiveness of an advertising campaign. A back-end application interacts with other programs or applica- tions; it only indirectly interacts with people or users. When people request information from a Web site, the site can interact with a database (the back end) that supplies the desired information. For example, you can connect to a university Web site to find out whether the university’s library has a book you want to read. The site then interacts with a database that contains a cat- alog of library books and articles to determine whether the book you want is available. See Figure 3.19.
database as a service (DaaS): An arrangement where the database is stored on a service provider’s servers and accessed by the service subscriber over a network, typically the Internet, with the database administration handled by the service provider.
132 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
Database as a Service You are the database administrator for the customer database of a medium-sized manufacturing firm. The database runs on an Oracle database management system installed on a server owned and managed by your firm’s small IT organization. Recently you have been receiving a number of complaints from users of the data- base about extremely slow response time to their queries and report requests. Management has asked you to prepare a set of proposed solutions.
Review Questions 1. What advantages might be gained from moving to a database as a service
environment? 2. Can you think of any possible disadvantages to this approach?
Critical Thinking Questions 1. What additional questions need to be answered before you can decide if the
database as a service approach is right for your firm? 2. How might such a move affect you and your role?
Big Data
Big data is the term used to describe data collections that are so enormous (terabytes or more) and complex (from sensor data to social media data) that traditional data management software, hardware, and analysis processes are incapable of dealing with them.
FIGURE 3.19 Library of Congress Web site The Library of Congress (LOC) provides a back-end application that allows Web access to its databases, which include references to books and digital media in the LOC collection.
Source: www.loc.gov
CHAPTER 3 • Database Systems and Big Data 133
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Characteristics of Big Data Computer technology analyst Doug Laney associated the three characteristics of volume, velocity, and variety with big data:14
● Volume. In 2014, it was estimated that the volume of data that exists in the digital universe was 4.4 zettabytes (one zettabyte equals one trillion gigabytes). The digital universe is expected to grow to an amazing 44 zettabytes by 2020, with perhaps one-third of that data being of value to organizations.15
● Velocity. The velocity at which data is currently coming at us exceeds 5 trillion bits per second.16 This rate is accelerating rapidly, and the volume of digital data is expected to double every two years between now and 2020.17
● Variety. Data today comes in a variety of formats. Some of the data is what computer scientists call structured data—its format is known in advance, and it fits nicely into traditional databases. For example, the data generated by the well-defined business transactions that are used to update many corporate databases containing customer, product, inven- tory, financial, and employee data is generally structured data. However, most of the data that an organization must deal with is unstructured data, meaning that it is not organized in any predefined manner.18 Unstruc- tured data comes from sources such as word-processing documents, social media, email, photos, surveillance video, and phone messages.
Sources of Big Data Organizations collect and use data from a variety of sources, including busi- ness applications, social media, sensors and controllers that are part of the manufacturing process, systems that manage the physical environment in fac- tories and offices, media sources (including audio and video broadcasts), machine logs that record events and customer call data, public sources (such as government Web sites), and archives of historical records of transactions and communications. See Figure 3.20. Much of this collected data is unstruc- tured and does not fit neatly into traditional relational database management
Media Images, audio, video,
live data feeds, podcasts
Sensor data Process control devices, smart electric meters, packing line counters
Social media Twitter, Facebook, LinkedIn, Pinterest
Data from business apps ERP, CRM, PLM, HR
Documents eMail, Power Point,
Word, Excel, .PDF, HTML
Archives Historical records
of communications and transactions
Public data Local, state, and federal government Web sites
Machine log data Call detail data event logs,
business process logs, application logs
An organization’s collection of useful
data
FIGURE 3.20 Sources of an organization’s useful data An organization has many sources of useful data.
134 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
systems. Table 3.3 provides a starter list of some of the many Web portals that provide access to free sources of useful big data sets.
Big Data Uses Here are just a few examples of how organizations are employing big data to improve their day-to-day operations, planning, and decision making:
● Retail organizations monitor social networks such as Facebook, Google, LinkedIn, Twitter, and Yahoo to engage brand advocates, identify brand adversaries (and attempt to reverse their negative opinions), and even enable passionate customers to sell their products.
TABLE 3.3 Portals that provide access to free sources of useful big data Data Source Description URL
Amazon Web Services (AWS) public data sets
Portal to a huge repository of public data, including climate data, the million song data set, and data from the 1000 Genomes project.
http://aws.amazon.com/datasets
Bureau of Labor Statistics (BLS)
Provides access to data on inflation and prices, wages and benefits, employment, spending and time use, productivity, and workplace injuries
www.bls.gov
CIA World Factbook Portal to information on the economy, government, history, infrastructure, military, and population of 267 countries
https://cia.gov/library/publications /the-world-factbook
Data.gov Portal providing access to over 186,000 government data sets, related to topics such as agriculture, education, health, and public safety
http://data.gov
Facebook Graph Provides a means to query Facebook profile data not classified as private
https://developers.facebook.com/docs /graph-api
FBI Uniform Crime Reports
Portal to data on Crime in the United States, Law Enforcement Officers Killed and Assaulted, and Hate Crime Statistics
https://www.fbi.gov/about-us/cjis/ucr /ucr/
Justia Federal District Court Opinions and Orders database
A free searchable database of full-text opinions and orders from civil cases heard in U.S. Federal District Courts
http://law.justia.com/cases/federal /district-courts/
Gapminder Portal to data from the World Health Organization and World Bank on economic, medical, and social issues
www.gapminder.org/data
Google Finance Portal to 40 years of stock market data http://google.com/finance
Healthdata.gov Portal to 125 years of U.S. healthcare data, including national healthcare expenditures, claim-level Medicare data, and data related to healthcare quality, epidemiology, and population, among many other topics
www.healthdata.gov
National Centers for Environmental Information
Portal for accessing a variety of climate and weather data sets
www.ncdc.noaa.gov/data-access /quick-links#loc-clim
New York Times Portal that provides users with access to NYT arti- cles, book and movie reviews, data on political campaign contributions, and other material
http://developer.nytimes.com/docs
Social Institutions and Gender Index
Provides access to country profiles and data that measures the degree of cross-country discrimination against women in social institutions
http://genderindex.org
U.S. Census Bureau Portal to a huge variety of government statistics and data relating to the U.S. economy and its population
www.census.gov/data.html
CHAPTER 3 • Database Systems and Big Data 135
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
● Advertising and marketing agencies track comments on social media to understand consumers’ responsiveness to ads, campaigns, and promotions.
● Hospitals analyze medical data and patient records to try to identify patients likely to need readmission within a few months of discharge, with the goal of engaging with those patients in the hope of preventing another expensive hospital stay.
● Consumer product companies monitor social networks to gain insight into customer behavior, likes and dislikes, and product perception to identify necessary changes to their products, services, and advertising.
● Financial services organizations use data from customer interactions to identify customers who are likely to be attracted to increasingly targeted and sophisticated offers.
● Manufacturers analyze minute vibration data from their equipment, which changes slightly as it wears down, to predict the optimal time to perform maintenance or replace the equipment to avoid expensive repairs or potentially catastrophic failure.
Challenges of Big Data Individuals, organizations, and society in general must find a way to deal with this ever-growing data tsunami to escape the risks of information overload. The challenge is manifold, with a variety of questions that must be answered, includ- ing how to choose what subset of data to store, where and how to store the data, how to find those nuggets of data that are relevant to the decision making at hand, how to derive value from the relevant data, and how to identify which data needs to be protected from unauthorized access. With so much data avail- able, business users can have a hard time finding the information they need to make decisions, and they may not trust the validity of the data they can access.
Trying to deal with all this data from so many different sources, much of it from outside the organization, can also increase the risk that the orga- nization fails to comply with government regulations or internal controls (see Table 3.4). If measures to ensure compliance are not defined and fol- lowed, compliance issues can arise. Violation of these regulations can lead not only to government investigations but also to dramatic drops in stock prices, as when computer chipmaker Marvell Technologies alarmed
TABLE 3.4 Partial list of rules, regulations, and standards with which U.S. information system organizations must comply
Rule, Regulation, or Standard Intent
Bank Secrecy Act Detects and prevents money laundering by requiring financial institutions to report certain transactions to government agencies and to withhold from clients that such reports were filed about them
Basel II Accord Creates international standards that strengthen global capital and liquidity rules, with the goal of promoting a more resilient banking sector worldwide
California Senate Bill 1386
Protects against identity theft by imposing disclosure requirements for businesses and government agencies that experience security breaches that might put the personal information of California residents at risk; the first of many state laws aimed at protecting consumers from identity theft
European Union Data Protection Directive
Protects the privacy of European Union citizens’ personal information by placing limitations on sending such data outside of the European Union to areas that are deemed to have less than adequate standards for data security
Foreign Account Tax Compliance Act
Identifies U.S. taxpayers who hold financial assets in non-U.S. financial institutions and offshore accounts, to ensure that they do not avoid their U.S. tax obligations
136 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
investors by announcing that it had found problems with the way it booked revenue, resulting in a 16 percent drop in its stock price in just one day.19
Optimists believe that we can conquer these challenges and that more data will lead to more accurate analyses and better decision making, which in turn will result in deliberate actions that improve matters.
Not everyone, however, is happy with big data applications. Some people have privacy concerns about the fact that corporations are harvesting huge amounts of personal data that can be shared with other organizations. With all this data, organizations can develop extensive profiles of people without their knowledge or consent. Big data also introduces security concerns. Are organizations able to keep big data secure from competitors and malicious hackers? Some experts believe companies that collect and store big data could be open to liability suits from individuals and organizations. Even with these potential disadvantages, many companies are rushing into big data due to the lure of a potential treasure trove of information and new applications.
Data Management Data management is an integrated set of functions that defines the processes by which data is obtained, certified fit for use, stored, secured, and processed in such a way as to ensure that the accessibility, reliability, and timeliness of the data meet the needs of the data users within an organization. The Data Management Association (DAMA) International is a nonprofit, vendor- independent, international association whose members promote the under- standing, development, and practice of managing data as an essential enterprise asset. This organization has identified 10 major functions of data management, as shown in Figure 3.21. Data governance is the core component of data man- agement; it defines the roles, responsibilities, and processes for ensuring that data can be trusted and used by the entire organization, with people identified and in place who are responsible for fixing and preventing issues with data.
TABLE 3.4 Partial list of rules, regulations, and standards with which U.S. information system organizations must comply (continued)
Rule, Regulation, or Standard Intent
Foreign Corrupt Practices Act
Prevents certain classes of persons and entities from making payments to foreign government officials in an attempt to obtain or retain business
Gramm-Leach-Bliley Act Protects the privacy and security of individually identifiable financial information collected and processed by financial institutions
Health Insurance Porta- bility and Accountability Act (HIPAA)
Safeguards protected health information (PHI) and electronic PHI (ePHI) data gathered in the healthcare process and standardizes certain electronic transactions within the healthcare industry
Payment Card Industry (PCI) Data Security Standard
Protects cardholder data and ensures that merchants and service providers maintain strict information security standards
Personal Information Protection and Electronic Documents Act (Canada)
Governs the collection, use, and disclosure of personally identifiable information in the course of commercial transactions; created in response to European Union data protection directives
Sarbanes-Oxley Act Protects the interests of investors and consumers by requiring that the annual reports of public companies include an evaluation of the effectiveness of internal control over financial reporting; requires that the company’s CEO and CFO attest to and report on this assessment
USA PATRIOT Act This wide-ranging act has many facets; one portion of the Act relating to information system compliance is called the Financial Anti-Terrorism Act and is designed to combat the financing of terrorism through money laundering and other financial crimes
data management: An integrated set of functions that defines the processes by which data is obtained, certified fit for use, stored, secured, and processed in such a way as to ensure that the accessibility, reliability, and timeliness of the data meet the needs of the data users within an organization.
data governance: The core com- ponent of data management; it defines the roles, responsibilities, and pro- cesses for ensuring that data can be trusted and used by the entire organi- zation, with people identified and in place who are responsible for fixing and preventing issues with data.
CHAPTER 3 • Database Systems and Big Data 137
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
The need for data management is driven by a variety of factors, including the need to meet external regulations designed to manage risk associated with financial misstatement, the need to avoid the inadvertent release of sensitive data, and the need to ensure that high data quality is available for key deci- sions. Haphazard or incomplete business processes and controls simply will not meet these requirements. Formal management processes are needed to govern data.
Effective data governance requires business leadership and active participation—it cannot be an effort that is led by the information system organization. The use of a cross-functional team is recommended because data and information systems are used by many different departments. No one individual has a complete view of the organization’s data needs. Employment of a cross-functional team is particularly important for ensuring that compliance needs are met. The data governance team should be a cross- functional, multilevel data governance team, consisting of executives, project managers, line-of-business managers, and data stewards. The data steward is an individual responsible for the management of critical data elements, including identifying and acquiring new data sources; creating and maintain- ing consistent reference data and master data definitions; and analyzing data for quality and reconciling data issues. Data users consult with a data stew- ard when they need to know what data to use to answer a business ques- tion, or to confirm the accuracy, completeness, or soundness of data within a business context.
The data governance team defines the owners of the data assets in the enterprise. The team also develops a policy that specifies who is accountable for various portions or aspects of the data, including its accuracy, accessibility, consistency, completeness, updating, and archiving. The team defines pro- cesses for how the data is to be stored, archived, backed up, and protected
FIGURE 3.21 Data management The Data Management Association (DAMA) International has identified 10 basic functions associated with data management. Source: “Body of Knowledge,” DAMA International, https://www.dama.org/content /body-knowledge. Copyright DAMA International.
Data Governance
Data Architecture Management
Data Development
Database Operations
Management
Data Security
Management
Reference & Master Data Management
Data Warehousing & Business Intelligence
Management
Document & Content
Management
Meta Data Management
Data Quality
Management
data steward: An individual responsible for the management of critical data elements, including identi- fying and acquiring new data sources; creating and maintaining consistent reference data and master data defini- tions; and analyzing data for quality and reconciling data issues.
138 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
from cyberattacks, inadvertent destruction or disclosure, or theft. It also devel- ops standards and procedures that define who is authorized to update, access, and use the data. The team also puts in place a set of controls and audit pro- cedures to ensure ongoing compliance with organizational data policies and government regulations.
Data lifecycle management (DLM) is a policy-based approach to manag- ing the flow of an enterprise’s data, from its initial acquisition or creation and storage to the time when it becomes outdated and is deleted. See Figure 3.22. Several vendors offer software products to support DLM such as IBM Informa- tion Lifecycle Governance suite of software products.
Walgreens Data Assimilation As of this writing, Walgreens plans to acquire Rite Aide in a move that would combine the nation’s second- and third-largest drugstore chains by market share, behind only fierce rival CVS Health. If this acquisition is approved, Rite Aide cus- tomer data will need to be assimilated into Walgreens’ information systems. For pharmacy customers, this includes sensitive information, such as personal data, details of medications prescribed, health insurance identification codes, and doc- tors used. Walgreens will need this data to provide smooth and uninterrupted ser- vice to the old Rite Aide customers. In addition, Walgreen has in place a system that automatically checks each new medication prescribed against other medica- tions the customer is taking to ensure there will be no adverse drug interactions. The data must be captured in such a way that ensures its accuracy and completeness.
FIGURE 3.22 The big data life cycle A policy-based approach to man- aging the flow of an enterprise’s data, from its initial acquisition or creation and storage to the time when it becomes outdated and is deleted.
BIG DATA LIFE CYCLE
Archive or discard
Define data needs
Evaluate alternate sources
Evaluate Acquire data
Store data
Publish data descriptions
Access and use
data lifecycle management (DLM): A policy-based approach to managing the flow of an enterprise’s data, from its initial acquisition or creation and storage to the time when it becomes outdated and is deleted.
A be rt /S hu tt er st oc k. co m
CHAPTER 3 • Database Systems and Big Data 139
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Review Questions 1. Identify specific federal regulations that apply to the use and management of
Walgreens and Rite Aide data. 2. Would it make sense for Walgreen to appoint a data governance team to over-
see the Rite Aide data assimilation process? What might the responsibilities of such a team be?
Critical Thinking Questions 1. Do you think that Walgreens should attempt to automate the process of assim-
ilating Rite Aide customer, insurance, and medication data into its systems? Or, should Walgreens design an efficient manual process for former Rite Aide customers to provide the necessary data prior to or on their initial visit to a Walgreens pharmacy? What are the pros and cons of each approach? Which approach would you recommend?
2. Identify several potential negative consequences resulting from poor execu- tion of the data assimilation process.
Technologies Used to Process Big Data
Data Warehouses, Data Marts, and Data Lakes The raw data necessary to make sound business decisions is typically stored in a variety of locations and formats. This data is initially captured, stored, and managed by transaction-processing systems that are designed to support the day-to-day operations of an organization. For decades, organizations have collected operational, sales, and financial data with their online transaction processing (OLTP) systems. These OLTP systems put data into databases very quickly, reliably, and efficiently, but they do not support the types of big data analysis that today’s businesses and organizations require. Through the use of data warehouses and data marts, organizations are now able to access the data gathered via OLTP system and use it more effectively to support decision making.
Data Warehouses A data warehouse is a database that holds business information from many sources in the enterprise, covering all aspects of the company’s processes, products, and customers. Data warehouses allow managers to “drill down” to get greater detail or “roll up” to generate aggregate or summary reports. The primary purpose is to relate information in innovative ways and help man- agers and executives make better decisions. A data warehouse stores histori- cal data that has been extracted from operational systems and external data sources. See Figure 3.23.
Companies use data warehouses in a variety of ways, as shown in the fol- lowing examples:
● Walmart operates separate data warehouses for Walmart and Sam’s Club and allows suppliers access to almost any data they could possibly need to determine which of their products are selling, how fast, and even whether they should redesign their packaging to fit more product on store shelves.20
● UPS manages a 16-petabyte data warehouse containing data on some 16.3 million packages it ships per day for 8.8 million customers, who make an average of 39.5 million tracking requests per day.21
● Orscheln (a billion dollar retailer that sells farm- and home-related pro- ducts through its some 150 stores spread across the Midwest)
140 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
implemented an Oracle data warehouse that is used by merchants, buyers, planners, and store managers to perform analysis on inventory management, sales performance, pricing and promotions effectiveness, vendor compliance, and loss prevention.22
● General Electric uses a data warehouse to hold data from sensors on the performance of the blades on jet engines it manufactures.23
Because data warehouses are used for decision making, maintaining a high quality of data is vital so that organizations avoid wrong conclusions. For instance, duplicated or missing information will produce incorrect or mis- leading statistics (“garbage in, garbage out”). Due to the wide range of possi- ble data inconsistencies and the sheer data volume, data quality is considered one of the biggest issues in data warehousing.
Data warehouses are continuously refreshed with huge amounts of data from a variety of sources so the probability that some of the sources contain “dirty data” is high. The ETL (extract, transform, load) process takes data from a variety of sources, edits and transforms it into the format used in the data warehouse, and then loads this data into the warehouse, as shown in Figure 3.23. This process is essential in ensuring the quality of the data in the data warehouse.
● Extract. Source data for the data warehouse comes from many sources and may be represented in a variety of formats. The goal of this process is to extract the source data from all the various sources and convert it into a single format suitable for processing. During the extract step, data that fails to meet expected patterns or values may be rejected from further processing (e.g., blank or nonnumeric data in net sales field or a product code outside the defined range of valid codes).
FIGURE 3.23 Elements of a data warehouse A data warehouse can help managers and executives relate information in innovative ways to make better decisions.
Data extraction process
Transform and load
process
Data warehouse
Query and analysis tools
End-user access
Flat files
Spreadsheets
Relational databases
CHAPTER 3 • Database Systems and Big Data 141
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
● Transform. During this stage of the ETL process, a series of rules or algorithms are applied to the extracted data to derive the data that will be stored in the data warehouse. A common type of transformation is to convert a customer’s street address, city, state, and zip code to an organization-assigned sales district or government census tract. Also, data is often aggregated to reduce the processing time required to create antic- ipated reports. For example, total sales may be accumulated by store or sales district.
● Load. During this stage of the ETL process, the extracted and transformed data is loaded into the data warehouse. As the data is being loaded into the data warehouse, new indices are created and the data is checked against the constraints defined in the database schema to ensure its quality. As a result, the data load stage for a large data warehouse can take days.
A large number of software tools are available to support these ETL tasks, including Ab Initio, IBM InfoSphereDatastage, Oracle Data Integrator, and the SAP Data Integrator. Several open-source ETL tools are also available, includ- ing Apatar, Clover ETL, Pentaho, and Talend. Unfortunately, much of the ETL work must be done by low-level proprietary programs that are difficult to write and maintain.
Data Marts A data mart is a subset of a data warehouse. Data marts bring the data ware- house concept—online analysis of sales, inventory, and other vital business data that have been gathered from transaction processing systems—to small- and medium-sized businesses and to departments within larger companies. Rather than store all enterprise data in one monolithic database, data marts contain a subset of the data for a single aspect of a company’s business—for example, finance, inventory, or personnel.
Data Lakes A traditional data warehouse is created by extracting (and discarding some data in the process), transforming (modifying), and loading incoming data for predetermined and specific analyses and applications. This process can be lengthy and computer intensive, taking days to complete. A data lake (also called an enterprise data hub) takes a “store everything” approach to big data, saving all the data in its raw and unaltered form. The raw data residing in a data lake is available when users decide just how they want to use the data to glean new insights. Only when the data is accessed for a specific anal- ysis is it extracted from the data lake, classified, organized, edited, or trans- formed. Thus a data lake serves as the definitive source of data in its original, unaltered form. Its contents can include business transactions, clickstream data, sensor data, server logs, social media, videos, and more.
NoSQL Databases A NoSQL database provides a means to store and retrieve data that is mod- eled using some means other than the simple two-dimensional tabular rela- tions used in relational databases. Such databases are being used to deal with the variety of data found in big data and Web applications. A major advantage of NoSQL databases is the ability to spread data over multiple servers so that each server contains only a subset of the total data. This so-called horizontal scaling capability enables hundreds or even thousands of servers to operate on the data, providing faster response times for queries and updates. Most relational database management systems have problems with such horizontal scaling and instead require large, powerful, and expensive proprietary servers and large storage systems.
data mart: A subset of a data warehouse that is used by small- and medium-sized businesses and departments within large companies to support decision making.
data lake (enterprise data hub): A “store everything” approach to big data that saves all the data in its raw and unaltered form.
NoSQL database: A way to store and retrieve data that is modeled using some means other than the simple two- dimensional tabular relations used in relational databases.
142 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Another advantage of NoSQL databases is that they do not require a predefined schema; data entities can have attributes edited or assigned to them at any time. If a new entity or attribute is discovered, it can be added to the database dynamically, extending what is already modeled in the database.
Most NoSQL databases do not conform to true ACID properties when pro- cessing transactions. Instead they provide for “eventual consistency” in which database changes are propagated to all nodes eventually (typically within milliseconds), so it is possible that user queries for data might not return the most current data.
The choice of a relational database management system versus a NoSQL solution depends on the problem that needs to be addressed. Often, the data structures used by NoSQL databases are more flexible than relational database tables and, in many cases, they can provide improved access speed and redundancy.
The four main categories of NoSQL databases and offerings for each cate- gory are shown in Table 3.5 and summarized below. Note that some NoSQL database products can meet the needs of more than one category.
● Key–value NoSQL databases are similar to SQL databases, but have only two columns (“key” and “value”), with more complex information some- times stored within the “value” columns.
● Document NoSQL databases are used to store, retrieve, and manage document-oriented information, such as social media posts and multime- dia, also known as semi-structured data.
● Graph NoSQL databases are used to understand the relationships among events, people, transactions, locations, and sensor readings and are well- suited for analyzing interconnections such as when extracting data from social media.
● Column NoSQL databases store data in columns, rather than in rows, and are able to deliver fast response times for large volumes of data.
Criteo is a digital-advertising organization serving up ads to over one billion unique Internet users around the world every month. The firm automates the recommendation of ads and the selection of products from advertiser catalogs up to 30 billion times each day. A recommendation can require a calculation involving some 100 variables, and it must be completed quickly—within 100 milliseconds or less. Criteo has deployed a Couchbase Server NoSQL data- base across 1,000 servers grouped into 24 clusters, providing access to a total of 107 terabytes of database storage to meet these demanding processing requirements.24
The National Security Agency (NSA), through its controversial PRISM program, uses NoSQL technology to analyze email messages, phone conver- sations, video chats, and social media interactions gleaned from the servers
TABLE 3.5 Popular NoSQL database products, by category Key–Value Document Graph Column
HyperDEX Lotus Notes Allegro Accumulo
Couchbase Server Couchbase Server Neo4J Cassandra
Oracle NoSQL Database
Oracle NoSQL Database
InfiniteGraph Druid
OrientDB OrientDB OrientDB Vertica
MongoDB Virtuoso HBase
CHAPTER 3 • Database Systems and Big Data 143
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
of major service providers, including Apple, Facebook, Google, Microsoft, Skype, Yahoo, and YouTube. The Accumulo NoSQL database enables its users to assign each piece of data a security tag that defines how people can access that data and who can access that data. This feature makes it possible for NSA agents to interrogate certain details while blocking access to person- ally identifiable information.25
Amazon DynamoDB is a NoSQL database that supports both document and key–value store models. MLB Advanced Media (MLBAM) uses DynamoDB to power its revolutionary Player Tracking System, which reveals detailed information about the nuances and athleticism of the game. Fans, broadcas- ters, and teams are finding this new data entertaining and useful. The system takes in data from ballparks across North America and provides enough com- puting power to support real-time analytics and produce results in seconds.26
Hadoop Hadoop is an open-source software framework that includes several software modules that provide a means for storing and processing extremely large data sets, as shown in Figure 3.24. Hadoop has two primary components: a data processing component (a Java-based system called MapReduce, which is dis- cussed in the next section) and a distributed file system (Hadoop Distributed File System, HDFS) for data storage. Hadoop divides data into subsets and distributes the subsets onto different servers for processing. A Hadoop cluster may consist of thousands of servers. In a Hadoop cluster, a subset of the data within the HDFS and the MapReduce system are housed on every server in the cluster. This places the data processing software on the same servers where the data is stored, thus speeding up data retrieval. This approach creates a highly redundant computing environment that allows the application to keep running even if individual servers fail.
FIGURE 3.24 Hadoop environment Hadoop can be used as a staging area for data to be loaded into a data warehouse or data mart.
Historical data from legacy system
Data from external source #1
Data from external source #2
Data from Facebook
Data from ERP system
Data from CRM system
Hadoop cluster running on 100s of servers
Data mart
Data mart
Data warehouse
Data from sensors on production floor
Data from visitors to organization’s Web site
Server #2
Server #3
Server #n
Server #1
Hadoop: An open-source software framework including several software modules that provide a means for storing and processing extremely large data sets.
Hadoop Distributed File System (HDFS): A system used for data storage that divides the data into subsets and distributes the subsets onto different servers for processing.
144 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
A MapReduce program is composed of a Map procedure that performs filtering and sorting (such as sorting customer orders by product ID into queues, with one queue for each product ID) and a Reduce method that performs a summary operation (such as counting the number of orders in each queue, thus determining product ID frequencies). MapReduce employs a JobTracker that resides on the Hadoop master server as well as TaskTrackers that sit on each server within the Hadoop cluster of servers. The JobTracker divides the comput- ing job up into well-defined tasks and moves those tasks out to the individual TaskTrackers on the servers in the Hadoop cluster where the needed data resides. These servers operate in parallel to complete the necessary computing. Once their work is complete, the resulting subset of data is reduced back to the central node of the Hadoop cluster.
For years, Yahoo! used Hadoop to better personalize the ads and articles that its visitors see. Now Hadoop is used by many popular Web sites and ser- vices (such as eBay, Etsy, Twitter, and Yelp). Verizon Wireless uses big data to perform customer churn analysis to get a better sense of when a customer becomes dissatisfied. Hadoop allows Verizon to include more detailed data about each customer, including clickstream data, chats, and even social media searches, to predict when a customer might switch to a new carrier.
Hadoop has a limitation in that it can only perform batch processing; it cannot process real-time streaming data such as stock prices as they flow into the various stock exchanges. However, Apache Storm and Apache Spark are often integrated with Hadoop to provide real-time data processing. Apache Storm is a free and open source distributed real-time computation system. Storm makes it easy to reliably process unbounded streams of data. Apache Spark is a framework for performing general data analytics in a distributed computing cluster environment like Hadoop. It provides in memory computa- tions for increased speed of data processing. Both Storm and Spark run on top of an existing Hadoop cluster and access data in a Hadoop data store (HDFS).
Medscape MedPulse is a medical news app for iPhone and iPad users that enables healthcare professionals to stay up-to-date on the latest medical news and expert perspectives. The app uses Apache Storm to include an automatic Twitter feed (about 500 million tweets per day are tweeted on Twitter) to help users stay informed about important medical trends being shared in real time by physicians and other leading medical commentators.27,28
In-Memory Databases An in-memory database (IMDB) is a database management system that stores the entire database in random access memory (RAM). This approach provides access to data at rates much faster than storing data on some form of secondary storage (e.g., a hard drive or flash drive) as is done with tradi- tional database management systems. IMDBs enable the analysis of big data and other challenging data-processing applications, and they have become feasible because of the increase in RAM capacities and a corresponding decrease in RAM costs. In-memory databases perform best on multiple multi- core CPUs that can process parallel requests to the data, further speeding access to and processing of large amounts of data.29 Furthermore, the advent of 64-bit processors enabled the direct addressing of larger amounts of main memory. Some of the leading providers of IMDBs are shown in Table 3.6.
KDDI Corporation is a Japanese telecommunications company that pro- vides mobile cellular services for some 40 million customers. The company consolidated 40 existing servers into a single Oracle SuperCluster running the Oracle Times Ten in-memory database to make its authentication system that manages subscriber and connectivity data run faster and more efficiently. This move reduced its data center footprint by 83 percent and power con- sumption by 70 percent while improving the overall performance and
MapReduce program: A compos- ite program that consists of a Map procedure that performs filtering and sorting and a Reduce method that performs a summary operation.
in-memory database (IMDB): A database management system that stores the entire database in random access memory (RAM).
CHAPTER 3 • Database Systems and Big Data 145
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
availability of the system. As a result, system costs were reduced and customer service improved.30
Telefonica Brasil Telefonica Brasil is one of the largest telecommunications companies in Brazil, and it provides landline and mobile services under the brand name Vivo for mil- lions of consumers. The company is considering using big data to perform cus- tomer churn analysis in order to anticipate when a customer is unhappy and likely to drop its service for that of a competitor.
Review Questions 1. What sources of data might Telefonica Brasil use to perform customer churn
analysis? 2. What database technology options might the firm elect to use?
Critical Thinking Questions 1. Why is it unlikely that a traditional SQL database would be able to meet the
firm’s needs? 2. In addition to a database management system, what other information system
technology and resources are likely needed for this type of project?
Summary
Principle: The database approach to data management has become broadly accepted.
Data is one of the most valuable resources that a firm possesses. It is orga- nized into a hierarchy that builds from the smallest element to the largest. The smallest element is the bit, a binary digit. A byte (a character such as a letter or numeric digit) is made up of eight bits. A group of characters, such as a name or number, is called a field (an object). A collection of related fields is a record; a collection of related records is called a file. The database, at the top of the hierarchy, is an integrated collection of records and files.
An entity is a generalized class of objects (such as a person, place, or thing) for which data is collected, stored, and maintained. An attribute is a character- istic of an entity. Specific values of attributes—called data items—can be found in the fields of the record describing an entity. A data key is a field within a record that is used to identify the record. A primary key uniquely identifies a record, while a secondary key is a field in a record that does not uniquely identify the record.
TABLE 3.6 IMDB providers Database Software Manufacturer Product Name Major Customers
Altibase HDB E*Trade, China Telecom
Oracle Times Ten Lockheed Martin, Verizon Wireless
SAP High-Performance Analytic Appliance (HANA)
eBay, Colgate
Software AG Terracotta Big Memory AdJuggler
146 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Principle: Data modelling is a key aspect of organizing data and information.
When building a database, an organization must consider content, access, logical structure, physical organization, archiving, and security of the database. One of the tools that database designers use to show the logical structure and relationships among data is a data model. A data model is a map or diagram of entities and their relationships. Enterprise data modeling involves analyzing the data and information needs of an entire organization and provides a roadmap for building database and information systems by creating a single definition and format for data that can ensure compatibility and the ability to exchange and integrate data among systems. Entity-relationship (ER) diagrams can be used to show the relationships among entities in the organization.
The relational database model places data in two-dimensional tables. Tables can be linked by common data elements, which are used to access data when the database is queried. Each row in a relational database table represents a record, and each column represents an attribute (or field). The allowable values for each attribute are called the attribute’s domain. Basic data manipulations include selecting, projecting, joining, and linking. The rela- tional model is easier to control, more flexible, and more intuitive than other database models because it organizes data in tables.
Data cleansing is the process of detecting and then correcting or deleting incomplete, incorrect, inaccurate, or irrelevant records that reside in the data- base. The goal of data cleansing is to improve the quality of the data used in decision making.
Principle: A well-designed and well-managed database is an extremely valuable tool in supporting decision making.
A database management system (DBMS) is a group of programs used as an interface between a database and its users and between a database and other application programs. When an application program requests data from the database, it follows a logical access path. The actual retrieval of the data follows a physical access path. Records can be considered in the same way: A logical record is what the record contains; a physical record is where the record is stored on storage devices. Schemas are used to describe the entire database, its record types, and its relationships to the DBMS. Schemas are entered into the computer via a data definition language, which describes the data and relationships in a specific database. Another tool used in database management is the data dictio- nary, which contains detailed descriptions of all data in the database.
A DBMS provides four basic functions: offering user views, creating and modifying the database, storing and retrieving data, and manipulating data and generating reports. After a DBMS has been installed, the database can be accessed, modified, and queried via a data manipulation language. A type of specialized data manipulation language is the query language, the most com- mon being Structured Query Language (SQL). SQL is used in several popular database packages today and can be installed in PCs and mainframes.
A database administrator (DBA) plans, designs, creates, operates, secures, monitors, and maintains databases. A data administrator is a person responsible for defining and implementing consistent principles for a variety of data issues, including setting data standards and data definitions that apply across all the databases in an organization.
Selecting a DBMS begins by analyzing the information needs of the organi- zation. Important characteristics of databases include the size of the database, the number of concurrent users, the performance of the database, the ability of the DBMS to be integrated with other systems, the features of the DBMS, the vendor considerations, and the cost of the database management system.
CHAPTER 3 • Database Systems and Big Data 147
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
In database as a service (DaaS) arrangement, the database is stored on a service provider’s servers and accessed by the subscriber over a network, typi- cally the Internet. In DaaS, database administration is provided by the service provider.
Principle: We have entered an era where organizations are grappling with a tremen- dous growth in the amount of data available and struggling how to man- age and make use of it.
“Big data” is the term used to describe data collections that are so enor- mous and complex that traditional data management software, hardware, and analysis processes are incapable of dealing with them.
There are many challenges associated with big data, including how to choose what subset of data to store, where and how to store the data, how to find those nuggets of data that are relevant to the decision making at hand, how to derive value from the relevant data, and how to identify which data needs to be protected from unauthorized access.
Data management is an integrated set of 10 functions that defines the pro- cesses by which data is obtained, certified fit for use, stored, secured, and pro- cessed in such a way as to ensure that the accessibility, reliability, and timeliness of the data meet the needs of the data users within an organization. Data governance is the core component of data management; it defines the roles, responsibilities, and processes for ensuring that data can be trusted and used by the entire organization with people identified and in place who are responsible for fixing and preventing issues with data.
Principle: A number of available tools and technologies allow organizations to take advantage of the opportunities offered by big data.
Traditional online transaction processing (OLTP) systems put data into databases very quickly, reliably, and efficiently, but they do not support the types of data analysis that today’s businesses and organizations require. To address this need, organizations are building data warehouses specifically designed to support management decision making.
An extract, transform, load process takes data from a variety of sources, edits and transforms it into the format to be used in the data warehouse, and then loads the data into the warehouse.
Data marts are subdivisions of data warehouses and are commonly devoted to specific purposes or functional business areas.
A data lake (also called an enterprise data hub) takes a “store everything” approach to big data, saving all the data in its raw and unaltered form.
A NoSQL database provides a means to store and retrieve data that is mod- elled using some means other than the simple two-dimensional tabular rela- tions used in relational databases. There are four types of NoSQL databases— key-value, document, graph, and column.
Hadoop is an open-source software framework that includes several soft- ware modules that provide a means for storing and processing extremely large data sets. Hadoop has two primary components—a data processing component (MapReduce) and a distributed file system (Hadoop Distributed File System or HDFS) for data storage. Hadoop divides data into subsets and distributes the subsets onto different servers for processing. A Hadoop cluster may consist of thousands of servers. A subset of the data within the HDFS and the MapReduce system are housed on every server in the cluster.
An in-memory database (IMDB) is a database management system that stores the entire database in random access memory to improve storage and retrieval speed.
148 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Key Terms
ACID properties
attribute
bit
character
concurrency control
data administrator
data cleansing (data cleaning or data scrubbing)
data definition language (DDL)
data dictionary
data governance
data item
data lake (enterprise data hub)
data lifecycle management (DLM)
data management
data manipulation language (DML)
data mart
data model
data steward
database
database administrators (DBAs)
database approach to data management
database as a service (DaaS)
database management system (DBMS)
domain
enterprise data model
entity
entity-relationship (ER) diagram
field
file
Hadoop
Hadoop Distributed File System (HDFS)
hierarchy of data
in-memory database (IMDB)
joining
linking
MapReduce program
NoSQL database
primary key
projecting
record
relational database model
schema
selecting
SQL
Chapter 3: Self-Assessment Test
The database approach to data management has become broadly accepted.
1. A field or set of fields that uniquely identifies a record in a database is called a(n) . a. attribute b. data item c. record d. primary key
2. The key concept of the database approach to data management is that . a. all records in the database are stored in a two-
dimensional table b. multiple information systems share access to a
pool of related data c. only authorized users can access the data d. a database administrator “owns” the data
Data modeling is a key aspect of organizing data and information.
3. A(n) provides an organizational- level roadmap for building databases and infor- mation systems by creating a single definition and format for data.
a. database b. enterprise data model c. entity relationship diagram d. database management system
4. The model is a simple but highly useful way to organize data into collections of two-dimensional tables called relations.
5. The ability to combine two or more tables through common data attributes to form a new table with only the unique data attributes is called .
6. SQL databases conform to ACID properties, which include atomicity, consistency, isolation, and .
A well-designed and well-managed database is an extremely valuable tool in supporting decision making.
7. The process of detecting and then correcting or deleting incomplete, incorrect, inaccurate, or irrelevant records that reside in a database is called .
CHAPTER 3 • Database Systems and Big Data 149
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
8. Because the DBMS is responsible for providing access to a database, one of the first steps in installing and using a relational database involves “telling” the DBMS the logical and physical structure of the data and relationships among the data in the database. This description of an entire database is called a(n) .
9. A(n) is an individual responsible for the management of critical data elements, includ- ing identifying and acquiring new data sources; creating and maintaining consistent reference data and master data definitions; and analyzing data for quality and reconciling data issues.
10. Data administrators are skilled and trained IS professionals who hold discussions with users to define their data needs; apply database program- ming languages to craft a set of databases to meet those needs; and assure that data is secure from unauthorized access. True or False?
11. With , the database is stored on a service provider’s servers and accessed by the service subscriber over the Internet, with the database administration handled by the service provider.
We have entered an era where organizations are grappling with a tremendous growth in the amount of data available and struggling to understand how to manage and make use of it.
12. Three characteristics associated with big data include volume, velocity, and .
13. The Data Management Association has defined 10 major functions of data management, with the core component being . a. data quality management b. data security management c. data governance d. data architecture management
A number of available tools and technologies allow organizations to take advantage of the opportu- nities offered by big data.
14. A(n) database provides a means to store and retrieve data that is modeled using some means other than simple two-dimensional relations used in relational databases.
15. Hadoop has two primary components—a data processing component and a distributed file sys- tem called . a. MapReduce and HDFS b. TaskTracker and JobTracker c. Key-value and graph d. SQL and NoSQL
16. An is a database management sys- tem that stores the entire database in random access memory to provide fast access.
Chapter 3: Self-Assessment Test Answers
1. d 2. b 3. b 4. relational database 5. linking 6. durability 7. data cleansing, data cleaning, or data scrubbing 8. schema
9. data steward 10. False 11. database as a service (DaaS) 12. variety 13. c 14. NoSQL 15. a 16. in-memory database
Review Questions
1. How would you define the term “database”? How would you define the term “database manage- ment system”?
2. In the hierarchy of data, what is the difference between a data attribute and a data item? What is the domain of an attribute?
3. What is meant by the database approach to data management?
4. What is meant by data archiving? Why is this an important consideration when operating a database?
5. What is an entity-relationship diagram, and what is its purpose?
6. Identify four basic data manipulations performed on a relational database using SQL.
7. What is data scrubbing? 8. What is database as a service (DaaS)? What are
the advantages and disadvantages of using the DaaS approach?
9. What is Hadoop? What are its primary compo- nents, and what does each do?
10. What is a schema, and how is it used? 11. What is concurrency control? Why is it
important? 12. What is in-memory database processing, and
what advantages does it provide?
150 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
13. What is the difference between projecting and joining?
14. What is big data? Identify three characteristics associated with big data.
15. What is a data warehouse, and how is it different from a traditional database used to support OLTP?
16. What is a data lake, and how is it different from a data warehouse?
17. How does an in-memory database provide fast access to data?
Discussion Questions
1. What concerns might be raised by performing data cleansing on a large set of raw data before it is used for analysis? How might these concerns be addressed?
2. Outline some specific steps an organization might take to perform data cleansing to ensure the accuracy and completeness of its customer data- base before adding this data to a data warehouse. How would you decide when the data is accurate enough?
3. SQL databases conform to ACID properties. Briefly describe the ACID properties, and state the purpose of each. How does conformance to ACID properties affect the performance of SQL databases?
4. Describe how a NoSQL database differs from a relational database. Identify and briefly discuss the four types of NoSQL databases.
5. Review Table 3.4, which provides a list of rules, regulations, and standards with which U.S. infor- mation systems organizations must comply. Which of these standards do you think has the most impact on safeguarding the security of per- sonal information? Which of these standards have minimal impact on you personally?
6. Identify and briefly describe the steps in the ETL process. What is the goal of the ETL process?
7. Consider three organizations that have databases that likely store information about you—the Fed- eral Internal Revenue Service, your state’s Bureau of Motor Vehicles, and Equifax, the consumer reporting agency. Go to the home page of each of these organizations, and find answers to the fol- lowing questions. How is the data in each data- base captured? Is it possible for you to request a printout of the contents of your data record from each database? Is it possible for you to correct errors you find in your data record? What data privacy concerns do you have concerning how these databases are managed?
8. Identity theft, where people steal personal infor- mation, continues to be a problem for consumers and businesses. Assume that you are the database administrator for a corporation with a large data- base that is accessible from the Web. What steps would you implement to prevent people from stealing personal information from the corporate database?
9. Read the article “Why ‘Big Data’ Is a Big Deal” by Jonathan Shaw in the March-April 2014 Harvard Magazine. What does Shaw think is the revolu- tion in big data? Which of the many big data applications that he mentions do you find to be the most interesting? Why?
Problem-Solving Exercises
1. Develop a simple data model for a student data- base that includes student contact data, student demographic data, student grades data, and stu- dent financial data. Determine the data attributes that should be present in each table, and identify the primary key for each table. Develop a com- plete ER diagram that shows how these tables are related to one another.
2. A company that provides a movie-streaming sub- scription service uses a relational database to store information on movies to answer customer questions. Each entry in the database contains the following items: Movie ID (the primary key), movie title, year made, movie type, MPAA rating, starring actor #1, starring actor #2, starring
actor #3, and director. Movie types are action, comedy, family, drama, horror, science fiction, and western. MPAA ratings are G, PG, PG-13, R, NC-17, and NR (not rated). Using a graphics pro- gram, develop an entity-relationship diagram for a database application for this database.
3. Use a database management system to build a data-entry screen to enter this data. Build a small database with at least a dozen entries.
4. To improve service to their customers, the employees of the movie-streaming company have proposed several changes that are being consid- ered for the database in the previous exercise. From this list, choose two database modifications, and then modify the data-entry screen to capture
CHAPTER 3 • Database Systems and Big Data 151
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
and store this new information. The proposed changes are as follows:
a. Add the date that the movie was first released to the theaters.
b. Add the executive producer’s name.
c. Add a customer rating of one, two, three, four, or five stars, based on the number of rentals.
d. Add the number of Academy Award nominations.
Team Activities
1. Imagine that you and your team have been hired to develop an improved process for evaluating which students should be accepted to your col- lege and, of those, which should be awarded academic scholarships. What data besides college entrance scores and high school transcripts might you consider using to make these determinations? Where might you get this data? Develop an ER diagram showing the various tables of data that might be used.
2. You and your team have been selected to repre- sent the student body in defining the user requirements for a new student database for your school. What actions would you take to ensure that the student reporting needs and data privacy concerns of the students are fully identified? What
other resources might you enlist to help you in defining these requirements?
3. As a team of three or four classmates, interview managers from three different organizations that have implemented a customer database. What data entities and data attributes are contained in each database? What database management sys- tem did each company select to implement its database, and why? How does each organization access its database to perform analysis? Have the managers and their staff received training in any query or reporting tools? What do they like about their databases, and what could be improved? Weighing the information obtained, identify which company has implemented the best cus- tomer database.
Web Exercises
1. Do research to find out more about the contro- versial NSA PRISM program. What is the source of data for this program? What is the purpose of the program? Are you a supporter of the PRISM program? Why or why not?
2. Do research to find an example of an organiza- tion struggling to deal with the rapid growth of
the big data it needs for decision making. What are the primary issues it is facing? What is the organization doing to get a good grip on data management and data governance?
3. Do research to find three different estimates of the rate at which the amount of data in our digital uni- verse is growing. Discuss why these estimates differ.
Career Exercises
1. Describe the role of a database administrator. What skills, training, and experiences are neces- sary to fulfill this role? How does this differ from the role of a data administrator? What about the
role of a data steward? Is any one of these roles of interest to you? Why or why not?
2. How could you use big data to do a better job at work? Give some specific examples of how you might use big data to gain valuable new insights.
Case Studies
Case One
WholeWorldBand: Digital Recording Studio WholeWorldBand is a collaborative online music and video platform that enables anyone to collaborate with others to create music videos. The service was founded by Kevin Godley, a musician and music video director, and is accessible via a Web-based app available on the iPhone and iPad and on Windows and MacOS computers. Anyone can
contribute to WholeWorldBand using just the camera and microphone in their computer or mobile device. The service enables users—whatever their level of musical ability—to record and perform with music legends and friends. Using WholeWorldBand, you can start a video-recording session that others may join, create your own personal video mix with up to six performers, and then share the results with your friends and fans via Facebook, Twitter, or YouTube. Users can also pay to collaborate with other musicians who
152 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
have posted their own content. Collaborating on a project might mean providing new audio or video components or remixing existing ones.
WholeWorldBand uses a sophisticated digital rights management system to ensure that artists earn revenue for the work they contribute—if your work gets used, you get paid. WholeWorldBand provides users the opportunity to perform and record with popular artists. A number of major recording artists have already uploaded tracks including The Edge (U2), Ronnie Wood (Rolling Stones), Taylor Hawkins (Foo Fighters), Stewart Copeland (The Police), Liam Ó Maonlaí (Hot House Flowers), Michael Bublé, Phil Manzanera (Roxy Music), Dave Stewart (Eurythmics), and Danny O’Reilly (The Coronas).
The platform generates revenue from registered users who purchase subscriptions (or sessions) and from royalties paid by third parties in situations where users have shared and distributed content using the app or the Web site. Each session artist is entitled to receive a share of the revenue generated when other registered users purchase sessions for the purpose of creating contributions and/or mixes in relation to their original track. Keeping track of contributing artists, royalty payments, and the necessary revenue splits among artists, third parties, and WholeWorldBand can become quite detailed and tedious.
Critical Thinking Questions 1. Identify some of the challenges associated with build-
ing an information system infrastructure to support this new service. Would cloud computing be an appropriate solution to address these challenges? Why or why not?
2. Would WholeWorldBand be likely to employ SQL, NoSQL, or a mix of both kinds of databases? Explain your answer.
3. Go to the WholeWorldBand Web site at www.whole worldband.com/about, and find its Terms of Use. Summarize the measures outlined to protect the unauthorized use of copyrighted material. Do you think these measures are adequate? Why or why not?
SOURCES: “WholeWorldBand” YouTube video, 0:33, www. youtube.com/user/WholeWorldBand, accessed October 7, 2015; “EnterpriseDB’sPostgres Plus Cloud Database Strikes a Chord with WholeWorldBand,” EntrepriseDB, www .enterprisedb.com/success-stories/enterprisedb-s-postgres- plus-cloud-database-strikes-chord-wholeworldband, accessed October 7, 2015; John, “WholeWorldBand Wins “Buma Music Meets Tech” Award at EurosonicNoorsderslag in Holland,” Irish Tech News, January 18, 2014, http://irishtechnews.net /ITN3/wholeworldband-wins-buma-music-meets-tech-award -at-eurosonic-noorsderslag-in-holland; “WholeWorldBand Terms of Use,” WholeWorldBand, www.wholeworldband .com/about, accessed October 7, 2015.
Case Two
Mercy’s Big Data Project Aims to Boost Operations Making the most of the data it collects is a challenge for any organization, and those in the healthcare industry are no exception. Based in St. Louis, Missouri, Mercy health system includes 46 acute care and specialty hospitals, with more
than 700 outpatient facilities and physician practices in Arkansas, Kansas, Missouri, and Oklahoma. With more than 40,000 employees, including over 2,000 physicians, Mercy’s vision is to deliver a “transformative health experience” through a new model of care. With such ambitious goals, Mercy has a compelling interest in harnessing the power of the data it collects. To do so, the health system needed to overhaul is data-management infrastructure and move into the world of big data.
To make that move, Mercy partnered with software provider Hortonworks to create the Mercy Data Library, a Hadoop-based data lake that contains batch data as well as real-time data (stored in HBase, a distributed nonrelational database structure) from sources such as the Mercy’s ERP and electronic health record (EHR) systems. According to Paul Boal, director of data engineering and analytics at Mercy, “The blending of base batch data and real-time updates happens on demand when a query is run against the system.” Mercy’s new Hadoop environment, which contains information on more than 8 million patients, holds over 40 terabytes of data housed on 41 servers spread out over four clusters.
Outside of improving patient care, a primary motive for the move to Hadoop was to improve Mercy’s administrative efficiency, particularly in the areas of medical documentation and claims generation. Ensuring that physicians, nurses, and lab staff complete the necessary documentation for a patient prior to discharge improves the chances that the hospital will generate an accurate and complete claim-reimbursement request. Prior to its Hadoop implementation, the health system had already initiated an automatic-documentation-review process. Now, Mercy plans to make use of real-time data along with the power of Hadoop to further improve upon this process. For instance, documentation specialists can generate reports that help them follow up with physicians regarding missing documentation during each morning’s clinical rounds. The hospital expects the new system will generate more than $1 million annually in new revenue based on claims that accurately reflect hospital patients’ diagnoses and treatment.
Mercy is also focusing the power of its new technology on areas directly related to clinical care. “What we’re building out is a real-time clinical applications platform, so we’re looking for other opportunities to turn that into decision support,” says Boal. One such project involves leveraging the Hadoop environment to make better use of data generated by the electronic monitors in the intensive care units (ICUs) across the health system. Mercy now gathers 900 times more detailed data from its ICUs than it did before its implementation of Hadoop. The previous database system was only capable of pulling vital sign information for Mercy’s most critically ill patients every 15 minutes; the new system can do it once every second. The goal is to use the real-time data for better analysis, such as refining the health system’s predictive models on the early-warning signs of life- threatening medical problems in the ICU setting.
Like all healthcare providers, Mercy is required to maintain an audit trail for its EHR system. The audit trail keeps track of everyone who accesses any piece of patient information via the EHR. In addition to satisfying this regulatory requirement, Mercy expects Hadoop will help it put that audit trail data to a new use—analyzing staff
CHAPTER 3 • Database Systems and Big Data 153
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
behavior patterns and developing a better understanding of how processes actually get done. And in another Hadoop- related project, lab staff are now able to quickly search through terabytes worth of lab notes that were previously inaccessible.
Critical Thinking Questions 1. One of the advantages of a Hadoop implementation is
that it provides a high level of computing redundancy. Why is that particularly important in a healthcare setting?
2. Explain how the three characteristics of big data (volume, velocity, and variety) apply to the data being collected by healthcare providers such as Mercy.
3. How might Mercy benefit from an enterprise data model? Does Mercy’s move into big data make it more or less important that it have a clearly developed model that states the organizations’ data needs and priorities?
SOURCES: “Transforming the Health of Our Communities,” Mercy, www.mercy.net/about/transforming-the-health-of -our-communities, accessed December 16, 2015; “Towards a Healthcare Data Lake: Hadoop at Mercy,” Hortonworks, http://hortonworks.com/customers, accessed December 16, 2015; Wilson, Linda, “Mercy’s Big Data Project Aims to Boost Operations,” Information Management, October 7, 2015, www.information-management.com/news/big-data- analytics/mercy-health-big-data-project-aims-to-boost- operations-10027562-1.html; Perna, Gabriel, “Moving Data Down I-44 and Making it Actionable,” Healthcare Informatics, May 13, 2015, www.healthcare-informatics .com/article/moving-data-down-i-44-and-making-it -actionable; Henschen, Doug, “Hadoop’s Growing Enterprise Presence Demonstrated by Three Innovative Use Cases,” ZDNet, September 10, 2015, www.zdnet.com/article/hadoop -growing-enterprise-presence-demonstrated-by-three- innovative-use-cases;“Handling Electronic Health Records (EHR) Access Logs with Hadoop,” StampedeCon, http:// stampedecon.com/sessions/handling-access-logs-with -hadoop, accessed December 17, 2015.
Notes
1. Zettel, Jonathan, “Offshore Leaks Database Allows Pub- lic to Search Offshore Tax Haven Info,” CTV News, June 15, 2013, www.ctvnews.ca/business/offshore-leaks-data base-allows-public-to-search-offshore-tax-haven-info -1.1327088.
2. “FAQ on Lost/Stolen Devices,” CTIA Wireless Associa- tion, www.ctia.org/your-wireless-life/consumer-tips/how -to-deter-smartphone-thefts-and-protect-your-data/faq -on-lost-stolen-devices, accessed September 4, 2015.
3. “Overview of the GTD,” Global Terrorism Database, www.start.umd.edu/gtd/about, accessed September 4, 2015.
4. Hibbard, Katharine, “New Resource Available in Recover- ing Stolen Property,” Leads Online, August 14, 2015, www.leadsonline.com/main/news/2015-news-archive /new-resource-available-in-recovering-stolen-property.php.
5. “I-Nexus Selects AppDynamics to Drive Continuous Perfor- mance Improvement,”AppDynamics, www.appdynamics .com/case-study/inexus, accessed September 6, 2015.
6. “IBM Healthcare Provider Data Model,” IBM, www-03.ibm.com/software/products/en/healthcare-pro vider-data-model, accessed September 6, 2015.
7. “Complete Data Integration from Legacy Systems and Epic, In Half the Time,”Perficient, www.perficient.com /About/Case-Studies/2014/UNC-Health-Care-System-Com pletes-Data-Integration-from-Legacy-Systems-and-Epic -In-Half-the-Time, accessed September 6, 2015.
8. “Banco Popular,” Trillium Software, www.trilliumsoft ware.com/uploadedFiles/Banco_CS_2010_screen.pdf, accessed September 7, 2015.
9. Proffitt, Brian, “FoundationDB’s NoSQL Breakthrough Challenges Relational Database Dominance,” Read Write, March 8, 2013, http://readwrite.com/2013/03/08 /foundationdbs-nosql-breakthrough-challenges-rela tional-database-dominance#awesm=~oncfIkqw3jiMOJ.
10. Golden, Matt, “New DOE Effort to Standardize the Energy Efficiency Data Dictionary,” EDF Blogs, August 8,
2013, http://blogs.edf.org/energyexchange/2013/08/08 /new-doe-effort-to-standardize-the-energy-efficiency -data-dictionary.
11. “Three Charged for Largest-Ever Bank Data Breach,” CBS News, November 10, 2015, www.cbsnews.com/news/three- charged-for-jpmorgan-data-breach-the-largest-ever.
12. “About TinyCo,”TinyCo, www.tinyco.com/about-us, accessed September 8, 2015.
13. “AWS Case Study: TinyCo,” Amazon Web Services, http:// aws.amazon.com/solutions/case-studies/tinyco, accessed September 8, 2015.
14. Laney, Doug, “3D Data Management: Controlling Data Volume, Velocity, and Variety,” META Group, February 6, 2001, http://blogs.gartner.com/doug-laney/files/2012 /01/ad949-3D-Data-Management-Controlling-Data-Vol ume-Velocity-and-Variety.pdf.
15. Turner, Vernon, David Reinsel, John F. Gantz, and Ste- phen Minton, “The Digital Universe of Opportunities: Rich Data and the Increasing Value of the Internet of Things,” EMC2, April 2014, www.emc.com/collateral /analyst-reports/idc-digital-universe-2014.pdf.
16. “Seminars about Long-Term Thinking,” The Long Now Foundation, http://longnow.org/seminars/02013/mar /19/no-time-there-digital-universe-and-why-things -appear-be-speeding, accessed November 8, 2013.
17. Rosenbaum, Steven, “Is It Possible to Analyze Digital Data If It’s Growing Exponentially?” Fast Company, January 13, 2013, www.fastcompany.com/3005128 /it-possible-analyze-digital-data-if-its-growing- exponentially.
18. Ibid. 19. Krantz, Matt, “Lack of Accuracy Can Wreak Havoc on
Stock Market,” USA Today-The Enquirer, September 12, 2015, p. 6B.
20. Harris, Derrick, “Why Apple, eBay, and Walmart Have Some of the Biggest Data Warehouses You’ve Ever Seen,” GIGAOM, March 27, 2013, https://gigaom.com
154 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
/2013/03/27/why-apple-ebay-and-walmart-have-some -of-the-biggest-data-warehouses-youve-ever-seen/.
21. Davenport, Thomas H. and Jill Dyché, “Big Data in Big Companies,” International Institute for Analytics, www .sas.com/reg/gen/corp/2266746, accessed April 1, 2015.
22. “Yormari Customer Success Stories: Orscheln Farm & Home,”Yomari, www.yomari.com/clients/orscheln-farm -home-case-study.php, accessed November 12, 2015.
23. Davenport, Thomas H. and Jill Dyché, “Big Data in Big Companies,” International Institute for Analytics, www. sas.com/reg/gen/corp/2266746, accessed April 1, 2015.
24. “Customer Story:Criteo Boosts Performance, Scale of Digital Ad Platform with Couchbase Server,”Couchbase, www.couchbase.com/case-studies/criteo.html, accessed September 19, 2015.
25. Henschen, Doug, “Defending NSA Prism’s Big Data Tools,” InformationWeek, June 11, 2013, www.informa tionweek.com/big-data/big-data-analytics/defending -nsa-prisms-big-data-tools/d/d-id/1110318?.
26. “AWS Case Study: MLB Advanced Media,” Amazon Web Services, aws.amazon.com/solutions/case-studies /major-league-baseball-mlbam, accessed November 12, 2015.
27. Dvorkin, Eugene, “Scalable Big Data Stream Processing with Storm and Groovy,” November 4, 2014, www.slide share.net/SpringCentral/storm-twtterwebmd.
28. “Press Release: WebMD Medscape,” Newswire, April 24, 2014, www.multivu.com/mnr/7040259-meds cape-launches-new-medpulse-app-for-iphone-and -ipad.
29. Brocke, Jan vom, “In-Memory Database Business Value,” Business Innovation, July 25, 2013. www.business2com munity.com/business-innovation/in-memory-database -business-value-0564636.
30. “Oracle Press Release:KDDI Selects Oracle SuperCluster to Strengthen Authentication System for Mobile Core Net- work and Support Rapid Data Growth,” Oracle, January 22, 2014, www.oracle.com/us/corporate/press/2111600.
CHAPTER 3 • Database Systems and Big Data 155
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
CHAPTER
4 Networks and Cloud Computing
Macrovector/Shutterstock.com
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Know?Did Yo u
• Auto insurers are testing usage-based insurance programs in which premiums are based on data gathered from a device installed in the insured auto. Instead of setting the premium based on traditional factors such as the driver’s age and gender, it is based on miles driven per year, where and when they drive, and how safely they drive. The goal is to charge a premium that is commensurate with the risk associated with auto owner’s driving habits.
• Sensors embedded in General Electric (GE) aircraft engines collect some 5,000 individual data points per second. This data is analyzed while the aircraft is in
flight to adjust the way the aircraft performs, thereby reducing fuel consumption. The data is also used to plan predictive maintenance on the engines based on engine component wear and tear. In 2013, this tech- nology helped GE earn $1 billion in incremental income by delivering performance improvements, less down- time, and more flying miles.
• It is estimated that in just one year, mobile operators lost $23 billion in revenue as teens shifted away from texting over cellular networks in favor of communicating with their friends over the Internet using instant messaging apps.1
Principles Learning Objectives
• A network has many fundamental components, which—when carefully selected and effectively integrated—enable people to meet personal and orga- nizational objectives.
• Identify and briefly describe three network topologies and four different network types, including the uses and limitations of each.
• Identify and briefly discuss several types of both guided and wireless communications.
• Identify several network hardware devices and define their functions.
• Together, the Internet and the World Wide Web provide a highly effective infrastructure for delivering and accessing information and services.
• Briefly describe how the Internet and the Web work, including various methods for connecting to the Internet.
• Outline the process and tools used in developing Web content and applications.
• List and briefly describe several Internet and Web applications.
• Explain how intranets and extranets use Internet tech- nologies, and describe how the two differ.
• Organizations are using the Internet of Things (IoT) to capture and analyze streams of sensor data to detect patterns and anomalies—not after the fact, but while they are occurring—in order to have a considerable impact on the event outcome.
• Define what is meant by the Internet of Things (IoT), and explain how it works.
• Identify and briefly discuss several practical applica- tions of the Internet of Things (IoT).
• Categorize and summarize several potential issues and barriers associated with the expansion of the Internet of Things (IoT).
• Cloud computing provides access to state-of-the-art technology at a fraction of the cost of ownership and without the lengthy delays that can occur when an organization tries to acquire its own resources.
• Discuss how cloud computing can increase the speed and reduce the costs of new product and service launches.
• Summarize three common problems organizations encounter in moving to the cloud.
• Discuss the pros and cons of private and hybrid cloud computing compared to public cloud computing.
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Why Learn about Networks and Cloud Computing? Today’s decision makers need to access data wherever it resides. They must be able to establish fast, reliable connections to exchange messages, upload and download data and software, route business transactions to processors, connect to databases and network services, and send output to wherever it is needed. Regardless of your chosen major or future career field, you will make use of the communications capabilities provided by networks, including the Internet, intranets, and extranets. This is especially true for those whose role is connected to the supply chain and who rely heavily on networks to support cooperation and communication among workers in inbound logistics, warehouse and storage, production, finished product storage, outbound logistics, and, most importantly, with customers, suppliers, and shippers. Many supply chain organizations make use of the Internet to purchase raw materials, parts, and supplies at competitive prices. All members of the supply chain must work together effectively to increase the value perceived by the customer, so partners must communicate well. Other employees in human resources, finance, research and development, marketing, manufacturing, and sales positions must also use communications technology to communicate with people inside and outside the organization. To be a successful member of any organization, you must be able to take advantage of the capabilities that these technologies offer you. This chapter begins by discussing the importance of effective communications.
As you read this chapter, consider the following:
• How are organizations using networks to support their business strategies and achieve organizational objectives?
• What benefits do search engines, social networks, and other Internet services provide to make orga- nizations successful?
In today’s high-speed global business world, organizations need always-on, always-connected computing for traveling employees and for network connections to their key business partners and customers. Forward-thinking organizations strive to increase revenue, reduce time to market, and enable collaboration with their suppliers, customers, and business partners by using networks. Here are just a few examples of organizations using networks to move ahead:
• Many retail organizations are launching their own mobile payment sys- tem, with the hopes of reducing payments to financial services organiza- tions while also increasing customer loyalty. Some of these new systems include Android Pay, Apple Pay, Chase Pay, PayPal, Paydiant, Samsung Pay, Urban Airship, and Walmart Pay.2
• Networks make it possible for you to access a wealth of educational material and earn certifications or an online degree. A wide range of courses are available online from leading educational institutions such as Cornell, Carnegie Mellon, Harvard, MIT, and Yale. Many educational orga- nizations such as Coursera, ed2Go, and Kahn Academy offer continuing education, certification programs, and professional development courses. Hundreds of schools such as DeVry, Kaplan University, University of Phoenix, and Strayer University enable students to earn online degrees.
• Levi Stadium, home of the San Francisco 49ers, is deploying new wireless technology to make it easier for fans to use a special stadium navigation app on their smartphones and other devices. With the app, fans can watch instant replays and order food directly from their mobile devices.3
• Telemedicine provides remote access to a physician via a network (typically via a phone or videoconference) to address a healthcare issue. Its use has become well established in rural areas for specialty consultations and even many primary care practices like pediatrics. There are currently about 200 telemedicine networks, with 3,500 service sites in the United States alone.4
158 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Advances in network technology allow us to communicate in real time with customers, clients, business partners, and coworkers almost anywhere in the world. Networks also reduce the amount of time required to transmit information necessary for driving and concluding business transactions.
Network Fundamentals
A computer network consists of communications media, devices, and soft- ware connecting two or more computer systems or devices. Communications media are any material substance that carries an electronic signal to support communications between a sending and a receiving device. The computers and devices on the networks are also sometimes called network nodes. Orga- nizations can use networks to share hardware, programs, and databases and to transmit and receive information, allowing for improved organizational effectiveness and efficiency. Networks enable geographically separated work- groups to share documents and opinions, which fosters teamwork, innovative ideas, and new business strategies. Effective use of networks can help a com- pany grow into an agile, powerful, and creative organization, giving it a long- term competitive advantage.
Network Topology Network topology is the shape or structure of a network, including the arrangement of the communication links and hardware devices on the net- work. The transmission rates, distances between devices, signal types, and physical interconnection may differ between networks, but they may all have the same topology. The three most common network topologies in use today are the star, bus, and mesh.
In a star network, all network devices connect to one another through a single central device called the hub node. See Figure 4.1. Many home networks employ the star topology. A failure in any link of the star net- work will isolate only the device connected to that link. However, should the hub fail, all devices on the entire network will be unable to communicate.
In a bus network, all network devices are connected to a common backbone that serves as a shared communications medium. See Figure 4.2. To communicate with any other device on the network, a device sends a broadcast message onto the communications medium. All devices on the net- work can “see” the message, but only the intended recipient actually accepts and processes the message.
FIGURE 4.1 Star network In a star network, all network devices connect to one another through a single central hub node.
computer network: The communi- cations media, devices, and software connecting two or more computer sys- tems or devices.
communications medium: Any material substance that carries an electronic signal to support communi- cations between a sending and a receiving device.
network topology: The shape or structure of a network, including the arrangement of the communication links and hardware devices on the network.
star network: A network in which all network devices connect to one another through a single central device called the hub node.
bus network: A network in which all network devices are connected to a common backbone that serves as a shared communications medium.
Vl ad ru /S hu tt er st oc k. co m
CHAPTER 4 • Networks and Cloud Computing 159
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Mesh networks use multiple access points to link a series of devices that speak to each other to form a network connection across a large area. See Figure 4.3. Communications are routed among network nodes by allowing for continuous connections and by bypassing blocked paths by “hopping” from node to node until a connection can be established. Mesh networks are very robust: if one node fails, all the other nodes can still communicate with each other, directly or through one or more intermediate nodes.
Saudi Telecom Company (STC) is the largest communications services provider in the Middle East and North Africa. STC recently deployed a mesh network that ensures network survivability even in the case of multiple outages with restoration of service within 50 milliseconds. The mesh network offers STC customers faster transmission speeds and improved network reliability.5
Network Types A network can be classified as personal area, local area, metropolitan, or wide area network depending on the physical distance between the nodes on the network and the communications and services it provides.
FIGURE 4.2 Bus network In a bus network, all network devices are connected to a common back- bone that serves as a shared com- munications medium.
FIGURE 4.3 Mesh network Mesh networks use multiple access points to link a series of devices that speak to each other to form a net- work connection across a large area.
mesh network: A network that uses multiple access points to link a series of devices that speak to each other to form a network connection across a large area.
M am
an am
sa i/ Sh ut te rs to ck .c om
Vl ad ru /S hu tt er st oc k. co m
160 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Personal Area Networks A personal area network (PAN) is a wireless network that connects informa- tion technology devices close to one person. With a PAN, you can connect a laptop, digital camera, and portable printer without cables. You can download digital image data from the camera to the laptop and then print it on a high- quality printer—all wirelessly. A PAN could also be used to enable data cap- tured by sensors placed on your body to be transmitted to your smartphone as input to applications that can serve as calorie trackers, heart monitors, glu- cose monitors, and pedometers.
Local Area Networks A network that connects computer systems and devices within a small area, such as an office, home, or several floors in a building, is a local area net- work (LAN). Typically, LANs are wired into office buildings and factories, as shown in Figure 4.4. Although LANs often use unshielded twisted-pair copper wire, other media—including fiber-optic cable—is also popular. Increasingly, LANs use some form of wireless communications. You can build LANs to connect personal computers, laptop computers, or powerful mainframe computers.
A basic type of LAN is a simple peer-to-peer network that a small busi- ness might use to share files and hardware devices, such as printers. In a peer-to-peer network, you set up each computer as an independent com- puter, but you let other computers access specific files on its hard drive or share its printer. These types of networks have no server. Instead, each computer is connected to the next machine. Examples of peer-to-peer net- works include ANts, BitTorrent, StealthNet, Tixati, and Windows 10 Home- group. Performance of the computers on a peer-to-peer network is usually slower because one computer is actually sharing the resources of another computer.
Increasingly, home and small business networks are being set up to con- nect computers, printers, scanners, and other devices. A person working on one computer on a home network, for example, can use data and programs stored on another computer’s hard disk. In addition, several computers on the network can share a single printer.
FIGURE 4.4 Typical LAN All network users within an office building can connect to each other’s devices for rapid communication. For instance, a user in research and development could send a docu- ment from her computer to be printed at a printer located in the desktop publishing center. Most computer labs employ a LAN to enable the users to share the use of high-speed and/or color printers and plotters as well as to download soft- ware applications and save files.
Executive computers and devices
Production center computers and devices
Marketing and sales computers
and devices
Research and development
computers and devices
Finance and accounting computers and devices
Copy center, printing, and desktop publishing computers and devices
personal area network (PAN): A wireless network that supports the interconnection of information technol- ogy devices close to one person.
local area network (LAN): A net- work that connects computer systems and devices within a small area, such as an office, home, or several floors in a building.
CHAPTER 4 • Networks and Cloud Computing 161
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Metropolitan Area Networks A metropolitan area network (MAN) is a network that connects users and their computers in a geographical area that spans a campus or city. A MAN might redefine many networks within a city into a single larger network or connect several LANs into a single campus MAN. Often, the MAN is owned either by a consortium of users or by a single network provider who sells the service to users. PIONIER is a Polish national research and education network created to provide high-speed Internet access and to conduct network-based research. The network connects 21 MANs and 5 high-performance computing centers using 6,467 km of fiber optic transmission media.6
Wide Area Networks A wide area network (WAN) is a network that connects large geographic regions. A WAN might be privately owned or rented and includes public (shared-users) networks. When you make a long-distance phone call or access the Internet, you are using a WAN. WANs usually consist of computer equip- ment owned by the user, together with data communications equipment and network links provided by various carriers and service providers.
WANs often provide communications across national borders, which involves national and international laws regulating the electronic flow of data across international boundaries, often called transborder data flow. Some countries have strict laws limiting the use of networks and databases, making normal business transactions such as payroll processing costly, slow, or extremely difficult.
Client/Server Systems In client/server architecture, multiple computer platforms are dedicated to special functions, such as database management, printing, communications, and program execution. These platforms are called servers. Each server is accessible by all computers on the network. Servers can be computers of all sizes; they store both application programs and data files and are equipped with operating system software to manage the activities of the network. The server distributes programs and data to other computers (clients) on the net- work as they request them. An application server holds the programs and data files for a particular application, such as an inventory database. The cli- ent or the server might do the actual data processing.
A client is any computer (often a user’s personal computer) that sends messages requesting services from the servers on the network. A client can converse with many servers concurrently. Consider the example of a user at a personal computer who initiates a request to extract data that resides in a database somewhere on the network. A data request server intercepts the request and determines on which database server the data resides. The server then formats the user’s request into a message that the database server will understand. When it receives the message, the database server extracts and formats the requested data and sends the results to the client. The database server sends only the data that satisfies a specific query—not the entire file. When the downloaded data is on the user’s machine, it can then be analyzed, manipulated, formatted, and displayed by a program that runs on the user’s personal computer.
Channel Bandwidth Network professionals consider the capacity of the communications path or channel when they recommend transmission media for a network. Channel bandwidth refers to the rate at which data is exchanged, usually measured in bits per second (bps)—the broader the bandwidth, the more information can
metropolitan area network (MAN): A network that connects users and their computers in a geographical area that spans a campus or city.
wide area network (WAN): A network that connects large geographic regions.
client/server architecture: An approach to computing wherein multi- ple computer platforms are dedicated to special functions, such as database management, printing, communica- tions, and program execution.
channel bandwidth: The rate at which data is exchanged, usually measured in bits per second (bps).
162 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
be exchanged at one time. In the context of Internet access, the term broad- band communications refers to any high-speed Internet access that is always on and that is faster than traditional dial-up access. Most organizations need high bandwidth to accommodate the transaction volume and transmission speed required to carry out their daily functions.
Communications Media The communications media selected for a network depends on the amount of information to be exchanged, the speed at which data must be exchanged, the level of concern about data privacy, whether the users are stationary or mobile, and a variety of business requirements. Transmission media can be divided into two broad categories: guided (also called wired) transmission media, in which communications signals are guided along a solid medium, and wireless, in which the communications signal is broadcast over airwaves as a form of electromagnetic radiation.
Guided Transmission Media Types There are many different guided transmission media types. Table 4.1 summarizes the guided media types by physical media form. The three most common guided transmission media types are shown in Figure 4.5.
10-Gigabit Ethernet is a standard for transmitting data at the speed of 10 billion bps for limited distances over high-quality twisted-pair wire. The 10-Gigabit Ethernet cable can be used for the high-speed links that connect groups of computers or to move data stored in large databases on large com- puters to stand-alone storage devices.
Chi-X Japan provides investors with an alternative venue for trading in Tokyo-listed stocks. Its goal is to attract new international investors, in turn,
TABLE 4.1 Guided transmission media types Media Form Description Advantages Disadvantages
Twisted-pair wire Twisted pairs of copper wire, shielded or unshielded; used for telephone service
Widely available Limitations on transmission speed and distance
Coaxial cable Inner conductor wire surrounded by insulation
Cleaner and faster data trans- mission than twisted-pair wire
More expensive than twisted-pair wire
Fiber-optic cable Many extremely thin strands of glass bound together in a sheath- ing; uses light beams to transmit signals
Diameter of cable is much smal- ler than coaxial cable; less dis- tortion of signal; capable of high transmission rates
Expensive to pur- chase and install
broadband communications: High-speed Internet access that is always on and that is faster than tradi- tional dial-up access.
FIGURE 4.5 Types of guided transmission media Common guided transmission media include twisted-pair wire, coaxial cable, and fiber-optic cable.
Twisted-pair wire
Coaxial cable
Fiber-optic cableF
le ge re /S hu tt er st oc k. co m
G al us hk o Se rg ey /S hu tt er st oc k. co m
Kr as ow
it/ Sh ut te rs to ck .c om
CHAPTER 4 • Networks and Cloud Computing 163
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
increasing overall Japanese market volumes, reducing transaction costs, and improving investment performance.7 The firm implemented 10 Gbps Ethernet network adapters to upgrade its network and ensure customers minimal trans- action processing delays.
Wireless Technologies Wireless communications coupled with the Internet are revolutionizing how and where we gather and share information, collaborate in teams, lis- ten to music or watch video, and stay in touch with our families and cow- orkers while on the road. With wireless capability, a coffee shop can become our living room and the bleachers at a ballpark can become our office. The many advantages and freedom provided by wireless communi- cations are causing many organizations to consider moving to an all- wireless environment.
Wireless communication is the transfer of information between two or more points that are not connected by an electrical conductor. All wireless communications signals are sent within a range of frequencies of the elec- tromagnetic spectrum that represents the entire range of light that exists from long waves to gamma rays as shown in Figure 4.6.
The propagation of light is similar to waves crossing an ocean. Like any other wave, light has two fundamental properties that describe it. One is its frequency, measured in hertz (Hz), which counts the number of waves that pass by a stationary point in one second. The second fundamental property is wavelength, which is the distance from the peak of one wave to the peak of the next. These two attributes are inversely related, so the higher the frequency the shorter the wavelength.
All wireless communication devices operate in a similar way. A trans- mitter generates a signal, which contains encoded voice, video, or data at a specific frequency, that is broadcast into the environment by an antenna. This signal spreads out in the environment, with only a very small portion being captured by the antenna of the receiving device, which then decodes the information. Depending on the distance involved, the frequency of the transmitted signal, and other conditions, the received signal can be incredibly weak, perhaps one trillionth of the original signal strength.
The signals used in wireless networks are broadcast in one of three fre- quency ranges: microwave, radio, and infrared, as shown in Table 4.2.
Because there are so many competing uses for wireless communica- tion, strict rules are necessary to prevent one type of transmission from interfering with the next. And because the spectrum is limited—there are only so many frequency bands—governments must oversee appropriate licensing of this valuable resource to facilitate use in all bands. In the United States, the Federal Communications Commission (FCC) decides which frequencies of the communications spectrum can be used for which purposes. For example, the portion of the electromagnetic spectrum between 700 MHz and 2.6 GHz has been allocated for use by mobile phones. Most of the spectrum in this range has already been allocated for use. This means that when a wireless company wants to add more spec- trum to its service to boost its capacity, it may have problems obtaining the necessary licenses because other companies are already using the available frequencies.
Some of the more widely used wireless communications options are dis- cussed next.
Near field communication (NFC) is a very short-range wireless connec- tivity technology that enables two devices placed within a few inches of each other to exchange data. With NFC, consumers can swipe their credit cards— or even their smartphones—within a few inches of NFC point-of-sale
wireless communication: The transfer of information between two or more points that are not connected by an electrical conductor.
near field communication (NFC): A very short-range wireless connectivity technology that enables two devices placed within a few inches of each other to exchange data.
164 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
terminals to pay for purchases. Apple Pay, the mobile payment and digital wallet service that lets users make payments using an iPhone, an iPad, or an Apple Watch–compatible device, uses NFC to communicate between the user’s device and the point-of-sale terminal.
Many retailers—including Target, Macys, and Walgreens—already have NFC-based contactless pay terminals in place. Shoppers in these stores can also use their smartphones and NFC to gain access to loyalty programs to earn points, view marketing information, and share content and interact with brands via social media.
Bluetooth is a wireless communications specification that describes how cell phones, computers, printers, and other electronic devices can be intercon- nected over distances of 10 to 30 feet at a transmission rate of about 2 Mbps.
Bluetooth: A wireless communica- tions specification that describes how cell phones, computers, faxes, printers, and other electronic devices can be interconnected over distances of 10 to 30 feet at a rate of about 2 Mbps.
FIGURE 4.6 The electromagnetic spectrum The range of all possible frequencies of electromagnetic radiation. Source: https//upload.wikimedia.org /wikipedia/commons/2/25/Electro magnetic-Spectrum.svg
1019
F re
qu en
cy (H
z)
W av
el en
gt h
Gamma rays
1018
1017
1016
1015
1014
1013
1012
1011 1000 MHz
UHF
VHF 7-13
VHF 2-6
FM
500 MHz
100 MHz
1010
109
108
107
106 50 MHz
Long waves 1000 m
100 m
10 m
1 m
10 cm
1 cm
1000 mm 1mm
100 mm
10 mm
1000 nm 1 mm
100 nm
400 nm
500 nm
600 nm
700 nm
10 nm
1 nm
1 Å 0.1 nm
0.1 Å
AM
Far IR
Thermal IR
Infra-red
Near IR Visible
Ultraviolet
X-rays
Radio, TV
Microwaves
Radar
CHAPTER 4 • Networks and Cloud Computing 165
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Using Bluetooth technology, users of multifunctional devices can synchronize data on their device with information stored in a desktop computer, send or receive faxes, and print. The Bluetooth G-Shock watch enables you to make a connection between your watch and your smartphone. With a G-shock watch, you can control your phone’s music player from the watch and the watch’s timekeeping functions from your phone.
Wi-Fi is a wireless network brand owned by the Wi-Fi Alliance, which consists of about 300 technology companies, including AT&T, Dell, Microsoft, Nokia, and Qualcomm. The alliance exists to improve the interoperability of wireless local area network products based on the IEEE 802.11 series of com- munications standards. IEEE stands for the Institute of Electrical and Electron- ics Engineers, a nonprofit organization and one of the leading standards- setting organizations. Table 4.3 summarizes several variations of the IEEE 802.11 standard.
In a Wi-Fi wireless network, the user’s computer, smartphone, or other mobile device has a wireless adapter that translates data into a radio signal and transmits it using an antenna. A wireless access point, which consists of a transmitter with an antenna, receives the signal and decodes it. The access point then sends the information to the Internet over a wired connection.
TABLE 4.2 Frequency ranges used for wireless communications Technology Description Advantages Disadvantages
Radio frequency range
Operates in the 3 KHz– 300 MHz range
Supports mobile users; costs are dropping
Signal is highly susceptible to interception
Microwave— terrestrial and satel- lite frequency range
High-frequency radio signal (300 MHz–300 GHz) sent through the atmosphere and space (often involves com- munications satellites)
Avoids cost and effort to lay cable or wires; capable of high-speed transmission
Must have unobstructed line of sight between sender and receiver; signal is highly sus- ceptible to interception
Infrared frequency range
Signals in the 300 GHz– 400 THz frequency range
Lets you move, remove, and install devices without expensive wiring
Must have unobstructed line of sight between sender and receiver; transmission is effec- tive only for short distances
TABLE 4.3 IEEE 802.11 wireless local area networking standards Wireless Networking Protocol
Maximum Data Rate per Data Stream Comments
IEEE 802.11a 54 Mbps Transmits at 5 GHz, which means it is incompatible with 802.11b and 802.11g
IEEE 802.11b 11 Mbps First widely accepted wireless network standard and transmits at 2.4 GHz; equipment using this protocol may occasionally suffer from interference from microwave ovens, cordless telephones, and Bluetooth devices
IEEE 802.11g 54 Mbps Equipment using this protocol transmits at 2.4 GHz and may occasionally suffer from interference from microwave ovens, cordless telephones, and Bluetooth devices
IEEE 802.11n 300 Mbps Employs multiple input, multiple output (MIMO) technology, which allows multiple data streams to be transmitted over the same channel using the same bandwidth that is used for only a single data stream in 802.11a/b/g
IEEE 802.11ac 400 Mbps–1.3 Gbps An 802.11 standard that provides higher data transmission speeds and more stable connections; it can transmit at either 2.4 GHz or 5 GHz
Wi-Fi: A medium-range wireless com- munications technology brand owned by the Wi-Fi Alliance.
166 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
See Figure 4.7. When receiving data, the wireless access point takes the information from the Internet, translates it into a radio signal, and sends it to the device’s wireless adapter. These devices typically come with built-in wireless transmitters and software to enable them to alert the user to the existence of a Wi-Fi network. The area covered by one or more intercon- nected wireless access points is called a “hot spot.” Wi-Fi has proven so pop- ular that hot spots are popping up in places such as airports, coffee shops, college campuses, libraries, and restaurants. The availability of free Wi-Fi within a hotel’s premises has become very popular with business travelers. Meanwhile, hundreds of cities in the United States have implemented munic- ipal Wi-Fi networks for use by meter readers and other municipal workers and to provide Internet access to their citizens and visitors.
Microwave Transmission Microwave is a high-frequency (300 MHz to 300 GHz) signal sent through the air. Terrestrial (Earth-bound) microwaves are transmitted by line-of-sight devices, so the line of sight between the transmitter and receiver must be unobstructed. Typically, microwave stations are placed in a series—one sta- tion receives a signal, amplifies it, and retransmits it to the next microwave transmission tower. Such stations can be located roughly 30 miles apart before the curvature of the Earth makes it impossible for the towers to “see” one another. Because they are line-of-sight transmission devices, microwave dishes are frequently placed in relatively high locations, such as mountains, towers, or tall buildings.
A communications satellite also operates in the microwave frequency range. See Figure 4.8. The satellite receives the signal from the Earth station, amplifies the relatively weak signal, and then rebroadcasts it at a different fre- quency. The advantage of satellite communications is that satellites can receive and broadcast over large geographic regions. Problems such as the curvature of the Earth, mountains, and other structures that block the line- of-sight microwave transmission make satellites an attractive alternative. Geo- stationary, low earth orbit, and small mobile satellite stations are the most common forms of satellite communications.
A geostationary satellite orbits the Earth directly over the equator, approx- imately 22,300 miles above the Earth, so that it appears stationary. The U.S.
FIGURE 4.7 Wi-Fi network In a Wi-Fi network, the user’s com- puter, smartphone, or cell phone has a wireless adapter that translates data into a radio signal and transmits it using an antenna.
Existing wired network
Wireless network
Cable modem/routerWireless access point
Internet
Data transmitted and received through airwaves
CHAPTER 4 • Networks and Cloud Computing 167
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
National Weather Service relies on the Geostationary Operational Environ- mental Satellite program for weather imagery and quantitative data to support weather forecasting, severe storm tracking, and meteorological research.
A low earth orbit (LEO) satellite system employs many satellites, each in an orbit at an altitude of less than 1,000 miles. The satellites are spaced so that from any point on the Earth at any time, at least one satellite is in a line of sight. Iridium Communications provides a global communications network that spans the entire Earth, using 66 satellites in a near-polar orbit at an alti- tude of 485 miles. Calls are routed among the satellites to create a reliable connection between call participants that cannot be disrupted by natural dis- asters such as earthquakes, tsunamis, or hurricanes that may knock out ground-based wireless towers and wire- or cable-based networks.8 Every day, thousands of vessels and tankers traveling the world’s seas and oceans use Iri- dium’s network to establish reliable global communications to optimize their daily activities.
4G Wireless Communications Wireless communications has evolved through four generations of technology and services. The first generation (1G) of wireless communications standards originated in the 1980s and was based on analog communications. The second-generation (2G) networks were fully digital, superseding 1G networks in the early 1990s. With 2G networks, phone conversations were encrypted, mobile phone usage was expanded, and short message services (SMS)—or texting—was introduced. 3G wireless communications supports wireless voice and broadband speed data communications in a mobile environment at speeds of 2 to 4 Mbps. Additional capabilities include mobile video, mobile e-commerce, location-based services, mobile gaming, and the downloading and playing of music.
4G broadband mobile wireless delivers more advanced versions of enhanced multimedia, smooth streaming video, universal access, and portabil- ity across all types of devices; eventually 4G will also make possible world- wide roaming. 4G can deliver 3 to 20 times the speed of 3G networks for mobile devices such as smartphones, tablets, and laptops.
Each of the four major U.S. wireless network operators (AT&T, Verizon, Sprint, and T-Mobile) is rapidly expanding its 4G networks based on the Long Term Evolution (LTE) standard. Long Term Evolution (LTE) is a standard for wireless communications for mobile phones based on packet switching, which is an entirely different approach from the circuit-switching approach employed
FIGURE 4.8 Satellite transmission Communications satellites are relay stations that receive signals from one Earth station and rebroadcast them to another.
Communications satellite
Microwave station
Microwave station
Earth
Approximately 22,300 miles
Long Term Evolution (LTE): A standard for wireless communications for mobile phones based on packet switching.
168 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
in 3G communications networks. To convert to the LTE standard, carriers must reengineer their voice call networks.
The biggest benefit of LTE is how quickly a mobile device can connect to the Internet and how much data it can download or upload in a given amount of time. LTE makes it reasonable to stream video to your phone, using services such as Amazon Prime Instant Video, Hulu Plus, Netflix, or YouTube. It also speeds up Web browsing, with most pages loading in seconds. LTE enables video calling using services such as Skype or Google Hangouts. LTE’s faster speed also makes sharing photos and videos from your phone quick and easy.
5G Wireless Communications A new mobile communications generation has come on the scene about every 10 years since the first 1G system. 5G is a term used to identify the next major phase of mobile communications standards beyond 4G. No 5G mobile stan- dard has been formally defined yet, but 5G will bring with it higher data transmission rates, lower power consumption, higher connect reliability with fewer dropped calls, increased geographic coverage, and lower infrastructure costs. If 5G networks meet the goal of a 50 times faster data rate than the most advanced Wi-Fi networks today, they will be able to stream a two-hour movie in less than three seconds. Verizon plans to start field trials of 5G tech- nology by late 2016, with some level of commercial deployment to start by 2017—far sooner than the 2020 time frame that many industry observers anticipate for the initial adoption of 5G technology.9
Communications Hardware Networks require various communications hardware devices to operate, including modems, fax modems, multiplexers, private branch exchanges, front-end processors, switches, bridges, routers, and gateways. These devices are summarized in Table 4.4.
Communications Software A network operating system (NOS) is systems software that controls the computer systems and devices on a network and allows them to communicate
TABLE 4.4 Common communications devices Device Function
Modem Translates data from a digital form (as it is stored in the computer) into an analog signal that can be transmitted over ordinary telephone lines
Fax modem Combines a fax with a modem; facsimile devices, commonly called fax devices, allow businesses to transmit text, graphs, photographs, and other digital files via networks
Multiplexer Allows several communications signals to be transmitted over a single communications medium at the same time, thus saving expensive long-distance communications costs
PBX (private branch exchange)
Manages both voice and data transfer within a building and to outside lines; PBXs can be used to connect hundreds of internal phone lines to a few outside phone company lines
Front-end processor Manages communications to and from a computer system serving many people
Switch Uses the physical device address in each incoming message on the network to determine which output port it should forward the message to reach another device on the same network
Bridge Connects one LAN to another LAN where both LANs use the same communications protocol
Router Forwards data packets across two or more distinct networks toward their destinations through a process known as routing; often, an Internet service provider (ISP) installs a router in a subscri- ber’s home that connects the ISP’s network to the network within the home
Gateway Serves as an entrance to another network, such as the Internet
network operating system (NOS): Systems software that controls the computer systems and devices on a network and allows them to communi- cate with each other.
CHAPTER 4 • Networks and Cloud Computing 169
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
with each other. The NOS performs similar functions for the network as operating system software does for a computer, such as memory and task management and coordination of hardware. When network equipment (such as printers, plotters, and disk drives) is required, the NOS makes sure that these resources are used correctly. Linux (used on workstations), OS X (used on Apple MACs), UNIX (used on servers), and Windows Server (used on workstations and servers) are common network operating systems.
Because companies use networks to communicate with customers, busi- ness partners, and employees, network outages or slow performance can mean a loss of business. Network management includes a wide range of tech- nologies and processes that monitor the network and help identify and address problems before they can create a serious impact.
Software tools and utilities are available for managing networks. With network-management software, a manager on a networked personal com- puter can monitor the use of individual computers and shared hardware (such as printers), scan for viruses, and ensure compliance with software licenses. Network-management software also simplifies the process of updat- ing files and programs on computers on the network—a manager can make changes through a communications server instead of having to visit each indi- vidual computer. In addition, network-management software protects soft- ware from being copied, modified, or downloaded illegally. It can also locate communications errors and potential network problems. Some of the many benefits of network-management software include fewer hours spent on rou- tine tasks (such as installing new software), faster response to problems, and greater overall network control.
Banks use a special form of network-management software to monitor the performance of their automated teller machines (ATMs). Status messages can be sent over the network to a central monitoring location to inform sup- port people about situations such as low cash or receipt paper levels, card reader problems, and printer paper jams. Once a status message is received, a service provider or branch location employee can be dispatched to fix the ATM problem.
Today, most IS organizations use network-management software to ensure that their network remains up and running and that every network component and application is performing acceptably. The software enables IS staff to identify and resolve fault and performance issues before they affect end users. The latest network-management technology even incorporates automatic fixes: The network-management system identifies a problem, noti- fies the IS manager, and automatically corrects the problem before anyone outside the IS department notices it.
The Covell Group is a small IT consulting group in San Diego that pro- vides server and Web site monitoring for small- and medium-sized companies. The firm uses network-monitoring software to watch sensors and remote probes that track CPU, disk space, and Windows services. Constant monitor- ing enables the firm to detect if a communications line is down or if there is a power failure overnight so that everything is up and ready by the start of the next work day.10
Mobile device management (MDM) software manages and trouble- shoots mobile devices remotely, pushing out applications, data, patches, and settings. With the software, a central control group can maintain group poli- cies for security, control system settings, ensure malware protection is in place for mobile devices used across the network, and make it mandatory to use passwords to access the network. In addition to smartphones and tablets, laptops and desktops are sometimes supported using MDM software as mobile device management becomes more about basic device management and less about a specific mobile platform.
network-management software: Software that enables a manager on a networked desktop to monitor the use of individual computers and shared hardware (such as prin- ters), scan for viruses, and ensure compliance with software licenses.
mobile device management (MDM) software: Software that manages and troubleshoots mobile devices remotely, pushing out applica- tions, data, patches, and settings while enforcing group policies for security.
170 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
Software-Defined Networking (SDN) A typical network is comprised of hundreds or thousands of network devices that perform such tasks as routing and switching of data through the network, providing network access and control, and enabling access to a variety of applications and services. In today’s current network environment, each net- work device must be configured individually, usually via manual keyboard input. For a network of any size, this becomes a labor-intensive and error- prone effort, making it difficult to change the network so it can meet the changing needs of the organization. Software-defined networking (SDN) is an emerging approach to networking that allows network administrators to manage a network via a controller that does not require physical access to all the network devices. This approach automates tasks such as configuration and policy management and enables the network to dynamically respond to application requirements. As a result, new applications can be made available sooner, the risk of human error (a major contributor to network downtime) is reduced, and overall network support and operations costs are reduced.
Google is implementing Andromeda, the underlying software-defined net- working architecture that will enable Google’s cloud computing services to scale better, more cheaply and more quickly. With software-defined network- ing, even though many customers are sharing the same network, they can be configured and managed independently with their own address management, firewalls, and access control lists. Google competitors in cloud services like Microsoft and Amazon also employ software-defined networks.11
Network-Management Software for a University The Ohio State University has over 58,000 undergraduate students spread across several major campuses and research centers located around Ohio. Its information system administrators are considering the use of network-management software and are evaluating the use of mobile device management software from various vendors.
Review Questions 1. What features should the administrators look for in choosing its network-
management software? 2. What specific benefits would be gained by installing network-management
software?
Critical Thinking Questions 1. Should a goal of a mobile device management software implementation be to
reduce the number of information systems support staff dedicated to support the university’s students, administrators, and faculty? Or should any productiv- ity gains be applied to providing new services and superior support?
2. Identify common issues that students may have with the use of their devices that could be addressed through the use of mobile device management software.
The Internet and World Wide Web
The Internet has grown rapidly (see Figure 4.9) and is truly international in scope, with users on every continent—including Antarctica. Although the United States has high Internet penetration among its population, it does not constitute the majority of people online. As of November 2015, citizens of Asian countries make up about 48 percent, Europeans about 18 percent,
software-defined networking (SDN): An emerging approach to net- working that allows network adminis- trators to have programmable central control of the network via a controller without requiring physical access to all the network devices.
CHAPTER 4 • Networks and Cloud Computing 171
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Latin America/Caribbean about 10 percent, and North Americans about 9 percent of all Internet users. China is the country with the most Internet users, with 674 million—which is more users than the next two countries combined (India 354 million and United States 280 million).12 Being con- nected to the Internet provides global economic opportunity to individuals, businesses, and countries.
The Internet and social media Web sites have emerged as important new channels for learning about world events, protesting the actions of organiza- tions and governments, and urging others to support one’s favorite causes or candidates. For example, some believe that Barack Obama’s effective use of the Internet and social media provided him with a distinct advantage over his opponents in the presidential elections of 2008 and 2012.13 In another exam- ple, Syrian rebels used the Internet to communicate about events within the country and to provide a useful link to others around the world.14
On the other hand, Internet censorship, the control or suppression of the publishing or accessing of information on the Internet, is a growing problem. For example, in May 2015, the Chinese-language version of Wikipedia was blocked in China.15 The organizations Human Rights Watch and Amnesty Inter- national allege that the Saudi Arabian government uses malicious spyware to target activists and it hunts down, silences, and flogs bloggers who criticize the government.16 In Hungary the government employs fines, licensing, and taxes to coerce critical media, and it directs state advertising to friendly outlets.17
The ancestor of the Internet was the ARPANET, a project started by the U.S. Department of Defense (DoD) in 1969. The ARPANET was both an experiment in reliable networking and a means to link DoD and military research contractors, including many universities doing military-funded research. (ARPA stands for the Advanced Research Projects Agency, the branch of the DoD in charge of awarding grant money. The agency is now known as DARPA—the added D is for Defense.) The ARPANET was highly successful, and every university in the country wanted to use it. This wildfire growth made it difficult to manage the ARPANET, particularly the rapidly growing number of university sites. So, the ARPANET was broken into two
1,200,000,000
1,00,000,000
800,000,000
600,000,000
400,000,000
200,000,000
0 Ja
n- 94
Ju l-
94 Ja
n- 95
Ju l-
95 Ja
n- 96
Ju l-
96 Ja
n- 97
Ju l-
97 Ja
n- 98
Ju l-
98 Ja
n- 99
Ju l-
99 Ja
n- 00
Ju l-
00 Ja
n- 01
Ju l-
01 Ja
n- 02
Ju l-
02 Ja
n- 03
Ju l-
03 Ja
n- 04
Ju l-
04 Ja
n- 05
Ju l-
05 Ja
n- 06
Ju l-
06 Ja
n- 07
Ju l-
07 Ja
n- 08
Ju l-
08
Ju l-
09 Ja
n- 09
Ju l-
10 Ja
n- 10
Ju l-
11 Ja
n- 11
Ju l-
12 Ja
n- 12
Ju l-
13 Ja
n- 13
Ju l-
14 Ja
n- 14
Ju l-
15 Ja
n- 15
N um
be r
of In
te rn
et D
om ai
n S
er ve
rs
Date
FIGURE 4.9 Internet growth: Number of Internet hosts The number of worldwide Internet users is expected to continue growing. Source: Data from “ISC Domain Survey,” https://www.isc.org/network/survey/.
172 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
networks: MILNET, which included all military sites, and a new, smaller ARPANET, which included all the nonmilitary sites. The two networks remained connected, however, through use of the Internet protocol (IP), which enables traffic to be routed from one network to another as needed. All the networks connected to the Internet use IP, so they all can exchange messages.
How the Internet Works In the early days of the Internet, the major communications companies around the world agreed to connect their networks so that users on all the networks could share information over the Internet. These large communica- tions companies, called network service providers (NSPs), include Verizon, Sprint, British Telecom, and AT&T. The cables, routers, switching stations, communication towers, and satellites that make up these networks are the hardware over which Internet traffic flows. The combined hardware of these and other NSPs—the fiber-optic cables that span the globe over land and under sea—make up the Internet backbone.
The Internet transmits data from one computer (called a host) to another. See Figure 4.10. If the receiving computer is on a network to which the first computer is directly connected, it can send the message directly. If the receiv- ing and sending computers are not directly connected to the same network, the sending computer relays the message to another computer that can for- ward it. The message is typically sent through one or more routers to reach its destination. It is not unusual for a message to pass through several routers on its way from one part of the Internet to another.
The various communications networks that are linked to form the Internet work much the same way—they pass data around in chunks called packets, each of which carries the addresses of its sender and receiver along with other technical information. The set of rules used to pass packets from one host to another is the IP protocol. Many other communications protocols are used in connection with IP. The best known is the Transmission Control Pro- tocol (TCP). Many people use “TCP/IP” as an abbreviation for the combina- tion of TCP and IP used by most Internet applications. After a network following these standards links to the Internet’s backbone, it becomes part of the worldwide Internet community.
Each computer on the Internet has an assigned address, called its IP address, that identifies it on the Internet. An IP address is a 64-bit number that identifies a computer on the Internet. The 64-bit number is typically
FIGURE 4.10 Routing messages over the Internet Data is transmitted from one host computer to another on the Internet.
Router/Gateway
Router/Gateway
Router/Gateway
Router/Gateway
Router/Gateway
Host computer 1
Host computer 2
Host computer 3
Host computer 4
Internet Protocol (IP): A commu- nication standard that enables compu- ters to route communications traffic from one network to another as needed.
Internet backbone: One of the Internet’s high-speed, long-distance communications links.
IP address: A 64-bit number that identifies a computer on the Internet.
CHAPTER 4 • Networks and Cloud Computing 173
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
divided into four bytes and translated to decimal; for example, 69.32.133.79. The Internet is migrating to Internet Protocol version 6 (IPv6), which uses 128-bit addresses to provide for many more devices; however, this change is expected to take years.
Because people prefer to work with words rather than numbers, a system called the Domain Name System (DNS) was created. Domain names such as www. cengage.com are mapped to IP addresses such as 69.32.133.79 using the DNS. To make room for more Web addresses, efforts are underway to increase the number of available domain names.
A Uniform Resource Locator (URL) is a Web address that specifies the exact location of a Web page using letters and words that map to an IP address and a location on the host. The URL gives those who provide infor- mation over the Internet a standard way to designate where Internet resources such as servers and documents are located. Consider the URL for Cengage Learning, http://www.cengage.com/us/.
The “http” specifies the access method and tells your software to access a file using the Hypertext Transport Protocol. This is the primary method for interacting with the Internet. In many cases, you don’t need to include http:// in a URL because it is the default protocol. The “www” part of the address sig- nifies that the address is associated with the World Wide Web service. The URL www.cengage.com is the domain name that identifies the Internet host site. The part of the address following the domain name—/us—specifies an exact location on the host site.
Domain names must adhere to strict rules. They always have at least two parts, with each part separated by a dot (period). For some Internet addresses, the far right part of the domain name is the country code, such as au for Australia, ca for Canada, dk for Denmark, fr for France, de (Deutschland) for Germany, and jp for Japan. Many Internet addresses have a code denoting affiliation categories, such as com for business sites and edu for education sites. Table 4.5 contains a few popular domain affiliation categories. The far left part of the domain name identifies the host network or host provider, which might be the name of a university or business. Other countries use different top-level domain affiliations from the U.S. ones described in the table.
The Internet Corporation for Assigned Names and Numbers (ICANN) is responsible for managing IP addresses and Internet domain names. One of ICANN’s primary concerns is to make sure that each domain name represents only one individual or entity—the one that legally registers it. For example, if your teacher wanted to use www.cengage.com for a course Web site, he or she would discover that domain name has already been registered by Cen- gage Learning and is not available. ICANN uses companies called accredited domain name registrars to handle the business of registering domain names.
TABLE 4.5 Number of domains in U.S. top-level domain affiliations—Winter 2015 Affiliation ID Affiliation Number of Hosts
Biz Business sites 2,428,269
Com All types of entities including nonprofits, schools, and private individuals
123,743,892
Edu Post-secondary educational sites 7,446
Gov Government sites 5,503
Net Networking sites 15,805,152
Org Nonprofit organization sites 10,984,293
Source: Domain Count Statistics for TLDs, http//research.domaintools.com/statistics/tld-counts/.
Uniform Resource Locator (URL): A Web address that specifies the exact location of a Web page using letters and words that map to an IP address and a location on the host.
174 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
For example, you can visit www.namecheap.com, an accredited registrar, to find out if a particular name has already been registered. If not, you can regis- ter the name for around $9 per year. Once you do so, ICANN will not allow anyone else to use that domain name as long as you pay the yearly fee.
Accessing the Internet You can connect to the Internet in numerous ways. See Figure 4.11. Which access method you choose is determined by the size and capability of your organization or system, your budget, and the services available to you.
Connecting via a LAN Server This approach is used by businesses and organizations that manage a local area network (LAN). By connecting a server on the LAN to the Internet using a router, all users on the LAN are provided access to the Internet. Business LAN servers are typically connected to the Internet at very fast data rates, sometimes in the hundreds of Mbps.
Connecting via Internet Service Providers Companies and residences unable to connect directly to the Internet through a LAN server must access the Internet through an Internet service provider. An Internet service provider (ISP) is any organization that provides Internet access to people. Thousands of organizations serve as ISPs, ranging from uni- versities that make the Internet available to students and faculty to small Inter- net businesses to major communications giants such as AT&T and Comcast. To connect to the Internet through an ISP, you must have an account with the service provider (for which you usually pay) along with software (such as a browser) and devices (such as a computer or smartphone) that support a connection via TCP/IP.
Modem
Modem
Cell Tower
4. Cell Phone
I n t e r n
e t
1. Connect via a LAN server
Router/Gateway
Router/Gateway
Router/Gateway
Router/Gateway
2. Connect via dial-up
3. Connect via high-speed service
Host computer for an online service
LANLAN
FIGURE 4.11 Several ways to access the Internet Users can access the Internet in several ways, including using a LAN server, telephone lines, a high- speed service, or a wireless network.
Internet service provider (ISP): Any organization that provides Internet access to people.
CHAPTER 4 • Networks and Cloud Computing 175
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Perhaps the least expensive but also slowest connection provided by ISPs is a dial-up connection. A dial-up Internet connection uses a modem and stan- dard phone line to “dial up” and connect to the ISP server. Dial-up is consid- ered the slowest of connections. A dial-up connection also ties up the phone line so that it is unavailable for voice calls. While dial-up was originally the only way to connect to the Internet from home, it is rapidly becoming replaced by high-speed services.
Several high-speed Internet services are available for home and business. They include cable modem connections from cable television companies, DSL connections from phone companies, and satellite connections from satellite television companies.
Wireless Connection In addition to connecting to the Internet through wired systems such as phone lines and fiber optic cables, wireless Internet service over cellular and Wi-Fi networks has become common. Thousands of public Wi-Fi services are available in coffee shops, airports, hotels, and elsewhere, where Internet access is provided free, for an hourly rate, or for a monthly subscription fee. Wi-Fi has even made its way into aircraft, allowing business travelers to be productive during air travel by accessing email and corporate networks.
Cell phone carriers also provide Internet access for smartphones, note- books, and tablets. The 4G mobile phone services rival wired high-speed connections enjoyed at home and work. Sprint, Verizon, AT&T, and other popular carriers are working to bring 4G service to subscribers, beginning in large metropolitan areas as shown in Figure 4.12.
VERIZON 4G LTE COVERAGE
FIGURE 4.12 Verizon 4G LTE Coverage While Verizon’s 4G LTE coverage is extensive, there are still vast expanses where there is no coverage. Source: Verizon 4G LTE Coverage, http://www.bing.com/images/search?q=verizon+4g+coverage+2016&view=detailv2&&id=C8AA6A1F887
C24A96743E0CC64307E5D5E5BF96A&selectedIndex=7&ccid=SAETURq2&simid=608035862426485414&thid=OIP.
M480113511ab6e162480a92e07aeff074o0&ajaxhist=0.
176 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
How the Web Works The World Wide Web was developed by Tim Berners-Lee at CERN, the Euro- pean Organization for Nuclear Research in Geneva. He originally conceived of it as an internal document-management system. From this modest begin- ning, the Web has grown to become a primary source of news and informa- tion, an indispensable conduit for commerce, and a popular hub for social interaction, entertainment, and communication.
While the terms Internet and Web are often used interchangeably, techni- cally, the two are different technologies. The Internet is the infrastructure on which the Web exists. The Internet is made up of computers, network hard- ware such as routers and fiber-optic cables, software, and the TCP/IP proto- cols. The World Wide Web (Web), on the other hand, consists of server and client software, the hypertext transfer protocol (http), standards, and markup languages that combine to deliver information and services over the Internet.
The Web was designed to make information easy to find and organize. It connects billions of documents, called Web pages, stored on millions of ser- vers around the world. Web pages are connected to each other using hyper- links, specially denoted text or graphics on a Web page, that, when clicked, open a new Web page containing related content. Using hyperlinks, users can jump between Web pages stored on various Web servers—creating the illu- sion of interacting with one big computer. Because of the vast amount of information available on the Web and the wide variety of media, the Web has become the most popular means of accessing information in the world today.
In short, the Web is a hyperlink-based system that uses the client/server model. It organizes Internet resources throughout the world into a series of linked files, called pages, which are accessed and viewed using Web client soft- ware called a Web browser. Google Chrome, Mozilla Firefox, Microsoft Edge, Internet Explorer, Apple Safari, and Opera are popular Web browsers. See Figure 4.13. A collection of pages on one particular topic, accessed under one Web domain, is called a Web site. The Web was originally designed to support formatted text and pictures on a page. It has evolved to support many more types of information and communication including user interactivity, animation, and video. Web plug-ins help provide additional features to standard Web sites. Adobe Flash and Real Player are examples of Web plug-ins.
Hypertext Markup Language (HTML) is the standard page description language for Web pages. HTML is defined by the World Wide Web Consortium
FIGURE 4.13 Google Chrome Web browsers such as Google Chrome let you access Internet resources such as email and other online applications.
hyperlink: Highlighted text or gra- phics in a Web document that, when clicked, opens a new Web page con- taining related content.
Web browser: Web client software— such as Chrome, Edge, Firefox, Inter- net Explorer, and Safari—used to view Web pages.
Hypertext Markup Language (HTML): The standard page descrip- tion language for Web pages.
Co ur te sy
of G oo gl e
CHAPTER 4 • Networks and Cloud Computing 177
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
(referred to as “W3C”) and has developed through numerous revisions. It is currently in its fifth revision—HTML5. HTML tells the browser how to display font characteristics, paragraph formatting, page layout, image placement, hyper- links, and the content of a Web page. HTML uses tags, which are codes that tell the browser how to format the text or graphics as a heading, list, or body text, for example. Web site creators “mark up” a page by placing HTML tags before and after one or more words. For example, to have the browser display a sentence as a heading, you place the <h1> tag at the start of the sentence and an </h1> tag at the end of the sentence. When that page is viewed in a browser, the sentence is displayed as a heading. HTML also provides tags to import objects stored in files—such as photos, graphics, audio, and movies—into a Web page. In short, a Web page is made up of three components: text, tags, and references to files. The text is your Web page content, the tags are codes that mark the way words will be displayed, and the references to files insert photos and media into the Web page at specific locations. All HTML tags are enclosed in a set of angle brackets (< and >), such as <h2>. The closing tag has a forward slash in it, such as </b> for closing bold. Consider the following text and tags.
Extensible Markup Language (XML) is a markup language for Web documents containing structured information, including words and pictures. XML does not have a predefined tag set. With HTML, for example, the <hl> tag always means a first-level heading. The content and formatting are con- tained in the same HTML document. XML Web documents contain the content of a Web page. The formatting of the content is contained in a style sheet. A few typical instructions in XML follow:
<book> <chapter>Hardware</chapter> <topic>Input Devices</topic> <topic>Processing and Storage Devices</topic> <topic>Output Devices</topic> </book>
A Cascading Style Sheet (CSS) is a file or portion of an HTML file that defines the visual appearance of content in a Web page. Using CSS is conve- nient because you only need to define the technical details of the page’s appearance once, rather than in each HTML tag. CSS uses special HTML tags to globally define characteristics for a variety of page elements as well as how those elements are laid out on the Web page. Rather than having to specify a font for each occurrence of an element throughout a document, formatting can be specified once and applied to all occurrences. CSS styles are often defined in a separate file and then can be applied to many pages on a Web site.
For example, the visual appearance of the preceding XML content could be contained in the following style sheet:
chapter (font-size 18pt; color blue; font-weight bold; display block; font-family Arial; margin-top 10pt; margin-left 5pt) topic (font-size 12pt; color red; font-style italic; display block; font-family Arial; margin-left 12pt)
This style sheet specifies that the chapter title “Hardware” is displayed on the Web page in a large Arial font (18 points). “Hardware” will also appear in bold blue text. The “Input Devices” title will appear in a smaller Arial font (12 points) and italic red text.
XML is extremely useful for organizing Web content and making data easy to find. Many Web sites use CSS to define the design and layout of Web pages, XML to define the content, and HTML to join the design (CSS) with the content (XML). See Figure 4.14. This modular approach to Web design allows Web site developers to change the visual design without affecting the content and to change the content without affecting the visual design.
tag: A code that tells the Web browser how to format text—as a heading, as a list, or as body text—and whether images, sound, and other elements should be inserted.
Extensible Markup Language (XML): The markup language designed to transport and store data on the Web.
Cascading Style Sheet (CSS): A markup language for defining the visual design of a Web page or group of pages.
178 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Web Programming Languages Many of the services offered on the Web are delivered through the use of pro- grams and scripts. A Web program may be something as simple as a menu that expands when you click it or as complicated as a full-blown spreadsheet application. Web applications may run on a Web server, delivering the results of the processing to the user, or they may run directly on a client, such as a user’s PC. These two categories are commonly referred to as server-side and client-side software.
JavaScript is a popular programming language for client-side applications. Using JavaScript, you can create interactive Web pages that respond to user actions. JavaScript can be used to validate data entry in a Web form, to dis- play photos in a slideshow style, to embed simple computer games in a Web page, and to provide a currency conversion calculator. Java is a programming language from Sun Microsystems based on the Cþþ programming language, which allows small programs, called applets, to be embedded within an HTML document. When the user clicks the appropriate part of an HTML page to retrieve an applet from a Web server, the applet is downloaded onto the client workstation where it begins executing. Unlike other programs, Java software can run on any type of computer. It can be used to develop client- side or server-side applications. Programmers use Java to make Web pages come alive, adding splashy graphics, animation, and real-time updates. ASP.NET, C, Cþþ, Perl, PHP, and Python are among other widely used client-side programming languages.
FIGURE 4.14 XML, CSS, and HTML Today’s Web sites are created using XML to define content, CSS to define the visual style, and HTML to put it all together.
CSS File
-Fonts
-Colors
-Layout
XML File
-Content
HTML File
CSS+ XML
CHAPTER 4 • Networks and Cloud Computing 179
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Web Services Web services consist of standards and tools that streamline and simplify com- munication among Web sites and make it simpler to develop and use the Web for business and personal purposes. The key to Web services is XML. Just as HTML was developed as a standard for formatting Web content into Web pages, XML is used within a Web page to describe and transfer data between Web service applications.
Internet companies, including Amazon, eBay, and Google, are now using Web services.
Amazon Web Services (AWS) is the basic infrastructure that Amazon employs to make the contents of its huge online catalog available to other Web sites or software applications. Airbnb is an online marketplace that enables property owners and travelers to interact for the purpose of renting distinctive vacation spaces in more than 34,000 cities in 190 countries. Shortly after Airbnb began operations, it migrated its cloud computing functions to AWS, which distributes incoming traffic to ensure high availability and fast response time. AWS also allows Airbnb to store backups and static files, including 10 TB of user pictures, and to monitor all of its server resources.18
Developing Web Content and Applications If you need to create a Web site, you have lots of options. You can hire some- one to design and build it, or you can do it yourself. If you do it yourself, you can use an online service to create the Web pages, use a Web page creation software tool, or use a plain text editor to create the site. The software includes features that allow the developer to work directly with the HTML code or to use auto-generated code. Web development software also helps the designer keep track of all files in a Web site and the hyperlinks that con- nect them.
Popular tools for creating Web pages and managing Web sites include Adobe Dreamweaver, RapidWeaver (for Mac developers), and Nvu (pro- nounced n-view). See Figure 4.15.
FIGURE 4.15 Creating Web pages Nvu makes Web design nearly as easy as using a word processor. Source: Nvu Tutorial: by Tim VanSlyke at http://faculty.chemeketa.edu/tvanslyk/com puterskills/tutorials/nvu_tutorial.pdf.
180 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Many products make it easy to develop Web content and interconnect Web services. Microsoft, for example, provides a development and Web services platform called .NET, which allows developers to use various pro- gramming languages to create and run programs, including those for the Web. The .NET platform also includes a rich library of programming code to help build XML Web applications. Other popular Web development platforms include JavaServer Pages, Microsoft ASP.NET, and Adobe ColdFusion.
After you create Web pages, your next step is to place or publish the con- tent on a Web server. Popular publishing options include using ISPs, free sites, and Web hosting services. Web hosting services provide space on their Web servers for people and businesses that don’t have the financial resources, time, or skills to host their own Web sites. A Web host can charge $15 or more per month, depending on services. Some Web hosting sites include domain name registration, Web authoring software, activity reporting, and Web site monitoring. Some ISPs also provide limited storage space, typically 1 to 6 megabytes, as part of their monthly fee. If more disk space is needed, additional fees are charged. Free sites offer limited space for a Web site. In return, free sites often require the user to view advertising or agree to other terms and conditions.
Some Web developers are creating programs and procedures to combine two or more Web applications into a new service, called a mashup—named after the process of mixing two or more hip-hop songs into one song. Map applications such as Google Maps provide tool kits that allow them to be combined with other Web applications. For example, Google Maps can be used with Twitter to display the location where various tweets were posted. Likewise, Google Maps combined with Flickr can overlay photos of specific geographic locations.
Internet and Web Applications The variety of Internet and Web applications available to individuals and organizations around the world is vast and ever expanding. Using the Inter- net, entrepreneurs can start online companies and thrive. For example, Aaron Goldstein and Colin Hill met at the University of Pennsylvania’s Whar- ton School. At the time, Hill was battling Hodgkin’s lymphoma and undergo- ing chemotherapy. It was necessary for him to monitor his temperature constantly to avoid infections while his immune system was weakened. Although his temperature would be normal when he fell asleep, Hill often woke up during the night with a high fever and had to be rushed to inten- sive care. He became exasperated with his inability to track his temperature continuously and frustrated that his doctor couldn’t monitor him remotely. So Goldstein and Hill set out to find a solution. After two years and an investment of a few hundred thousand dollars, they developed Fever Smart, a small electronic monitor worn under the armpit that sends temperature readings to a relay device, which forwards the data to Fever Smart’s servers and, finally, to a smartphone or other device. Using a smartphone or any Internet-connected device, a Fever Smart user, be it a parent or healthcare provider, can constantly monitor the patient’s temperature in real time and even receive alerts when the patient’s temperature begins to rise or reaches unsafe levels.19
Web 2.0 and the Social Web Over the years, the Web has evolved from a one-directional resource where users only obtain information to a two-directional resource where users obtain and contribute information. Consider Web sites such as YouTube, Wikipedia, and Facebook as just a few examples. The Web has also grown
CHAPTER 4 • Networks and Cloud Computing 181
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
in power to support full-blown software applications such as Google Docs and is becoming a computing platform itself. These two major trends in how the Web is used and perceived have created dramatic changes in how people, businesses, and organizations use the Web, creating a paradigm shift to Web 2.0.
The original Web—Web 1.0—provided a platform for technology-savvy developers and the businesses and organizations that hired them to publish information for the general public to view. Web sites such as YouTube and Flickr allow users to share video and photos with other people, groups, and the world. Microblogging sites such as Twitter allow people to post thoughts and ideas throughout the day for friends to read. See Figure 4.16.
Social networking Web sites provide Web-based tools for users to share information about themselves and to find, meet, and converse with other members. Instagram is a popular social networking service through which users can share photos and videos—either publicly or with a set group of friends. Another social network, LinkedIn, is designed for professional use to assist its members with creating and maintaining valuable professional con- nections. Ning provides tools for Web users to create their own social net- works dedicated to a topic or interest.
Social networks have become very popular for finding old friends, staying in touch with current friends and family, and making new friends. Besides their personal value, these networks provide a wealth of consumer information and opportunities for businesses as well. Some businesses are including social networking features in their workplaces.
The use of social media in business is called Enterprise 2.0. Enterprise 2.0 applications, such as Salesforce’s Chatter, Jive Software’s Engage Dialog, and Yammer, enable employees to create business wikis, support social network- ing, perform blogging, and create social bookmarks to quickly find informa- tion. Tyco, a fire protection and security company, recently went through a major restructuring, changing from a conglomerate of holding companies to a united global enterprise with more than 69,000 employees in 50 countries. Throughout its transition, Tyco relied on Yammer rather than email to educate its workforce on the differences between the old Tyco and the new Tyco and to increase employee engagement across the company.20
Not everyone is happy with social networking sites, however. Employers might use social networking sites to get personal information about you.
FIGURE 4.16 Flickr Flickr allows users to share photos with other people around the world. Source: www.flickr.com
Web 2.0: The Web as a computing platform that supports software appli- cations and the sharing of information among users.
182 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Some people worry that their privacy will be invaded or their personal infor- mation used without their knowledge or consent.
News The Web is a powerful tool for keeping informed about local, state, national, and global news. It has an abundance of special-interest coverage and pro- vides the capacity to deliver deeper analysis of the subject matter. Text and photos are supported by the HTML standard. Video (sometimes called a Web- cast) and audio are provided in a browser through plug-in technology and in podcasts.
As traditional news sources migrate to the Web, new sources are emerg- ing from online companies. News Web sites from Google, Yahoo!, Digg, and Newsvine provide popular or interesting stories from a variety of news sources. In a trend some refer to as social journalism or citizen journalism, ordinary citizens are more involved in reporting the news than ever before. Although social journalism provides important news not available elsewhere, its sources may not be as reliable as mainstream media sources. It is also sometimes difficult to discern news from opinion.
Education and Training Today, institutions and organizations at all levels provide online education and training, which can be accessed via PCs, tablets, and smartphones. Kahn Academy, for example, provides free online training and learning in econom- ics, math, banking and money, biology, chemistry, history, and many other subjects.21 NPower helps nonprofit organizations, schools, and individuals develop information system skills. The nonprofit organization provides train- ing to hundreds of disadvantaged young adults through a 22-week training program that can result in certification from companies such as Microsoft and Cisco.22
High school and college students are using mobile devices to read elec- tronic textbooks instead of carrying heavy printed textbooks to class. And educational support products, such as Blackboard, provide an integrated Web environment that includes virtual chat for class members; a discussion group for posting questions and comments; access to the class syllabus and agenda, student grades, and class announcements; and links to class-related material. Conducting classes over the Web with no physical class meetings is called dis- tance learning.
Job Information The Web is also an excellent source of job-related information. People looking for their first jobs or seeking information about new job opportunities can find a wealth of information online. Search engines, such as Google or Bing (discussed next), can be a good starting point for searching for specific com- panies or industries. You can use a directory on Yahoo’s home page, for example, to explore industries and careers. Most medium and large compa- nies have Web sites that list open positions, salaries, benefits, and people to contact for further information. The IBM Web site, www.ibm.com, has a link to “Careers.” When you click this link, you can find information on jobs with IBM around the world. In addition, several sites specialize in helping you find job information and even apply for jobs online, including www.linkedin .com (see Figure 4.17), www.monster.com, and www.careerbuilder.com.
Search Engines and Web Research A search engine is a valuable tool that enables you to find information on the Web by specifying words or phrases known as keywords, which are related to a topic of interest. You can also use operators such as AND, OR, and NOT for more precise search results.
search engine: A valuable tool that enables you to find information on the Web by specifying words that are key to a topic of interest, known as keywords.
CHAPTER 4 • Networks and Cloud Computing 183
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
The search engine market is dominated by Google. Other popular search engines include Yahoo! Search, Bing, Ask, Dogpile, and China’s Baidu. Google has taken advantage of its market dominance to expand into other Web-based services, most notably email, scheduling, maps, social networking, Web-based applications, and mobile device software. Search engines like Google often have to modify how they display search results, depending on pending litigation from other Internet companies and government scrutiny, such as antitrust investigations.
The Bing search engine has attempted to innovate with its design. Bing refers to itself as a decision engine because it attempts to minimize the amount of information that it returns in its searches that is not useful or perti- nent. Bing also includes media—music, videos, and games—in its search results. See Figure 4.18.
Savvy Web site operators know that the search engine results are tools that can draw visitors to certain Web sites. Many businesses invest in search engine optimization (SEO)—a process for driving traffic to a Web site by using techniques that improve the site’s ranking in search results. Normally, when a user gets a list of results from a Web search, the links listed highest on the first page of search results have a far greater chance of being clicked. SEO professionals, therefore, try to get the Web sites of their businesses to be listed with as many appropriate keywords as possible. They study the algorithms that search engines use, and then they alter the contents of their
FIGURE 4.17 LinkedIn jobs listing LinkedIn and many other Web sites specialize in helping people get information about jobs and apply for jobs online. Source: LinkedIn
FIGURE 4.18 Microsoft Bing decision engine Microsoft calls its search engine a decision engine to distinguish it from other search software.
search engine optimization (SEO): A process for driving traffic to a Web site by using techniques that improve the site’s ranking in search results.
M ic ro so ft pr od uc t sc re en sh ot s us ed
w ith
pe rm is si on
fr om
M ic ro so ft Co rp or at io n
184 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Web pages to improve the page’s chance of being ranked number one. SEO professionals use Web analytics software to study detailed statistics about visi- tors to their sites.
Search engines offer just one option for performing research on the Web. Libraries typically provide access to online catalogs as well as links to public and sometimes private research databases on the Web. Online research data- bases allow visitors to search for information in thousands of journal, magazine, and newspaper articles. Information database services are valuable because they offer the best in quality and convenience. They conveniently provide full- text articles from reputable sources over the Web. College and public libraries typically subscribe to many databases to support research. One of the most popular private databases is LexisNexis Academic Universe. See Figure 4.19.
Instant Messaging Instant messaging is online, real-time communication between two or more people who are connected via the Internet. With instant messaging, partici- pants build contact lists of people they want to chat with. Some applications allow you to see which of your contacts are currently logged on to the Inter- net and available to chat. If you send messages to one of your contacts, that message appears within the messaging app on a smartphone or other mobile device, or, for those working on PCs, the message opens in a small dialog box on the recipient’s computer. Although chat typically involves exchanging text messages with one other person, many messaging apps allow for group chats. And today’s instant messaging software supports not only text messages but also the sharing of images, videos, files, and voice communications. Popu- lar instant messaging services include Facebook Messenger, KIK, Instagram, Skype, Snapchat, WhatsApp, and WeChat. It is estimated that mobile opera- tors lost $23 billion in 2012 alone as teens shifted away from texting over cel- lular networks in favor of communicating with their friends over the Internet using instant messaging apps.23
Instant messaging: The online, real-time communication between two or more people who are connected via the Internet.
FIGURE 4.19 LexisNexis At LexisNexis Academic Universe, you can search the news, legal cases, company information, peo- ple, or a combination of categories. Source: www.lexisnexis.com
CHAPTER 4 • Networks and Cloud Computing 185
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Microblogging, Status Updates, and News Feeds Referred to as a microblogging service, Twitter is a Web application that allows users to send short text updates (up to 140 characters) from a smart- phone or a Web browser to their Twitter followers. While Twitter has been hugely successful for personal use, many businesses are finding value in the service as well. Business people use Twitter to stay in touch with associates by sharing their location and activities throughout the day. Businesses also find Twitter to be a rich source of consumer sentiment that can be tapped to improve marketing, customer relations, and product development. Many busi- nesses have a presence on Twitter, dedicating personnel to communicate with customers by posting announcements and reaching out to individual users. Village Books, an independent bookstore in Bellingham, Washington, uses Twitter to build relationships with its customers and to make them feel part of their community.
The popularity of Twitter has caused social networks, such as Face- book, LinkedIn, and Tumblr, to include Twitter-like news or blog post feeds. Previously referred to as Status Updates, Facebook users share their thoughts and activities with their friends by posting messages to Face- book’s News Feed.
Conferencing Some Internet technologies support real-time online conferencing. Partici- pants dial into a common phone number to share a multiparty phone conver- sation and, in many cases, live video of the participants. The Internet has made it possible for those involved in teleconferences to share computer desktops. Using services such as WebEx or GoToMeeting, conference partici- pants log on to common software that allows them to broadcast their com- puter display to the group. This ability is quite useful for presenting with PowerPoint, demonstrating software, training, or collaborating on documents. Participants verbally communicate by phone or PC microphone. Some confer- encing software uses Webcams to broadcast video of the presenter and group participants. The Addison Fire Protection District provides professional fire protection and paramedic services to the 35,000 residents of Addison, Illinois. The district uses GoToMeeting to enable its employees to attend training and to support chief-to-chief meetings without requiring personnel to leave their assigned stations.24
Telepresence takes videoconferencing to the ultimate level. Telepresence systems, such as those from Cisco and Polycom, use high-resolution video and audio with high-definition displays to make it appear that conference par- ticipants are actually sitting around a table. Participants enter a telepresence studio where they sit at a table facing display screens that show other partici- pants in other locations. Cameras and microphones collect high-quality video and audio at all locations and transmit them over high-speed network connec- tions to provide an environment that replicates actual physical presence. Doc- ument cameras and computer software are used to share views of computer screens and documents with all participants.
You don’t need to be a big business to enjoy the benefits of video conver- sations. Free software is available to make video chat easy to use for anyone with a computer, a Webcam, and a high-speed Internet connection. Online applications such as Google Voice support video connections between Web users. For spontaneous, random video chat with strangers, you can go to the Chatroulette Web site. Software, such as FaceTime and Skype, provide computer-to-computer video chat so users can speak to each other face- to-face. In addition to offering text, audio, and video chat on computers and mobile devices, Facetime and Skype offer video phone service over Internet- connected TVs. Recent Internet-connected sets from Panasonic and Samsung
186 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
ship with the Skype software preloaded. You attach a Webcam to your TV to have a video chat from your sofa.
Blogging and Podcasting A Web log, typically called a blog, is a Web site that people and businesses use to share their observations, experiences, and opinions on a wide range of topics. The community of blogs and bloggers is often called the blogo- sphere. A blogger is a person who creates a blog, whereas blogging refers to the process of placing entries on a blog site. A blog is like a journal. When people post information to a blog, it is placed at the top of the blog page. Blogs can include links to external information and an area for com- ments submitted by visitors. Many organizations launch blogs as a way to communicate with customers and generate new business. Video content can also be placed on the Internet using the same approach as a blog. This is often called a video log or vlog.
A podcast is an audio broadcast you can listen to over the Internet. The name podcast originated from Apple’s iPod combined with the word broad- cast. A podcast is like an audio blog. Using PCs, recording software, and microphones, you can record podcast programs and place them on the Inter- net. Apple’s iTunes provides free access to tens of thousands of podcasts, which are sorted by topic and searchable by key word. See Figure 4.20. After you find a podcast, you can download it to your PC (Windows or Mac), to an MP3 player such as an iPod, or to any smartphone or tablet. You can also sub- scribe to podcasts using RSS software included in iTunes and other digital audio software.
Online Media and Entertainment Like news and information, all forms of media and entertainment have fol- lowed their audiences online. Music, movies, television program episodes,
FIGURE 4.20 Podcasts iTunes and other sites provide free access to tens of thousands of podcasts. Source: www.learnoutloud.com
Web log (blog): A Web site that people and businesses use to share their observations, experiences, and opinions on a wide range of topics.
podcast: An audio broadcast you can listen to over the Internet.
CHAPTER 4 • Networks and Cloud Computing 187
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
user-generated videos, e-books, and audio books are all available online to download and purchase or stream.
Content streaming is a method of transferring large media files over the Internet so that the data stream of voice and pictures plays more or less con- tinuously as the file is being downloaded. For example, rather than wait for an entire 5 MB video clip to download before they can play it, users can begin viewing a streamed video as it is being received. Content streaming works best when the transmission of a file can keep up with the playback of the file.
Music The Internet and the Web have made music more accessible than ever, with artists distributing their songs through online radio, subscription services, and download services. Spotify, Pandora, Napster, and Google Play Music are just a few examples of Internet music sites. Rhapsody Interna- tional has more than 3 million subscribers globally for its premium music services, including Napster, Rhapsody, and its Internet radio service, Rhap- sody unRadio.25 See Figure 4.21. Internet music has even helped sales of classical music by Mozart, Beethoven, and others. Internet companies, including Facebook, are starting to make music, movies, and other digital content available on their Web sites. Facebook, for example, allows online music companies, such as Spotify and Rdio, to post music-related news on its Web site.
Apple’s iTunes was one of the first online music services to find success. Microsoft, Amazon, Walmart, and other retailers also sell music online. Down- loaded music may include digital rights management (DRM) technology that prevents or limits the user’s ability to make copies or to play the music on multiple players.
Podcasts are yet another way to access music on the Web. Many indepen- dent artists provide samples of their music through podcasts. Podcast Alley includes podcasts from unsigned artists.
Movies, Video, and Television Television and movies are expanding to the Web in leaps and bounds. Online services such as Amazon Instant Video, Hulu, and Netflix provide television programming from hundreds of provi- ders, including most mainstream television networks. Walmart’s acquisition of Vudu has allowed the big discount retailer to successfully get into the Internet movie business. Increasingly, TV networks offer apps for streaming TV con- tent to tablets and other mobile devices. Some TV networks charge viewers to watch episodes of their favorite shows online. The Roku LT Streaming Media Box connects wirelessly to your TV and streams TV shows and movies from
FIGURE 4.21 Rhapsody Rhapsody provides streaming music by subscription. Source: rhapsody.com
content streaming: A method for transferring large media files over the Internet so that the data stream of voice and pictures plays more or less contin- uously as the file is being downloaded.
188 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
online sources such as Amazon Instant, Crackle, Disney, Hulu, Netflix, Pan- dora, and Xfinity TV.
Popcorn Time is a free program that uses peer-to-peer networking to download movies and TV programs. However, the software explicitly states that its users may be violating copyright law in their country. And indeed, Voltage Pictures has filed mass lawsuits against people who downloaded The Hurt Locker and Dallas Buyers Club. While these lawsuits aren’t always suc- cessful, they do create a risk for users who don’t anonymize their activity through a VPN service.26
No discussion of Internet video would be complete without mentioning YouTube. YouTube supports the online sharing of user-created videos. YouTube videos tend to be relatively short and cover a wide range of cate- gories from the nonsensical to college lectures. See Figure 4.22. It is esti- mated that 100 hours of video are uploaded to YouTube every minute and that over 6 billion hours of video are watched each month on YouTube. YouTube reaches more U.S. adults in the 18 to 34 age category than any cable network.27 Other video-streaming sites include AOL Video, Metacafe, and Vimeo. As more companies create and post videos to Web sites like YouTube, some IS departments are creating a new position—video content manager.
Online Games and Entertainment Video games have become a huge industry with worldwide annual revenue projected to exceed $100 billion by 2017.28
Zynga, a fast-growing Internet company, sells virtual animals and other virtual items for games, such as FarmVille. The company, for example, sells a clown pony with colorful clothes for about $5. Zynga has a VIP club for people that spend a lot on virtual items it offers for sale. Some Internet companies also sell food for virtual animals. People can feed and breed virtual animals and sell their offspring. The market for online gaming is very competitive and con- stantly changing. After Google included online games on its Web site, Face- book updated its online gaming offerings. Many video games are available online. They include single-user, multiuser, and massively multiuser games. The Web offers a multitude of games for all ages, including role-playing games, strategy games, and simulation games.
FIGURE 4.22 YouTube EDU YouTube EDU provides thousands of educational videos from hundreds of universities. Source: youtube.com/edu
CHAPTER 4 • Networks and Cloud Computing 189
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Game consoles such as the PlayStation, Wii, and Xbox provide multi- player options for online gaming over the Internet. Subscribers can play with or against other subscribers in 3D virtual environments. They can even talk to each other using a microphone headset.
Shopping Online Shopping on the Web can be convenient, easy, and cost effective. You can buy almost anything online, from books and clothing to cars and sports equipment. Groupon, for example, offers discounts at restaurants, spas, auto repair shops, music performances, and almost any other product or service offered in your area or city. Revenues for Groupon exceeded $3.1 billion in 2015.29
Other online companies offer different services. Dell and many other computer retailers provide tools that allow shoppers to specify every aspect and component of a computer system to purchase. ResumePlanet.com would be happy to create your professional résumé. AmazonFresh, Instacart, and Peapod are all willing to deliver groceries to your doorstep. Products and ser- vices abound online.
Many online shopping options are available to Web users. Online versions of retail stores often provide access to products that may be unavailable in local stores. JCPenney, Target, Walmart, and many others carry only a per- centage of their inventory in their retail stores; the other inventory is available online. To add to their other conveniences, many Web sites offer free shipping and pickup for returned items that don’t fit or otherwise meet a cus- tomer’s needs.
Web sites such as www.mySimon.com, www.DealTime.com, www.Price SCAN.com, www.PriceGrabber.com, and www.NexTag.com provide product price quotations from numerous online retailers to help you to find the best deal. Apps such as BuyVia, Purchx, RedLaser, and Shop Savvy enable users to compare prices at national and local outlets and lets you set up alerts (including location-based) for products. At a store and unsure if the price on the shelf is the lowest you can find? Use the UPC barcode scanner to get an answer on the spot.
Online clearinghouses, Web auctions, and marketplaces offer a platform for businesses and individuals to sell their products and belongings. Online clearinghouses, such as www.uBid.com, provide a method for manufacturers to liquidate stock and for consumers to find a good deal. Outdated or over- stocked items are put on the virtual auction block and users bid on the items. The highest bidder when the auction closes gets the merchandise—often for less than 50 percent of the advertised retail price.
The most popular online auction or marketplace is eBay, shown in Figure 4.23. The site provides a public platform for global trading where any- one can buy, sell, or trade practically anything. It offers a wide variety of
FIGURE 4.23 eBay eBay provides an online market- place where anyone can buy, sell, or trade practically anything. Source: www.ebay.com
190 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
features and services that enable members to buy and sell on the site quickly and conveniently. Buyers have the option to purchase items at a fixed price or in an auction-style format, where the highest bid wins the product.
Auction houses such as eBay accept limited liability for problems that buyers or sellers may experience in their transactions. Transactions that make use of the PayPal service are protected on eBay. Others, however, may be more risky. Participants should be aware that auction fraud is the most preva- lent type of fraud on the Internet.
Craigslist is a network of online communities that provides free online classified advertisements. It is a popular online marketplace for purchasing items from local individuals. Many shoppers turn to Craigslist rather than going to the classifieds in the local paper.
Businesses benefit from shopping online as well. Global supply manage- ment online services provide methods for businesses to find the best deals on the global market for raw materials and supplies needed to manufacture their products. Electronic exchanges provide an industry-specific Web resource cre- ated to deliver a convenient centralized platform for B2B e-commerce among manufacturers, suppliers, and customers.
Travel, Geolocation, and Navigation The Web has had a profound effect on the travel industry and the way people plan and prepare for trips. From getting assistance with short trips across town to planning long holidays abroad, travelers are turning to the Web to save time and money and to overcome much of the risk involved in visiting unknown places.
Travel Web sites such as Travelocity, Expedia, Kayak, and Priceline help travelers find the best deals on flights, hotels, car rentals, vacation packages, and cruises. Priceline offers a slightly different approach from the other Web sites. It allows shoppers to name a price they’re willing to pay for an airline ticket or a hotel room and then works to find an airline or hotel that can meet that price.
Mapping and geolocation tools are among the most popular and success- ful Web applications. MapQuest, Google Maps, and Bing Maps are examples. See Figure 4.24. By offering free street maps for locations around the world,
FIGURE 4.24 Google Maps Mapping software, such as Google Maps, provides streetside views of Times Square. Source: Google
CHAPTER 4 • Networks and Cloud Computing 191
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
these tools help travelers find their way. Provide your departure location and destination, and these online applications produce a map that displays the fastest route. Using GPS technologies, these tools can detect your current loca- tion and provide directions from where you are.
Google Maps also provides extensive location-specific business informa- tion, satellite imagery, up-to-the-minute traffic reports, and Street View. The latter is the result of Google employees driving the streets of the world’s cities in vehicles with high-tech camera gear, taking 360-degree images. These images are integrated into Google Maps to allow users to get a “street view” of an area that can be manipulated as if the viewer were actually walking down the street looking around. Bing Maps and Google Maps both offer high-resolution aerial photos and street-level 3D photographs.
Geographic information systems (GISs) provide geographic information layered over a map. For example, Google Earth provides options for viewing traffic, weather, local photos and videos, underwater features such as ship- wrecks and marine life, local attractions, businesses, and places of interest. Software such as Connect, Find My Friends, Phone Tracker, and Tracker allow you to find your friends on a map—with their permission—and will automatically notify you if a friend is near.
Geo-tagging is technology that allows for tagging information with an associated location. For example, Flickr and other photo software and services allow photos to be tagged with the location they were taken. Once tagged, it becomes easy to search for photos taken, for example, in Tampa, Florida. Geo-tagging also makes it easy to overlay photos on a map, as Google Maps and Bing Maps have done. Facebook, Instagram, Snapchat, Twitter, and many other social networks have also made it possible for users to geo-tag photos, comments, tweets, and posts.
Geolocation information does pose a risk to privacy and security. Many people prefer that their location remain unknown, at least to strangers and often to acquaintances and even friends. Recently, criminals have made use of location information to determine when people are away from their resi- dences so that they can burglarize without fear of interruption.
Intranets and Extranets An intranet is an internal corporate network built using Internet and World Wide Web standards and products. Employees of an organization can use an intranet to gain access to corporate information. After getting their feet wet with public Web sites that promote company products and services, corpora- tions are seizing the Web as a swift way to streamline—even transform— their organizations. These private networks use the infrastructure and stan- dards of the Internet and the World Wide Web. Using an intranet offers one considerable advantage: many people are already familiar with Internet tech- nology, so they need little training to make effective use of their corporate intranet.
An intranet is an inexpensive yet powerful alternative to other forms of internal communication, including conventional computer setups. One of an intranet’s most obvious virtues is its ability to reduce the need for paper. Because Web browsers run on all types of computers, the same electronic information can be viewed by any employee. That means that all sorts of documents (such as internal phone books, procedure manuals, training man- uals, and requisition forms) can be inexpensively converted to electronic form, posted online, and easily updated. An intranet provides employees with an easy and intuitive approach to accessing information that was previ- ously difficult to obtain. For example, it is an ideal solution to providing information to a mobile salesforce that needs access to rapidly changing information.
192 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
A growing number of companies offer limited network access to selected customers and suppliers. Such networks are referred to as extranets, which connect people who are external to the company. An extranet is a network built using Web technologies that links selected resources of the intranet of a company with its customers, suppliers, or other business partners.
Corporate executives at a well-known global fast food chain wanted to improve their understanding of what was happening at each restaurant location and needed to communicate with franchisees to better serve their customers. The firm implemented an extranet, enabling individual franchi- sees to fine-tune their location-specific advertising and get it approved quickly by corporate-level staff. In addition, with the extranet, corporate employees now have a much better understanding of customers, both by location and in aggregate, based on information they are receiving from franchisees.30
Security and performance concerns are different for an extranet than for a Web site or network-based intranet. User authentication and privacy are criti- cal on an extranet so that information is protected. Obviously, the network must also be reliable and provide quick response to customers and suppliers. Table 4.6 summarizes the differences between users of the Internet, intranets, and extranets.
Secure intranet and extranet access applications usually require the use of a virtual private network (VPN), a secure connection between two points on the Internet. VPNs transfer information by encapsulating traffic in IP packets and sending the packets over the Internet, a practice called tunneling. Most VPNs are built and run by ISPs. Companies that use a VPN from an ISP have essentially outsourced their networks to save money on wide area network equipment and personnel. To limit access to the VPN to just individuals authorized to use it, authorized users may be issued a logon ID and a security token assigned to that logon ID. The security token displays a 10- to 12-digit password that changes every 30 seconds or so. A user must enter their logon ID and the security password valid for that logon ID at that moment in time.
Extranet to Support Craft Brewers There are currently more than 3,000 breweries in the United States, double the number a decade ago. Much of this growth has come from the popularity of craft brewers who, by definition, produce no more than 6 million barrels annually— many produce much less. Within the craft brewing industry, there is a strong trend toward packaging beer in four packs of 16-ounce cans rather than the six packs of 12-ounce cans, bottles, or jugs associated with the major U.S. brewers. One practi- cal reason for cans is that glass bottles typically cost more, which can make a big impact on the bottom line of many small brewers. In addition, craft brewers use 16-ounce cans as a means to set themselves apart from traditional beverage compa- nies, and many have built their identities around the distinct look of their 16-ounce can. However, most craft brewers are too small to afford their own canning lines.
Ball, Crown, and Rexam are major can manufacturers who work with many craft brewers to fill their cans. But these companies recently raised their minimum can order to the industry-standard truckload, which can range from roughly
TABLE 4.6 Summary of Internet, intranet, and extranet users Type User Need User ID and Password?
Internet Anyone No
Intranet Employees Yes
Extranet Business partners Yes
virtual private network (VPN): A secure connection between two points on the Internet; VPNs transfer informa- tion by encapsulating traffic in IP pack- ets and sending the packets over the Internet.
CHAPTER 4 • Networks and Cloud Computing 193
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
155,000 to 200,000, depending on the size of the can. Typically the smaller brewer- ies and their distributors need only a few thousand cans at a time. The new mini- mum can orders translate into a lot of cash up front as well as an increased amount of storage space for breweries. Many small breweries are struggling as a result.
A new type of company, mobile canners, has emerged to address this prob- lem. These firms haul their equipment to breweries, spend less than a day filling and labeling a few thousand cans, and then move on to the next customer. Over the past three years, about two dozen mobile canner companies have started offering mobile canning across the United States.
You are the owner of one of these mobile canners serving craft breweries across the Midwest, a very competitive market. One of your employees has approached you with an idea to set up an extranet that will allow your craft brew- ery customers to communicate their production schedules to you electronically. Their individual production schedules would be fed into a master schedule that would enable you to see and plan three to six months into the future. This way you could commit the people, equipment, and other resources to ensure that your cus- tomers’ needs will be met. Running out of cans is catastrophic for the brewers. If you let down a customer who is depending on you, you’ve lost a customer for life.
Review Questions 1. What advantages does use of an extranet provide versus more conventional
methods of communication—over the phone, via fax, etc.? 2. What measures can you take to control access to the master production sched-
ule so that only authorized customers may enter their data?
Critical Thinking Questions 1. What potential start-up issues may be involved in preparing your craft brew-
ery customers to use this new system? How will you overcome these issues? 2. Can you identify any other purposes for the extranet in addition to one-way
communication of production schedules? Briefly elaborate.
The Internet of Things
The Internet of Things (IoT) is a network of physical objects or “things” embedded with sensors, processors, software, and network connectivity capability to enable them to exchange data with the manufacturer of the device, device operators, and other connected devices. See Figure 4.25.
Sensors are being installed in a variety of machines and products, ranging from home appliances and parking garages to clothing and grocery products. A sensor is a device that is capable of sensing something about its surround- ings such as pressure, temperature, humidity, pH level, motion, vibration, or level of light. The sensor detects an event or changes in quantity and pro- duces a corresponding output, usually an electrical or optical signal. To be truly part of the IoT, these networked devices need IP addresses and a con- nection to the public Internet. The data is then transmitted over the Internet to an operational historical database containing data from many sensors. The database may be on a data storage device in a local control room, in an enter- prise data center in another state, or hundreds of miles away in the cloud. The operational data can be accessed via the Internet and analyzed by users with personal computers or portable devices including smartphones. Updates, alerts, or even automatic adjustments may be sent to the devices on the IoT based on this analysis. According to Don DeLoach, CEO and president of Infobright Inc., “manufacturing has been automated at various levels for many years, but IoT brings automation to a deep, broad level—one where
194 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
interconnectivity between various elements in manufacturing exists in a way it did not before.”31
Enlightened organizations apply analytics to these streams of data—even before the data is stored for post event analysis. This enables workers to detect patterns and potential problems as they are occurring and to make appropriate adjustments in the operation of the devices being measured. For example, sensors embedded in General Electric (GE) aircraft engines collect some 5,000 individual data points per second. This data is analyzed while the aircraft is in flight to adjust the way the aircraft performs, thereby reducing fuel consumption. The data is also used to plan predictive maintenance on the engines based on engine component wear and tear. In 2013, this technol- ogy helped GE earn $1 billion in incremental income by delivering perfor- mance improvements, less downtime, and more flying miles.32
Here are additional examples of organizations using sensors and the IoT to monitor and control key operational activities:
● Asset monitoring. Food and drug manufacturers can monitor shipping containers for changes in temperatures that could affect product quality and safety using cheap battery-powered sensors and 4G LTE connectivity.
● Construction. SK Solutions is using IoT technology to prevent cranes from colliding on a crowded construction site with 37 cranes and 5,000 workers near the world’s tallest building in the United Arab Emi- rates (UAE) city of Dubai. The Internet-connected system collects data from sensors mounted to the cranes and other equipment to detect if con- struction cranes are swinging too close to each other, and, if so, halts them from moving further.33
● Agriculture. Farmers are using IoT technology to collect data about water moisture and nitrogen levels to improve yields while conserving water, a precious commodity in many places.
● Manufacturing. IoT enabled sensors on plant-floor equipment, such as a conveyor line, can alert plant floor personnel to problems in real time.
FIGURE 4.25 The Internet of Things The IoT is a network of physical objects or “things” embedded with sensors, processors, software, and network connectivity capability to enable them to exchange data with the manufac- turer of the device, device operators, and other connected devices.
5. Data is analyzed to gain insights Into operation of devices on IoT
1. Sensors gather data 2. Data passes over network
3. Data from across the IoT Is gathered and stored- often in the cloud
R u sl
a n K
u d
ri n /S
h u tt
e rs
to c k.
c o m
M a xx
-S tu
d io
/S h u tt
e rs
to c k.
c o m
R a w
p ix
e l.c
o m
/S h u tt
e rs
to c k.
c o m
0 6 p
h o to
/S h u tt
e rs
to c k.
c o m
ro b
u a rt
/S h u tt
e rs
to c k.
c o m
4. Data is combined with other data from other systems
6. Alerts sent to people, Enterprise systems, or IoT Devices based on these insights
CHAPTER 4 • Networks and Cloud Computing 195
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
The data can also be analyzed to uncover patterns to allow technicians to predict potential failures or redeploy resources in a more optimal fashion.
● Monitoring parking spaces. San Francisco uses connected sensors and meters to determine the demand for parking on certain streets, periodi- cally adjusting hourly rates so drivers are more likely to find a space when they arrive. Rates go up on more-crowded blocks and down on less-crowded ones. The city has deployed a low-power wide area net- work similar to a cellular network but designed for low-power IoT equipment—such as parking meters—to provide a low energy way for devices that are slower and cheaper than the typical LTE cellular network.
● Predictive Maintenance. Sensors are used extensively in the utilities industry to capture operational data to achieve 24/7 uptime. Sensor data is carefully analyzed to predict when critical pieces of equipment or power lines are about to fail so that quick, anticipatory corrective action can take place before any failure.
● Retailing. Retailers use in-store sensors to detect in-store behavior and optimize the shopping experience in order to increase revenue and mar- ket share. Streaming data from sensors is analyzed, along with other information (like inventory, social media chatter, and online-shop user profiles), to send customized and personal offers while the shopper is in the process of making a purchase decision.
● Traffic monitoring. The Aegan motorway is the oldest and most impor- tant motorway of Greece, connecting the country’s largest cities, Athens and Thessaloniki. More than 5,000 devices are deployed along a 200-km (124-mile) stretch of the highway to keep drivers safe and the roadway running efficiently. All these devices must work in a smooth and coordi- nated fashion to monitor traffic, detect traffic incidents using traffic cam- eras, warn travelers of road conditions via electronic billboards, and operate toll booths. The devices are connected to a central control system using Cisco’s Internet of Everything system to connect data, people, pro- cesses, and things.34
IoT applications can be classified into one of four types as shown in Table 4.7.
Unfortunately, there can be many issues with simply receiving and recog- nizing usable sensor data. Sometimes a faulty sensor or bad network connec- tion results in missing data or sensor data lacking time stamps indicating when the reading occurred. As a result, sensor data can be incomplete or con- tain inconsistent values indicating a potential sensor failure or a drop in a net- work. Developers of IoT systems must be prepared for and be able to detect faulty sensor data.
TABLE 4.7 Types of IoT applications Type of IoT Application Degree of Sensing Degree of Action
Connect and monitor Individual devices each gathering a small amount of data
Enables manual monitoring using simple threshold-based exception alerting
Control and react Individual devices each gathering a small amount of data
Automatic monitoring combined with remote control with trend analysis and reporting
Predict and adapt External data is used to augment sensor data Data used to preform predictive analysis and initiate preemptive action
Transform and explore
Sensor and external data used to provide new insights
New business models, products, and services are created
196 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
Security is a very major issue with IoT applications. In today’s manufactur- ing environment, the factory network is a closed environment designed to com- municate with plant sensors and devices but not typically with the outside world. So a key decision organizations must make when considering imple- mentation of an IoT is as follows: Are the benefits of doing so sufficient to overcome the risk of making detailed company information accessible through the Internet and exposing internal systems to hacking, viruses, and destructive malware? Hackers who gain access to an organization’s IoT can steal data, transfer money out of accounts, and shut down Web sites, and they can also wreck physical havoc by tampering with critical infrastructure like air traffic control systems, healthcare devices, power grids, and supervisory control and data acquisition (SCADA) systems. One of the first things developers of IoT application should focus on is building in security from the start. This needs to include ways of updating the system in a secure manner.
Manufacturer Weighs Converting to Internet of Things You are a member of the plant information systems group for a small manufac- turer of all-natural ingredient cosmetics. Your firm promotes itself as adhering to the highest standards of compliance and quality. Manufacturing is rigorously mon- itored via sensors and computer controls throughout the entire process, and auto- mated temperature controls ensure complete stability in the manufacturing environment. Sensor tracking is performed from the moment that raw materials enter your facility, throughout the manufacturing process, packaging, and on to distribution. The sensors and computer controls were installed when the plant was built in the 1990s and use proprietary communications protocols and are not Internet enabled. Data from these sensors is monitored by a group of three tech- nicians in the computer control room. Twelve workers are required to staff the control room 24/7, including weekends and most holidays.
Your company has just purchased a plant previously owned by one of your competitors in a nearby state. Your group has been asked to look at the feasibility of upgrading the sensors used in both plants to Internet-enabled sensors con- nected to the Internet of Things. This would make it possible for technicians in one control room to monitor the operation of both plants. Plant staffing could be reduced by 12 workers saving $1.2 million in labor expenses per year. It is esti- mated that the cost of replacing the existing sensors and converting to the Inter- net of Things is in the vicinity of $1.5 million.
Review Questions 1. Why is it necessary to replace the existing sensors to implement an IoT
network? 2. What additional benefits may arise from converting the plants to the Internet
of Things?
Critical Thinking Questions 1. What new risks are raised by placing the new system of sensors on the Inter-
net of Things? 2. What actions could be taken to reduce these risks?
Cloud Computing
Cloud computing refers to a computing environment in which software and storage are provided as an Internet service and accessed by users with their Web browser. See Figure 4.26. Google and Yahoo!, for example, store the email of many users, along with calendars, contacts, and to-do lists. Apple
cloud computing: A computing environment where software and stor- age are provided as an Internet service and are accessed with a Web browser.
CHAPTER 4 • Networks and Cloud Computing 197
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
developed its iCloud service to allow people to store their documents, music, photos, apps, and other content on its servers.35 In addition to its social net- working features, Facebook offers users the ability to store personal photos in the cloud—as does Flickr and a dozen other photo sites. Pandora delivers music, and Hulu and YouTube deliver movies via the cloud. Apache OpenOf- fice, Google Apps, Microsoft Office 365, Zoho, and others provide Web- delivered productivity and information management software. Communica- tions, contacts, photos, documents, music, and media are available to you from any Internet-connected device with cloud computing.
Cloud computing offers many advantages to businesses. With cloud com- puting, organizations can avoid large, up-front investments in hardware as well as the ongoing investment in the resources that would be required to manage that hardware. Instead, they can request just the right type and size of information system resources from their cloud computing provider, pay for it on an ongoing basis, and let the service provider handle the system support and maintenance. In most cases, the cloud computing service provider pro- vides access to state-of-the-art technology at a fraction of the cost of owning it and without the lengthy delays that can occur when an organizations tries to acquire its own resources. This can increase the speed and reduce the costs of new product and service launches. For example, Spotify offers its users instant access to over 16 million licensed songs. The company faces an ongoing struggle to keep pace with the rapid release of new music, adding over 20,000 tracks to its catalog each day. Emil Fredriksson, operations direc- tor for Spotify, explains why the company employs cloud computing, “Spotify needed a storage solution that could scale very quickly without incurring long lead times for upgrades. This led us to cloud storage.” While establishing new storage previously required several months of preparation, it can now be obtained instantly through cloud computing.36
Cloud computing can be deployed in several different ways. The methods discussed thus far in this chapter are considered public cloud services. Public cloud computing refers to deployments in which service providers offer their cloud-based services to the general public, whether that is an individual using Google Calendar or a corporation using the Salesforce.com application. In a private cloud deployment, cloud technology is used within the confines of a private network.
Since 1992, The College Network and its partner universities have pro- vided accessible educational programs for individuals seeking degrees or pro- fessional certificates, entirely through distance learning. The College Network
FIGURE 4.26 Cloud computing Cloud computing uses applications and resources delivered via the Web. He
ld er
A lm ei da /S hu tt er st oc k. co m
198 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
chose EarthLink to provide a customized private cloud with dedicated servers. Conversion to the private network reduced the capital required for computer hardware and software, increased systems availability and avoided outages, and reallocated its valuable IT resources while EarthLink resources trouble- shoot any systems issues.37
Many organizations are turning to cloud computing as an approach to outsource some or all of their IT operations. This section defines cloud com- puting and its variations and points out some of its advantages as well as some potential issues, including problems associated with cost, scalability, security, and regulatory compliance.
Public Cloud Computing In a public cloud computing environment, a service provider organization owns and manages the infrastructure (including computing, networking, and storage devices) with cloud user organizations (called tenants) accessing slices of shared hardware resources via the Internet. The service provider can deliver increasing amounts of computing, network, and storage capacity on demand and without requiring any capital investment on the part of the cloud users. Thus, public cloud computing is a great solution for organiza- tions whose computing needs vary greatly depending on changes in demand. Amazon, Cisco Systems, IBM, Microsoft, Rackspace, Verizon Com- munications Inc., and VMWare are among the largest cloud computing ser- vice providers. These firms typically offer a monthly or annual subscription service model; they may also provide training, support, and data integration services.38
Public cloud computing can be a faster, cheaper, and more agile approach to building and managing your own IT infrastructure. However, since cloud users are using someone else’s data center, potential issues with service levels, loss of control, disaster recovery, and data security should not be overlooked. Data security in particular is a key concern because when using a public cloud computing service, you are relying on someone else to safeguard your data. In addition, your organization’s data may reside on the same storage device as another organization’s (perhaps even a competitor’s) data. All of the potential issues of concern must be investigated fully before entering into a public cloud computing arrangement. Organizations subject to tight regulation and complex regulatory requirements (e.g., financial, healthcare, and public utility organizations) must ensure that their own processes and applications as well as those of the cloud provider are compliant.
A major start-up issue is the effort of getting your organization’s data moved to the cloud in the first place. That introduces an issue of vendor lock- in—meaning once an organization’s servers and data are hosted with one cloud provider, it is not likely to be willing to go through the time-consuming migration process a second time to move to a different provider in the future. So choose your cloud provider wisely, as it is a business relationship that you and your business will likely need to live with for the foreseeable future.
Cloud computing can be divided into three main types of services (see Figure 4.27)
● Infrastructure as a service (IaaS) is an information systems strategy in which an organization outsources the equipment used to support its data processing operations, including servers, storage devices, and networking components. The service provider owns the equipment and is responsible for housing, running, and maintaining it. The outsourcing organization may pay on a per-use or monthly basis.
● Software as a service (SaaS) is a software delivery approach that pro- vides users with access to software remotely as a Web-based service. SaaS pricing is based on a monthly fee per user and typically results in lower
infrastructure as a service (IaaS): An information systems strat- egy in which an organization out- sources the equipment used to support its data processing operations, includ- ing servers, storage devices, and net- working components.
CHAPTER 4 • Networks and Cloud Computing 199
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
costs than a licensed application. Another advantage of SaaS is that because the software is hosted remotely, users do not need to purchase and install additional hardware to provide increased capacity. Further- more, the service provider handles necessary software maintenance and upgrades.
● Platform as a service (PaaS) provides users with a computing platform, typically including operating system, programming language execution environment, database services, and a Web server. The user can create an application or service using tools and/or libraries from the provider. The user also controls software deployment and configuration settings. The PaaS provider provides the networks, servers, storage, and other services required to host the consumer’s application. PaaS enables application developers to develop, test, and run their software solutions on a cloud platform without the cost and complexity of buying and managing the underlying hardware and software.
Organizations contemplating moving to the cloud are advised to proceed carefully, as almost one in three organizations encounter major challenges during the transition. Frequent problems include complex pricing arrange- ments and hidden costs that reduce expected cost savings, performance issues that cause wide variations in performance over time, poor user support, and greater than expected downtime.39
Condé Nast, publisher of Vogue, The New Yorker, and Wired magazines, among many others, decommissioned its 67,000-square-foot data center and migrated its data and processing capacity to Amazon Web Services (AWS). Over a period of just three months in 2014, the firm migrated 500 servers; 1 petabyte of storage; 100 database servers; 100 switches, routers, and fire- walls; and all of its mission-critical applications to AWS. According to Condé Nast, operating costs have been cut by 40 percent and performance has improved by 30 percent to 40 percent since the transition, which created a dynamic environment that can adjust as the company needs it to. The old data center facilities were eventually put on the market and sold.40
FIGURE 4.27 The cloud computing environment Cloud computing can be divided into three main types of services: infra- structure as a service (IaaS), soft- ware as a service (SaaS), and platform as a service (PaaS).
Cloud users– smartphones,
tablets, laptops, desktops
IaaS–Virtual machines, servers, storage devices, network devices
SaaS–Customer relationship Management, email, collaboration
PaaS–Operting system, programming language, database,
Web server
H el de r A lm ei da /S hu tt er st oc k. co m
platform as a service (PaaS): An approach that provides users with a computing platform, typically including operating system, programming lan- guage execution environment, data- base services, and Web server.
200 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
Private Cloud Computing A private cloud environment is a single tenant cloud. Organizations that implement a private cloud often do so because they are concerned that their data will not be secure in a public cloud. Private clouds can be divided into two distinct types. Some organizations build their own on-premise private cloud, and others elect to have a service provider build and manage their pri- vate cloud (sometimes called a virtual private cloud). A general rule of thumb is that companies that spend $1 million or more per month on outsourced com- puting are better off implementing an on-premise private cloud.41 Many compli- cations must be overcome—and deep technical skills and sophisticated software are needed—to build and manage a successful private cloud. An orga- nization might establish several private clouds with one for finance, another one for product development, and a third for sales, for example. Each private cloud has a defined set of available resources and users, with predefined quotas that limit how much capacity users of that cloud can consume.
Revlon is a global cosmetics, hair color, fragrance, and skin-care company with recent annual sales exceeding $1.9 billion.42 The firm implemented an on-premises private cloud that includes 531 applications and makes up 97 percent of the company’s computing power. The private cloud has helped reduce application deployment time by 70 percent and, as a result of virtuali- zation and consolidation, reduced data center power consumption by 72 per- cent. In addition, the company achieved a net dollar savings of $70 million over a two-year period.43
Hybrid Cloud Computing Many IT industry observers believe that the desire for both agility and security will eventually lead organizations to adopt a hybrid cloud approach.44 A hybrid cloud is composed of both private and public clouds integrated through net- working. Organizations typically use the public cloud to run applications with less sensitive security requirements and highly fluctuating capacity needs, but run more critical applications, such as those with significant compliance require- ments, on the private portion of their hybrid cloud. So a hospital may run its Web conferencing and email applications on a public cloud while running its applica- tions that access patient records on a private cloud to meet Health Insurance Portability and Accountability Act (HIPAA) and other compliance requirements.
Autonomic Computing An enabling technology for cloud computing is autonomic computing or the ability of IT systems to manage themselves and adapt to changes in the com- puting environment, business policies, and operating objectives. The goal of autonomic computing is to create complex systems that run themselves, while keeping the system’s complexity invisible to the end user. Autonomic comput- ing addresses four key functions: self-configuring, self-healing, self-optimizing, and self-protecting.45 As cloud computing environments become increasingly complex, the number of skilled people required to manage these environments also increases. Software and hardware that implement autonomic computing are needed to reduce the overall cost of operating and managing complex cloud computing environments. While this is an emerging area, software products such as Tivoli from IBM are partially filling the need.
Should Heel Swaps Move to the Cloud? Heel Swaps is a Chicago-based start-up that sells a stretchable high heel shoe cover that contains a slip resistant out-sole, comes in a variety of sizes, colors and patterns, and slips on in seconds. The product enables you to transform your heels to match different outfits and is sold online at www.heelswaps.com.
private cloud environment: A single tenant cloud.
hybrid cloud: A cloud computing environment is composed of both pri- vate and public clouds integrated through networking.
autonomic computing: The ability of IT systems to manage themselves and adapt to changes in the computing environment, business policies, and operating objectives.
CHAPTER 4 • Networks and Cloud Computing 201
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
The firm is just three weeks away from debuting its advertising on the popu- lar Steve Harvey show with some 3 million viewers per episode. Sales and prod- uct demand are expected to skyrocket. Unfortunately, management at Heel Swaps has just realized that the firm’s Web site does not have the processing capacity to serve the expected increase in shoppers. An IT consulting firm was hired to con- firm the need for additional capacity and to make recommendations on how to proceed. Their recommendation is that the current Web site platform be moved to Amazon Web Services (AWS) with elastic load. This service is capable of auto- matically scaling its request handling capacity to meet the demands of application traffic.
Review Questions 1. What advantages will moving the Web site to the cloud provide for Heel
Swaps? 2. What form of cloud computing is best for Heel Swaps—public, private, or
hybrid? Why?
Critical Thinking Questions 1. What common start-up problems should the IT consulting firm advise Heel
Swaps to avoid? 2. What future changes and developments should be planned for the Heel Swaps
Web site as the volume of business grows?
Summary
Principle: A network has many fundamental components, which—when carefully selected and effectively integrated—enable people to meet personal and organizational objectives.
A computer network consists of communications media, devices, and soft- ware connecting two or more computer systems or devices. Communications media are any material substance that carries an electronic signal to support communications between a sending and a receiving device. The computers and devices on the networks are also sometimes called network nodes.
The effective use of networks can help a company grow into an agile, pow- erful, and creative organization, giving it a long-term competitive advantage. Networks let users share hardware, programs, and databases across the organi- zation. They can transmit and receive information to improve organizational effectiveness and efficiency. They enable geographically separated workgroups to share documents and opinions, which fosters teamwork, innovative ideas, and new business strategies.
Network topology indicates how the communications links and hardware devices of the network are arranged. The three most common network topolo- gies are the star, bus, and mesh.
A network can be classified as personal area, local area, metropolitan, or wide area network depending on the physical distance between nodes on the network and the communications and services it provides.
The electronic flow of data across international and global boundaries is often called transborder data flow.
A client/server system is a network that connects a user’s computer (a cli- ent) to one or more server computers (servers). A client is often a PC that requests services from the server, shares processing tasks with the server, and displays the results.
202 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Channel bandwidth refers to the rate at which data can be exchanged mea- sured in bits per second.
Communications media can be divided into two broad categories: guided transmission media, in which a communications signal travels along a solid medium, and wireless media, in which the communications signal is sent over airwaves. Guided transmission media include twisted-pair wire cable, coaxial cable, and fiber-optic cable.
Wireless communication is the transfer of information between two or more points that are not connected by an electrical conductor. Wireless com- munications involves the broadcast of communications in one of three fre- quency ranges: microwave, radio, and infrared. Wireless communications options include near field communications, Bluetooth, Wi-Fi, and a variety of 3G and 4G communications options.
Networks require various communications hardware devices to operate, including modems, fax modems, multiplexers, private branch exchanges, front-end processors, switches, bridges, routers, and gateways.
Network management includes a wide range of technologies and processes that monitor the network and help identify and address problems before they can create a serious impact.
A network operating system (NOS) controls the computer systems and devices on a network, allowing them to communicate with one another. Network-management software enables a manager to monitor the use of indi- vidual computers and shared hardware, scan for viruses, and ensure compli- ance with software licenses.
Mobile device management (MDM) software manages and troubleshoots mobile devices remotely, pushing out applications, data, patches, and settings.
Software-defined networking (SDN) is an emerging approach to network- ing that allows network administrators to manage a network via a controller that does not require physical access to all the network devices.
Principle: Together, the Internet and the World Wide Web provide a highly effective infrastructure for delivering and accessing information and services.
The Internet is truly international in scope, with users on every continent. It is the world’s largest computer network. Actually, it is a collection of intercon- nected networks, all freely exchanging information.
The Internet transmits data from one computer (called a host) to another. The set of conventions used to pass packets from one host to another is known as the Internet Protocol (IP). Many other protocols are used with IP. The best known is the Transmission Control Protocol (TCP). TCP is so widely used that many people refer to the Internet protocol as TCP/IP, the combination of TCP and IP used by most Internet applications.
Each computer on the Internet has an assigned IP address for easy identifi- cation. A Uniform Resource Locator (URL) is a Web address that specifies the exact location of a Web page using letters and words that map to an IP address and a location on the host.
People can connect to the Internet backbone in several ways: via a LAN whose server is an Internet host, or via a dial-up connection, high-speed ser- vice, or wireless service. An Internet service provider is any company that pro- vides access to the Internet. To connect to the Internet through an ISP, you must have an account with the service provider and software that allows a direct link via TCP/IP.
The Internet and social media Web sites have emerged as important new channels for learning about world events, protesting the actions of organiza- tions and governments, and urging others to support one’s favorite causes or candidates. On the other hand, Internet censorship, the control or suppression
CHAPTER 4 • Networks and Cloud Computing 203
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
of the publishing or accessing of information on the Internet, is a growing problem.
The Web was designed to make information easy to find and organize. It connects billions of documents, which are now called Web pages, stored on millions of servers around the world. Web pages are connected to each other using hyperlinks, specially denoted text or graphics on a Web page, that, when clicked, open a new Web page containing related content. The pages are accessed and viewed using Web client software called a Web browser.
Many Web sites use CSS to define the design and layout of Web pages, XML to define the content, and HTML to join the content (XML) with the design (CSS).
Internet companies, including Amazon, eBay, and Google, use Web ser- vices to streamline and simplify communication among Web sites.
XML is also used within a Web page to describe and transfer data between Web service applications.
Today’s Web development applications allow developers to create Web sites using software that resembles a word processor. The software includes features that allow the developer to work directly with the HTML code or to use auto-generated code.
The use of social media in business is called Enterprise 2.0. Enterprise 2.0 applications, such as Salesforce’s Chatter, Jive Software’s Engage Dialog, and Yammer, enable employees to create business wikis, support social net- working, perform blogging, and create social bookmarks to quickly find information.
Social journalism provides important news not available elsewhere; how- ever, its sources may not be as reliable as mainstream media sources.
Today, schools at all levels provide online education and training. The Web is also an excellent source of job-related information.
A search engine is a valuable tool that enables you to find information on the Web by specifying words or phrases known as keywords, which are related to a topic of interest. Search engine optimization (SEO) is a process for driving traffic to a Web site by using techniques that improve the site’s ranking in search results.
Instant messaging is online, real-time communication between two or more people who are connected via the Internet.
Twitter is a Web application that allows users to send short text updates (up to 140 characters) from a smartphone or a Web browser to their Twitter followers.
Internet technologies support real-time online conferencing where partici- pants dial into a common phone number to share a multiparty phone conver- sation and, in many cases, live video of the participants.
A Web log, typically called a blog, is a Web site that people that people and businesses use to share their observations, experiences, and opinions on a wide range of topics.
A podcast is an audio broadcast you can listen to over the Internet. Content streaming is a method of transferring large media files over the
Internet so that the data stream of voice and pictures plays more or less contin- uously as the file is being downloaded.
The Internet and the Web have made music more accessible than ever, with artists distributing their songs through online radio, subscription services, and download services.
Television and movies are expanding to the Web in leaps and bounds. Online services such as Amazon Instant Video, Hulu, and Netflix provide tele- vision programming from hundreds of providers, including most mainstream television networks.
Video games have become a huge industry with worldwide annual revenue projected to exceed $100 billion by 2017.
You can buy almost anything via the Web, from books and clothing to cars and sports equipment.
204 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Travel Web sites help travelers find the best deals on flights, hotels, car rentals, vacation packages, and cruises. They have profoundly changed the travel industry and the way people plan trips and vacations.
An intranet is an internal corporate network built using Internet and World Wide Web standards and products. Employees of an organization can use an intranet to access corporate information.
A growing number of companies offer limited network access to selected customers and suppliers. Such networks are referred to as extranets, which connect people who are external to the company.
Principle: Organizations are using the Internet of Things (IoT) to capture and ana- lyze streams of sensor data to detect patterns and anomalies—not after the fact, but while they are occurring—in order to have a considerable impact on the event outcome.
The Internet of Things (IoT) is a network of physical objects or “things” embedded with sensors, processors, software, and network connectivity capa- bility to enable them to exchange data with the manufacturer of the device, device operators, and other connected devices.
There can be many issues with simply receiving and recognizing usable sensor data resulting in missing data or sensor data lacking time stamps indi- cating when the reading occurred.
One of the first things developers of IoT applications should focus on is building in security from the start.
Principle: Cloud computing provides access to state-of-the-art technology at a frac- tion of the cost of ownership and without the lengthy delays that can occur when an organization tries to acquire its own resources.
Cloud computing refers to a computing environment in which software and storage are provided as an Internet service and can be accessed by users with their Web browser. Computing activities are increasingly being delivered over the Internet rather than from installed software on PCs.
Cloud computing offers many advantages to businesses. By outsourcing business information systems to the cloud, a business saves on system design, installation, and maintenance. Employees can also access corporate systems from any Internet-connected computer using a standard Web browser.
Cloud computing can be deployed in several different ways, including pub- lic cloud computing, private cloud computing, and hybrid cloud computing.
Public cloud computing refers to deployments in which service providers offer their cloud-based services to the general public, whether that is an individ- ual using Google Calendar or a corporation using the Salesforce.com application. In a private cloud deployment, cloud technology is used within the confines of a private network. Organizations that implement a private cloud often do so because they are concerned that their data will not be secure in a public cloud.
A hybrid cloud is composed of both private and public clouds integrated through networking. Organizations typically use the public cloud to run appli- cations with less sensitive security requirements and highly fluctuating capacity needs, but run more critical applications, such as those with significant compli- ance requirements, on the private portion of their hybrid cloud.
Autonomic computing is an enabling technology for cloud computing that enables systems to manage themselves and adapt to changes in the computing environment, business policies, and operating objectives.
Cloud computing can be divided into three main types of services: infra- structure as a service (IaaS), software as a service (SaaS), and platform as a service (PaaS).
CHAPTER 4 • Networks and Cloud Computing 205
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Organizations contemplating moving to the cloud are advised to proceed carefully, as almost one in three organizations encounter major challenges in their move. Frequent problems include complex pricing arrangements and hid- den costs that reduce expected cost savings, performance issues that cause wide variations in performance over time, poor user support, and greater than expected downtime.
Key Terms
autonomic computing
Bluetooth
broadband communications
bus network
Cascading Style Sheet (CSS)
channel bandwidth
client/server architecture
cloud computing
communications medium
computer network
content streaming
Extensible Markup Language (XML)
hybrid cloud
hyperlink
Hypertext Markup Language (HTML)
infrastructure as a service (IaaS)
instant messaging
Internet backbone
Internet Protocol (IP)
Internet service provider (ISP)
IP address
local area network (LAN)
Long Term Evolution (LTE)
mesh network
metropolitan area network (MAN)
mobile device management (MDM) software
near field communication (NFC)
network operating system (NOS)
network topology
network-management software
personal area network (PAN)
platform as a service (PaaS)
podcast
private cloud environment
search engine
search engine optimization (SEO)
software-defined networking (SDN)
star network
tag
Uniform Resource Locator (URL)
virtual private network (VPN)
Web 2.0
Web browser
Web log (blog)
wide area network (WAN)
Wi-Fi
wireless communication
Chapter 4: Self-Assessment Test
A network has many fundamental components— which, when carefully selected and effectively integrated—enable people to meet personal and organizational objectives.
1. Communications media can be divided into two broad categories . a. infrared and microwave b. fiber optic and cable c. packet switching and circuit switching d. guided and wireless
2. refers to the rate at which data can be exchanged and is measured in bits per second. a. Communications frequency b. Channel bandwidth c. Communications wavelength d. Broadband
3. indicates how the communications links and hardware devices of the network are arranged. a. Communications protocol b. Transmission media
206 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
c. Network topology d. None of the above
4. Twisted-pair wire, cable, coaxial cable, and fiber optic cable are all examples of guided communi- cations media. True/False
5. Systems software that controls the computer systems and devices on a network and allows them to communicate with one another is called . a. network operating system b. mobile device management software c. network-management software d. software-defined networking
Together, the Internet and the World Wide Web provide a highly effective infrastructure for deliver- ing and accessing information and services.
6. The Internet transmits data in packets from one computer to another using a set of communica- tions conventions called the .
7. Every computer on the Internet has an assigned IP address for easy identification. True/False
8. A is a Web address that specifies the exact location of a Web page using letters and words that map to an IP address and the location on the host. a. Universal Resource Locator b. Uniform Reference Locator c. Universal Web address d. Uniform Resource Locator
9. Many Web sites use CSS to define the design and layout of Web pages, and XML to define the content, and HTML to join the content with the design. True/False
10. The use of social media in business is called . a. social journalism b. blogging c. business wikis d. Enterprise 2.0
11. A(n) is an internal corporate network built using Internet and World Wide Web standards and products.
Organizations are using the Internet of Things (IoT) to capture and analyze streams of sensor data to detect patterns and anomalies—not after the fact, but while they are occurring—in order to have a considerable impact on the event outcome.
12. There can be many issues with simply receiving and recognizing usable sensor data resulting in sensor data lacking time stamps indicating when the reading occurred or in data.
13. One of the first things developers of IoT applica- tions should focus on is building in from the start. a. redundancy and backup b. cost controls c. security d. disaster recovery
Cloud computing provides access to state- of-the-art technology at a fraction of the cost of ownership and without the lengthy delays that can occur when an organization tries to acquire its own resources.
14. Cloud computing is a computing environment in which software and storage are provided as an Internet service and accessed by users with their . a. Web browser b. mobile computing device such as a
smartphone or tablet c. search engine d. Virtual Private Network (VPN)
15. is an enabling technology for cloud computing that enables systems to manage themselves and adapt to changes in the comput- ing environment, business policies, and operating objectives.
Chapter 4: Self-Assessment Test Answers
1. d 2. b 3. c 4. True 5. a 6. Internet protocol or TCP/IP 7. True 8. d
9. True 10. d 11. intranet 12. missing 13. c 14. a 15. Autonomic computing
CHAPTER 4 • Networks and Cloud Computing 207
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Review Questions
1. Define the term “computer network.” 2. Define the term “network topology,” and iden-
tify three common network topologies in use today.
3. What is meant by client/server architecture? Describe how this architecture works.
4. Define the term “channel bandwidth.” Why is this an important characteristic of a communication channel?
5. Identify the names of the three primary frequency ranges used for wireless communications.
6. What is Bluetooth wireless communication? Give an example of the use of this technology.
7. What advantage does a communications satellite have over a terrestrial microwave system?
8. What role does a network operating system play? 9. What is software-defined networking (SDN), and
what advantages does it offer?
10. What is Internet censorship? Identify some coun- tries in which this is a major issue.
11. What comprises the Internet backbone? 12. What is an IP address? What is a Uniform
Resource Locator, and how is it used? 13. What is XML, and how is it used? 14. What are CSS, and are how are they used? 15. What are Web services? Give an example of a
Web service. 16. What is Enterprise 2.0 and how is it used? 17. What is the Internet of Things (IoT), and how is it
used? 18. What is cloud computing? Identify three
approaches to deploying cloud computing. 19. What is autonomic computing, and how does it
benefit cloud computing?
Discussion Questions
1. Briefly discuss the differences between the star, bus, and mesh network topologies.
2. Briefly discuss the differences between a per- sonal area network, a local area network, a met- ropolitan area network, and a wide area network.
3. Identify and briefly discuss three common guided transmission media types.
4. Describe how near field communications works, and give an example of the use of this technology.
5. Describe how a Wi-Fi network works. 6. Describe how a terrestrial microwave system
works. 7. Summarize the differences among 1G, 2G, 3G,
and 4G wireless communications systems. 8. Discuss the role of network-management software—
including mobile device management software. 9. Provide a brief history of the Internet.
10. Briefly describe how the Internet works. 11. Identify and briefly describe five different ways to
access the Internet. 12. Briefly describe how the World Wide Web works.
13. Discuss the role of Hypertext Markup Language and HTML tags.
14. What is search engine optimization, and how is it accomplished?
15. Identify some of the issues and concerns associ- ated with connecting devices to the Internet of Things (IoT).
16. Identify and briefly discuss four problems fre- quently encountered by organizations moving to the cloud.
17. One of the key issues associated with the develop- ment of a Web site is getting people to visit it. If you were developing a Web site, how would you inform others about it and make it interesting enough that they would return and tell others about it?
18. Keep track of the amount of time you spend on social networking sites for one week. Do you think that this is time well spent? Why or why not?
19. Briefly summarize the differences in how the Internet, a company intranet, and an extranet are accessed and used.
Problem-Solving Exercises
1. Develop a spreadsheet to track the amount of time you spend each day on Twitter, Instagram, Facebook, and other social networks. Record your times on each network for a two-week period. How much of this time would you con- sider informative and worthwhile? How much time is just entertainment?
2. Do research to learn about the Amazon Web Ser- vices, Google Compute Engine, and Windows Azure cloud computing services. Write a paragraph summarizing each service. Prepare a spreadsheet to compare the three services based on ease of use, cost, and other key criteria of your choosing.
208 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
3. Think of a business that you might like to estab- lish. Use a word processor to define the business in terms of what product(s) or service(s) it pro- vides, where it is located, and its name. Go to www.godaddy.com, and find an appropriate domain name for your business that is not yet
taken. Shop around online for the best deal on Web site hosting. Write a paragraph about your experience finding a name, why you chose the name that you did, and how much it would cost you to register the name and host a site.
Team Activities
1. Form a team to identify IoT sensors in high demand in the medical device/pharma/bio-med industry. How are these sensors being used? What companies manufacture them? What do they cost if purchased in large quantities? Write a summary of your team’s findings.
2. Plan, set up, and execute a meeting with another team wherein you meet via the use of a Web service such as GoToMeeting or WebEx. What are
some of the problems you encountered in setting up and executing the meeting? How would you evaluate the effectiveness of the meeting? What could have been done to make the meeting more effective?
3. Try using the Chinese search engine Baidu to find information on several politically sensitive topics or people. Write a brief summary of your experience.
Web Exercises
1. Do research on the Web to identify the three to five countries that exercise the greatest amount of Internet censorship on its citizens. Briefly docu- ment each country’s censorship practices.
2. Net neutrality is the principle that Internet service providers should be required to treat all Internet traffic running over their wired and wireless net- works the same—without favoring content from some sources and/or blocking or slowing (also known as throttling) content from others. The debate over net neutrality raises questions about how best to keep the Internet open and impartial
while still offering Internet service providers suf- ficient incentive to expand their networks to serve more customers and to support new ser- vices. Do research to find out the current status of net neutrality in the United States. Write a report summarizing your findings.
3. Do research to identify the top ten social net- works in terms of number of worldwide active accounts. Which of these networks appears to be the fastest growing, slowest growing? Can you find a reason for the difference in growth rates? Write a report summarizing what you found.
Career Exercises
1. View the movie The Social Network or read the book The Boy Billionaire, which offers insights into Mark Zuckerberg, the founder of Facebook. How did Zuckerberg recognize the potential of social networking? How was he able to turn this basic idea into a billion dollar organization? What background, education, and experiences did he have that helped him in this endeavor?
2. Identify a social networking organization that interests you. Do research to identify current job
openings and the qualifications needed to fill open positions at the firm. Do any of these posi- tions appeal to you? Why or why not?
3. Explore LinkedIn, a social media network for professional networking. Use some of its features to find former students of your school or cowor- kers at your place of employment. What are some of the advantages of using such a Web site? What are some of the potential problems? Would you consider joining LinkedIn? Why or why not?
Case Studies
Case One
Cloud Helps Fight Cancer Each minute one person in the United States dies from cancer—over half a million deaths per year. Thousands of
scientists and physicians are working around the clock to fight cancer where it starts—in our DNA.
DNA is a molecule present in our cells that carries most of the genetic instructions used in the development, functioning, and reproduction of all known living organisms.
CHAPTER 4 • Networks and Cloud Computing 209
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
The information in DNA is stored as a code made up of four chemical bases adenine (A), guanine (G), cytosine (C), and thymine (T). Human DNA consists of about 3 billion bases, and more than 99 percent of those bases are the same in all people. The complete set of DNA instructions is called your genome, and it comes packaged into two sets of chromosomes, one set from your mother and one set from your father. Sometimes those instructions are miscoded or misread, which can cause cells to malfunction and grow out of control—resulting in cancer.
Doctors now routinely use patient genetic data along with personal data and health factors to design highly personalized treatments for cancer patients. However, genome sequencing is a highly complex effort—it takes about 100 gigabytes of data to represent just a single human genome. Only a few years ago, it was not even feasible to analyze an entire human genome. The Human Genome Project (HGP) was the international, collaborative research program whose goal was the complete mapping and understanding of all the genes of human beings. The HGP took over 15 years and cost in the neighborhood of $3 billion, but the result was the ability to read the complete genetic blueprint for humans.
It takes a computer with powerful processing power and prodigious amounts of storage capacity to process all the patient data required to sequence their genome. Most researchers simply do not have the in-house computing facilities equal to the challenge. As a result, they turn to cloud computing solutions, such as the Amazon Web Services public cloud system. Thanks to cloud computing and other technical advances, sequencing of a human genome can now be done in about 40 hours at a cost of under $5000.
Researchers at Nationwide Children’s Hospital in Columbus, Ohio invented Churchill, a software application that analyzes gene sequences very efficiently. Using cloud computing and this new algorithm, researchers at the hospital are now able to analyze a thousand individual genomes over the period of a week. Not only does this technology enable the hospital to help individual patients, it also helps large-scale research efforts exploring the genetic mutations that cause diseases.
Using the cloud also enables doctors and researchers worldwide to share information and collaborate more easily. The Cancer Genome Atlas (TCGA) is a research program supported by the National Cancer Institute and the National Human Genome Research Institute, whose goal is to identify genomic changes in more than 20 different types of human cancer. TCGA researchers compare the DNA samples of normal tissue with cancer tissue taken from the same patient to identify changes specific to that cancer. The researchers hope to analyze hundreds of samples for each type of cancer from many different patients to better understand what makes one cancer different from another cancer. This is critical because two patients with the same type of cancer can experience very different outcomes and respond very differently to the same treatment. Researchers hope to develop more effective, individualized treatments for each patient by connecting specific genomic changes with specific outcomes.
Critical Thinking Questions: 1. What advantages does cloud computing offer physi-
cians and researchers in their fight against cancer?
2. Estimate the amount of data required to analyze the human genome of 100 patients for each of 20 different types of cancer.
3. Physicians must abide by HIPAA regulations when transmitting data back and forth to the cloud. The penalties for noncompliance are based on the level of negligence and can range from $100 to $50,000 per violation (or per record). Violations can also carry criminal charges, resulting in jail time. What measures can be taken when using cloud computing to ensure that patient confidentiality will not be violated?
SOURCES: Gaudin, Sharon, “How The Cloud Helps Fight Cancer,” Computerworld, May 20, 2015, www.computerworld.com/article /2923753/cloud-computing/how-the-cloud-helps-fight-cancer.html; “Deoxyribonucleic Acid Fact Sheet,” www.genome.gov/25520880, accessed December 7, 2015; “Cancer Genomics What Does It Mean to You?,” The Cancer Genome Atlas, http//cancergenome.nih.gov/Publish edContent/Files/pdfs/1.1.0_CancerGenomics_TCGA-Genomics-Bro chure-508.pdf; “TCGA on AWS,” http//aws.amazon.com/public-data- sets/tcga, accessed December 7, 2015; “An Overview of the Human Genome Project,” National Human Genome Research Institute, www .genome.gov/12011238, accessed December 10, 2015.
Case Two
Globacom Invests in Its Mobile Network Infrastructure in Africa Approximately 46 percent of the world’s population now has access to the Internet—a key factor in encouraging economic activity and expanding educational opportunities. However, Internet access in Africa continues to trail that of the rest of the world. The continent contains 16 percent of the world’s population, but represents only about 9.8 percent of the world’s Internet users. Affordability and logistical barriers still prevent the vast majority of Africa’s population from accessing the wealth of information and services available online.
Increasingly, however, people in Africa—and around the globe—are breaking down those barriers by using mobile devices to gain access to the Internet. In 2015, there were an estimated 7 billion mobile broadband subscriptions worldwide, and that number is growing by almost 25 percent each year. As the world’s dependence on mobile technologies grows, telecommunications companies are increasing their investment in the networks that support those technologies.
Globacom Limited is one of the fastest-growing mobile communications companies in the world, operating mobile networks in Nigeria and several other West African countries under the GLO brand. The company is the second largest mobile network operator in Nigeria, where mobile devices account for over 76 percent of Web traffic (more than double the world average of 33 percent).
In order to provide reliable Internet access to its mobile subscribers, Globacom invests heavily in its network infrastructure. In 2011, the company became the first to lay a high-capacity, fiber-optic submarine cable from the United Kingdom to Nigeria. The large-scale project, which also connects points in Ghana, Senegal, Mauritania, Morocco, Portugal, and Spain, cost the company more than $800 million. The underwater cable system allowed Globacom to
210 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
expand its network, boost capacity, and increase Internet upload and download speeds. For Globacom’s mobile subscribers in Nigeria, the new cable also represented a significant jump in international connectivity—considered to be one of the critical requirements for the development of the Internet in any country.
Globacom also makes use of big data capabilities to improve its network performance and enhance the quality of the customer service it provides its subscribers. The company recently implemented Oracle’s Big Data Appliance platform, a hardware and software package that allows the company to analyze both structured and unstructured data related to issues such as terminated networks, event times and durations, event cost, quality of service, and overall network performance. Globacom’s IT staff uses the Oracle platform to capture and analyze more than 1 billion call-data records per day—the equivalent of 5 gigabytes of user-traffic information per second. According to Jameel Mohammed, Globacom’s group chief operating officer, the Oracle platform “enables us to capture, store, and analyze data that we were unable to access before. We now analyze network events 40 times faster.”
With a reduction in average query response time for network events from three minutes to five seconds, Globacom’s call center agents are better able to provide subscribers fast and reliable information regarding network performance. The company has significantly increased its “first-call resolution rate,” saving the company more than 13 million call center minutes, or the equivalent of 80 full- time customer service employees, annually.
For subscribers, Globacom’s investment in its network infrastructure along with its big data initiatives translate into improved network coverage and reliability, better customer service, and, perhaps most importantly, easier and more consistent access to the Internet—including a wide range of modern communications services, such as online banking and payment services, teleconferencing, distance learning, and telemedicine.
Critical Thinking Questions 1. What incentives does a mobile network operator have
to make ongoing, expensive investments in its network
infrastructure? What have been some of the benefits to Globacom’s subscribers of the company’s investment in its mobile network?
2. Big data applications and techniques allow network operators to make use of large quantities of network- related data, which was previously discarded due to the time and resources required to effectively ana- lyze the data. What are some data points that you think would be most useful for a communications company to analyze when looking for ways to improve their network performance? What data points related to network activity and performance might be useful from a customer service or market- ing standpoint?
3. Do research online to learn about some of the other factors that have impeded Internet access for most of the population in Africa and other parts of the world. What factors besides the level of network infrastruc- ture investment might affect Internet access rates in a given country?
SOURCES: “Ericsson Mobility Report,” Ericsson, www .ericsson.com/res/docs/2016/mobility-report/ericsson -mobility-report-feb-2016-interim.pdf, accessed February 20, 2016; “ICT Facts & Figures: The World in 2015,” International Telecommunication Union, www.itu.int/en/ITU-D/Statistics /Documents/facts/ICTFactsFigures2015.pdf, May 2015; “Internet Users in the World by Region, November 2015” Internet World Stats, www.internetworldstats.com/stats.htm, accessed February 20, 2016; “Internet Goes Mobile: Country Report Nigeria,” Ericsson www.ericsson.com/res/docs/2015 /consumerlab/ericsson-consumerlab-internet-goes-mobile- nigeria.pdf, accessed February 21, 2016; “Globacom Saves Over 35,000 Call-Processing Minutes Daily and Improves Data for Decision-Making and Customer Service,” Oracle, www.oracle.com/us/corporate/customers/customersearch /globacom-1-big-data-ss-2207715.html, accessed February 20, 2016; Banks, Roland, “There Are Now 3 Billion Internet Users Worldwide in 2015,” Mobile Industry Review, January 26, 2015, www.mobileindustryreview.com/2015 /01/3- billion-internet-users-2015.html; “Africa’s 50 Richest: #7 Mike Adenuga,” Forbes, accessed February 21, 2016.
Notes
1. Ignatescu, Adrian, “Most Popular Instant Messaging Apps in 2014-Review & Infographic,” Techchangers (blog), March 30, 2014, www.techchangers.com /instant-messaging-apps-review-most-popular-2014 -top10.
2. Claburn, Thomas, “Walmart Jumps into Crowded Mobile Payment Market,” Information Week, December 10, 2015, www.informationweek.com/mobile/mobile-appli cations/walmart-jumps-into-crowded-mobile-payment -market/d/d-id/1323518.
3. Hamblen, Matt, “Levi’s Stadium App Makes Use of Aruba Beacons to Help 49ers Fans Get Around,” Computer- world, November 4, 2014, www.computerworld.com /article/2842829/levis-stadium-app-makes-use-of -aruba-beacons-to-help-49ers-fans-get-around.html.
4. Wohnoutak, Bill, “Childhood Burn Care: A Telemedicine Success Story,” Dermatology Times, February 18, 2015, dermatologytimes.modernmedicine.com/dermatology -times/news/telemedicines-role-childhood-burn-care? page=full.
5. “Saudi Telecom Company Deploys High-Capacity International Mesh Network Powered by Ciena,” Investors.com, October 21, 2015, news.investors .com/newsfeed-business-wire/102115-141851937-saudi -telecom-company-deploys-high-capacity-international -mesh-network-powered-by-ciena.aspx.
6. “PIONIER-Polish Optical Internet,” PIONIER, http://blog. pionier.net.pl/sc2013/pionier, accessed January 6, 2014.
7. “About Chi-X Japan,” Chi-X Japan, www.chi-x.jp/ABOUT US.aspx, accessed February 19, 2016.
CHAPTER 4 • Networks and Cloud Computing 211
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
8. “Iridium Everywhere,” Iridium, www.iridium.com, accessed December 11, 2015.
9. Cheng, Roger, “Verizon to Be First to Field-Test Crazy- Fast 5G Wireless,” CNET, September 8, 2015, www.cnet .com/news/verizon-to-hold-worlds-first-crazy-fast-5g -wireless-field-tests-next-year.
10. “PRTG Network Monitor Helps Small, Family-Owned IT Consulting Business Provide World-Class Reliability,” Paessler, www.paessler.com/company/casestudies/covell_ group_uses_prtg, accessed December 16, 2015.
11. Higginbotham, Stacy, “Google Launches Andromeda, a Software Defined Network Underlying Its Cloud,” Gigaom, April 2, 2014, https://gigaom.com/2014/04/02 /google-launches-andromeda-a-software-defined-net work-underlying-its-cloud.
12. “Internet World Stats,” Internet World Stats, www.internet worldstats.com/stats.htm, accessed December 13, 2015.
13. Alexandrova, Katerina, “Using New Media Effectively: An Analysis of Barack Obama’s Election Campaign Aimed at Young Americans,” Thesis, New York 2010, www.academia.edu/1526998/Using_New_Media_Effecti vely_an_Analysis_of_Barack_Obamas_Election_ Campaign_Aimed_at_Young_Americans.
14. “Electronic Weapons: Syria Shows the Way,” Strategy- Page, January 13, 2014, www.strategypage.com/htmw /htecm/articles/20140113.aspx.
15. Smith, Charlie, “Jimmy Wales on Censorship in China,” The WorldPost, September 4, 2015, www.huffingtonpost .com/charlie-smith/jimmy-wales-on-censor ship_b_8087400.html.
16. Howard, Alexander, “In Saudi Arabia, Embracing New ‘Freedom’ on Social Media May Come with Serious Risks,” Huffington Post, May 26, 2015, www.huffington post.com/2015/05/26/saudi-arabia-social-media_n _7444742.html.
17. Naím, Moisés and Bennet, Phillip, “The Anti-Information Age,” The Atlantic, February 16, 2015, www.theatlantic .com/international/archive/2015/02/government-censor ship-21st-century-internet/385528.
18. “AWS Case Study: Airbnb,” Amazon Web Services, http:// aws.amazon.com/solutions/case-studies/airbnb, accessed December 13, 2015.
19. Schnuer, Jenna, “Meet the Winners of Our Entrepreneur of 2014 Awards,” Entrepreneur, January 20, 2015, www .entrepreneur.com/slideshow/240844.
20. “Transforming Tyco with Yammer,” Yammer, https:// about.yammer.com/customers/tyco, accessed January 13, 2014.
21. “About Khan Academy,” Khan Academy, www.khana cademy.org/about, accessed December 13, 2015.
22. “About Us,” NPower, www.npower.org/Our-Purpose /Our-Purpose.aspx, accessed December 13, 2015.
23. Ignatescu, “Most Popular Instant Messaging Apps in 2014.”
24. “Addison Fire Saves $5K Yearly Using GoToMeeting with HDFaces Video Conferencing,” Citrix, http://news .citrixonline.com/wp-content/uploads/2013/07/Addision -Fire-District_G2M_ss.pdf, accessed January 30, 2014.
25. “Rhapsody Music Service Now Has 3 Million Paying Subscribers,” Variety, July 22, 2015, http://variety.com /2015/digital/news/rhapsody-music-service-now-has-3 -million-paying-subscribers-1201545576.
26. Newman, Jared, “Popcorn Time Users Sued again, This Time for Streaming 2015’s Survivor,” PC World, Sep- tember 2, 2015, www.pcworld.com/article/2979681/soft ware-entertainment/popcorn-time-users-sued-again -this-time-for-streaming-2015s-survivor.html.
27. “YouTube Statistics,” YouTube, www.youtube.com/yt /press/statistics.html, accessed January 21, 2014.
28. Takahashi, Dean, “Mobile Gaming Could Drive Entire Video Game Industry to $100 Billion in Revenue by 2017,” Gamesbeat, January 14, 2014, http://venturebeat .com/2014/01/14/mobile-gaming-could-drive-entire -game-industry-to-100b-in-revenue-by-2017.
29. “Groupon Announces Fourth Quarter and Fiscal Year 2015 Results,” Groupon, February 11, 2016, http://inves tor.groupon.com/releasedetail.cfm?releaseid=954580.
30. “4 Real-World Stories about the Interactive Intranet,” Jive (blog), June 18, 2015, www.jivesoftware.com/blog/real -world-stories-about-interactive-intranet.
31. Romeo, Jim, et al, “A Practical Guide to the Internet of Things,” Tech Target, © 2015.
32. Kepes, Ben, “The Internet of Things, Coming Soon to an Airline near You,” Runway Girl Network, March 14, 2015, www.runwaygirlnetwork.com/2015/03/14/the -internet-of-things-coming-soon-to-an-airline-near-you.
33. van Zyl, Gareth, “Internet of Everything Helps Prevent Dubai Crane Collisions,” Web Africa, June 4, 2014, www .itwebafrica.com/cloud/516-africa/233009-internet-of -everything-helps-prevent-dubai-crane-collisions.
34. “Reducing Costs with a Converged Roadway Network,” Cisco, www.cisco.com/c/dam/en/us/solutions/collateral /industry-solutions/Aegean-Motorway-voc-case-study .pdf, accessed January 4, 2015.
35. “iCloud,” Apple, www.apple.com/icloud, accessed January 8, 2014.
36. “AWS Case Study: Spotify,” Amazon Web Services, aws.amazon.com/solutions/case-studies/spotify, accessed December 17, 2015.
37. “The College Network,” www.slideshare.net/EarthLink Business/private-cloud-case-study-the-college-network -earth-link-business, accessed January 9, 2014.
38. “Cloud Computing Options,” PC Today, June 2014. 39. Ramel, David, “New Research Shows ‘Staggering’ Failure
Rates for Cloud Projects,” Enterprise Systems, June 26, 2014, http://esj.com/articles/2014/06/26/cloud-projects -fail.aspx.
40. Olavsrud, Thor, “Why a Media Giant Sold Its Data Center and Headed to the Cloud,” CIO, July 15, 2014, www.cio .com/article/2453894/data-center/why-a-media-giant- sold-its-data-center-and-headed-to-the-cloud.html.
41. Ovide, Shira and Boulton, Clint, “Flood of Rivals Could Burst Amazon’s Cloud,” The Wall Street Journal, July 25, 2014, www.wsj.com/articles/storm-clouds-over-amazon -business-1406328539?mg=id=wsj.
42. “Revlon Fact Sheet,” Revlon, www.revlon.com/about /fact-sheet, accessed February 21, 2016.
43. “Revlon, Inc. Moves to the Cloud with Juniper Networks to Increase Global Business Agility,” Juniper Networks, www.juniper.net/assets/us/en/local/pdf/case-studies /3520444-en.pdf, accessed October 6, 2014.
44. “Cloud Computing Options,” PC Today, June 2014. 45. “Autonomic Computing,” IBM, www.ibm.com/developer
works/tivoli/autonomic.html, accessed October 7, 2014.
212 PART 2 • Information Technology Concepts
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
PART 3 BusinessInformation Systems Chapter 5 Electronic Commerce and Enterprise Systems
Chapter 6 Business Intelligence and Analytics
Chapter 7 Knowledge Management and Specialized Information Systems
Sergey Nivens/Shutterstock.com
213 Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
CHAPTER
5 Electronic Commerce and Enterprise Systems
Rawpixel.com/Shutterstock.com
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Know?Did Yo u
• Although the business-to-consumer (B2C) market grabs more of the news headlines, the business-to-business (B2B) market is considerably larger and is growing more rapidly. B2B sales within the United States were esti- mated to be over $780 billion in 2015, twice the size of B2C commerce.
• Automatic Data Processing (ADP) is a major provider of business outsourcing solutions for payroll administration for 610,000 organizations in more than 125 countries. It uses a batch processing system to prepare the pay- checks of one out of six workers in the United States, as well as 12 million other workers around the world.
Principles Learning Objectives
• Electronic commerce is evolving, providing new ways of conducting business that presents both potential benefits and problems.
• Describe the current status of various forms of e-commerce, including B2B, B2C, C2C, e-government, and m-commerce.
• Identify several advantages and challenges associated with e-commerce and m-commerce.
• Identify and briefly describe several current e-commerce applications.
• E-commerce and m-commerce require the careful planning and integration of a number of technology infrastructure components.
• Identify the key components of technology infrastructure that must be in place for e-commerce and m-commerce to work.
• Discuss the key features of the electronic payment systems needed to support e-commerce and m-commerce.
• An organization must have information systems that support routine, day-to-day activities and that help it add value to its products and services.
• Identify the basic activities and business objectives common to all transaction processing systems.
• Describe the transaction processing systems associated with the order processing, purchasing, and accounting business functions.
• An organization that implements an enterprise system is creating a highly integrated set of sys- tems, which can lead to many business benefits.
• Identify the basic functions performed and the benefits derived from the implementation of an enterprise resource planning system, customer resource management, and product lifecycle management system.
• Describe the hosted software model for enterprise systems and explain why this approach is so appealing to SMEs.
• Identify the challenges that organizations face in planning, building, and operating their enterprise systems.
• Identify tips for avoiding many of the common causes for failed enterprise system implementations.
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Why Learn about Electronic and Mobile Commerce and Enterprise Systems? Electronic commerce has transformed many areas of our lives and careers. One fundamental change has been the manner in which companies interact with their suppliers, customers, government agencies, and other business partners. As a result, most organizations today have set up business on the Internet or are considering doing so. To be successful, all members of the organization need to plan and participate in that effort. As a sales or marketing manager, you will be expected to help define your firm’s e-commerce business model. As a customer service employee, you can expect to participate in the development and operation of your firm’s Web site. As a human resource or public relations manager, you will likely be asked to provide Web site content for use by potential employees and shareholders. As an analyst in finance, you will need to know how to measure the business impact of your firm’s Web operations and how to compare that to competitors’ efforts.
In addition to the changes brought on by e-commerce, individuals and organizations today are moving from a collection of nonintegrated transaction processing systems to highly integrated enterprise systems that perform routine business processes and maintain records about them. These systems support a wide range of business activities associated with supply chain management (includes planning, executing, and controlling all activities involved in raw material sourcing and procurement, conversion of raw materials to finished products, and the warehousing and delivery of finished product to customers), customer relationship management, and product lifecycle management. Although they were initially thought to be cost effective only for very large companies, even small- and mid-sized companies are now implementing these systems to reduce costs, speed time to market, and improve service.
In our service-oriented economy, outstanding customer service has become a goal of virtually all companies. To provide good customer service, employees who work directly with customers—whether in sales, customer service, or marketing—require high-quality and timely data to make good decisions. Such employees might use an enterprise system to check the inventory status of ordered items, view the production-planning schedule to tell a customer when an item will be in stock, or enter data to schedule a delivery.
Clearly, as an employee in today’s organization, you must understand the role of e-commerce and enterprise systems, how to capitalize on their many opportunities, and how to avoid their pitfalls. This chapter begins by providing a brief overview of the dynamic world of e-commerce.
As you read this chapter, consider the following:
• What are the advantages of e-commerce and m-commerce?
• What factors should organizations consider when adopting enterprise systems to support their business processes and plan for the future?
An Introduction to Electronic Commerce
Electronic commerce (e-commerce) is the conducting of business activities (e.g., distribution, buying, selling, marketing, and servicing of products or ser- vices) electronically over computer networks. It includes any business transac- tion executed electronically between companies (business-to-business), companies and consumers (business-to-consumer), consumers and other consumers (consumer-to-consumer), public sector and business (government- to-business), public sector to citizens (government-to-citizen), and public sector to public sector (government-to-government). Business activities that are strong candidates for conversion to e-commerce are ones that are paper based, time consuming, and inconvenient for customers.
supply chain management (SCM): A system that includes planning, executing, and controlling all activities involved in raw material sourcing and procurement, the conversion of raw materials to finished products, and the warehousing and delivery of finished products to customers.
216 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Business-to-Business E-Commerce Business-to-business (B2B) e-commerce is a subset of e-commerce in which all the participants are organizations. B2B e-commerce is a useful tool for con- necting business partners in a virtual supply chain to cut resupply times and reduce costs. Although the business-to-consumer market grabs more of the news headlines, the B2B market is considerably larger and is growing more rapidly. B2B sales within the United States were estimated to be over $780 billion in 2015, twice the size of B2C commerce.1 The top e-commerce priori- ties for many B2B buyers include transparent pricing, easily accessible prod- uct details, purchase tracking, and personalized recommendations.2
Grainger is a B2B distributor of products for facilities maintenance, repair, and operations (a category called MRO) with more than 1.5 million different items offered online. See Figure 5.1. In 2015, the company’s online sales exceeded $4 billion or more than 40 percent of the company’s total sales.3 A key part of Grainger’s e-commerce success is its suite of mobile apps, which make it possible for customers to access products online and quickly find and order products via a smartphone or other mobile device. Currently, 15 percent of the company’s e-commerce traffic comes to its Web site through mobile devices.4
Business-to-Consumer E-Commerce Business-to-consumer (B2C) e-commerce is a form of e-commerce in which customers deal directly with an organization and avoid intermediaries. By using B2C e-commerce to sell directly to consumers, producers, or providers of consumer products can eliminate the middlemen, or intermediaries, between them and the consumer. In many cases, this squeezes costs and inef- ficiencies out of the supply chain and can lead to higher profits for businesses and lower prices for consumers. The elimination of intermediate organizations between the producer and the consumer is called disintermediation.
More than just a tool for placing orders, the Internet enables shoppers to compare prices, features, and value, and to check other customers’ opinions. Consumers can, for example, easily and quickly compare information about automobiles, cruises, loans, insurance, and home prices to find better values. Internet shoppers can unleash shopping bots or access sites such as eBay Shopping.com, Google Shopping, Shopzilla, PriceGrabber, Yahoo! Shopping, or Excite to browse the Internet and obtain lists of items, prices, and merchants.
FIGURE 5.1 Grainger e-commerce Grainger offers more than 1.5 million items online. gra
in ge r.c om
business-to-business (B2B) e-commerce: A subset of e-commerce in which all the partici- pants are organizations.
business-to-consumer (B2C) e-commerce: A form of e-commerce in which customers deal directly with an organization and avoid intermediaries.
disintermediation: The elimination of intermediate organizations between the producer and the consumer.
CHAPTER 5 • Electronic Commerce and Enterprise Systems 217
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Worldwide, B2C e-commerce sales continue to grow rapidly, reaching $1.9 trillion in 2014. The Asia-Pacific region represents the world’s largest and fastest-growing B2C market; it accounts for almost 40 percent of total world- wide B2C sales.5 China’s e-commerce sales are now over $670 billion and are growing at a rate of over 40 percent per year. Other top markets with double-digit e-commerce sales growth include: United Kingdom ($99.4 bil- lion), Japan ($89.6 billion), and Germany ($61.8 billion).6 Table 5.1 shows the estimated B2C e-commerce sales by world region from 2012 to 2017 (estimated).
One reason for the steady growth in B2C e-commerce is shoppers find that many goods and services are cheaper when purchased online, including stocks, books, newspapers, airline tickets, and hotel rooms.
Another reason for the growth in B2C e-commerce is that online B2C shoppers have the ability to design a personalized product. Nike, Inc., pro- vides a successful example of this approach to personalization. The com- pany’s online NIKEiD service enables purchasers to customize a pair of shoes by selecting from different material, features, and fit options—including the level of insole cushioning, sole material, and the fabric color and design of everything from the lining of the shoe to the laces. Nike also recently added a Personalized ID (PiD) service, which allows customers to further individualize their shoes by adding a personal message to their shoes—whether that be a personal mantra, a sports team affiliation, or a personal record.7,8
Yet a third reason for the continued growth of B2C e-commerce is the effective use of social media networks by many companies looking to reach consumers, promote their products, and generate online sales. Vera Bradley is a luggage design company that produces a variety of products, including quilted cotton luggage, handbags, and accessories. The firm has more than 1.6 million Facebook followers and is one of the most followed Internet retai- lers on Pinterest. Indeed, Vera Bradley has been extremely conscientious in cross-posting items from Facebook, Flickr, and YouTube to Pinterest. When you visit the Vera Bradley Web site, Pinterest and other social buttons appear on the product pages so that shoppers can share their likes with friends.
Another important trend is that of consumers researching products online but then purchasing those products at a local brick-and-mortar store. Sales in local stores that are stimulated through online marketing and research are called Web-influenced sales. Such sales are estimated to exceed $1.7 trillion— roughly 40 percent of total retail sales, and in some categories, such as baby/ toddler and home furnishing, Web-influenced sales make up more than
TABLE 5.1 Forecasted global B2C e-commerce sales (USD billions) Region 2015 2016 2017
Asia-Pacific $681.2 $855.7 $1,052.9
North America $538.3 $597.9 $660.4
Western Europe $382.7 $414.2 $445.0
Central & Eastern Europe $64.4 $68.9 $73.1
Latin America $64.9 $70.6 $74.6
Middle East & Africa $39.6 $45.5 $51.4
Worldwide $1,771.1 $2,052.8 $2,357.4
Source: “Global B2C Ecommerce Sales to Hit $1.5 Trillion This Year Driven by Growth in Emerging Markets,” e-Marketer, February 3, 2014, http://www.emarketer.com/Article/Global-B2C-Ecommerce-Sales-Hit-15-Trillion- This-Year-Driven-by-Growth-Emerging-Markets/1010575#sthash.ZQGggr6U.dpuf.
personalization: The process of tailoring Web pages to specifically target individual consumers.
218 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
55 percent of total sales.9 Amazon is the dominant B2C retailer in the United States with nearly $72 billion in 2015 Web sales.
Consumer-to-Consumer E-Commerce Consumer-to-consumer (C2C) e-commerce is a subset of e-commerce that involves electronic transactions between consumers using a third party to facilitate the process. eBay is an example of a C2C e-commerce site; customers buy and sell items to each other through the site. Founded in 1995, eBay has become one of the most popular Web sites in the world, with 2015 net reve- nue of $8.5 billion.10 Other popular C2C sites include Bidz.com, Craigslist, eBid, Etsy, Fiverr, Ibidfree, Kijiji, Ubid, and Taobao. The growth of C2C is responsible for a drastic reduction in the use of the classified pages of news- papers to advertise and sell personal items and services, so it has had a nega- tive impact on that industry. On the other hand, C2C has created an opportunity for many people to make a living out of selling items on auction Web sites. According to eBay, the gross merchandise volume for items sold on its site in 2015 was $82 billion.11 Table 5.2 summarizes the key factors that differentiate B2B, B2C, and C2C e-commerce.
E-Government E-government is the use of information and communications technology to sim- plify the sharing of information, speed formerly paper-based processes, and improve the relationship between citizens and government. Government- to-citizen (G2C), government-to-business (G2B), and government-to-government (G2G) are all forms of e-government, each with different applications.
Citizens can use G2C applications to submit their state and federal tax returns online, renew auto licenses, purchase postage, and apply for student loans. Citizens can purchase items from the U.S. government through its GSA Auctions Web site, which offers the general public the opportunity to bid electronically on a wide range of government assets. Healthcare.gov is a healthcare exchange Web site created by and operated under the U.S. federal government as specified in the Patient Protection and Affordable Care Act. It is designed for use by residents in the 36 U.S. states that opted not to create their own state exchanges. By accessing this Web site, users can view
TABLE 5.2 Differences among B2B, B2C, and C2C Factors B2B B2C C2C
Typical value of sale Thousands or millions of dollars
Tens or hundreds of dollars
Tens of dollars
Length of sales process Days to months Days to weeks Hours to days
Number of decision makers involved
Several people to a dozen or more
One or two One or two
Uniformity of offer Typically a uniform prod- uct offering
More customized product offering
Single product offering, one of a kind
Complexity of buying process
Extremely complex; much room for negotiation on quantity, quality, options and features, price, pay- ment, and delivery options
Relatively simple; limited negotiation on price, pay- ment, and delivery options
Relatively simple; limited negotiation on payment and delivery options; negotiations focus on price
Motivation for sale Driven by a business decision or need
Driven by an individual consumer’s need or emotion
Driven by an individual consumer’s need or emotion
consumer-to-consumer (C2C) e-commerce: A subset of e-commerce that involves electronic transactions between consumers using a third party to facilitate the process.
e-government: The use of informa- tion and communications technology to simplify the sharing of information, speed formerly paper-based pro- cesses, and improve the relationship between citizens and government.
CHAPTER 5 • Electronic Commerce and Enterprise Systems 219
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
healthcare options, determine if they are eligible for healthcare subsidiaries, and enroll in a plan.12
G2B applications support the purchase of materials and services from pri- vate industry by government procurement offices, enable firms to bid on gov- ernment contracts, and help businesses identify government contracts on which they may bid. The Web site Business.USA.gov allows businesses to access information about laws and regulations and to download relevant forms needed to comply with federal requirements for their businesses. FedBizOpps.gov is a Web site where government agencies post procurement notices to provide an easy point of contact for businesses that want to bid on government contracts.
G2G applications support transactions between government entities, such as between the federal government and state or local governments. Govern- ment to Government Services Online (GSO) is a suite of Web applications that enables government organizations to report information—such as birth and death data, arrest warrant information, and information about the amount of state aid being received—to the administration of Social Security services. This information can affect the payment of benefits to individuals. Many state governments provide a range of e-government services to various state and local agencies. For example, the state of Oregon’s transaction payment engine (TPE) option enables agencies to use an efficient Internet payment solution while adhering to statewide policies and procedures. This service is just one aspect of Oregon’s E-Government Program, whose goals are creating a uni- form state of Oregon online identity, promoting digital government, and sav- ing Oregon taxpayers money.13,14
Mobile Commerce Mobile commerce (m-commerce) relies on the use of mobile devices, such as tablets and smartphones, to place orders and conduct business. Smartphone manufacturers such as Apple, Huawei, Lenovo, LG, Samsung, and Xiaomi are working with communications carriers such as AT&T, Sprint/Nextel, T-Mobile, and Verizon to develop wireless devices, related technology, and services to support m-commerce. The Internet Corporation for Assigned Names and Num- bers (ICANN) created a .mobi domain in 2005 to help attract mobile users to the Web. Afilias administers this domain and helps to ensure that the .mobi destinations work quickly, efficiently, and effectively with all mobile devices.
Mobile commerce is a rapidly growing segment of e-commerce, with Japan, the United Kingdom, and South Korea leading the world in m-commerce growth.15 The market for m-commerce in North America is maturing much later than in other countries for several reasons. In North America, responsibility for network infrastructure is fragmented among many providers and consumer payments are usually made by credit card. In most Western European countries, consumers are much more willing to use m-commerce. Japanese consumers are generally enthusiastic about new tech- nology and therefore have been much more likely to use mobile technologies to make purchases.
Worldwide, m-commerce accounted for 35 percent of all retail e-commerce sales in the fourth quarter of 2015. In the United States, the share of e-commerce transactions completed on a mobile device grew 15 percent from the prior year, representing 30 percent of all e-commerce transac- tions.16 The number of mobile Web sites worldwide is growing rapidly because of advances in wireless broadband technologies, the development of new and useful applications, and the availability of less costly but more powerful smartphones. Experts point out that the relative clumsiness of mobile browsers and security concerns still must be overcome to speed the growth of m-commerce.
220 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Advantages of Electronic and Mobile Commerce Conversion to an e-commerce or m-commerce system enables organizations to reach new customers, reduce the cost of doing business, speed the flow of goods and information, increase the accuracy of order processing and order fulfillment, and improve the level of customer service.
Reach New Customers The establishment of an e-commerce Web site enables a firm to reach new customers in new markets. Indeed, this is one of the primary reasons organi- zations give for establishing a Web site.
Founded in 1978, Shoe Carnival is a chain of more than 400 footwear stores located in 33 states.17 Shoe Carnival’s unique concept involves creating a high-energy atmosphere within each store through features such as a “spin- ning wheel of savings” and a team member on a microphone interacting with shoppers. According to Ken Zimmerman, vice president of e-commerce, the chain’s goal is “to entertain our customers. We create a fun place with music and excitement.” Until recently, the Shoe Carnival Web site served only as a source of information for customers; however, the company has now launched a full e-commerce site—which includes social shopping tools such as customer-generated reviews of individual items—that is allowing the com- pany to expand its reach to customers in areas where it does not have physi- cal stores. The company’s national advertising campaign is focused on driving more traffic to the company’s e-commerce site, and the company’s future online efforts will be focused on re-creating its “surprise and delight” concept online to differentiate it from other online shoe stores.18
Reduce Costs By eliminating or reducing time-consuming and labor-intensive steps through- out the order and delivery process, more sales can be completed in the same period and with increased accuracy. With increased speed and accuracy of customer order information, companies can reduce the need for inventory— from raw materials to safety stocks and finished goods—at all the intermedi- ate manufacturing, storage, and transportation points.
BloomNation bills itself as a “trusted community marketplace for people to list, discover, and send unique bouquets handcrafted by local florists across the country.”19 Launched as a response to the rising commissions being charged by the dominant floral wire services, including FTD, 1-800-Flowers, and Teleflora, the BloomNation site offers floral arrangements from over 1,500 florists around the country who take and post their own photos on the site. The florists are able to take advantage of the increased exposure and sta- bility that BloomNation’s site offers, without some of the staffing and other costs associated with processing individual customer orders and payments. The florists also pay lower per-order fees—just 10 percent per order rather than 27 percent charged by the large wire services.20
Speed the Flow of Goods and Information When organizations and their customers are connected via e-commerce, the flow of information is accelerated because electronic connections and commu- nications are already established. As a result, information can flow from buyer to seller easily, directly, and rapidly.
Shutterfly, an online provider of photographic products and services to both businesses and consumers, generates $1 billion in sales annually. While the vast majority of Shutterfly’s e-commerce revenue comes from B2C transac- tions, the company also offers B2B marketing products and services through its Web site, where business customers can order customized, four-color
CHAPTER 5 • Electronic Commerce and Enterprise Systems 221
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
marketing materials. The company’s e-commerce capabilities, automated workflow, and large-scale production centers allow business customers to quickly customize and place their orders—cutting the project completion time from weeks to days for many clients.21,22
Increase Accuracy By enabling buyers to enter their own product specifications and order infor- mation directly, human data-entry error on the part of the supplier is elimi- nated. And order accuracy is important—no matter what the product is. Domino’s, the second-largest pizza chain in the world, was one of the first chain restaurants to offer an e-commerce site where customers could enter and pay for their orders. Half of Domino’s sales now comes through its e-commerce site. Using the site’s Easy Order feature, customers can enter their orders and address information directly—improving order and delivery accu- racy. And for customers who create a “Pizza Profile” online, ordering can be as simple as sending a tweet or a text (customers can initiate an order using just a pizza emoji) or just clicking a button on the Domino’s smartphone app.23
Improve Customer Service Increased and more detailed information about delivery dates and current sta- tus can increase customer loyalty. In addition, the ability to consistently meet customers’ desired delivery dates with high-quality goods and services elimi- nates any incentive for customers to seek other sources of supply.
Customers come to Sticker Mule’s e-commerce site to order customized stickers for a wide range of projects, whether that be to market a business, label products, drive traffic to a Web site, or raise money for a crowdfunding project. When developing its e-commerce site, Sticker Mule placed a high pri- ority on ease of use. Customers using the site can place their orders within a matter of minutes, and then view and approve order proofs online, further reducing the time it takes to complete orders. Sticker Mule’s Web infrastruc- ture allows their customer service team to consolidate support inquiries from a variety of channels—including email, Web, and phone—into one place, making it easier and faster for team members to respond to customer queries. And since customer service is a top priority for Sticker Mule, their site also includes a sophisticated help center with more than 200 articles (in multiple languages) that customers can research on their own. The site also allows cus- tomers to post reviews, and even includes a Marketplace section where custo- mers can sell their stickers.24
E-Commerce Challenges A company must overcome many challenges to convert its business processes from the traditional form to e-commerce processes, especially for B2C e-commerce. As a result, not all e-commerce ventures are successful. The fol- lowing are three key challenges to e-commerce: (1) dealing with consumer privacy concerns, (2) overcoming consumers’ lack of trust, and (3) overcom- ing global issues.
Dealing with Consumer Privacy Concerns While two-thirds of U.S. Internet users have purchased an item online and most Internet users say online shopping saves them time, about one-third of all adult Internet users will not buy anything online primarily because they have privacy concerns or lack trust in online merchants. Companies must be prepared to make a substantial investment to safeguard their customers’ pri- vacy or run the risk of losing customers and generating potential class action lawsuits should the data be compromised. It is not uncommon for customers to initiate a class action lawsuit for millions of dollars in damages for
222 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
emotional distress and loss of privacy. In addition to potential damages, com- panies must frequently pay for customer credit monitoring and identity theft insurance to ensure that their customers’ data is secure.
In order to address customers’ privacy concerns, companies looking to do business online must invest in the latest security technology and employ highly trained security experts to protect their consumers’ data. For large companies, that can mean a sizable in-house staff that monitors security issues 24/7. Smaller companies often rely on security services provided by compa- nies such as Symantec, whose Norton Secured Seal is intended to provide cus- tomers with the confidence they need to transact e-commerce business.
Overcoming Consumers’ Lack of Trust Lack of trust in online sellers is one of the most frequently cited reasons that some consumers give to explain why they are unwilling to purchase online. Can they be sure that the company or person with which they are dealing is legitimate and will send the item(s) they purchase? What if there is a problem with the product or service when it is received: for example, if it does not match the description on the Web site, is the wrong size or wrong color, is damaged during the delivery process, or does not work as advertised? Online marketers must create specific trust-building strategies for their Web sites by analyzing their customers, products, and services. A perception of trustworthi- ness can be created by implementing one or more of the following strategies:
● Demonstrate a strong desire to build an ongoing relationship with custo- mers by giving first-time price incentives, offering loyalty programs, or eliciting and sharing customer feedback.
● Demonstrate that the company has been in business for a long time. ● Make it clear that considerable investment has been made in the Web site. ● Provide brand endorsements from well-known experts or well-respected
individuals. ● Demonstrate participation in appropriate regulatory programs or industry
associations. ● Display Web site accreditation by the Better Business Bureau Online or
TRUSTe programs.
Overcoming Global Issues E-commerce and m-commerce offer enormous opportunities by allowing manu- facturers to buy supplies at a low cost worldwide. They also offer enterprises the chance to sell to a global market right from the start. Moreover, they offer great promise for developing countries, helping them to enter the prosperous global marketplace, which can help to reduce the gap between rich and poor countries. People and companies can get products and services from around the world, instead of around the corner or across town. These opportunities, however, come with numerous obstacles and issues associated with all global systems:
● Cultural challenges. Great care must be taken to ensure that a Web site is appealing, easy to use, and not offensive to potential customers around the world.
● Language challenges. Language differences can make it difficult to understand the information and directions posted on a Web site.
● Time and distance challenges. Significant time differences make it diffi- cult for some people to be able to speak to customer services representa- tives or to get technical support during regular waking hours.
● Infrastructure challenges. The Web site must support access by custo- mers using a wide variety of hardware and software devices.
● Currency challenges. The Web site must be able to state prices and accept payment in a variety of currencies.
CHAPTER 5 • Electronic Commerce and Enterprise Systems 223
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
● State, regional, and national law challenges. The Web site must oper- ate in conformance to a wide variety of laws that cover a variety of issues, including the protection of trademarks and patents, the sale of copy- righted material, the collection and safeguarding of personal or financial data, the payment of sales taxes and fees, and much more.
Electronic and Mobile Commerce Applications
E-commerce is being used in innovative and exciting ways. This section exam- ines a few of the many B2B, B2C, C2C, and m-commerce applications in retail and wholesale, manufacturing, marketing, advertising, bartering, retargeting, price comparison, couponing, investment and finance, and banking. As with any new technology, m-commerce will succeed only if it provides users with real benefits. Companies involved in e-commerce and m-commerce must think through their strategies carefully and ensure that they provide services that truly meet customers’ needs.
Manufacturing One approach taken by many manufacturers to raise profitability and improve customer service is to move their supply chain operations onto the Internet. Here, they can form an electronic exchange, an electronic forum where man- ufacturers, suppliers, and competitors buy and sell goods, trade market infor- mation, and run back-office operations, such as inventory control, as shown in Figure 5.2. This approach speeds up the movement of raw materials and fin- ished products and reduces the amount of inventory that must be maintained. It also leads to a much more competitive marketplace and lower prices.
FIGURE 5.2 Model of an electronic exchange An electronic exchange is an elec- tronic forum where manufacturers, suppliers, and competitors buy and sell goods, trade market information, and run back-office operations.
Electronic exchange
Manufacturers
Shoppers
Suppliers
Supplier’s bank Shopper’s bank
Manufacturer’s bank
Requests for information, purchase orders, payment information
Information about raw material
needs, purchase orders, shipment
notices, payment requests
Ma nu
fac tur
er' s o
rde rs,
in for
ma tio
n
ab ou
t r aw
m ate
ria l n
ee ds
Sh ipm
en t n
oti ce
s f or
ma nu
fac tur
ers ,
pa ym
en t re
qu es
ts
Customer orders, supplier
shipment notices
Payment request
Payment approval, electronic transfer of funds
Payment approval,
electronic transfer of funds Payment request
Pa ym
en t re
qu es
t
Pa ym
en t a
pp rov
al,
ele ctr
on ic
tra ns
fer of
fu nd
s
electronic exchange: An elec- tronic forum where manufacturers, suppliers, and competitors buy and sell goods, trade market information, and run back-office operations.
224 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Companies can join one of three types of exchanges based on who oper- ates the exchange. Private exchanges are owned and operated by a single company. The owner uses the exchange to trade exclusively with established business partners. Walmart’s Retail Link is such an exchange. Consortium- operated exchanges are run by a group of traditionally competing companies with common procurement needs. For example, Covisint was developed as an exchange to serve the needs of the big three auto makers. Independent exchanges are open to any set of buyers and sellers within a given market. They provide services and a common technology platform to their members and are open, usually for a fee, to any company that wants to use them. For example, Tinypass is a flexible e-commerce platform that enables content publishers to choose from a variety of payment models to sell access to their media. Publishers can offer limited previews to readers before they subscribe, ask for payment to view each video or article, or allow the audience to pay what they believe the content is worth. Content is defined by the publisher and can be any sort of digital media: an article, a movie, a song, a blog post, a PDF, access to a forum, or access to an entire Web site. Tinypass exchange members can use the platform to crowdfund projects from within their own Web sites, rather than working through third party sites, such as GoFundMe or KickStarter.25,26
Marketing The nature of the Web enables firms to gather more information about cus- tomer behavior and preferences as customers and potential customers gather their own information and make their purchase decisions. Analysis of this data is complicated because of the Web’s interactivity and because each visitor voluntarily provides or refuses to provide personal data such as name, address, email address, telephone number, and demographic data. Internet advertisers use the data to identify specific markets and target them with tai- lored advertising messages. This practice, called market segmentation, divides the pool of potential customers into subgroups usually defined in terms of demographic characteristics, such as age, gender, marital status, income level, and geographic location.
In the past, market segmentation has been difficult for B2B marketers because firmographic data (addresses, financials, number of employees, and industry classification code) was difficult to obtain. Now, however, eXelate, a subsidiary of Nielsen, the marketing and media information company, has joined forces with Dun & Bradstreet to provide data as a service solution that customers can use to access a database of more than 250 million business records, including critical company information such as contact names, job titles and seniority levels, locations, addresses, number of employees, annual sales, and Standard Industry Code (SIC) and North America Industry Classifi- cation System (NAICS) classification codes. See Figure 5.3. Using this data, analysts can identify, access, and segment their potential B2B audience; esti- mate potential sales for each business; and rank the business against other prospects and customers.27
Advertising Mobile ad networks distribute mobile ads to publishers such as mobile Web sites, application developers, and mobile operators. Mobile ad impressions are generally bought at a cost per thousand (CPM), cost per click (CPC), or cost per action (CPA), in which the advertiser pays only if the customer clicks through and then buys the product or service. The main measures of success are the number of users reached, click through rate (CTR), and the number of actions users take, such as the number of downloads prompted by the ad. Advertisers are keenly interested in this data to measure the effectiveness of
market segmentation: The identi- fication of specific markets to target them with tailored advertising messages.
CHAPTER 5 • Electronic Commerce and Enterprise Systems 225
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
their advertising spending, and many organizations are willing to pay extra to purchase the data from a mobile ad network or a third party.
InMobi is a mobile advertising provider that reaches 1 billion active users with over 130 billion monthly ad impressions. The company uses a technique it calls “appographic targeting” to help marketers increase the chance of con- necting users to the type of media and apps they are most likely to engage with. By analyzing the core functional, design, and interactive attributes of more than 10,000 apps, InMobi has divided its audience of active users into 200 “appographic segments,” based on each user’s existing and previous application downloads rather than on more traditional metrics, such as demo- graphics or geography. Marketers can use the segments to more accurately target app-install campaigns. For example, a flight-booking app could be pro- moted to users who engage with apps that offer hotel-booking services or travel-related reviews.28,29
Because m-commerce devices usually have a single user, they are ideal for accessing personal information and receiving targeted messages for a particular consumer. Through m-commerce, companies can reach individual consumers to establish one-to-one marketing relationships and communicate whenever it is convenient—in short, anytime and anywhere. See Figure 5.4.
Bartering During the recent period of slow economic growth and stagnant wages, many people and businesses turned to bartering as a means of gaining goods and services. A number of Web sites have been created to support this activity, as shown in Table 5.3. Some businesses are willing to barter to reduce excess inventory, gain new customers, or avoid paying cash for necessary raw mate- rials or services. Cash-strapped customers may find bartering to be an attrac- tive alternative to paying scarce dollars. Generally, bartering transactions have
FIGURE 5.3 Nielsen marketing company eXelate, a subsidiary of Nielsen, the marketing and media information company, has joined forces with Dun & Bradstreet to provide data as a service solution that customers can use to access a database of more than 250 million business records. Source: http://info.exelate.com/b2b-audiences_1-sheet
226 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
tax-reporting, accounting, and other record-keeping responsibilities associ- ated with them. Indeed, the IRS hosts a Bartering Tax Center Web site that provides details about the tax laws and responsibilities for bartering transactions.
Retargeting An average of 74 percent of all online shopping carts are abandoned, repre- senting more than $4 trillion worth of merchandise in 2013.30 “Retargeting” is a technique used by advertisers to recapture these shoppers by using targeted and personalized ads to direct shoppers back to a retailer’s site. For example, a visitor who viewed the men’s clothing portion of a retailer’s Web site and then abandoned the Web site would be targeted with banner ads showing various men’s clothing items from that retailer. The banner ads might even display the exact items the visitor viewed, such as men’s casual slacks. The retargeting could be further enhanced to include comments and recommenda- tions from other consumers who purchased the same items. Retargeting ensures that potential consumers see relevant, targeted ads for products they’ve already expressed interest in.
FIGURE 5.4 M-commerce is convenient and personal Consumers are increasingly using mobile phones to purchase goods and perform other transactions online.
TABLE 5.3 Popular bartering Web sites Web site Purpose
Craiglist.org Includes a section where users can request an item in exchange for services or exchange services for services
Swapagift.com Enables users to buy, sell, or swap merchant gift cards
Swapstyle.com Allows users to swap, sell, or buy direct women’s accessories, clothes, cosmetics, and shoes
Swaptrees.com Users trade books, CDs, DVDs, and video games on a one- for-one basis
TradeAway.com Enables users to exchange a wide variety of new or used items, services, or real estate
CHAPTER 5 • Electronic Commerce and Enterprise Systems 227
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Price Comparison An increasing number of companies provide mobile phone apps that enable shoppers to compare prices and products online. RedLaser enables shoppers to do a quick price comparison by simply scanning the product’s bar code. Amazon’s Price Check app also lets you search for pricing by taking a picture of a book, DVD, CD, or video game cover. The Barcode Scanner app allows shoppers to scan UPC or Quick Response codes to perform a price compari- son and read the latest product reviews.31,32
Couponing During 2015, more than $515 billion in consumer incentives were distributed via 286 billion free-standing insert (FSI) coupons, with an average face value of $1.80 per coupon.33 Surprisingly, only 0.95 percent of those coupons were redeemed even during tough economic times for many people.34
Many businesses now offer a variety of digital coupons—which tend to be redeemed at higher rates than FSI coupons—including printable coupons available on a company’s Web site or delivered to customers via email. Shop- pers at some retail chains can go to the store’s Web site and load digital cou- pons onto their store loyalty card. Other retailers have programs that allow a person to enter their mobile number and a PIN at checkout to redeem cou- pons they selected online. Many consumer product good manufacturers and retailers and other businesses now send mobile coupons directly to consu- mers’ smartphones via SMS technology.
More recently, some larger retailers have been experimenting with “prox- imity marketing,” using in-store beacons to deliver coupons to customers who are already in their stores. Beacons, which can be as small as a sticker that is placed on an item or store shelf, uses Bluetooth low-energy (BLE) wire- less technology to pinpoint the location of consumers in a store and to deliver mobile coupons directly to a customer’s smartphone. A recent study estimates that by 2020 more than 1.5 billion mobile coupons will be delivered using beacon technology.35,36
Newer online marketplaces, such as Groupon and LivingSocial offer an updated approach to digital couponing. Discount coupons for consumers are valid only if a predetermined minimum number of people sign up for them. Merchants do not pay any money up front to participate in Groupon of LivingSocial but must pay the companies a fee (up to 50 percent for Groupon) whenever a customer purchase a coupon.
Investment and Finance The Internet has revolutionized the world of investment and finance. Perhaps the changes have been so significant because this industry had so many built- in inefficiencies and so much opportunity for improvement.
The brokerage business adapted to the Internet faster than any other arm of finance. The allure of online trading that enables investors to do quick, thorough research and then buy shares in any company in a few seconds and at a fraction of the cost of a full-commission firm has brought many investors to the Web. Fidelity offers mobile trading apps for tablets, smartphones, and even Apple Watch. The apps allow investors a secure platform to monitor their portfolios, view real-time stock quotes, track preferred stocks, and exe- cute trades.37
Banking Online banking customers can check balances of their savings, checking, and loan accounts; transfer money among accounts; and pay bills. These custo- mers enjoy the convenience of not writing checks by hand, of tracking their
228 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
current balances, and of reducing expenditures on envelopes and stamps. In addition, online banking customers have the satisfaction of knowing that pay- ing bills online is good for the environment because it reduces the amount of paper used, thus saving trees and reducing greenhouse gases.
All of the major banks and many of the smaller banks in the United States enable their customers to pay bills online, and most support bill payment via mobile devices. Banks are eager to gain more customers who pay bills online because such customers tend to stay with the bank longer, have higher cash balances, and use more of the bank’s products and services. To encourage the use of this service, many banks have eliminated all fees associated with online bill payment.
Consumers who have enrolled in mobile banking and downloaded the mobile application to their cell phones can check credit card balances before making major purchases to avoid credit rejections. They can also transfer funds from savings to checking accounts to avoid an overdraft.
M-Pesa (M for mobile, Pesa for money in Swahili) with some 20 million users worldwide is considered by many to be the most developed mobile pay- ment system in the world. The service is operated by Safaricom and Vodacom, the largest mobile network operators in Kenya and Tanzania. M-Pesa enables users with a national ID card or passport to deposit, withdraw, and transfer money easily with a mobile device. Its services have expanded from a basic mobile money transfer scheme to include loans and savings products, bill pay, and salary disbursements. In 2013, more than 40 percent of Kenya’s GDP flowed through M-Pesa.38,39
Establishing a Consortium You are a recent business major graduate and a new manager in the supply chain management organization of Marriott International. The organization is looking to reduce the amount of money spent each year on basic supplies such as linens and towels, cleaning supplies, furniture, and appliances. You have been asked to explore the feasibility of establishing an electronic exchange (consortium) of other hotel chains and the suppliers of the items in an attempt to lower total costs.
Review Questions 1. Explain how such an electronic exchange might operate. 2. What are some of the pros and cons of participating in an electronic
exchange?
Critical Thinking Questions 1. Identify several strategic and competitive issues that may complicate the for-
mation of such a consortium. 2. Would you recommend that Marriott continue to explore the feasibility of set-
ting up a consortium? Why or why not?
Technology Infrastructure Required to Support E-Commerce and M-Commerce
Successful implementation of e-business requires significant changes to exist- ing business processes and substantial investment in IS technology. These tech- nology components must be chosen carefully and be integrated to support a large volume of transactions with customers, suppliers, and other business partners worldwide. In surveys, online consumers frequently note that poor Web site performance (e.g., slow response time, inadequate customer support, and lost orders) drives them to abandon some e-commerce sites in favor of
CHAPTER 5 • Electronic Commerce and Enterprise Systems 229
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
those with better, more reliable performance. This section provides a brief overview of the key technology infrastructure components. See Figure 5.5.
Hardware A Web server hardware platform complete with the appropriate software is a key ingredient to e-commerce infrastructure. The amount of storage capacity and computing power required of the Web server depends primarily on two things: the software that must run on the server and the volume of e-commerce transactions that must be processed. The most successful e-commerce solutions are designed to be highly scalable so that they can be upgraded to meet unexpected user traffic.
Key Web site performance measures include response time (typical goal < 1 second), transaction success rate (strive for 99 percent or better), and system availability (as close to 0 minutes of unscheduled downtime as possible). Table 5.4 shows the values for the key measures for five popular online retailers for one week.
FIGURE 5.5 Key technology infrastructure components E-commerce systems require spe- cific kinds of hardware and software to be successful.
High-speed connection to network
E-commerce software
Server software
Server operating system
Web server hardware
Network Internet
Value-added network Virtual private network
TABLE 5.4 Key performance measures for some popular retail Web sites
Site Response Time (seconds) Success Rate
Outage Time During One Week
Zappos 0.71 100% 0
Apple Store 0.82 100% 0
Costco 1.02 100% 0
Nike 1.60 100% 0
Best Buy 2.00 100% 0
Source: “Performance Index: Top Retailers,” Keynote, February 21, 2016, www.keynote.com/performance -indexes/retail-us.
© 20 18
Ce ng ag e Le ar ni ng
230 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
A key decision facing a new e-commerce company is whether to host its own Web site or to let someone else do it. Many companies decide that using a third-party Web service provider is the best way to meet initial e-commerce needs. The third-party company rents space on its computer sys- tem and provides a high-speed connection to the Internet, thus minimizing the initial out-of-pocket costs for e-commerce start-up. The third party can also provide personnel trained to operate, troubleshoot, and manage the Web server.
Web Server Software In addition to the Web server operating system, each e-commerce Web site must have Web server software to perform fundamental services, including security and identification, retrieval and sending of Web pages, Web site tracking, Web site development, and Web page development. The two most widely used Web server software packages are Apache HTTP Server and Microsoft Internet Information Services.
E-Commerce Software After you have located or built a host server, including the hardware, operat- ing system, and Web server software, you can begin to investigate and install e-commerce software to support five core tasks: catalog management to create and update the product catalog, product configuration to help customers select the necessary components and options, shopping cart facilities to track the items selected for purchase, e-commerce transaction processing, and Web traffic data analysis to provide details to adjust the operations of the Web site.
Mobile Commerce Hardware and Software For m-commerce to work effectively, the interface between the mobile device and its user must improve to the point that it is nearly as easy to purchase an item on a wireless device as it is to purchase it on a PC. In addition, net- work speeds must continue to improve so that users do not become frus- trated. Security is also a major concern, particularly in two areas: the security of the transmission itself and the trust that the transaction is being made with the intended party. Encryption can provide secure transmission. Digital certificates can ensure that transactions are made between the intended parties.
The mobile devices used for m-commerce have several limitations that complicate their use. Their screens are small, perhaps no more than several square inches, and might be able to display only small portions of a Web site. In addition, entering data on a mobile device can be tedious and error prone. Mobile devices also have less processing power and less bandwidth than desktop or laptop computers, which are usually connected to a high-speed LAN. They also operate on limited-life batteries. For these reasons, Web devel- opers must often rewrite Web applications so that users with mobile devices can access them.
Electronic Payment Systems Electronic payment systems are a key component of the e-commerce infra- structure. Current e-commerce technology relies on user identification and encryption to safeguard business transactions. Actual payments are made in a variety of ways, including electronic cash, electronic wallets, and smart, credit, charge, and debit cards. Web sites that accept multiple payment types convert more visitors to purchasing customers than merchants who offer only a single payment method.
CHAPTER 5 • Electronic Commerce and Enterprise Systems 231
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Authentication technologies are used by many organizations to confirm the identity of a user requesting access to information or assets. A digital certificate is an attachment to an email message or data embedded in a Web site that verifies the identity of a sender or Web site. A certificate authority (CA) is a trusted third-party organization or company that issues digital certificates. The CA is responsible for guaranteeing that the people or organizations granted these unique certificates are in fact who they claim to be. Digital certificates thus create a trust chain throughout the transaction, verifying both purchaser and supplier identities.
Many organizations that accept credit cards to pay for items purchased via e-commerce have adopted the Payment Card Industry (PCI) security standard. This standard spells out measures and security procedures to safeguard the card issuer, the cardholder, and the merchant. Some of the measures include installing and maintaining a firewall configuration to control access to compu- ters and data, never using software or hardware vendor-supplier defaults for system passwords, and requiring merchants to protect stored data, encrypt transmission of cardholder information across public networks, use and regu- larly update antivirus software, and restrict access to sensitive data on a need- to-know basis.
Various measures are being implemented to increase the security associ- ated with the use of credit cards at the time of purchase. The Address Verifi- cation System is a check built into the payment authorization request that compares the address on file with the card issuer to the billing address pro- vided by the cardholder. The Card Verification Number technique is a check of the additional digits typically printed on the back of the card (or on the front, in the case of American Express cards). Visa has Advanced Authoriza- tion, a Visa-patented process that provides an instantaneous rating of that transaction’s potential for fraud—using factors such as the value of the trans- action, type of merchant, time of day the purchase is being made, and whether the site is one where the card owner has previously shopped. The card issuer can then send an immediate response to the merchant regarding whether to accept or decline the transaction. The technology is applied to every Visa credit and check card purchase today, and has contributed to a two-thirds reduction in system-wide fraud for Visa over the past two decades. Visa has continued to add other features and data inputs to its fraud-detection systems, such as extended cardholder transaction data and even mobile loca- tion confirmation.40
The Federal Financial Institutions Examination Council has developed a set of guidelines called “Authentication in an Internet Banking Environment,” which recommend two-factor authorization. This approach adds another iden- tity check along with the password system. A number of multifactor authenti- cation schemes can be used, such as biometrics, one-time passwords, or hardware tokens that plug into a USB port on the computer and generate a password that matches the ones used by a bank’s security system.
The use of biometric technology to secure digital transactions has been slow to develop due to cost and privacy concerns. However, MasterCard recently announced it will begin rolling out its new MasterCard Identity Check service that allows users to take an initial ID photo that will be used to create a digital map of their face, which will be stored on MasterCard’s ser- vers. When the user wants to make a payment using their smartphone, the MasterCard app will capture their image, which, along with a user-entered password, will be authenticated before the transaction is approved. Master- Card’s system also offers a fingerprint sensor that can be used to verify pur- chases.41 Apple’s new ApplePay system makes use of the fingerprint sensors on newer iPhones. Consumers paying with ApplePay, which is tied to a credit or debit card, just hold their iPhone close to the contactless reader with their finger on the Touch ID button.42
digital certificate: An attachment to an email message or data embedded in a Web site that verifies the identity of a sender or Web site.
certificate authority (CA): A trusted third-party organization or com- pany that issues digital certificates.
232 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Transport Layer Security All online shoppers fear the theft of credit card numbers and banking infor- mation. To help prevent this type of identity theft, the Transport Layer Secu- rity communications protocol is used to secure sensitive data. Transport Layer Security (TLS) is a communications protocol or system of rules that ensures privacy between communicating applications and their users on the Internet. TLS enables a client (like a Web browser) to initiate a temporary, pri- vate conversation with a server (like a shopping site on the Web or an online bank). Before the client and server start communicating, they perform an automated process called a “handshake” where they exchange information about who they are, and which secret codes and algorithms they’ll use to encode their messages to each other. Then for the duration of the conversa- tion, all the data that passes between the client and server is encrypted so that even if somebody does listen in, they won’t be able to determine what’s being communicated. TLS is the successor to the Secure Sockets Layer (SSL). In addition to TLS handling the encryption part of a secure e-commerce trans- action, a digital certificate is assigned to the Web site to provide positive server identification so shoppers can be assured of with whom that are dealing.
Electronic Cash Electronic cash is an amount of money that is computerized, stored, and used as cash for e-commerce transactions. Typically, consumers must open an account with an electronic cash service provider by providing identification information. When the consumers want to withdraw electronic cash to make a purchase, they access the service provider via the Internet and present proof of identity—a digital certificate issued by a certification authority or a username and password. After verifying a consumer’s identity, the system debits the consumer’s account and credits the seller’s account with the amount of the purchase. ApplePay, PayPal, Square, Stripe, and WePay are leading online payment service providers that facilitate the use of electronic cash.
PayPal enables any person or business with an email address to securely, easily, and quickly send and receive payments online. To send money, you enter the recipient’s email address and the amount you want to send. You can pay with a credit card, debit card, or funds from a checking account. The recipient gets an email message that says, “You’ve Got Cash!” Recipients can then collect their money by clicking a link in the email message that takes them to www.paypal.com. To receive the money, the user also must have a credit card or checking account to accept fund transfers. To request money for an auction, invoice a customer, or send a personal bill, you enter the reci- pient’s email address and the amount you are requesting. The recipient gets an email message and instructions on how to pay you using PayPal. Today over 179 million Internet users use PayPal to send money in more than 100 currencies and some 90 percent of eBay purchases go through PayPal.43
The use of smartphones to make purchases and transfer funds between consumers and businesses has become commonplace. The goal is to make the payment process as simple and secure as possible and for it to work on many different phones and through many different mobile network providers—not simple tasks. Fortunately, the intelligence built into the iPhone and other smartphones can make this all possible.
You can use several services (e.g., Phone Transact iMerchant Pro, Square, ROAMPay, and PayWare Mobile) to plug a credit card reader device into the headphone jack on a cell phone to accept credit card payments. Intuit’s GoPayment service does not require a credit card reader but provides soft- ware that lets you enter the credit card number.
Transport Layer Security (TLS): A communications protocol or system of rules that ensures privacy between communicating applications and their users on the Internet.
electronic cash: An amount of money that is computerized, stored, and used as cash for e-commerce transactions.
CHAPTER 5 • Electronic Commerce and Enterprise Systems 233
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
With Xipwire, consumers can text someone with a special code to place a purchase on their monthly phone bill and bypass any credit card system alto- gether. A free Starbucks mobile app enables customers to order and pay for their java using their smartphones—without ever having to wait in line. App users, whose mobile purchases are tied to a credit card, can even tip their barista digitally.44
Credit, Charge, Debit, and Smart Cards Many online shoppers use credit and charge cards for most of their Internet pur- chases. A credit card, such as Visa or MasterCard, has a preset spending limit based on the user’s credit history, and each month the user can pay all or part of the amount owed. Interest is charged on the unpaid amount. A charge card, such as American Express, carries no preset spending limit, and the entire amount charged to the card is due at the end of the billing period. You can’t carry a bal- ance from month to month with a charge card like you can with a credit card. Charge cards require customers to pay in full every month or face a fee. Debit cards look like credit cards, but they operate like cash or a personal check. The debit card is linked directly to your savings or checking account. Each time you use the card, money is automatically taken from your checking or savings account to cover the purchase. Credit, charge, and debit cards currently store limited information about you on a magnetic stripe. This information is read each time the card is swiped to make a purchase. All credit card customers are protected by law from paying more than $50 for fraudulent transactions.
The smart card is a credit card–sized device with an embedded microchip to provide electronic memory and processing capability. Smart cards can be used for a variety of purposes, including storing a user’s financial facts, health insurance data, credit card numbers, and network identification codes and passwords. They can also store monetary values for spending.
Smart cards are better protected from misuse than conventional credit, charge, and debit cards because the smart-card information is encrypted. Con- ventional credit, charge, and debit cards clearly show your account number on the face of the card. The card number, along with a forged signature, is all that a thief needs to purchase items and charge them against your card. A smart card makes credit theft practically impossible because a key to unlock the encrypted information is required, and there is no external number that a thief can identify and no physical signature a thief can forge. Table 5.5 com- pares various types of payment systems.
Here in the United States, credit cards with only magnetic stripes are being replaced by cards with chips that employ the EMV (Europay, Master- card, Visa) global standard for working with point-of-sale systems. Each time the EMV card is inserted into a point-of-sale device for payment, it creates a unique transaction code that can never be reused. Unlike the European ver- sion of the card which requires the user to enter a PIN number to complete the transaction, the U.S. card user simply signs the receipt. While such cards are nearly impossible to counterfeit, the account number of these cards is clearly visible and can be used by fraudsters for online purchases.
The United States financial institutions elected to implement the chip- and-sign EMV card rather than chip-and-PIN card. The later card requires the user to enter their personal PIN number for each transaction. While the chip in the EMV cards prevents the use of counterfeit cards, it is expected that card-present fraud in stores will migrate to card-not-present fraud online and that total dollar volume of fraud will actually increase. It is projected that counterfeit card fraud in the U.S. will fall by roughly $1.8 billion between 2015 and 2018 due to EMV chips, however, online card (card-not-present) fraud will rise $3.1 billion. That’s a projected net card fraud gain of $1.3 bil- lion during the initial post EMV time period—a very poor financial return on the $8 billion issuers and merchants are spending to deploy EMV.45
234 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
Third Party Operation of Web Site Your firm has been hosting and operating its own Web site for over five years now. However, in the face of negative consumer reviews and poor performance, management is considering having a third-party host and operate the Web site.
Review Questions 1. What parameters might be used to measure the current performance of the
Web site? 2. What are the pros and cons of having a third-party host and operate your Web
site?
Critical Thinking Questions 1. Management is concerned that the migration to chip-and-sign EMV cards will
increase the level of online consumer fraud. Do you have any ideas to combat this increase in fraud?
2. What other potential risks and opportunities lie in the future of B2C e-commerce?
Transaction Processing Systems
Organizations employ transaction processing systems (TPSs) to capture and process the detailed data necessary to update records about the fundamental business operations of the organization. These systems include order entry, inventory control, shipment processing, payroll, accounts payable, accounts receivable, and the general ledger, to name just a few. The input to these sys- tems includes basic business transactions, such as customer orders, purchase orders, receipts, time cards, invoices, and customer payments. The processing activities include data collection, data editing, data correction, data processing, data storage, and document production. The result of processing business transactions is that the organization’s records are updated to reflect the status of the operation at the time of the last processed transaction. A TPS also pro- vides employees involved in other business processes with data to help them fulfill their roles and achieve their personal and business goals.
The Helen Ross McNabb Center is a community-based, nonprofit organiza- tion that provides behavioral health services to families in eastern Tennessee
TABLE 5.5 Comparison of payment systems Payment System Description Advantages Disadvantages
Credit card Carries preset spending limit based on the user’s credit history
Each month the user can pay all or part of the amount owed
Unpaid balance accumulates interest charges—often at a high rate of interest
Charge card Looks like a credit card but carries no preset spending limit
Does not involve lines of credit and does not accumulate interest charges
The entire amount charged to the card is due at the end of the billing period or the user must pay a fee
Debit card Looks like a credit card or automated teller machine (ATM) card
Operates like cash or a personal check
Money is immediately deducted from user’s account balance
Smart card Is a credit card device with embedded microchip capable of storing facts about cardholder
Better protected from misuse than conventional credit, charge, and debit cards because the smart card information is encrypted
Slowly becoming more widely used in the United States
CHAPTER 5 • Electronic Commerce and Enterprise Systems 235
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
who are struggling due to the impact of mental illness, addiction, and other chal- lenges.46 Because the organization is a nonprofit, keeping its operating costs under control is particularly important. The center implemented a Web-based human resources platform with payroll and benefits transaction processing func- tions that have allowed the organization to add 400 employees without having to increase their human resource staffing levels.47
Because TPSs often perform activities related to customer contacts—such as order processing and invoicing—these information systems play a critical role in providing value to the customer. For example, by capturing and track- ing the movement of each package, shippers such as FedEx and DHL can pro- vide timely and accurate data on the exact location of a package. Shippers and receivers can access an online database and, by providing the tracking number of a package, find the package’s current location. If the package has been delivered, they can see who signed for it (a service that is especially use- ful in large companies where packages can become “lost” in internal distribu- tion systems and mailrooms). Such a system provides the basis for added value through improved customer service.
Traditional Transaction Processing Methods and Objectives With batch processing systems, business transactions are accumulated over a period of time and prepared for processing as a single unit or batch. See Figure 5.6. Transactions are accumulated for as long as necessary to meet the needs of the users of that system. For example, it might be important to pro- cess invoices and customer payments for the accounts receivable system daily. On the other hand, the payroll system might process time cards biweekly to create checks, update employee earnings records, and distribute labor costs. The essential characteristic of a batch processing system is the delay between an event and the eventual processing of the related transaction
FIGURE 5.6 Batch versus online transaction processing (a) Batch processing inputs and processes data in groups. (b) In online processing, transactions are completed as they occur.
Data entry of accumulated transactions
Input (batched)
Output
(a) Batch Processing
Terminal
Output
Terminal
Terminal
Terminal
Terminal
Central computer (processing)
(b) Online Transaction Processing
Immediate processing of each transaction
batch processing system: A form of data processing whereby busi- ness transactions are accumulated over a period of time and prepared for processing as a single unit or batch.
236 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
to update the organization’s records. For many applications, batch processing is an appropriate and cost effective approach. Payroll transactions and billing are typically done via batch processing.
Automatic Data Processing (ADP) is a major provider of business outsour- cing solutions for payroll administration for 610,000 organizations in more than 125 countries. It uses a batch processing system to prepare the pay- checks of one out of six workers in the United States, as well as 12 million other workers around the world.48
Sumerian is an IT company that specializes in helping organizations plan and manage their hardware and software infrastructure to avoid processing backlogs and other system capacity issues. The firm recently worked with a large brokerage firm that needed to optimize its global trading platform, which handles over 70 percent of its business transactions. Of particular con- cern were the brokerage’s overnight batch processing activities, which must be completed within a five-hour window to ensure the company’s systems are updated by the time the markets open each morning. Using analytics soft- ware, Sumerian was able to reduce the brokerage’s overnight batch proces- sing time by 15 percent, allowing the firm’s systems to handle an increasing volume of trading transactions while staying within the five-hour processing window.49
With online transaction processing (OLTP), each transaction is pro- cessed immediately without the delay of accumulating transactions into a batch, as shown in Figure 5.2b. Consequently, at any time, the data in an online system reflects the current status. This type of processing is essential for businesses that require access to current data such as airlines, ticket agen- cies, and stock investment firms. Many companies find that OLTP helps them provide faster, more efficient service—one way to add value to their activities in the eyes of the customer. See Figure 5.7.
Online payments giant PayPal Holdings, Inc., employs a massive OLTP system to process more than 13 million payments each day through its Brain- tree, PayPal, Venmo, and Xoom products. The payments between merchants and consumers—as well as between individual users—total more than $280 billion annually.50
FIGURE 5.7 Example of an OLTP system Hospitality companies such as ResortCom International can use an OLTP system to manage timeshare payments and other financial transactions. ©
iS to ck ph ot o. co m /C ou rt ne y K
online transaction processing (OLTP): A form of data processing where each transaction is processed immediately without the delay of accumulating transactions into a batch.
CHAPTER 5 • Electronic Commerce and Enterprise Systems 237
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
The specific business needs and goals of the organization define the method of transaction processing best suited for the various applications of the company. Increasingly, the need for current data for decision making is driving many organizations to move from batch processing systems to online transaction processing systems when it is economically feasible. Figure 5.8 shows the traditional flow of key pieces of information from one TPS to another for a typical manufacturing organization. When transactions entered into one system are processed, they create new transactions that flow into another system.
Because of the importance of transaction processing, organizations expect their TPSs to accomplish a number of specific objectives, including the following:
● Capture, process, and update databases of business data required to sup- port routine business activities
● Ensure that the data is processed accurately and completely ● Avoid processing fraudulent transactions ● Produce timely user responses and reports ● Reduce clerical and other labor requirements ● Help improve customer service ● Achieve competitive advantage
An organization typically employs the following types of transaction pro- cessing systems:
● Order processing systems. Running these systems efficiently and reli- ably is so critical that the order processing system is sometimes referred to as the lifeblood of the organization. The processing flow begins with the receipt of a customer order. The finished product inventory is checked to see if sufficient inventory is on hand to fill the order. If suffi- cient inventory is available, the customer shipment is planned to meet the
FIGURE 5.8 Integration of a firm’s TPS When transactions entered into one system are processed, they create new transactions that flow into another system.
Amounts paid by customers
Order entry/ order configuration
Employee
Shipment planning Finished product inventory
Inventory status
Orders
Raw materials Packing materials Spare parts Inventory
Shipment execution
Pick list
Purchase order processing
Purchase order request
Inventory status report
Invoicing
Shipped orders
Items and quantities picked for each order
Customer Invoice
Accounts receivable
Amounts owed by customer
Receiving
Purchase order
Supplier
Materials and invoice
Purchase order
Check General ledger
Amounts owed by customers Amounts owed by company Amounts paid by company
Payroll Labor costs
Employee
PaychecksTime cards
Budget Expense transactions
Products
Payment
Customer order request
Accounts payable
Receiving notice
238 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
customer’s desired receipt date. A product pick list is printed at the ware- house from which the order is to be filled on the day the order is to be shipped. At the warehouse, workers gather the items needed to fill the order and enter the item identifier and quantity for each item to update the finished product inventory. When the order is complete and sent on its way, a customer invoice is created, with a copy included in the cus- tomer shipment.
● Accounting systems. The accounting systems must track the flow of data related to all the cash flows that affect the organization. As mentioned earlier, the order processing system generates an invoice for customer orders to include with the shipment. This information is also sent to the accounts receivable system to update the customer’s account. When the customer pays the invoice, the payment information is also used to update the customer’s account. The necessary accounting transactions are sent to the general ledger system, which tracks amounts owed from cus- tomers and amounts due to vendors. Similarly, as the purchasing systems generate purchase orders and those items are received, information is sent to the accounts payable system to manage the amounts owed by the company. Data about amounts owed and paid by customers to the com- pany and from the company to vendors and others are sent to the general ledger system, which records and reports all financial transactions for the company.
● Purchasing systems. The traditional transaction processing systems that support the purchasing business function include inventory control, pur- chase order processing, receiving, and accounts payable. Employees place purchase order requests in response to shortages identified in inventory control reports. Purchase order information flows to the receiving system and accounts payable systems. A record is created upon receipt of the items ordered. When the invoice arrives from the supplier, it is matched to the original order and the receiving report, and a check is generated if all data is complete and consistent.
In the past, organizations knitted together a hodgepodge of systems to accomplish the transaction processing activities shown in Figure 5.4. Some of the systems might have been applications developed using in-house resources, some may have been developed by outside contractors, and others may have been off-the-shelf software packages. Much customization and mod- ification of this diverse set of software was typically necessary for all the applications to work together efficiently. In some cases, it was necessary to print data from one system and then manually reenter it into other systems. Of course, this increased the amount of effort required and increased the like- lihood of processing delays and errors.
The approach taken today by many organizations is to implement an integrated set of transaction processing systems—from a single or limited number of software vendors—that handle most or all of the transaction pro- cessing activities shown in Figure 5.4. The data flows automatically from one application to another with no delay or need to reenter data. For exam- ple, Lukas Nursery, a fourth-generation family-owned agribusiness in central Florida, recently implemented a suite of software applications that is now integrated into the garden center’s POS system. The nursery consolidated its systems into an integrated retail business management solution provided by one vendor, allowing it to update its business practices, optimize seasonal inventory, manage a customer loyalty program, and make more informed business decisions through the use of the software’s analytics capabilities.51,52
Table 5.6 summarizes some of the ways that companies can use transac- tion processing systems to achieve competitive advantage.
CHAPTER 5 • Electronic Commerce and Enterprise Systems 239
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Transaction Processing Systems for Small- and Medium-Sized Enterprises Many software packages provide integrated transaction processing system solutions for small- and medium-sized enterprises (SMEs), wherein SME is a legally independent enterprise with no more than 500 employees. Integrated transaction processing systems for SMEs are typically easy to install and oper- ate and usually have a low total cost of ownership, with an initial cost of a few hundred to a few thousand dollars. Such solutions are highly attractive to firms that have outgrown their current software but cannot afford a complex, high-end integrated system solution. Table 5.7 presents some of the dozens of such software solutions available.
Echo Valley Irrigation is a golf course and sports field irrigation design and construction company founded in 1986. For years, Echo Valley utilized a patchwork of processes and technologies to run its business. As the company continued to grow, however, its systems were not keeping up. Eventually,
TABLE 5.6 Examples of TPSs yielding significant benefits Competitive Advantage Example
Better relationship with suppliers
Internet marketplace to allow the company to purchase products from suppliers at discounted prices
Costs dramatically reduced Warehouse management system employing RFID technology to reduce labor hours and improve inventory accuracy
Customer loyalty increased Customer interaction system to monitor and track each customer interaction with the company
Inventory levels reduced Collaborative planning, forecasting, and replen- ishing system to ensure the right amount of inventory is in stores
Superior information gathering
Order configuration system to ensure that pro- ducts ordered will meet customer’s objectives
Superior service provided to customers
Tracking systems that customers can access to determine shipping status
TABLE 5.7 Sample of integrated TPS solutions for SMEs Vendor Software Type of TPS Offered Target Customers
AccuFund AccuFund Financial reporting and accounting Nonprofit, municipal, and government organizations
OpenPro OpenPro Complete ERP solution, including financials, supply chain management, e-commerce, customer relationship management, and retail POS system
Manufacturers, distributors, and retailers
Intuit QuickBooks Financial reporting and accounting Manufacturers, professional services, contractors, nonprofits, and retailers
Sage Sage 300 Construction and Real Estate
Financial reporting, accounting, and operations
Contractors, real estate develo- pers, and residential builders
Redwing TurningPoint Financial reporting and accounting Professional services, banks, and retailers
240 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Echo Valley implemented the Sage 300 software package, which provides the company with an accounting platform with a range of automated func- tions, including a tool that allows project managers to perform a job- specific profit-and-loss analysis when bidding on new projects. The firm also takes advantage of Sage Construction Anywhere, which enables job foremen to track project status, generate reports, and approve payroll through Web-based services.53
Transaction Processing Activities Along with having common characteristics, all TPSs perform a common set of basic data-processing activities. TPSs capture and process data that describes fundamental business transactions. This data is used to update databases and to produce a variety of reports for people both within and outside the enter- prise. The business data goes through a transaction processing cycle that includes data collection, data editing, data correction, data processing, data storage, and document production. See Figure 5.9.
Data Collection Capturing and gathering all data necessary to complete the processing of transactions is called data collection. In some cases, it can be done manually, such as by collecting handwritten sales orders or inventory update forms. In other cases, data collection is automated via special input devices such as scanners, point-of-sale (POS) devices, and terminals.
Data collection begins with a transaction (e.g., taking a customer order) and results in data that serves as input to the TPS. Data should be captured at its source and recorded accurately in a timely fashion, with minimal manual
FIGURE 5.9 Transaction processing activities A transaction processing cycle includes data collection, data edit- ing, data correction, data proces- sing, data storage, and document production.
Document production
Data editing
Data collection
Data correction
Data processing
Data storage
Original data
Bad data
Good data
TPS reports
transaction processing cycle: The process of data collection, data editing, data correction, data proces- sing, data storage, and document production.
data collection: Capturing and gathering all data necessary to com- plete the processing of transactions.
CHAPTER 5 • Electronic Commerce and Enterprise Systems 241
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
effort and in an electronic or digital form that can be directly entered into the computer. This approach is called source data automation. An example of source data automation is an automated device at a retail store that speeds the checkout process—either UPC codes read by a scanner or RFID signals picked up when the items approach the checkout stand. Using UPC bar codes or RFID tags is quicker and more accurate than having a clerk enter codes manually at the cash register. The product ID for each item is deter- mined automatically, and its price retrieved from the item database. The point-of-sale TPS uses the price data to determine the customer’s total. The store’s inventory and purchase databases record the number of units of an item purchased, along with the price and the date and time of the purchase. The inventory database generates a management report notifying the store manager to reorder items that have fallen below the reorder quantity. The detailed purchases database can be used by the store or sold to marketing research firms or manufacturers for detailed sales analysis. See Figure 5.10.
Many grocery stores combine point-of-sale scanners and coupon printers. The systems are programmed so that each time a specific product—for exam- ple, a box of cereal—crosses a checkout scanner, an appropriate coupon, per- haps a milk coupon, is printed. Companies can pay to be promoted through the system, which is then programmed to print those companies’ coupons if the customer buys a competing brand. These TPSs help grocery stores increase profits by improving their repeat sales and bringing in revenue from other businesses.
Many mobile POS (point of sale) systems operate on iPads, iPhones, and iPod Touch devices. Some mobile POS systems include marketing tools that SMEs can use to thank first-time customers and send automated emails to longtime customer who have not visited recently.
Cloud-based POS systems provide a range of capabilities, including advanced integration with digital loyalty programs, various accounting tools, and the ability to generate gift cards and coupons. An SME can implement such a system for a few thousand dollars compared to more traditional cash register-based POS systems that can cost tens of thousands.54 The owners of The Creative Wedge, an artisan market that sells cheese and charcuterie along with craft beer and local wine, implemented a truly mobile POS system that allows them to sell product out of their store as well as at various local events, including farmer’s markets and festivals.55
FIGURE 5.10 Point-of-sale transaction processing system The purchase of items at the check- out stand updates a store’s inventory database and its database of purchases.
MIS/DSS Management reports
POS transaction processing system
Scanner
Item database
UPC
Quantity Date Time
Customer’s receipt
Inventory database
Purchases database
MIS/DSS
UP C a
nd qua
ntit y
Item, quantity date, time, price
Management reports
UPC Price, description
MIS/DSS Management reports
RFID A chip sending out radio waves
source data automation: Captur- ing data at its source and recording it accurately in a timely fashion, with minimal manual effort and in an elec- tronic or digital form so that it can be directly entered into the computer.
242 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Data Editing An important step in processing transaction data is to check data for validity and completeness to detect any problems, a task called data editing. For example, quantity and cost data must be numeric, and names must be alpha- betic; otherwise, the data is not valid. Often, the codes associated with an individual transaction are edited against a database containing valid codes. If any code entered (or scanned) is not present in the database, the transaction is rejected.
Data Correction It is not enough simply to reject invalid data. The system should also provide error messages that alert those responsible for editing the data. Error mes- sages must specify the problem so proper corrections can be made. A data correction involves reentering data that was not typed or scanned prop- erly. For example, a scanned UPC code must match a code in a master table of valid UPCs. If the code is misread or does not exist in the table, the check- out clerk is given an instruction to rescan the item or type the information manually.
Data Processing Another major activity of a TPS is data processing, performing calculations and other data transformations related to business transactions. Data processing can include classifying data, sorting data into categories, perform- ing calculations, summarizing results, and storing data in the organization’s database for further processing. In a payroll TPS, for example, data proces- sing includes multiplying an employee’s hours worked by the hourly pay rate. Overtime pay, federal and state tax withholdings, and deductions are also calculated.
Data Storage Data storage involves updating one or more databases with new transactions. After being updated, this data can be further processed by other systems so that it is available for management reporting and decision making. Thus, although transaction databases can be considered a by-product of transaction processing, they can significantly affect nearly all other information systems and decision-making processes within an organization.
Document Production Document production involves generating output records, documents, and reports. These can be hard-copy paper reports or displays on computer screens (sometimes referred to as soft copy). Printed paychecks, for example, are hard-copy documents produced by a payroll TPS, whereas an outstanding balance report for invoices might be an electronic report displayed by an accounts receivable TPS. Often, as shown earlier in Figure 5.6, results from one TPS flow downstream to become input to other systems, which might use the results of an inventory database update to create a stock exception report, a type of management report showing items with inventory levels below the specified reorder point.
In addition to major documents such as checks and invoices, most TPSs provide other useful management information, such as printed or on-screen reports that help managers and employees perform various activities. A report showing current inventory is one example; another might be a document list- ing items ordered from a supplier to help a receiving clerk check the order for completeness when it arrives. A TPS can also produce reports required by local, state, and federal agencies, such as statements of tax withholding and quarterly income statements.
data editing: Checking data for validity and completeness to detect any problems.
data correction: Reentering data that was not typed or scanned properly.
data processing: Performing cal- culations and other data transforma- tions related to business transactions.
data storage: Updating one or more databases with new transactions.
document production: Generating output records, documents, and reports.
CHAPTER 5 • Electronic Commerce and Enterprise Systems 243
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
TPS Needed to Support Small Business Cal is setting up a small business to prep, cook, and deliver healthy and nutrition- ally balanced meals to customers in his local area. Cal meets with prospective cus- tomers to acquaint them with the program, discuss their eating habits and nutritional needs, and help them select from one of several menus (vegetarian, gluten free, low carb but high protein) that meets their needs. Twice a week Cal and his workers buy food ingredients based on what has been ordered. They then cook three or four days of meals for each customer and seal them in airtight bags for reheating. Deliveries are made twice a week. All the customer has to do is take the bag from the refrigerator and pop it into the microwave for 60 seconds.
Business has really taken off and Cal has had to hire two part-time cooks and two part-time delivery people. Cal has been so busy lining up new customers, shopping, and cooking that he has not had time to carefully track all his expenses. He pays his workers in cash, but realizes he will need to set up a for- mal payroll system and start deducting for taxes, social security, and Medicaid. Cal also wishes he had some sort of system that could help him better plan the kinds and amounts of ingredients needed based on customer orders. As it is, he usually purchases too much of the various ingredients and ends up giving left- overs away at the free store.
Review Questions 1. What kind of transaction processing systems does Cal need to manage and
support the basic functions of his business? 2. Identify six specific tasks that the TPS must perform to meet his needs.
Critical Thinking Questions 1. Should Cal consider developing his own programs using spreadsheet and
database software or should he purchase an integrated package to meet his needs?
2. Business is going so well that Cal is thinking of expanding the scope of his business to include catering for weddings, parties, and various business func- tions. As the scope of his business expands, how might this impact the choice of transaction processing systems?
Enterprise Systems
An enterprise system is central to individuals and organizations of all sizes and ensures that information can be shared with authorized users across all business functions and at all levels of management to support the running and managing of a business. Enterprise systems employ a database of key operational and planning data that can be shared by all, eliminating the pro- blems of missing information and inconsistent information caused by multiple transaction processing systems that each support only one business function or one department in an organization. Examples of enterprise systems include enterprise resource planning systems that support supply chain processes, such as order processing, inventory management, and purchasing, and cus- tomer relationship management systems that support sales, marketing, and customer service-related processes.
Businesses rely on enterprise systems to perform many of their daily activities in areas such as product supply, distribution, sales, marketing, human resources, manufacturing, accounting, and taxation so that work can be performed quickly without waste or mistakes. Without such systems, recording and processing business transactions would consume huge amounts
enterprise system: A system cen- tral to the organization that ensures information can be shared with autho- rized users across all business func- tions and at all levels of management to support the running and managing of a business.
244 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
of an organization’s resources. This collection of processed transactions also forms a storehouse of data invaluable to decision making. The ultimate goal of such systems is to satisfy customers and provide significant benefits by reducing costs and improving service.
Enterprise Resource Planning Enterprise resource planning (ERP) is a set of integrated programs that man- age a company’s vital business operations for an entire organization, even a complex, multisite, global organization. Recall that a business procedure is a set of coordinated and related activities that takes one or more types of input and creates an output of value to the customer of that procedure. The cus- tomer of the procedure might be a traditional external business customer who buys goods or services from the firm. An example of such a procedure is capturing a sales order, which takes customer input and generates an order. The customer in a business procedure might also be an internal cus- tomer, such as an employee in another department of the firm. For example, the shipment process generates the internal documents workers need in the warehouse and shipping departments to pick, pack, and ship orders. At the core of the ERP system is a database that is shared by all users so that all busi- ness functions have access to current and consistent data for operational deci- sion making and planning, as shown in Figure 5.11.
Advantages of ERP Increased global competition, new needs of executives for control over the total cost and product flow through their enterprises, and ever- more-numerous customer interactions drive the demand for enterprise-wide access to real-time information. ERP offers integrated software from a single vendor to help meet those needs. The primary benefits of implementing ERP include improved access to quality data for operational decision making, elim- ination of costly, inflexible legacy systems, improvement of work processes, and the opportunity to upgrade and standardize technology infrastructure. ERP vendors have also developed specialized systems that provide effective solutions for specific industries and market segments.
Improved Access to Quality Data for Operational Decision Making ERP systems operate via an integrated database, using one set of data to sup- port all business functions. For example, the systems can support decisions on optimal sourcing or cost accounting for the entire enterprise or business units. With an ERP system, data is integrated from the start, eliminating the need to gather data from multiple business functions and/or reconcile data from more than one application. The result is an organization that looks
FIGURE 5.11 Enterprise resource planning system An ERP integrates business pro- cesses and the ERP database.
Production and supply chain management
Customer relationship management and sales ordering
Financial and managerial accounting
ERP database(s)
CHAPTER 5 • Electronic Commerce and Enterprise Systems 245
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
seamless, not only to the outside world but also to the decision makers who are deploying resources within the organization. Data is integrated to facilitate operational decision making and allows companies to provide better customer service and support, strengthen customer and supplier relationships, and gen- erate new business opportunities. To ensure that an ERP system contributes to improved decision making, the data used in an ERP system must be of high quality.
Women’s World Banking is a global nonprofit focused on providing low- income women access to the financial tools and resources they need to build secure and prosperous lives. The organization works through a network of 40 institutions in 29 countries to create new financial products that must meet the needs of women in each of its markets while also being sustainable for its partner financial institutions.56 Women’s World Banking needs access to detailed transaction information so it can maintain complete transparency into its balances by entity, donor, and grant—even down to the project level. To accomplish this, the organization previously utilized two stand-alone sys- tems that often gave front and back office staff very different views of the organization’s key performance metrics, resulting in time-consuming data entry and reconciliation between the two systems. To streamline its opera- tions, Women’s World Banking implemented an ERP system that provides it with access to the data it needs to apply for new funding grants, quickly and accurately report on existing grants, and make decisions regarding invest- ments in new business development opportunities. Since its ERP roll-out, the organization has cut 200 hours of accounts payable and grant-reporting time annually, reduced data entry by 14 hours per month, and gained greater visi- bility into its spending across multiple entities, grants, donors, and projects.57
Elimination of Costly, Inflexible Legacy Systems Adoption of an ERP system enables an organization to eliminate dozens or even hundreds of separate systems and replace them with a single integrated set of applications for the entire enterprise. In some cases, these systems are decades old, the original developers are long gone, and the systems are poorly documented. As a result, the systems are extremely difficult to fix when they break, and adapting them to meet new business needs takes too long. They become an anchor around the organization that keeps it from moving ahead and remaining competitive. An ERP system helps match the capabilities of an organization’s information systems to its business needs— even as these needs evolve.
Steinwall Scientific is a Minnesota-based precision thermoplastic injec- tion molder specializing in manufacturing plastic parts using engineering- grade resins. The company, which has been in business for more than 45 years, employs 110 employees and has facilities that including manufactur- ing and warehouse space spread across five acres.58 For many years, most aspects of the company’s business were managed using an outdated proprie- tary system that had been originally programmed by the company’s presi- dent as a simple inventory management program. In addition to its internally developed system, Steinwall was also using a separate IBM accounting software program. However, the company’s two main systems were unable to communicate with each other, creating ongoing data entry errors and significant manufacturing bottlenecks as the company worked to take on new clients. Ultimately, Steinwall made the choice to upgrade its system to a single-database manufacturing ERP system. Over the course of six months, Steinwall gradually moved all of its processing tasks, along with all of its data, to the new system. Among the many benefits that Steinwall has experienced after moving all of its business functions to its new ERP sys- tem are improved inventory control, enhanced warehouse management, and a greater efficiency across all its departments.59
246 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Improvement of Work Processes Competition requires companies to structure their business processes to be as effective and customer oriented as possible. To further that goal, ERP vendors do considerable research to define the best business processes. They gather requirements of leading organizations within the same industry and combine them with findings from research institutions and consultants. The individual application modules included in the ERP system are then designed to support these best practices, the most efficient and effective ways to complete a busi- ness process. Thus, implementation of an ERP system ensures work processes will be based on industry best practices. For example, for managing customer payments, the ERP system’s finance module can be configured to reflect the most efficient practices of leading companies in an industry. This increased efficiency ensures that everyday business operations follow the optimal chain of activities, with all users supplied the information and tools they need to complete each step.
Prime Meats has been providing high-quality, aged steaks to steakhouses and restaurants around the country for more than 20 years. Recently, the Atlanta-based company also began offering its USDA Prime and Choice qual- ity steaks directly to consumers through its e-commerce Web site. The com- pany found success with its new business model, but it also found challenges as it existing systems were unable to keep up with the company’s growth. To overcome these challenges, Prime Meats implemented an ERP system that offered the company a flexible, fully integrated end-to-end business and accounting software along with prepackaged industry best practice functional- ity for handling the specific pricing, packaging, and delivery requirements of an online meat business.60,61
Opportunity to Upgrade and Standardize Technology Infrastructure When implementing an ERP system, an organization has an opportunity to upgrade the information technology (such as hardware, operating systems, and databases) that it uses. While centralizing and formalizing these decisions, the organization can eliminate the hodgepodge of multiple hardware plat- forms, operating systems, and databases it is currently using—most likely from a variety of vendors. Standardizing on fewer technologies and vendors reduces ongoing maintenance and support costs as well as the training load for those who must support the infrastructure.
Whirlpool is the world’s leading manufacturer of home appliances, with over 97,000 employees and $20 billion in sales generated from operations in 170 countries.62 While the company has utilized a collection of ERP systems across its global operations for years, the company recently undertook a complete overhaul of all its ERP infrastructure, with the goal of creating a new operational backbone that will support the company’s growth for the next decade. As the company moves forward with its implementation of next-generation SAP ERP software, the company is also updating its ERP infrastructure to a hybrid cloud system hosted by IBM. As part of the proj- ect, Whirlpool’s IT team is also spending time cleaning up duplicate and inaccurate data, a result of years of cumulative and regionalized ERP system customizations.63
Leading ERP Systems ERP systems are commonly used in manufacturing companies, colleges and universities, professional service organizations, retailers, and healthcare orga- nizations. The business needs for each of these types of organizations varies greatly. In addition, the needs of a large multinational organization are far dif- ferent from the needs of a small, local organization. Thus, no one ERP soft- ware solution from a single vendor is “best” for all organizations. To help
best practices: The most efficient and effective ways to complete a busi- ness process.
CHAPTER 5 • Electronic Commerce and Enterprise Systems 247
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
simplify comparisons, ERP vendors are classified as Tier I, II, or III according to the type of customers they target.64
● Tier I vendors target large multinational firms with multiple geographic locations and annual revenues in excess of $1 billion. Tier I ERP system solutions are highly complex and expensive to implement and support. Implementation across multiple locations can take years. The primary Tier I vendors are Oracle and SAP.
● Tier II vendors target medium-sized firms with annual revenues in the $50 million to $1 billion range operating out of one or more locations. Tier II solutions are much less complex and less expensive to implement and support. There are two dozen or more Tier II vendors, including Oracle, SAP, Microsoft, Infor, Epicor, and Lawson.
● Tier III vendors target smaller firms with annual revenues in the $10 mil- lion to $50 million range that typically operate out of a single location. Tier III solutions are comparatively easy and inexpensive to implement and support. There are dozens of Tier III vendors, including Abas, Blue- bee Software, Cincom Systems, Compiere, ESP Technologies, Frontier Software, GCS Software, Microsoft, Netsuite, PDS, Plex, and Syspro. Many of the Tier I and Tier II vendors also offer solutions for smaller firms. See Figure 5.12.
Smaller organizations moved to ERP systems about 10 years after larger organizations did. The smaller firms simply could not afford the investment required in hardware, software, and people to implement and support ERP. However, ERP software vendors gradually created new ERP solutions with much lower start-up costs and faster, easier implementations. Some ERP ven- dors introduced cloud-based solutions, which further reduced the start-up costs by avoiding the need to purchase expensive ERP software and make major hardware upgrades. Instead, with a cloud-based solution, organizations could rent the software and run it on the vendor’s hardware. Plex and Net- Suite are two of the many cloud-based ERP solutions that enable users to access an ERP application using a Web browser and avoid paying for and maintaining expensive hardware.
FIGURE 5.12 ERP software Microsoft Dynamics is an ERP solu- tion that is very popular among small businesses. Mi
cr os of t pr od uc t sc re en sh ot s us ed
w ith
pe rm is si on
fr om
M ic ro so ft Co rp or at io n
248 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
As an alternative, many organizations elect to implement open-source ERP systems from vendors such as Compiere. With open-source software, organi- zations can see and modify the source code to customize it to meet their needs. Such systems are much less costly to acquire and are relatively easy to modify to meet business needs.
Organizations frequently need to customize the vendor’s ERP software to integrate other business systems, to add data fields or change field sizes, or to meet regulatory requirements. A wide range of software service organiza- tions can perform the system development and maintenance.
Customer Relationship Management A customer relationship management (CRM) system helps a company man- age all aspects of customer encounters, including marketing, sales, distribution, accounting, and customer service. See Figure 5.13. Think of a CRM system as an address book with a historical record of all the organization’s interactions with each customer. The goal of CRM is to understand and anticipate the needs of current and potential customers to increase customer retention and loyalty while optimizing the way that products and services are sold. CRM is used primarily by people in the sales, marketing, distribution, accounting, and service organizations to capture and view data about customers and to improve communications. Businesses implementing CRM systems often report benefits such as improved customer satisfaction, increased customer retention, reduced operating costs, and the ability to meet customer demand.
CRM software automates and integrates the functions of sales, marketing, and service in an organization. The objective is to capture data about every contact a company has with a customer through every channel and to store it in the CRM system so that the company can truly understand customer
FIGURE 5.13 Customer relationship management system A CRM system provides a central repository of customer data used by the organization.
Social media
Customer data
Means of communication
Users and providers of customer data
Text messages
Distribution
Accounting
Marketing Customer
service
Sales
Customers
In-person contacts
Phone calls
customer relationship manage- ment (CRM) system: A system that helps a company manage all aspects of customer encounters, including mar- keting, sales, distribution, accounting, and customer service.
CHAPTER 5 • Electronic Commerce and Enterprise Systems 249
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
actions. CRM software helps an organization build a database about its custo- mers that describes relationships in sufficient detail so that management, salespeople, customer service providers, and even customers can access infor- mation to match customer needs with product plans and offerings, remind them of service requirements, and report on the other products the customers have purchased.
Small, medium, and large organizations in a wide variety of industries choose to implement CRM for many reasons, depending on their needs. Con- sider the following examples:
● Expensify is a financial services firm that provides online expense- management services for customers around the world. The company has grown quickly since it was founded in San Francisco in 2008, and it recently opened a London office to support its expansion into the Euro- pean market. As a start-up, Expensify’s initial attempts at CRM were built around an Excel spreadsheet. Before long, the company shifted to Google Apps’ CRM tools, but soon found those could not handle its increasing volume of customer data. Eventually, the company implemented a cus- tomizable CRM system that provides all the tools Expensify’s sales and customers service teams require—without the need to manage and coor- dinate workflows in other systems. Expensify’s top priorities for a CRM system included automated and customizable lead-prioritization tools, the ability to track all sales communication within one system, and the ability to generate in-depth reports to identify areas of opportunity within a geo- graphic region as well as for individual salespeople.65
● TUMI luggage, handbags, and travel accessories are available through a global network of 100 company-owned stores as well as department and specialty stores in over 70 countries. Since it started in 1965, TUMI has placed a priority on offering a wide selection of high-quality business and travel products. Although TUMI’s culture is focused on providing world- class service, the company’s outdated systems were getting in the way of its relationships with both wholesale and retail customers. For instance, tracking an order or a repair job for a customer typically meant putting a caller on hold and calling the warehouse for an update. To address its customer service issues, TUMI chose to implement a CRM application that was integrated with a comprehensive ERP system designed to help the company improve its inventory tracking, sales forecasting, and financial reporting. Now, TUMI’s customer service team is able to quickly provide customers with precise real-time information about order and repair sta- tus. And because TUMI tracks individual customer purchases using the CRM software, it is better able to keep up with market trends and respond to customers’ changing needs—all of which have helped drive a 20 percent increase in sales since the system was implemented.66
● The American Red Cross was founded in 1881 by Clara Barton as a non- profit, humanitarian organization. Today, the organization relies on 35,000 employees and more than 500,000 volunteers to deliver a range of services across the United States, including providing relief to people affected by disasters, supporting members of the military and their fami- lies, and collecting, processing, and distributing blood supplies. The Red Cross uses a cloud-based CRM platform from Salesforce to manage its relationships with its large network of financial donors, volunteers, blood donors, and recipients. Because its CRM system is cloud-based, Red Cross volunteers and employees can quickly access the data and services required to get the organization’s operations up and running during a disaster. The Red Cross has integrated social networking tools into its CRM system, providing the organization with new channels to connect with volunteers and donors as well as new tools for delivering
250 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
disaster-relief updates to the public, soliciting financial and volunteer help, and helping people affected by a disaster communicate with family and friends.67,68
The key features of a CRM system include the following:
● Contact management. The ability to track data on individual customers and sales leads and then access that data from any part of the organiza- tion. See Figure 5.14, which shows the SAP Contact Manager.
● Sales management. The ability to organize data about customers and sales leads and then to prioritize the potential sales opportunities and identify appropriate next steps.
● Customer support. The ability to support customer service representa- tives so that they can quickly, thoroughly, and appropriately address cus- tomer requests and resolve customer issues while collecting and storing data about those interactions.
● Marketing automation. The ability to capture and analyze all customer interactions, generate appropriate responses, and gather data to create and build effective and efficient marketing campaigns.
● Analysis. The ability to analyze customer data to identify ways to increase revenue and decrease costs, identify the firm’s “best customers,” and determine how to retain and find more of them.
● Social networking. The ability to create and join sites such as Facebook, where salespeople can make contacts with potential customers.
● Access by mobile devices. The ability to access Web-based customer relationship management software by smartphones, tablets, and other mobile devices.
● Import contact data. The ability for users to import contact data from various data service providers that can be downloaded for free directly into the CRM application.
The focus of CRM involves much more than installing new software. Mov- ing from a culture of simply selling products to placing the customer first is essential to a successful CRM deployment. Before any software is loaded onto
FIGURE 5.14 SAP Contact Manager Contact management involves tracking data on individual custo- mers and sales leads and accessing that data from any part of the organization. Source: © SAP AG
CHAPTER 5 • Electronic Commerce and Enterprise Systems 251
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
a computer, a company must retrain employees. Who handles customer issues and when must be clearly defined, and computer systems need to be inte- grated so that all pertinent information is available immediately, whether a customer calls a sales representative or a customer service representative.
Nu Skin Enterprises is a $2 billion direct sales organization that develops and distributes nutritional supplements and personal care products through a network of more than 5,000 independent sales distributors. The company’s 250 call center agents are the key point of contact between the company and its customers and distributors; however, rapid turnover of call center staff and three disconnected customer contact tools meant that many customers became quickly frustrated during their interactions with the company. A solution to Nu Skin’s customer service challenges came in the form of a CRM system from SAP, which was integrated with the company’s existing SAP ERP system to provide agents immediate access to customer sales histories. Nu Skin call center employees now use the system’s customer interaction center and order management tools to resolve callers’ queries more quickly, and with frustra- tion levels down—for both agents and customers—agents have been able to focus on developing stronger relationship with customers and distributors and increasing sales.69,70
Table 5.8 lists a few highly rated CRM systems.71
Due to the popularity of mobile devices, shoppers can easily compare products and prices on their mobile phones and instantly tweet their experi- ences with a brand to dozens of friends. Savvy retailers today use their CRM systems to stay on top of what these customers are saying on social networks. For instance, Wells Fargo Bank uses social media to keep track of what its customers are saying and then responds quickly to their issues and questions to improve customer satisfaction.72
Most CRM systems can now be accessed via smartphones to gain work with the most current customer information even while on the move. How- ever, in a recent survey, just under 25 percent of salespeople who have a smartphone use it to access their firm’s CRM system. Another 10 percent of salespeople worked for a company whose CRM system did not allow mobile access.73
Product Lifecycle Management (PLM) Product lifecycle management (PLM) is an enterprise business strategy that creates a common repository of product information and processes to support the collaborative creation, management, dissemination, and use of product and packaging definition information.
Product lifecycle management (PLM) software provides a means for managing the data and processes associated with the various phases of the product life cycle, including sales and marketing, research and development, concept development, product design, prototyping and testing, manufacturing
TABLE 5.8 Highly rated CRM systems Vendor/Product Select Customers Pricing Starts At
Infusionsoft CRM Clean Corp, Swim Fitness $67 per user/month
OnContact CRM 7 Prudential, Carfax $50 per user/month
Oracle Marketing Cloud Bass Pro Shops, Whole Foods $80 per user/month
Prophet CRM AT&T, Century 21 $24 per user/month
Sage Software CRM Panasonic, Lockheed Martin $39 per user/month
Salesforce Sales Cloud Dell, Dr. Pepper, Snapple $5 per user/month
product lifecycle management (PLM): An enterprise business strat- egy that creates a common repository of product information and processes to support the collaborative creation, management, dissemination, and use of product and packaging definition information.
product lifecycle management (PLM) software: Software that pro- vides a means for managing the data and processes associated with the various phases of the product life cycle, including sales and marketing, research and development, concept development, product design, proto- typing and testing, process design, production and assembly, delivery and product installation, service and sup- port, and product retirement and replacement.
252 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
process design, production and assembly, delivery and product installation, service and support, and product retirement and replacement. See Figure 5.15. As products advance through these stages, product data is gener- ated and distributed to various groups both within and outside the manufacturing firm. This data includes design and process documents, bill of material definitions, product attributes, product formulations, and documents needed for FDA and environmental compliance. PLM software provides sup- port for the key functions of configuration management, document manage- ment, engineering change management, release management, and collaboration with suppliers and original equipment manufacturers (OEMs).
The scope of PLM software may include computer-aided design, computer-aided engineering, and computer-aided manufacturing. Computer- aided design (CAD) is the use of software to assist in the creation, analysis, and modification of the design of a component or product. Its use can increase the productivity of the designer, improve the quality of design, and create a database that describes the item. This data can be shared with others or used in the machining of the part or in other manufacturing operations. Computer-aided engineering (CAE) is the use of software to analyze the robustness and performance of components and assemblies. CAE software supports the simulation, validation, and optimization of products and manufacturing tools. CAE is extremely useful to design teams in evaluating and decision making. Computer-aided manufacturing (CAM) is the use of
Sales & marketing
Research & development
Concept development
Product design
Prototype & test
Process design
Production &
assembly
Product delivery & installation
Service & support
Retire & replace
PLM software supports the product development lifecycle
FIGURE 5.15 Scope of PLM software Using PLM software, organizations can manage the data and processes associated with the various phases of the product life cycle.
computer-aided design (CAD): The use of software to assist in the creation, analysis, and modification of the design of a component or product.
computer-aided engineering (CAE): The use of software to analyze the robustness and performance of components and assemblies.
computer-aided manufacturing (CAM): The use of software to control machine tools and related machinery in the manufacture of components and products.
CHAPTER 5 • Electronic Commerce and Enterprise Systems 253
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
software to control machine tools and related machinery in the manufacture of components and products. The model generated in CAD and verified in CAE can be input into CAM software, which then controls the machine tool. See Figure 5.16.
Some organizations elect to implement a single, integrated PLM system that encompasses all the phases of the product life cycle with which it is most concerned. Other organizations choose to implement multiple, separate PLM software components from different vendors over time. This piecemeal approach enables an organization to choose the software that best meets it needs for a particular phase in the product life cycle. It also allows for incre- mental investment in the PLM strategy. However, it may be difficult to link all the various components together in such a manner that a single comprehen- sive database of product and process data is created.
Use of an effective PLM system enables global organizations to work as a single team to design, produce, support, and retire products, while capturing best practices and lessons learned along the way.74 PLM powers innovation and improves productivity by connecting people across global product devel- opment and manufacturing organizations with the product and process knowledge they need to succeed. See Figure 5.17.
FIGURE 5.16 CAD, CAE, and CAM software In manufacturing, the model gener- ated in CAD and verified in CAE can be entered into CAM software, which then controls the machine tool to manufacture the product.
CAD CAE
Create, analyze, modify design
Simulate, validate optimize, design
Use digital design to control machine tools
PLM
CAM
FIGURE 5.17 PLM business strategy PLM powers innovation and improves productivity.
Mechanical engineers
Chemical engineers
Market research analyst
Director of engineering
Package designer
Manufacturing
Production planner
Purchasing agent
Product designer
Sales
254 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
PLM software and its data are used by both internal and external users. Internal users include engineering, operations and manufacturing, procure- ment and sourcing, manufacturing, marketing, quality assurance, customer service, regulatory, and others. External users include the manufacturer’s design partners, packaging suppliers, raw material suppliers, and contract manufacturers. These users must collaborate to define, maintain, update, and securely share product information throughout the life cycle of the product. Frequently, these external users are asked to sign nondisclosure agreements to reduce the risk of proprietary information being shared with competitors.
Based in Fort Collins, Colorado, Water Pik develops and sells a variety of personal and oral healthcare products under the Waterpik brand. The com- pany prides itself on innovation and since its founding in 1962, Water Pik has acquired over 500 patents. Over time, the company’s approach to managing its product information through traditional directory structures on file systems was resulting in an increasing number of inefficiencies in Water Pik’s develop- ment and manufacturing processes. To better manage its CAD product data, Water Pik chose to implement SofTech’s ProductCenter PLM software. The company now uses the software to manage product information—which is secured through permissions—for three of its four main product lines. Water Pik also uses the software to manage all of its business processes, which are automatically set to expire every two years, triggering a review and update process that helps the company ensure that its procedures are current and compliant with various industry standards.75,76
Table 5.9 presents a list of some of the top-rated PLM software products (in alphabetic order) according to a 2013 report by Business-Software.com.77
Table 5.10 outlines the benefits a business can realize when using a PLM system effectively.
TABLE 5.9 Highly rated PLM software products
Organization Primary PLM Software Product Technology Model Select Customers
Arena Cloud PLM Cloud-based solution SiriusXM, SunLink
Infor Optiva On-premise solution Henkel, Sypris
Integware Enovia Collabora- tive PLM
On-premise solution Cummins, Steelcase
PTC Windchill SaaS solution Medco Equipment, InterComm
SAP PLM On-premise solution Porsche, Anadarko Petroleum
Siemens Teamcenter On-premise solution Procter & Gamble, BAE Systems
SofTech ProductCenter PLM SaaS solution Hayward Tyler Motors, Monarch Hydraulics
Sopheon Accolade Cloud-based solution PepsiCo, ConAgra
TABLE 5.10 Benefits of a PLM system Benefit How Achieved
Reduce time to market
● By connecting design, research and development, procurement, manufacturing, and customer service seamlessly through a flexible collaboration environment
● By improving collaboration among the organization and its suppliers, contract manufacturers, and OEMs
Reduce costs ● By reducing prototyping costs through the use of software simulation ● By reducing scrap and rework through improved processes ● By reducing the number of product components through standardization
Ensure regulatory compliance
● By providing a secure repository, tracking and audit trails, change and document management controls, workflow and communications, and improved security
CHAPTER 5 • Electronic Commerce and Enterprise Systems 255
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Industrial Control Associates Inc. (ICA) specializes in providing engineer- ing, design, construction, and start-up support services for programmable logic control (PLC) systems for government agencies and industrial clients in the Southeast and abroad. Its diverse client base includes the Department of Energy, DuPont Chemical, Procter & Gamble Paper Products, and Tyson Foods. ICA uses Siemens PLM software—which serves as a repository for all of the company’s product data—to manage its product design processes, improve the quality of its drawings and bills of materials (BOMs), and increase the accuracy of its machine designs. The software also provides Web-based collaboration tools that make it easy for ICA and its clients to work together throughout the design process, cutting down on redesign work and increasing customers’ confidence in ICA’s design process. Since implementing the Siemens’ software, the company has achieved a 30 percent reduction in the time it takes to complete a job and has cut its remanufactur- ing rate from 20 percent down to 2 percent.78,79
Overcoming Challenges in Implementing Enterprise Systems Implementing an enterprise system, particularly for a large organization, is extremely challenging and requires tremendous amounts of resources, the best IS and businesspeople, and plenty of management support. In spite of all this, many enterprise system implementations fail, and problems with an enterprise system implementation can require expensive solutions. For exam- ple, H.B. Fuller, a large U.S. industrial adhesives and sealants manufacturer, was awarded $14 million in an arbitration case against consulting agency Accenture in connection with a failed companywide SAP ERP system imple- mentation. Problems with the system became apparent almost as soon as it was implemented, which was behind schedule. In addition to the $60 million in planned capital expenditures, Fuller spent over $8 million in the first two months after the system was launched to address problems related to the implementation.80
Half of nearly 200 ERP implementations worldwide evaluated by Pano- rama, an ERP consulting firm, were judged to be failures. Table 5.11 lists and describes the most significant challenges to successful implementation of an enterprise system.81
TABLE 5.11 Challenges to successful enterprise system implementation Challenge Description
Cost and disruption of upgrades
Most companies have other systems that must be integrated with the enterprise system, such as financial analysis programs, e-commerce operations, and other applications that communicate with suppliers, customers, distributors, and other business partners. Integration of multiple sys- tems adds time and complexity to an ERP implementation.
Cost and long implementation lead time
The average ERP implementation cost is $5.5 million with an average project duration of just over 14 months.
Difficulty in manag- ing change
Companies often must radically change how they operate to conform to the enterprise work processes. These changes can be so drastic to longtime employees that they depart rather than adapt to the change, leaving the firm short of experienced workers.
Management of software customization
The base enterprise system may need to be modified to meet mandatory business requirements. System customizations can become extremely expensive and further delay implementation.
User frustration with the new system
Effective use of an enterprise system requires changes in work processes and in the details of how work gets done. Many users initially balk at these changes and require extensive training and encouragement.
256 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
The following list provides tips for avoiding many common causes for failed enterprise system implementations:
● Assign a full-time executive to manage the project. ● Appoint an experienced, independent resource to provide project over-
sight and to verify and validate system performance. ● Allow sufficient time to transition from the old way of doing things to the
new system and new processes. ● Allocate sufficient time and money for training staff; many project man-
agers recommend budgeting 30 to 60 days per employee for training. ● Define metrics to assess project progress and to identify project-related risks. ● Keep the scope of the project well defined and contained to essential
business processes. ● Be wary of modifying the enterprise system software to conform to your
firm’s business practices.
Hosted Software Model for Enterprise Software Many business application software vendors are pushing the use of the hosted software model. The goal is to help customers acquire, use, and benefit from the new technology while avoiding much of the associated complexity and high start-up costs. Applicor, Intacct, NetSuite, SAP, and Workday are among the software vendors who offer hosted versions of their ERP or CRM software at a cost of $50 to $200 per month per user.
This pay-as-you-go approach is appealing because organizations can experiment with powerful software capabilities without making a major finan- cial investment. Organizations can then dispose of the software without large investments if the software fails to provide value or otherwise misses expecta- tions. Also, using the hosted software model means the business firm does not need to employ a full-time IT person to maintain key business applications. The business firm can expect additional savings from reduced hardware costs and costs associated with maintaining an appropriate computer environment (such as air conditioning, power, and an uninterruptible power supply).
Table 5.12 lists the advantages and disadvantages of hosted software.
LoneStar Heart is a California company that researches and develops restorative therapies and technologies for patients with advanced heart fail- ure. In its early years as a start-up company, LoneStar relied on a paper-based approach to document control that resulted in researchers spending extensive time searching and managing product documentation—taking them away from their critical design and development work. To gain efficiencies in its development processes and free up time for its research and development team, LoneStar eventually decided to implement a cloud-based PLM that would support employees in the company’s facilities as well as those who work remotely. The PLM system from Omnify Software provides LoneStar
TABLE 5.12 Advantages and disadvantages of hosted software model Advantages Disadvantages
Decreased total cost of ownership
Potential availability and reliability issues
Faster system start-up Potential data security issues
Lower implementation risk Potential problems integrating the hosted products of different vendors
Management of systems outsourced to experts
Savings anticipated from outsourcing may be off- set by increased effort to manage vendor
CHAPTER 5 • Electronic Commerce and Enterprise Systems 257
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
with a secure, yet easily accessible centralized product information database and the tools it requires to maintain compliant with the extensive set of FDA regulations governing its work. By using a cloud-based PLM, LoneStar was able to avoid close to $40,000 in server installation and maintenance costs annually.82,83
Implementing CRM iProspect is a global digital performance marketing firm. It works to increase Web site traffic for its clients through services such as search engine optimization, lead generation, Web site analytics, and Web site conversion enhancement. Its clients include such firms as Adidas, American Express, Coca-Cola, Ford Motor Company, General Motors, and Sharp Electronics. The firm needs a formal means of captur- ing information about its customers and their interactions with the company. It also hopes to implement a CRM system that will capture its best business practices to enable it to build on sales and customer satisfaction successes.
Review Questions 1. What specific tasks must this CRM software perform? 2. What are the potential benefits that iProspect might capture from use of a
CRM system?
Critical Thinking Questions 1. The CFO has asked you to lead a team to assess the potential benefits associ-
ated with this system. Who would you choose to make up this team (job title and organization)? How could your team attempt to quantify the potential benefits of such a system?
2. What are the pros and cons of choosing a hosted software solution to “test drive” a potential CRM solution?
Summary
Principle: Electronic commerce is evolving, providing new ways of conducting busi- ness that presents both potential benefits and problems.
Electronic commerce is the conducting of business activities (e.g., distribu- tion, buying, selling, marketing, and servicing of products or services) electron- ically over computer networks. Business-to-business (B2B) e-commerce allows manufacturers to buy at a low cost worldwide, and offers enterprises the chance to sell to a global market. Currently, the greatest dollar volume of e-commerce sales falls under the category of B2B e-commerce. Business- to-consumer (B2C) e-commerce enables organizations to sell directly to consu- mers, eliminating intermediaries. In many cases, this practice squeezes costs and inefficiencies out of the supply chain and can lead to higher profits and lower prices for consumers. Consumer-to-consumer (C2C) e-commerce involves consumers selling directly to other consumers. Online auctions are the chief method by which C2C e-commerce is currently conducted. E-government involves the use of information and communications technology to simplify the sharing of information, speed formerly paper-based processes, and improve the relationship between citizens and government.
Mobile commerce is the use of mobile devices such as tablets and smart- phones to facilitate the sale of goods or services—anytime and anywhere. Mobile commerce is a rapidly growing segment of e-commerce, with Japan,
258 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
the United Kingdom, and South Korea leading the world in m-commerce growth. The market for m-commerce in North America is growing rapidly because of advances in wireless broadband technologies, the development of new and powerful applications, and the availability of less costly but more powerful smartphones. Numerous retailers have established special Web sites for users of mobile devices.
Conversion to an e-commerce or m-commerce system enables organiza- tions to reach new customers, reduce the cost of doing business, speed the flow of goods and information, increase the accuracy of order-processing and order fulfillment, and improve the level of customer service.
A firm faces three key challenges when converting its business processes from the traditional form to e-commerce processes: (1) dealing effectively with consumer privacy concerns, (2) successfully overcoming consumers’ lack of trust, and (3) overcoming global issues.
E-commerce and m-commerce also enable consumers and companies to gain access to worldwide markets. They offer great promise for developing countries, enabling them to enter the prosperous global marketplace and hence helping to reduce the gap between rich and poor countries.
Because e-commerce and m-commerce are global systems, they face cul- tural, language, time and distance, infrastructure, currency, product and ser- vice, and state, regional, and national law challenges.
Many manufacturers are joining electronic exchanges, where they can work with competitors and suppliers to buy and sell goods, trade market information, and run back-office operations, such as inventory control. They are also using e-commerce to improve the efficiency of the selling pro- cess by moving customer queries about product availability and prices online.
The Web allows firms to gather much more information about customer behavior and preferences than they could using other marketing approaches. This new technology has greatly enhanced the practice of market segmentation and has enabled many companies to establish closer relationships with their customers.
The Internet has revolutionized the world of investment and finance, espe- cially online stock trading and online banking. The Internet has also created many options for electronic auctions, where geographically dispersed buyers and sellers can come together.
The numerous m-commerce applications include advertising, bartering, retargeting, price comparison, couponing, investment and finance, and banking.
Principle: E-commerce and m-commerce require the careful planning and integra- tion of a number of technology infrastructure components.
A number of infrastructure components must be chosen and integrated to support a large volume of transactions with customers, suppliers, and other business partners worldwide. These components include hardware, Web server software, and e-commerce software.
M-commerce presents additional infrastructure challenges, including improving the ease of use of wireless devices, addressing the security of wire- less transactions, and improving network speed.
Electronic payment systems are a key component of the e-commerce infra- structure. A digital certificate is an attachment to an email message or data embedded in a Web page that verifies the identity of a sender or a Web site. To help prevent the theft of credit card numbers and banking information, the Transport Layer Security (TLS) communications protocol is used to secure all sensitive data. Several electronic cash alternatives require the purchaser to
CHAPTER 5 • Electronic Commerce and Enterprise Systems 259
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
open an account with an electronic cash service provider and to present proof of identity whenever payments are to be made. Payments can also be made by credit, charge, debit, smart cards, and p-cards. Retail and banking industries are developing means to enable payments using the cell phone like a credit card.
Principle: An organization must have information systems that support routine, day- to-day activities and that help a company add value to its products and services.
Transaction processing systems (TPSs) are at the heart of most information systems in businesses today. A TPS is an organized collection of people, pro- cedures, software, databases, and devices used to capture fundamental data about events that affect the organization (transactions) and that use that data to update the official records of the organization.
The methods of TPSs include batch and online processing. Batch proces- sing involves the collection of transactions into batches, which are entered into the system at regular intervals as a group. Online transaction processing (OLTP) allows transactions to be processed as they occur.
Organizations expect TPSs to accomplish a number of specific objectives, including processing data generated by and about transactions, maintaining a high degree of accuracy and information integrity, compiling accurate and timely reports and documents, increasing labor efficiency, helping provide increased and enhanced service, and building and maintaining customer loy- alty. In some situations, an effective TPS can help an organization gain a com- petitive advantage.
Order processing systems capture and process customer order data—from the receipt of the order through creation of a customer invoice.
Accounting systems track the flow of data related to all the cash flows that affect the organization.
Purchasing systems support the inventory control, purchase order proces- sing, receiving, and accounts payable business functions.
Organizations today, including SMEs, typically implement an integrated set of TPSs from a single or limited number of software vendors to meet their transaction processing needs.
All TPSs perform the following basic activities: data collection, which involves the capture of source data to complete a set of transactions; data edit- ing, which checks for data validity and completeness; data correction, which involves providing feedback regarding a potential problem and enabling users to change the data; data processing, which is the performance of calculations, sorting, categorizing, summarizing, and storing data for further processing; data storage, which involves placing transaction data into one or more data- bases; and document production, which involves outputting electronic or hard-copy records and reports.
Principle: An organization that implements an enterprise system is creating a highly integrated set of systems, which can lead to many business benefits.
Enterprise resource planning (ERP) software supports the efficient opera- tion of business processes by integrating activities throughout a business, including sales, marketing, manufacturing, logistics, accounting, and staffing.
Implementing an ERP system can provide many advantages, including allowing access to data for operational decision making; eliminating costly, inflexible legacy systems; providing improved work processes; and creating the opportunity to upgrade technology infrastructure.
260 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Some of the disadvantages associated with ERP systems are that they are time consuming, difficult, and expensive to implement; they can also be diffi- cult to integrate with other systems.
No one ERP software solution is “best” for all organizations. SAP, Oracle, Infor, and Microsoft are among the leading ERP suppliers.
Although the scope of ERP implementation can vary, most manufacturing organizations use ERP to support the supply chain management (SCM) activi- ties of planning, executing, and controlling all activities involved in raw mate- rial sourcing and procurement, conversion of raw materials to finished products, and the warehousing and delivery of finished product to customers.
Organizations are implementing customer relationship management (CRM) systems to manage all aspects of customer encounters, including marketing, sales, distribution, accounting, and customer service. The goal of CRM is to understand and anticipate the needs of current and potential customers to increase customer retention and loyalty while optimizing the way products and services are sold.
Manufacturing organizations are implementing product lifecycle manage- ment (PLM) software to manage the data and processes associated with the vari- ous phases of the product life cycle, including sales and marketing, research and development, concept development, product design, prototyping and testing, manufacturing process design, production and assembly, delivery and product installation, service and support, and product retirement and replacement. These systems are used by both internal and external users to enable them to collabo- rate and capture best practices and lessons learned along the way.
The most significant challenges to successful implementation of an enter- prise system include the cost and disruption of upgrades, the cost and long implementation lead time, the difficulty in managing change, the management of software customization, and user frustration with the new system.
Business application software vendors are experimenting with the hosted software model to see if the approach meets customer needs and is likely to generate significant revenue. This approach is especially appealing to SMEs due to the low initial cost, which makes it possible to experiment with power- ful software capabilities.
Key Terms
batch processing system
best practices
business-to-business (B2B) e-commerce
business-to-consumer (B2C) e-commerce
certificate authority (CA)
computer-aided design (CAD)
computer-aided engineering (CAE)
computer-aided manufacturing (CAM)
consumer-to-consumer (C2C) e-commerce
customer relationship management (CRM) system
data collection
data correction
data editing
data processing
data storage
digital certificate
document production
e-government
electronic cash
electronic exchange
enterprise system
market segmentation
online transaction processing (OLTP)
personalization
product lifecycle management (PLM)
product lifecycle management (PLM) software
source data automation
supply chain management (SCM)
transaction processing cycle
Transport Layer Security (TLS)
CHAPTER 5 • Electronic Commerce and Enterprise Systems 261
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Chapter 5: Self-Assessment Test
Electronic commerce is evolving, providing new ways of conducting business that present both potential benefits and problems.
1. involves conducting business activities (e.g., distribution, buying, selling, marketing, and servicing of products or services) electronically over computer networks. a. B2B b. C2C c. B2C d. E-commerce
2. The elimination of intermediate organizations between the producer and the consumer is called .
3. B2B is smaller and growing more slowly than B2C. True or False?
4. The market for m-commerce is North America is maturing much sooner than in other countries. True or False?
5. Which of the following is NOT considered to be a key challenge to e-commerce? a. Dealing with consumer privacy concerns b. Overcoming consumer’s lack of trust c. Overcoming global cultural challenges, lan-
guage, time and distance, infrastructure, and currency challenges
d. Low user interest in access to global markets and competitive pricing
6. The security standard spells out mea- sures and security procedures to safeguard the card issuer, the cardholder, and the merchant.
E-commerce and m-commerce require the careful planning and integration of a number of technology infrastructure components.
7. The amount of storage capacity and computing power required of a Web server depends pri- marily on . a. the geographical location of the server and
number of different products sold b. the software that must run on the server and
the volume of e-commerce transactions c. the size of the business organization and the
location of its customers d. the number of potential customers and aver-
age dollar value of each transaction 8. Key Web site performance measures include
response time, transaction success rate, and sys- tem availability. True or False?
An organization must have information systems that support routine, day-to-day activities and that help a company add value to its products and services.
9. involves providing feedback regarding a potential data problem and enables users to change the data. a. Data collection b. Data correction c. Data editing d. Data processing
10. Which of the following is not an objective of an organization’s batch transaction processing system? a. Capture, process, and update databases of
business data required to support routine business activities
b. Ensure that data is processed immediately upon occurrence of a business transaction
c. Avoid processing fraudulent transactions d. Produce timely user responses and reports
11. Business data goes through a cycle that includes data collection, data , data correction, data processing, data storage, and documentation production.
12. Unfortunately, there are few choices for software packages that provide integrated transaction processing system solutions for small- and medium-sized enterprises. True or False?
13. Capturing and gathering all the data necessary to complete the processing of transactions is called .
An organization that implements an enterprise sys- tem is creating a highly integrated set of systems, which can lead to many business benefits.
14. Small organizations were slow to adopt ERP sys- tems because of the relative complexity and cost of implementing these systems. True or False?
15. The individual application modules included in an ERP system are designed to support , the most efficient and effective ways to complete a business process.
16. software helps a customer manage all aspects of customer encounters, including mar- keting, sales, distribution, accounting, and cus- tomer service.
17. The hosted software model for enterprise soft- ware helps customers acquire, use, and benefit from new technology while avoiding much of the associated complexity and high start-up costs. True or False?
18. is software used to analyze the robust- ness and performance of components and assemblies. a. PLM b. CAD c. CAE d. CAM
262 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Chapter 5: Self-Assessment Test Answers
1. d 2. disintermediation 3. False 4. False 5. d 6. Payment Card Industry or PCI 7. b 8. True 9. b
10. b 11. editing 12. False 13. data collection 14. True 15. best practices 16. Customer relationship management (CRM) 17. True 18. c
Review Questions
1. Briefly define the term electronic commerce, and identify six forms of electronic commerce based on the parties involved in the transactions.
2. Why is the market for m-commerce in North America maturing much later than in other regions of the world?
3. Identify six global issues associated with e-commerce.
4. What is market segmentation? What is its purpose?
5. What is meant by retargeting? What percent of all online shopping carts are abandoned?
6. Identify three key Web site performance measures.
7. What is a digital certificate? What is a certificate authority? What is the Payment Card Industry security standard? What is the Transport Security Layer?
8. Identify the key elements of the technology infrastructure required to successfully implement e-commerce within an organization.
9. Identify and briefly describe six basic transaction processing activities performed by all transaction processing systems.
10. Provide a data processing example for which the use of a batch processing system to handle trans- actions is appropriate. Provide an example for which the use of online transaction processing is appropriate.
11. What is an enterprise system? Identify and briefly discuss the goals of three types of enterprise systems.
12. What are best practices? 13. Define supply chain management (SCM). 14. What is a Tier I ERP software vendor? 15. Identify and briefly describe at least four key
business capabilities provided by the use of a CRM system.
16. Identify the basic business processes included within the scope of product lifecycle management.
17. What is source data automation? What benefits can it be expected to deliver?
Discussion Questions
1. Identify and briefly discuss three reasons for the steady growth in B2C e-commerce.
2. Identify and briefly discuss five advantages of electronic commerce.
3. What is personalization of Web pages? How might one go about doing this?
4. Briefly describe the differences between a credit, charge, debit and smart card.
5. Identify and briefly describe three m-commerce applications you have used.
6. Identify and discuss key benefits that are com- mon to the use of ERP, CRM, and PLM enterprise
systems, whether it be for a small, medium, or large organization.
7. Identify and briefly discuss five challenges to the successful implementation of an enterprise system. Provide several tips to overcome these challenges.
8. Assume that you are the owner of a small bicycle sales and repair shop serving hundreds of custo- mers in your area. Identify the kinds of customer information you would like your firm’s CRM sys- tem to capture. How might this information be used to provide better service or increase revenue? Identify where or how you might capture this data.
CHAPTER 5 • Electronic Commerce and Enterprise Systems 263
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
9. Why were SMEs slow to adopt ERP software? What changed to make ERP software more attractive for SMEs?
10. Briefly describe the hosted software model for enterprise software and discuss its primary appeal for business organizations.
11. Explain how CAD, CAE, and CAM software can work together to support the product develop- ment life cycle.
12. In what ways is the implementation of a CRM system simpler and less risky for an SME than for a large multinational corporation?
13. You are a member of the engineering organiza- tion for an aircraft parts manufacturer. The firm is considering the implementation of a PLM system.
Make a convincing argument for selecting a sys- tem whose scope includes CAD, CAE, and CAM software.
14. What benefits should the suppliers and customers of a firm that has successfully implemented an ERP system expect to see? How might an ERP implementation affect an organization’s suppliers?
15. Many organizations are moving to a collaborative process with their major suppliers to get their input on designing and planning future product modifications or new products. Explain how a PLM system might enhance such a process. What issues and concerns might a manufacturer have in terms of sharing product data with suppliers?
Problem-Solving Exercises
1. Do research to learn more about the American Consumer Satisfaction Index methodology devel- oped by the University of Michigan. Prepare a brief slide presentation about the methodology and how it was used to rate B2C Web sites. Using this information, develop one final slide provid- ing at least five recommendations for someone developing a B2C Web site.
2. Your washing machine just gave out and must be replaced within the week! Use your Web-enabled smartphone (or borrow a friend’s) to perform a price and product comparison to identify the manufacturer and model that best meets your needs and the retailer with the lowest delivered cost. Obtain peer input to validate your choice.
Write a brief summary of your experience, and identify the Web sites you found most useful.
3. Imagine that you are a new employee in the engineering organization of a large camping equipment and outdoor furniture manufacturing firm. The company is considering implementing a PLM system to better manage the design and manufacture of its products. You have been invited to a meeting to share your thoughts on how such a system might be used and what capabilities are most important. How would you prepare for this meeting? What points would you make? Develop a presentation containing three to six slides that summarize your thoughts.
Team Activities
1. As a team, develop a set of criteria that you would use to evaluate the effectiveness of a mobile advertising campaign to boost the sales of one of your firm’s products. Identify the mea- sures you would use and the data that must be gathered.
2. With your team members, meet with several business managers at a firm that has implemen- ted an enterprise system. Interview them to doc- ument the scope, cost, and schedule for the overall project. Find out why the organization decided it was time to implement the enterprise system. Make a list of what the business man- agers see as the primary benefits of the imple- mentation. What were the biggest hurdles they had to overcome? Are there any remaining issues that must be resolved before the project can be
deemed a success? What are they? With the ben- efit of 20–20 hindsight, is there anything they would have done differently that could made the project go more smoothly?
3. As a team, develop a list of seven key criteria that a nonprofit charitable organization should con- sider in selecting a CRM system. Discuss each criterion and assign a weight representing the relative importance of that criterion. Develop a simple spreadsheet to use in scoring various CRM alternatives in terms of how well they meet these criteria on a scale of 0 to 4. Do research online to identify three candidate CRM software packages. Based on information presented on each com- pany’s Web site, score each alternative using your set of criteria. Which candidate CRM software does your team select?
264 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Web Exercises
1. Do research to capture data on the growth of B2C e-commerce and retail sales over the past 10 years. Use the charting capability of your spreadsheet software to plot the growth of B2C e-commerce and retail sales and predict the year that B2C e-commerce will exceed 10 percent of retail sales. Document any assumptions you make.
2. Do research on the Web to find a dozen Web sites that offer mobile coupons. Separate the sites into two groups: those that provide coupons for a single retailer and those that aggregate coupons
for multiple retailers. Produce a table that sum- marizes your results and shows the approximate number of coupons available at each site.
3. Using the Web, identify several software services firms that offer consulting services to help orga- nizations implement enterprise systems. Gain an understanding of what sort of services they offer and become familiar with several of their success stories. If you had to choose one of the software services firms to assist your SME organization, which one would you choose and why?
Career Exercises
1. Do research to identify three top organizations that develop and operate e-commerce Web sites for their clients. Visit their Web sites and identify current job openings. What sort of responsibili- ties are associated with these positions? What experience and education requirements are needed to fill these positions? Do any of these positions appeal to you? Why or why not?
2. Enterprise system software vendors need busi- ness systems analysts who understand both information systems and business processes. Make a list of six or more specific qualifications needed to be a strong business systems analyst who supports the implementation and conversion to an enterprise system within an SME. Are there additional/different qualifications needed for
someone who is doing similar work but for a large multinational organization?
3. Initially thought to be cost-effective for only very large companies, enterprise systems are now being implemented in SME’s to reduce costs, improve service, and increase sales revenue. A firm’s finance and accounting personnel play a dual role in the implementation of such a system: (1) they must ensure a good payback on the investment in information systems and (2) they must also ensure that the system meets the needs of the finance and accounting organization. Identify three or four tasks that the finance and accounting people need to perform to ensure that these two goals are met.
Case Studies
Case One
Facebook Moves into E-Commerce On the social networking site Facebook, users create profiles that allow them to connect with friends, organizations, and companies through posts and ads that appear in their personal News Feed as well as through Pages that are designed to help organizations and companies connect with interested users. And with more than 1.4 billion active users, including 900 million who visit the site every day, Facebook represents a huge potential online marketplace.
Over the years, Facebook has experimented with many different features designed to help marketers connect with prospective customers—from banner ads to sponsored links to highly visual engagement ads that allow advertisers to show several clickable images or videos within a single News Feed ad. Although Facebook has incorporated ads for some time, it is now focusing more intently on tools that make it
easier for customers to purchase something immediately based on an ad they see—ideally, all while staying within Facebook’s site. In particular, the company is concentrating on ways it can streamline mobile purchasing, currently an often slow and cumbersome process. According to Emma Rodgers, Facebook’s head of product marketing for commerce, “We’re looking to give people an easier way to find products that will be interesting to them on mobile, make shopping easier and help businesses drive sales.”
For starters, Facebook is testing a new Shopping tool within the Favorites section that will aggregate a personalized mix of products users are likely to be interested in based on their Facebook likes and connections. In addition, Facebook has begun experimenting with “conversational commerce,” a highly personalized form of e-commerce in which consumers and retailers conduct entire transactions within a messaging application—in this case, Facebook’s Messenger app.
CHAPTER 5 • Electronic Commerce and Enterprise Systems 265
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Facebook has also been rolling out a new mobile ad feature it calls Canvas, which offers marketers a customizable space where they can use video, images, text, and “call- to-action buttons” (such as Book Now, Sign Up, and Shop Now) to engage with consumers. When Facebook users click on a Canvas, they will almost instantaneously see a full- screen ad that lives within Facebook’s infrastructure—rather than being redirected to an advertiser’s Web site, which may be slow to load and not always optimized for mobile devices. Canvas appeals to marketers looking for a new way to engage customers without losing them as they are being redirected to an outside Web site, and it offers Facebook the chance to keep more of a user’s online activity within its site.
Recently, Facebook has been testing a “shop” concept that goes one step further—allowing companies using Shopify’s e-commerce platform to build what amounts to a mini e-commerce site within their Page through the use of a Buy button. For now, retailers involved in the test can choose between an option that directs shoppers to their own sites and one that keeps the entire shopping experience—from product discovery to checkout—within Facebook.
A recent study found that 13 percent of all the time spent on mobile apps is spent within Facebook’s apps, and according to a Facebook survey, nearly half of its users come to Facebook to actively look for products. Facebook clearly intends to capitalize on these trends with e-commerce and m- commerce initiatives that will likely continue to evolve and expand. And marketers looking for new ways to extend customer engagement to online purchases will certainly be paying attention.
Critical Thinking Questions 1. What are some of the privacy concerns that consumers
might have in terms of shopping on a social network such as Facebook, which already has access to so much personal information?
2. Are people likely to use Facebook’s current e-commerce offerings the same way they might shop on Amazon?
3. Do research online to find out more about some of the e-commerce initiatives of other social networks, such as Instagram, Pinterest, and Twitter. What features do they offer that differentiate them from Facebook? Do you think any of these sites will ever be a strong com- petitor to Amazon in terms of total e-commerce sales? If not, what niche could they succeed at?
SOURCES: “Easy and Effective Facebook Ads,” Facebook, www.facebook .com/business/products/ads, accessed February 29, 2016; “Facebook Pushes Shopping Features in Move to E-Commerce,” Reuters, October 12, 2015, http://uk.reuters.com/article/us-facebook-retail-idUKKCN0S 61N720151012; “FB Moves into E-Commerce, Challenges Amazon with New In-App,” Money Control, October 13, 2015, www.moneycontrol .com/news/technology/fb-moves-into-e-commerce-challenges-amazon new-in-app_3559061.html; Stambor, Zak, “Facebook Makes a Major E-Commerce Move,” Internet Retailer, October 12, 2015, www .internetretailer.com/2015/10/09/facebook-makes-major-e-commerce -move; Mac, Ryan, “Facebook Goes All in On E-Commerce by Bringing Businesses onto Messenger, Forbes, March 25, 2015, www.forbes.com /sites/ryanmac/2015/03/25/facebook-goes-all-in-on-e-commerce-by -bringing-businesses-onto-messenger/#132d7acd4747; Plummer, Quinten, “Facebook May Launch Risky Messenger Ad Program,” E-Commerce Times, February 22, 2016, www.ecommercetimes.com/story
/83139.html; “Introducing Canvas, A Full-Screen Ad Experience Built for Bringing Brands and Products to Life on Mobile,” Facebook, February 25, 2016, www.facebook.com/business/news/introducing-canvas; Plum- mer, Quinten, “Facebook Gives Marketers a Blank Canvas,” E-Commerce Times, February 27, 2016, www.ecommercetimes.com/story/83165.html; Kantrowitz, Alex, “Facebook Takes Big Step Forward On Commerce, Builds Shops into Pages,” BuzzFeed, July 15, 2015, www.buzzfeed.com /alexkantrowitz/facebook-takes-big-step-forward-on-commerce-builds -shops-int#.kxovdqa3V; Stambor, Zak, “Facebook Launches Another Buy Button Test,” Internet Retailer, July 17, 2015, www.internetretailer.com /2015/07/17/facebook-launches-another-buy-button-test.
Case Two
Dunkin’ Donuts Prepares for Rapid Growth Dunkin’ Donuts has a strong following of customers around the world who rely on the restaurant chain’s coffee, donuts, and other baked goods to get their day started. Established in 1950, Dunkin’ Donuts still uses the original proprietary coffee blend recipe created by its founder William Rosenburg, but what started as a small donut shop in Quincy, Massachusetts, has grown into a global business generating more than $800 million in revenue in 2015. And as the restaurant chain has grown, its business operations have become increasingly sophisticated.
Today, Dunkin’ Donuts franchises are backed up by a complex supply chain managed by National DCP (NDCP)— the exclusive supply chain management cooperative for more than 8,900 Dunkin’ Donuts stores in the United States and 51 other countries. Founded as a membership cooperative in 2012 with the merger of five regional food and beverage operating companies, NDCP’s mission is to support the daily operations of Dunkin’ Donuts franchisees and facilitate their growth and expansion plans. The company employs 1,700 people and maintains seven regional distribution centers along with another 32 logistics hubs.
Recently, NDCP began a massive multiyear project, dubbed “Project Freshstart,” to consolidate and upgrade its systems and transform its business processes throughout every area of the company—from accounting to customer service to warehousing and distribution. The goals of the project are to improve customer service, lower costs, and create supply chain efficiencies through inventory- and order-management improvements. According to Darrell Riekena, CIO at NDCP, the company began the process by asking “what capabilities and corresponding systems were needed to drive business process changes using leading-edge technologies, without a lot of customization.”
NDCP spent considerable time researching and evaluating implementation consulting partners and technology providers before opting to implement SAP’s Business Suite in partnership with Deloitte Consulting. NDCP selected the SAP system as the underlying technology for its business transformation because of SAP’s track record and experience with wholesale distribution. SAP’s software also offered NDCP the analytics and reporting tools the company felt were critical to supporting their plans for growth. According to Riekena, it was essential for the company to choose a technology platform that was flexible and could serve as the foundation for the company’s future expansion. Deloitte was chosen as NDCP’s implementation partner because it offered an extensive background in process redesign and a proven project methodology developed
266 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
through years of experience in the wholesale distribution industry.
One of the first things Deloitte did during the implementation was to work with NDCP executives to define a business case for the project, which was used to establish a set of objectives and success criteria. Then, according to Deloitte Consulting’s Jerry Hoberman, they defined the scope of the project to meet those business objectives. Once the scope was set, the project team members worked together to set an aggressive but realistic two-year project plan.
According to Riekena, an important contribution from Deloitte—outside of its technical expertise—was its framework for change management and communication, which helped ensure that NDCP was effectively reaching out to all of its stakeholders throughout the project. “We recognized right off the bat that effective change management was critical for the success of the project,” Riekena says. “Leveraging multiple channels to reach all of the stakeholders, we took advantage of Dunkin’ Brands training programs, launched a comprehensive communications effort, and promoted face-to-face interactions with franchise store managers and field operations teams whenever possible.”
Unlike many companies that undertake a major system upgrade, NDCP was willing to change many of its business processes in order to truly transform its business, but Deloitte and NDCP also placed a priority on working within NDCP’s culture—a balanced approach the recently led to the successful deployment of the new SAP system in the first of the company’s four regions. As the system is rolled out across the remaining regions, more franchisees will see the benefits of NDCP’s careful planning and implementation efforts— from better demand forecasting and inventory management tools to improvements in NDCP’s customer service delivered
by a centralized staff who will have immediate access to customer histories and will be able to provide real-time updates on order status and issue resolution.
Critical Thinking Questions 1. Because NDCP is a membership cooperative, Dunkin’
Donuts franchisees are both owners and customers. What might be some advantages to such an ownership structure in terms of getting the support of all stake- holders for a massive project like the one NDCP undertook? What might be some disadvantages?
2. How important do you think the communication and change management aspects of this project were? Why do you think so many companies underestimate the importance of those facets of an enterprise-level project?
3. What are some of the risks for a company that chooses to make changes to so many parts of its business and underlying technology at once? What are some of the things a company could do to mitigate those risks?
SOURCES: “About Us,” Dunkin’ Donuts, news.dunkindonuts.com/about, accessed March 7, 2016; “Revenue of Dunkin’ Brands Worldwide from 2007 to 2015 (in Million U.S. Dollars),” Statista, ’www.statista.com/statistics /291392/annual-revenue-dunkin–brands, accessed March 10, 2016; “About Us,” National DCP, http://nationaldcp.com/node/893, accessed March 8, 2016; Murphy, Ken, “Rise and Shine: “Project Freshstart” Energizes Distributor,” SAPinsider, April 1, 2015, http://sapinsider.wispubs.com /Assets/Case-Studies/2015/April/IP-Project-Freshstart-energizes-National -DCP; “National DCP: Serving Up the Best Customer Service for Dunkin’ Donuts Franchisees,” SAP video, http://go.sap.com/assetdetail/2015/11 /324168ae-4e7c-0010-82c7-eda71af511fa.html, accessed March 9, 2016; “Deloitte Global SAP Practice: National DCP (Dunkin’ Donuts),” ReqCloud video, accessed March 10, 2016.
Notes
1. Demery, Paul, “B2B E-Commerce Sales Will Top $1.13 Trillion by 2020,” Internet Retailer, April 2, 2015, www .internetretailer.com/2015/04/02/new-report-predicts -1-trillion-market-us-b2b-e-commerce.
2. “Mastering Omni-Channel B2B Customer Engagement,” Accenture, October 2015, www.accenture.com/us-en /insight-mastering-omni-channel-b2b-customer-engage ment.aspx.
3. Tepper, Nona, “E-Commerce Accounts for 41% of Grainger Sales in 2015, B2B E-Commerce World, January 26, 2016, www.b2becommerceworld.com/2016/01/26 /e-commerce-accounts-41-grainger-sales-2015.
4. “Our Strengths at Work: 2015 Fact Book,” Grainger, http://phx.corporate-ir.net/External.File?item=UG FyZW50SUQ9Mjc5MDI1fENoaWxkSUQ9LTF8VHlwZT 0z&t=1, accessed February 24, 2016.
5. “Global E-Commerce Turnover Grew by 24.0% to Reach $ 1,943BN in 2014,” Ecommerce Europe, September 17, 2015, www.ecommerce-europe.eu/news/2015/global-e-com merce-turnover-grew-by-24.0-to-reach-1943bn-in-2014.
6. Linder, Matt, “Global E-Commerce Sales Set to Grow 25% in 2015, Internet Retailer, www.internetretailer.com /2015/07/29/global-e-commerce-set-grow-25-2015.
7. “Customize Nike Shoes with NIKEiD.,” Nike, http://help -en-us.nike.com/app/answers/detail/article/nikeid-help /a_id/3393/kw/nikeid/country/us, accessed February 25, 2016.
8. “Inside New NIKEiD Personalization Program,” Nike, November 9, 2015, http://news.nike.com/news/pid.
9. “Deloitte Digital Study: Digitally-Influenced Sales in Retail Brick-And-Mortar Stores to Reach $2.2 Trillion by Year-End,” Deloitte, May 13, 2015, www2.deloitte .com/us/en/pages/about-deloitte/articles/press-releases /retail-digital-divide.html.
10. “eBay Inc. Reports Fourth Quarter and Full Year 2015 Results,” eBay, January 27, 2016, https:// investors.ebayinc.com/releasedetail.cfm?ReleaseID= 952024.
11. Ibid. 12. Nussbaum, Alex, “Accenture Wins U.S. Contract for
Obamacare Enrollment,” Bloomberg, January 12, 2014, www.bloomberg.com/news/2014-01-12/accenture-wins -u-s-contract-for-obamacare-enrollment-Website.html.
13. “Oregon E-Government Program,” State of Oregon, www.oregon.gov/DAS/ETS/EGOV/pages/ecommerce.aspx, accessed February 27, 2016.
CHAPTER 5 • Electronic Commerce and Enterprise Systems 267
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
14. “Making the Internet Work for Oregon,” State of Oregon, www.oregon.gov/DAS/ETS/EGOV/pages/ev_internet .aspx#Objectives, accessed February 27, 2016.
15. “Press Release: It’s a Cross-Device World: Criteo’s Q4 Mobile Commerce Report Reveals Top Companies Bet Big on Mobile Consumers,” Criteo, February 17, 2016, www.prnewswire.com/news-releases/its-a-cross-device -world-criteos-q4-mobile-commerce-report-reveals-top -companies-bet-big-on-mobile-consumers-300221060 .html.
16. “Press Release: It’s a Cross-Device World: Criteo’s Q4 Mobile Commerce Report Reveals Top Companies Bet Big on Mobile Consumers,” Criteo, February 17, 2016, www.prnewswire.com/news-releases/its-a-cross-device -world-criteos-q4-mobile-commerce-report-reveals-top -companies-bet-big-on-mobile-consumers-300221060 .html.
17. “About Shoe Carnival,” Shoe Carnival, www.shoecarni val.com/aboutshoecarnival, www.shoecarnival.com /aboutshoecarnival, accessed February 27, 2016.
18. “Customer Stories: Shoe Carnival,” Rackspace, http://stor ies.rackspace.com/wp-content/uploads/2015/09/CRP -Shoe-Carnival-Case-Study-Final.pdf, accessed February 27, 2016.
19. “About Us,” BloomNation, https://www.bloomnation. com/about-us, accessed February 27, 2016.
20. Cowley, Stacy, “Florist-Friendly Marketplaces Help Local Flower Shops Hang On,” New York Times, February 10, 2016, www.nytimes.com/2016/02/11/business/small business/florist-friendly-marketplaces-help-local-flower -shops-hang-on.html?ref=topics.
21. Demery, Paul, “Online Photo Service Shutterfly Posts A 16% Increase in Q2 Sales, Internet Retailer, August 24, 2015, www.internetretailer.com/2015/08/24/online -photo-service-shutterfly-posts-16-increase-q2-sales.
22. “About Shutterfly,” Shutterfly, http://businesssolutions .shutterfly.com/Learn, accessed February 27, 2016.
23. Ryssdal, Kai and Tommy Andres, “Domino’s CEO Patrick Doyle: Tech with a Side of Pizza,” Marketplace, Septem- ber 24, 2015, www.marketplace.org/2015/09/24/business /corner-office/dominos-ceo-patrick-doyle-tech-side-pizza.
24. “About,” Sticker Mule, www.stickermule.com/about, accessed February 29, 2016.
25. “Tinypass in Ruby,” Tinypass Press Releases, www.tiny pass.com/blog/category/press-releases/, accessed February 11, 2016.
26. “Crowdfunding…Your Way,” Tinypass, http://publisher .tinypass.com/archives/howto/crowdfund, accessed February 27, 2016.
27. “Exelate and Dun & Bradstreet Collaborate to Offer One of the Most Comprehensive B2B Datasets in Digital Media,” Nielsen, February 25, 2016, www.nielsen.com /us/en/press-room/2016/exelate-and-dun-bradstreet -collaborate-to-offer-one-of-the-most-comprehensive -b2b-datasets-in-digital-media.html.
28. “InMobi Launches Appographic Targeting—An Industry- first, App-Interest-Based Audience Targeting Capability,” InMobi, March 5, 2015, www.inmobi.com/company /press/inmobi-launches-appographic-targeting-an -industry-first-app-interest-based.
29. Jatain, Visheshwar, “Top 8 Best-Paying Mobile Ad Net- works You Should Try,” AdPushup (blog), May 29, 2015,
www.adpushup.com/blog/top-8-best-paying-mobile -ad-networks-you-should-try.
30. Smith, Cooper, “Shopping Cart Abandonment: Online Retailers’ Biggest Headache Is Actually a Huge Oppor- tunity,” Business Insider, July 23, 2015, www.business insider.com/heres-how-retailers-can-reduce-shopping -cart-abandonment-and-recoup-billions-of-dollars-in -lost-sales-2015-7.
31. Steele, Chandra, “The 11 Best Shopping Apps to Com- pare Prices,” PCMag, November 23, 2015, www.pcmag .com/slideshow/story/290959/the-11-best-shopping-apps -to-compare-prices.
32. “Barcode Scanner,” Google Play, https://play.google.com /store/apps/details?id=com.google.zxing.client.android, accessed February 28, 2016.
33. Loechner, Jack, “FSI Coupon Incentives Continue to Grow,” MediaPost, January 21, 2016, www.mediapost .com/publications/article/266825/fsi-coupon-incentives -continue-to-grow.html.
34. Dunn, Amy, “Coupon Use Plummets, and Some Wonder Whether It’s the End of an Era,” NewsObserver.com, March 9, 2013, www.newsobserver.com/2013/03/09 /2735590/coupon-use-plummets-and-some-wonder.html# storylink=cpy.
35. Heller, Laura, “Beacons to Push 1.6 Billion Coupons by 2020,” FierceRetail, December 10, 2015, www.fiercere tail.com/story/beacons-push-16-billion-coupons-2020 /2015-12-10.
36. Maycotte, H.O., “Beacon Technology: The Where, What, Who, How and Why,” Forbes, September 1, 2015, www .forbes.co.m/sites/homaycotte/2015/09/01/beacon-technol ogy-the-what-who-how-why-and-where/#b74a5664fc19.
37. “Fidelity Mobile Apps,” Fidelity, www.fidelity.com /mobile/overview, accessed February 28, 2016.
38. Perez, Sarah, “How T-Mobile’s New Mobile Banking Service Compares with Simple and Amex Serve,” Tech Crunch, January 22, 2014, http://Techcrunch.Com/2014 /01/22/How-T-Mobiles-New-Mobile-Banking-Service -Compares-With-Simple-And-Amex-Serve.
39. Runde, Daniel, “M-Pesa and The Rise of the Global Mobile Money Market,” Forbes, August 12, 2015, www .forbes.com/sites/danielrunde/2015/08/12/m-pesa-and -the-rise-of-the-global-mobile-money-market/#7058eca 423f5.
40. Nelson, Mark, “Outsmarting Fraudsters with Advanced Analytics,” VISA., https://usa.visa.com/visa-everywhere /security/outsmarting-fraudsters-with-advanced-analytics .html, accessed February 29, 2016.
41. Pesce, Nicole, “MasterCard Will Launch ‘Selfie Pay’ Technology This Summer,” Daily News, February 23, 2016, www.nydailynews.com/life-style/mastercard -launch-selfie-pay-technology-summer-article-1 .2540983.
42. “Apple Pay,” Apple, www.apple.com/apple-pay, accessed February 29, 2016.
43. “Who We Are,” PayPal, www.paypal.com/us/Webapps /mpp/about, accessed February 29, 2016.
44. “Get the Starbucks App for iPhone and Android,” Starbucks, www.starbucks.com/coffeehouse/mobile-apps, accessed February 29, 2016.
45. Wetherington, Lee, “Chip and Quill: How EMV Will Increase Card Fraud in the U.S.,” Information Week,
268 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
November 18, 2014, www.banktech.com/fraud/chip -and-quill-how-emv-will-increase-card-fraud-in-the-us /a/d-id/1317543.
46. “About” Helen Ross McNabb Center, www.mcnabbcen ter.org/content/about, accessed March 4, 2016.
47. “Helen Ross McNabb Center,” DATIS., www.datis.com /why-datis/customer-success-stories/helen-ross-mcnabb -center-2/, accessed March 4, 2016.
48. “Who We Are ADP.,” www.adp.com/about-us.aspx, accessed March 4, 2016.
49. “Asset Brokerage Firm Reduces Batch Processing Time by 15%,” Sumerian, www.sumerian.com/resources /customer-stories/15-batch-time-saved, accessed March 4, 2016.
50. “Form 10-K: Paypal Holdings, Inc,” Paypal Holdings, Inc., February 11, 2016, https://investor.paypal-corp .com/secfiling.cfm?filingID=1633917-16-113&CIK= 1633917.
51. “About Us,” Lukas Nursery, www.lukasnursery.com /about.php, accessed March 6, 2016.
52. “Lukas Nursery Chooses Epicor Eagle N Series to Refresh 100 Year-Old Business,” Epicor, January 20, 2016, www .epicor.com/Press-Room/News-Releases/Lukas-Nursery -Chooses-Epicor-Eagle-N-Series-to-Refresh-100-Year-Old -Business.aspx.
53. “Echo Valley Irrigation Automates to Save Time and Monitor Processes,” Sage, www.sage.com/us/sage -construction-and-real-estate/sage-300-construction -and-real-estate#, accessed March 5, 2016.
54. Miles, Stephanie, “7 Cloud-Based POS Systems for SMBs,” Street Fight, February 4, 2013, http://streetfight mag.com/2013/02/04/7-cloud-based-pos-systems-for -smbs/.
55. “Creative Wedge Slices Up Ways to Improve Inventory,” NCS Small Business, http://blog.ncrsilver.com/2014/10 /09/creative-wedge-ways-to-improve-inventory-manage ment-go-mobile, accessed March 5, 2015.
56. “About Us,” Women’s World Banking, www.womens worldbanking.org/about-us, accessed March 8, 2016.
57. “Women’s World Banking,” Intacct, http://online.intacct .com/rs/intacct/images/cs_womensworldbanking.pdf, accessed March 8, 2016.
58. “About Steinwall Incorporated,” Steinwall, www.stein wall.com/pages/AboutUs, accessed March 7, 2016.
59. “Steinwall Scientific, Inc.,” IQMS Manufacturing ERP., www.iqms.com/files/case-studies/Steinwall% 20Scientific_ERP_success.pdf, accessed March 7, 2016.
60. “Beefing Up a Growing Business,” SAP., www.sap.com /customer-testimonials/retail/prime-meats.html, accessed March 8, 2016.
61. Trites, David, “How Prime Meats Cuts Through Business Complexity,” SAP Community Network (blog), July 28, 2015, http://scn.sap.com/community/business-trends /blog/2015/07/28/how-prime-meats-cuts-through-business -complexity.
62. “Who We Are,” Whirlpool, www.whirlpoolcorp.com /our-company, accessed March 8, 2016.
63. Boulton, Clint, “Whirlpool CIO Tackles ERP Overhaul and IoT-Powered Appliances,” February 20, 2016, www .cio.com/article/3039093/internet-of-things/whirlpool -cio-tackles-erp-overhaul-and-iot-powered-appliances .html.
64. “Top Ten Enterprise Resource Planning (ERP) Vendors,” Compare Business Products, http://resources.idgenter prise.com/original/AST-0067016_Top_10_ERP_Vendors .pdf, accessed March 7, 2014.
65. “Expensify: Base Helps Expensify Engage with Customers,” Base, https://getbase.com/customers /expensify, accessed March 7, 2016.
66. “The TUMI Difference,” TUMI., www.tumi.com/s/tumi -difference, accessed March 9, 2016.
67. “A Brief History of the Red Cross,” American Red Cross, www.redcross.org/about-us/who-we-are/history, accessed March 9, 2016.
68. “American Red Cross Utilizes Salesforce to Accelerate Their Mission,” Salesforce, www.salesforce.com/customers /stories/redcross.jsp, accessed March 9, 2016.
69. “Investors,” Nu Skin Enterprises, http://ir.nuskin.com /phoenix.zhtml?c=103888&p=irol-irhome, accessed March 7, 2016.
70. “Customer Journey: Nu Skin Enterprises Inc.,” SAP., www.sap.com/customer-testimonials/consumer/nu-skin .html, accessed March 5 2016.
71. “CRM Software Review 2014,” http://crm-software- review.toptenreviews.com, accessed March 13, 2014, and “2014 Edition Top 40 CRM Software Report,” Business-Software.com, accessed March 13, 2014.
72. “Wells Fargo Bank,” Salesforce.com Success Story, www .salesforce.com/customers/stories/wells-fargo.jsp, accessed March 14, 2014.
73. Chipman, Steve, “2014 Smartphone CRM Access by Salespeople,” CRM Switch, February 11, 2014, www .crmswitch.com/mobile-crm/2014-crm-smartphone-sales person-access/.
74. “What Is PLM Software?” Siemens, www.plm.automa tion.siemens.com/en_us/plm/, accessed March 1, 2014.
75. “About Water Pik, Inc.,” Water Pik, Inc., www.waterpik .com/about-us, accessed March 9, 2016.
76. “Water Pik Improves Its Flow with ProductCenter PLM.,” SofTech, www.softech.com/success/customer-success /Water_Pik_Improves_Its_Flow_with_ProductCenter_ PLM/28.
77. 2013 Edition Top 10 Product Lifecycle Management (PLM) Software Report, Business-Software.comhttp:// ptccreo.files.wordpress.com/2013/10/top_10_plm_report .pdf accessed March 1, 2014.
78. “Case Study: Industrial Control Associates,” Siemens, www.plm.automation.siemens.com/en_us/about_us /success/case_study.cfm?Component=83695&Component Template=1481, accessed March 9, 2016.
79. “About Us,” Industrial Control Associates, Inc., www .i-c-a-inc.com/about.html, accessed March 9, 2016.
80. Kennedy, Patrick, “H.B. Fuller Wins Case against Accent- ure,” Star Tribune, November 13, 2015, www.startribune .com/h-b-fuller-wins-case-against-accenture/347256802.
81. Jutras, Cindy, “2011 ERP Solution Study Highlights,” Epicor, September 2011.
82. “History,” LoneStar Heart, www.lonestarheartinc.com /index.php?option=com_content&view=article&id=175 &Itemid=196, accessed March 10, 2016.
83. “LoneStar Heart: Efficiencies in Product Development Processes Result in Estimated $80,000 in Savings,” Omnify Software, www.omnifysoft.com/customers/suc cess.aspx?customer=37, accessed March 10, 2016.
CHAPTER 5 • Electronic Commerce and Enterprise Systems 269
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
CHAPTER
6 Business Intelligence and Analytics
Sergey Nivens/Shutterstock.com
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Know?Did Yo u
• MetLife is implementing analytical software to identify medical provider, attorney, and repair shop fraud to aid its special investigations unit (SIU).
• Nearly 20 percent of Medicare patients were readmitted to the hospital within 30 days of their initial discharge, running up an additional $17 billion in healthcare costs. Hospitals are now using BI analytics to identify patients are high risk of readmission—especially now that Medicare has begun reducing payments to hospitals with high readmission rates.
• IBM Watson Analytics services, a cloud-based business analytics tool that offers a variety of tools for uncovering trends hidden in large sets of data, uses baseball statistics on every player in Major League Baseball from AriBall to build predictions of player performance. You can use this service to gain an edge over your fantasy baseball league competitors.
Principles Learning Objectives
• Business intelligence (BI) and analytics are used to support improved decision making.
• Define the terms business intelligence (BI) and analytics.
• Provide several real-world examples of BI and analytics being used to improve decision making.
• Identify the key components that must be in place for an organization to get real value from its BI and analytics efforts.
• There are many BI and analytics techniques and tools that can be used in a wide range of problem- solving situations.
• Identify several BI techniques and discuss how they are used.
• Identify several BI tools.
• Define the term self-service analytics and discuss its pros and cons.
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Why Learn about Business Intelligence (BI) and Analytics? We are living in the age of big data, with new data flooding us from all directions at the incomprehensible speed of nearly a zettabyte (1 trillion gigabytes or a 1 followed by 21 zeros) per year. What is most exciting about this data is not its amount, but rather the fact that we are gaining the tools and understanding to do something truly meaningful with it. Organizations are learning to analyze large amounts of data not only to measure past and current performance but also to make predictions about the future. These forecasts will drive anticipatory actions to improve business strategies, strengthen business operations, and enrich decision making—enabling the organization to become more competitive.
A wide range of business users can derive benefits from access to data, but most of them lack deep information systems or data science skills. Business users need easier and faster ways to discover relevant patterns and insights into data to better support their decision making and to make their companies more agile. Companies that have access to the same kind of data as their competitors but can analyze it sooner to take action faster will outpace their peers. Providing BI tools and making business analytics more understandable and accessible to these users should be a key strategy of organizations.
Members of financial services organizations use BI and analytics to better understand their customers to enhance service, create new and more appealing products, and better manage risk. Marketing managers analyze data related to the Web-surfing habits, past purchases, and even social media activity of existing and potential customers to create highly effective marketing programs that generate consumer interest and increased sales. Healthcare professionals who are able to improve the patient experience will reap the benefits of maximized reimbursements, lower costs, and higher market share, and they will ultimately deliver higher quality care for patients. Physicians use business analytics to analyze data in an attempt to identify factors that lead to readmission of hospital patients. Human resources managers use analytics to evaluate job candidates and choose those most likely to be successful. They also analyze the impact of raises and changes in employee-benefit packages on employee retention and long-term costs.
Regardless of your field of study in school and your future career, using BI and analytics will likely be a significant component of your job. As you read this chapter, pay attention to how different organizations use business analytics.
As you read this chapter, consider the following:
• What is business intelligence (BI) and analytics, and how can they be used to improve the operations and results of an organization?
• What are some business intelligence and analytics techniques and tools, and how can they be used?
This chapter begins with a definition of business intelligence (BI) and busi- ness analytics and the components necessary for a successful BI and analytics program. The chapter goes on to describe and provide examples of the use of several BI techniques and tools. It ends with a discussion of some of the issues associated with BI and analytics.
What Are Analytics and Business Intelligence?
Business analytics is the extensive use of data and quantitative analysis to support fact-based decision making within organizations. Business analyt- ics can be used to gain a better understanding of current business perfor- mance, reveal new business patterns and relationships, explain why certain results occurred, optimize current operations, and forecast future business results.
272 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Business intelligence (BI) includes a wide range of applications, prac- tices, and technologies for the extraction, transformation, integration, visuali- zation, analysis, interpretation, and presentation of data to support improved decision making. The data used in BI is often pulled from multiple sources and may come from sources internal or external to the organization. Many organizations use this data to build large collections of data called data ware- houses, data marts, and data lakes, for use in BI applications. Users, including employees, customers, and authorized suppliers and business partners, may access the data and BI applications via the Web or through organizational intranets and extranets—often using mobile devices, such as smartphones and tablets. The goal of business intelligence is to get the most value out of information and present the results of analysis in an easy to understand man- ner that the layman can understand.
Often the data used in BI and analytics must be gathered from a variety of sources. Helse Vest, a regional health authority in Norway, has 26,500 employees who serve 1 million people in 50 healthcare facilities, including 10 hospitals. Helse Vest implemented a BI system to meet the requirements of a government-sponsored national patient safety program. The system collects, visualizes, and shares medical data used to identify quality measures and reporting requirements across all care teams and regional hospi- tals. A major challenge for the project was the need for each of the 10 hospitals to combine data from all the facilities within its region for analysis by the pro- gram’s board and hospital managers. Prior to implementing the new system, it took up to 14 days for employees to produce some reports, making it difficult for hospital staff to assess and act on performance data because it was not cur- rent. With the new system, Helse Vest analysts can easily combine data from different sources and create analytical reports in less than one day. Real-time data enables Helse Vest to act on information much more quickly, while the metrics are still valid for the staff, and a quick response to performance data is more likely to lead to significant improvements in patient safety measures.1
Benefits Achieved from BI and Analytics BI and analytics are used to achieve a number of benefits as illustrated by the following examples:
● Detect fraud. MetLife implemented analytical software to help its special investigations unit (SIU) identify medical provider, attorney, and repair shop fraud. Although an accident claim may not have enough data to be flagged as suspicious when it is first filed, as more claim data is added, a claim is continually rescored by the software. After the first six months of using the software, the number of claims under investigation by the SIU increased 16 percent.2
● Improve forecasting. Kroger serves customers in 2,422 supermarkets and 1,950 in-store pharmacies. The company found that by better predicting pharmacy customer demand, it could reduce the number of prescriptions that it was unable to fill because a drug is out of stock. To do so, Kroger developed a sophisticated inventory management system that could provide employees with a visualization of inventory levels, adapt to user feedback, and support “what-if” analysis. Out-of-stock pre- scriptions have been reduced by 1.5 million per year, with a resulting increase in sales of $80 million per year. In addition, by carrying the right drugs in the right quantities, Kroger was able to reduce its overall inven- tory costs by $120 million per year.3
● Increase Sales. DaimlerChrysler and many other auto manufacturers set their suggested retail and wholesale prices for the year, then adjust pricing through seasonal incentives based on the impact of supply and demand. DaimlerChrysler implemented a price-elasticity model to
business intelligence (BI): A wide range of applications, practices, and technologies for the extraction, transformation, integration, visualiza- tion, analysis, interpretation, and presentation of data to support improved decision making.
CHAPTER 6 • Business Intelligence and Analytics 273
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
optimize the company’s pricing decisions. The system enables managers to evaluate many potential incentives for each combination of vehicle model (e.g., Jeep Grand Cherokee), acquisition method (cash, finance, or lease), and incentive program (cash back, promotional APR, and a combination of cash back and promotional APR). The firm estimates that use of the system has generated additional annual sales of $500 million.4
● Optimize operations. Chevron is one of the world’s leading integrated energy companies. Its refineries work with crude oil that is used to make a wide range of oil products, including gasoline, jet fuel, diesel fuel, lubricants, and specialty products such as additives. With market prices of crude oil and its various products constantly changing, determining which products to refine at a given time is quite complex. Chevron uses an analytical system called Petro to aid analysts in advising the refineries and oil traders on the mix of products to produce, buy, and sell in order to maximize profit.5
● Reduce costs. Coca-Cola Enterprises is the world’s largest bottler and distributor of Coca Cola products. Its delivery fleet of 54,000 trucks is second in size to only to the U.S. Postal Service. Using analytics software, the firm implemented a vehicle-routing optimization system that resulted in savings of $45 million a year from reduced gas consumption and reduction in the number of drivers required.6
The Role of a Data Scientist Data scientists are individuals who combine strong business acumen, a deep understanding of analytics, and a healthy appreciation of the limitations of their data, tools, and techniques to deliver real improvements in decision mak- ing. Data scientists do not simply collect and report on data; they view a situa- tion from many angles, determine what data and tools can help further an understanding of the situation, and then apply the appropriate data and tools. They often work in a team setting with business managers and specialists from the business area being studied, market research and financial analysts, data stewards, information system resources, and experts highly knowledgeable about the company’s competitors, markets, products, and services. The goal of the data scientist is to uncover valuable insights that will influence organiza- tional decisions and help the organization to achieve competitive advantage.
Data scientists are highly inquisitive, continually asking questions, performing “what-if” analyses, and challenging assumptions and existing processes. Successful data scientists have an ability to communicate their find- ings to organizational leaders so convincingly that they are able to strongly influence how an organization approaches a business opportunity.
The educational requirements for being a data scientist are quite rigorous—requiring a mastery of statistics, math, and computer programming. Most data scientist positions require an advanced degree, such as a master’s degree or a doctorate. Some organizations accept data scientists with under- graduate degrees in an analytical concentration, such as computer science, math and statistics, management information systems, economics, and engi- neering. Colorado Technical University, Syracuse University, and Villanova University are among the many schools that offer online master degree pro- grams related to BI and analytics.
Many schools also offer career-focused courses, degrees, and certificates in analytical-related disciplines such as database management, predictive ana- lytics, BI, big data analysis, and data mining. Such courses provide a great way for current business and information systems professionals to learn data scientist skills. Most data scientists have computer programming skills and are familiar with languages and tools used to process big data, such as Hadoop, Hive, SQL, Python, R, and Java.
274 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
The job outlook for data scientists is extremely bright. The McKinsey Global Institute (the business and economics research arm of the management consulting firm McKinsey & Co.) predicts that by 2018 the United States may face a shortage of 140,000 to 190,000 data scientists.7 The recruitment agency Glassdoor pegs the average salary for a data scientist at $118,709, and highly talented, educated, and experienced data scientists can earn well over $250,000 per year.
Components Required for Effective BI and Analytics A number of components must be in place for an organization to get real value from its BI and analytics efforts. First and foremost is the existence of a solid data management program, including data governance. Data manage- ment is an integrated set of functions that defines the processes by which data is obtained, certified fit for use, stored, secured, and processed in such a way as to ensure that the accessibility, reliability, and timeliness of the data meet the needs of the data users within an organization. Data governance is the core component of data management; it defines the roles, responsibilities, and processes for ensuring that data can be trusted and used by the entire organization, with people identified and in place who are responsible for fix- ing and preventing issues with data.
Another key component that an organization needs is creative data scientists—people who understand the business as well as the business ana- lytics technology, while also recognizing the limitations of their data, tools, and techniques. A data scientist puts all of this together to deliver real improvements in decision making with an organization.
Finally, to ensure the success of a BI and analytics program, the manage- ment team within an organization must have a strong commitment to data- driven decision making. Organizations that can put the necessary components in place can act quickly to make superior decisions in uncertain and changing environments to gain a strong competitive advantage.
Argosy Gaming Argosy Gaming Company is the owner and operator of six riverboat gambling casinos and hotels in the United States. Argosy has developed a centralized enter- prise data warehouse to capture the data generated at each property. As part of this effort, Argosy selected an extract-transform-load (ETL) tool to gather and inte- grate the data from six different operational databases to create its data ware- house. The plan is to use the data to help Argosy management make quicker, well-informed decisions based on patrons’ behaviors, purchases, and preferences. Argosy hopes to pack more entertainment value into each patron’s visit by better understanding their gambling preferences and favorite services. The data will also be used to develop targeted direct mail campaigns, customize offers for specific customer segments, and adapt programs for individual casinos.8
Review Questions 1. What are the key components that Argosy must put into place to create an
environment for a successful BI and analytics program? 2. What complications can arise from gathering data from six different opera-
tional databases covering six riverboat gambling casinos and hotels?
Critical Thinking Questions 1. The Argosy BI and analytics program is aimed at boosting revenue not at
reducing costs. Why do you think this is so? 2. What specific actions must Argosy take to have a successful program that will
boost revenue and offset some of the increases in costs?
CHAPTER 6 • Business Intelligence and Analytics 275
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Business Intelligence and Analytics Tools
This section introduces and provides examples of many BI and analytics tools, including spreadsheets, reporting and querying tools, data visualization tools, online analytical processing (OLAP), drill-down analysis, linear regression, data mining, and dashboards. It will also cover the strategy of self-service ana- lytics, presenting its pros and cons.
Spreadsheets Business managers often import data into a spreadsheet program, such as Excel, which then can be used to perform operations on the data based on formulas created by the end user. Spreadsheets are also used to create reports and graphs based on that data. End users can employ tools such as the Excel Scenario Manager to perform “what-if” analysis to evaluate various alterna- tives. The Excel Solver Add-in can be used to find the optimal solution to a problem with multiple constraints (e.g., determine a production plan that will maximize profit subject to certain limitations on raw materials).
North Tees and Hartlepool National Health Services Trust provides health- care services and screenings to a population of 400,000 people in the United Kingdom. Professor Philip Dean, head of the Department of Pharmacy and Quality Control Laboratory Services, wanted a way to better understand the clinical use of drugs, the efficacy of treatment, and the associated costs. Dean worked with resources from Ascribe, a BI software and consulting firm, to pilot the use of Microsoft Power BI for Office 365, part of the Microsoft Office 365 cloud-based business productivity suite that works through familiar Excel spreadsheet software (see Figure 6.1). Ascribe developers took an extract of North Tees’s data and imported it into a Power BI model. They then incorpo- rated other data sets of interest to Dean and his colleagues, such as publicly available data on the activity of general practitioners, weather data, and
Sharepoint Distribute
and interact
Power Pivot Link and calculate
Data sources
Excel Analyze, design
and present
Power Map Visualize
Power View Visualize
Greatest sales opportunties
Power Query Extract and transform
T ri ff /S h u tt e rs to ck .c o m
FIGURE 6.1 Components of Microsoft Power BI for Office 365 Microsoft Power BI has been used to better understand the clinical use of drugs, the efficacy of treatment, and the associ- ated costs.
Source: Access Analytics, Power BI for Business, Power Analytics, http://www.accessanalytic.com.au/Power-BI.html.
276 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
treatment data. With all of this new data integrated in the Power BI model, Dean was able to create graphs of his findings, visualize data on regional maps, and even zoom in and around the data to gain various levels of insight. According to Dean, the ability to link disparate data sets for an integrated analysis was “one of the ‘wow’ things” that impressed him most in his use of BI tools. Incorporating additional, external data sets into his analyses comple- mented and helped explain trends, as well as provided useful benchmarks. Use of the weather data helped identify the impact of inclement weather on the frequency of respiratory disease. The treatment data helped Dean and his team to understand which drugs were being prescribed and how prescription patterns varied by locality.9
Reporting and Querying Tools Most organizations have invested in some reporting tools to help their employ- ees get the data they need to solve a problem or identify an opportunity. Reporting and querying tools can present that data in an easy-to-understand fashion—via formatted data, graphs, and charts. Many of the reporting and que- rying tools enable end users to make their own data requests and format the results without the need for additional help from the IT organization.
FFF Enterprises is a supplier of critical-care biopharmaceuticals, plasma products, and vaccines. Its 46,000 customers include over 80 percent of U.S. hospitals.10 The company employs the QlikView query and reporting tool to provide employees with real-time access to data that affects its business and the timely delivery of safe, effective products and services. For example, the company is the largest flu vaccine distributor in the United States, and accu- rately tracking its vaccine shipments is critical to avoiding shortages. As part of those efforts, FFF Enterprises uses QlikView to track and monitor the volume and value of all product transactions, such as the receipt, internal movement, and distribution of products.11
Data Visualization Tools Data visualization is the presentation of data in a pictorial or graphical format. The human brain works such that most people are better able to see significant trends, patterns, and relationships in data that is presented in a graphical format rather than in tabular reports and spreadsheets. As a result, decision makers welcome data visualization software that presents analytical results visually. In addition, representing data in visual form is a recognized technique to bring immediate impact to dull and boring numbers. A wide array of tools and techniques are available for creating visual representations that can immediately reveal otherwise difficult-to-perceive patterns or relation- ships in the underlying data.
Many companies now troll Facebook, Google Plus+, LinkedIn, Pinterest, Tumblr, Twitter, and other social media feeds to monitor any mention of their company or product. Data visualization tools can take that raw data and immediately provide a rich visual that reveals precisely who is talking about the product and what they are saying. Techniques as simple and intuitive as a word cloud can provide a surprisingly effective visual summary of conversa- tions, reviews, and user feedback about a new product. A word cloud is a visual depiction of a set of words that have been grouped together because of the frequency of their occurrence. Word clouds are generated from analy- ses of text documents or a Web page. Using the text from these sources, a simple count is carried out on the number of times a word or phrase appears. Words or phrases that have been mentioned more often than other words or phrases are shown in a larger font size and/or a darker color, as shown in Figure 6.2. ABCya, Image Chef, TagCloud, ToCloud, and ToCloud, Tagul, and Wordle are examples of word cloud generator software.
Data visualization: The presenta- tion of data in a pictorial or graphical format.
word cloud: A visual depiction of a set of words that have been grouped together because of the frequency of their occurrence.
CHAPTER 6 • Business Intelligence and Analytics 277
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
A conversion funnel is a graphical representation that summarizes the steps a consumer takes in making the decision to buy your product and become a customer. It provides a visual representation of the conversion data between each step and enables decision makers to see what steps are causing customers confusion or trouble. Figure 6.3 shows a conversion funnel for an online sales organization. It shows where visitors to a Web site are dropping off the successful sales path.
FIGURE 6.2 Word cloud This word cloud shows the topics covered in this chapter.
FIGURE 6.3 The conversion funnel The conversion funnel shows the key steps in converting a consumer to a buyer.
Web site visits 100%
Visit Visit Visit Visit
Visit
Product views 73%
Cart additions 23%
Checkouts 11%
Purchases 3%
conversion funnel: A graphical representation that summarizes the steps a consumer takes in making the decision to buy your product and become a customer.
m in ds ca nn er /S hu tt er st oc k. co m
278 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Technologia is a business training firm that has trained over 70,000 clients in dozens of technical topics, such as project management, SQL, and Microsoft Windows. One Technologia course can cost $1,000 or more, so most potential customers do careful detailed research and make multiple visits to the com- pany’s Web site before enrolling in a course. Technologia used Multi-Channel Funnels from Google Analytics to determine what factors had the most impact in influencing students to enroll. For the first time, Technologia learned that nearly 18 percent of its sales paths included paid advertising—much higher than previously thought. As a result, it raised its online ad budget by nearly 100 percent, and online conversions shot up 120 percent.12
Dozens of data visualization software products are available for creating various charts, graphs, infographics, and data maps (see Figure 6.4). Some of the more commonly products include Google Charts, iCharts, Infogram, Modest Maps, SAS Visual Statistics, and Tableau. These tools make it easy to visually explore data on the fly, spot patterns, and quickly gain insights.
Online Analytical Processing Online analytical processing (OLAP) is a method to analyze multidimen- sional data from many different perspectives. It enables users to identify issues and opportunities as well as perform trend analysis. Databases built to support OLAP processing consist of data cubes that contain numeric facts called measures, which are categorized by dimensions, such as time and geog- raphy. A simple example would be a data cube that contains the unit sales of a specific product as a measure. This value would be displayed along the metric dimension axis shown in Figure 6.5. The time dimension might be a specific day (e.g., September 30, 2018), whereas the geography dimension might define a specific store (e.g., Krogers in the Cincinnati, Ohio community of Hyde Park).
The key to the quick responsiveness of OLAP processing is the preaggre- gation of detailed data into useful data summaries in anticipation of questions that might be raised. For example, data cubes can be built to summarize unit sales of a specific item on a specific day for a specific store. In addition, the detailed store-level data may be summarized to create data cubes that show
FIGURE 6.4 Data visualization This scatter diagram shows the relationship between MSRP and horsepower. Source: “Data Visualization," SAS, http:// www.sas.com/en_us/insights/big-data/data -visualization.html#m=lightbox5, accessed April 19, 2016.
online analytical processing (OLAP): A method to analyze multidi- mensional data from many different perspectives, enabling users to identify issues and opportunities as well as perform trend analysis.
data cube: A collection of data that contains numeric facts called mea- sures, which are categorized by dimensions, such as time and geography.
CHAPTER 6 • Business Intelligence and Analytics 279
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
unit sales for a specific item, on a specific day for all stores within each major market (e.g., Boston, New York, Phoenix), for all stores within the United States, or for all stores within North America. In a similar fashion, data cubes can be built in anticipation of queries seeking information on unit sales on a given day, week, month, or fiscal quarter.
It is important to note that if the data within a data cube has been sum- marized at a given level, for example, unit sales by day by store, it is not pos- sible to use that data cube to answer questions at a more detailed level, such as what were the unit sales of this item by hour on a given day.
Data cubes need not be restricted to just three dimensions. Indeed, most OLAP systems can build data cubes with many more dimensions. In the busi- ness world, data cubes are often constructed with many dimensions, but users typically look at just three at a time. For example, a consumer packaged goods manufacturer might build a multidimensional data cube with information about unit sales, shelf space, unit price, promotion price, and level of newspaper advertising—all for a specific product, on a specific date, in a specific store.
In the retail industry, OLAP is used to help firms to predict customer demand and maximize sales. Starbucks employs some 149,000 workers in 10,000 retail stores in the United States. The firm built a data warehouse to hold 70 terabytes of point-of-sale and customer loyalty data. This data is com- pressed into data cubes of summarized data to enable users to perform OLAP analysis of store-level sales and operational data.13
Drill-Down Analysis The small things in plans and schemes that don’t go as expected can frequently cause serious problems later on—the devil is in the details. Drill-down analysis is a powerful tool that enables decision makers to gain insight into the details of business data to better understand why something happened.
Drill-down analysis involves the interactive examination of high-level summary data in increasing detail to gain insight into certain elements—sort of like slowly peeling off the layers of an onion. For example, in reviewing the worldwide sales for the past quarter, the vice president of sales might want to drill down to view the sales for each country. Further drilling could be done to view the sales for a specific country (say Germany) for the last quarter. A third level of drill-down analysis could be done to see the sales for a specific country for a specific month of the quarter (e.g., Germany for the month of September). A fourth level of analysis could be accomplished by drilling down to sales by product line for a particular country by month (e.g., each product line sold in Germany for the month of September).
FIGURE 6.5 A data cube The data cube contains numeric facts that are categorized by dimensions, such as time and geography.
Time dimension
Geography dimension
Metric dimension
drill-down analysis: The interactive examination of high-level summary data in increasing detail to gain insight into certain elements—sort of like slowly peeling off the layers of an onion.
280 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Brisbane is a city on the east coast of Australia that is subject to frequent creek flash flooding from the many streams in the area. One year, particularly heavy rainfall caused many houses to be flooded, brought down power lines, closed roads, and put the city into a state of emergency. Following this disaster, the city installed telemetry gauges across Brisbane to obtain real-time measure- ments of rainfall and water levels. The data is captured and displayed on color- coded maps, which enable staff to quickly spot areas of concern. They can also perform a drill-down analysis to see increasing levels of detail within any critical area. The system enables staff to provide more advanced warnings to the popu- lation of impending flooding and take action to close roads or clean up debris.14
Linear Regression Simple linear regression is a mathematical technique for predicting the value of a dependent variable based on a single independent variable and the linear relationship between the two. Linear regression consists of finding the best- fitting straight line through a set of observations of the dependent and indepen- dent variables. By far, the most commonly used measure for the best-fitting line is the line that minimizes the sum of the squared errors of prediction. This best- fitting line is called the regression line (see Figure 6.6). Linear regression does not mean that one variable causes the other; it simply says that when one value goes up, the other variable also increases or decreases proportionally.
The regression line can be written as Y ¼ a þ bX þ ". In this equation, the following are true:
● X is the value of the independent variable that is observed ● Y is the value of the dependent variable that is being predicted ● a is the value of Y when X is zero, or the Y intercept ● b is the slope of the regression line ● " is the error in predicting the value of Y, given a value of X
The following key assumptions must be satisfied when using linear regression on a set of data:
● A linear relationship between the independent (X) and dependent (Y) variables must exist.
● Errors in the prediction of the value of Y are distributed in a manner that approaches the normal distribution curve.
● Errors in the prediction of the value of Y are all independent of one another.
FIGURE 6.6 Simple linear regression This graph shows a linear regression that predicts students’ final exam scores based on their math aptitude test score.
100
160
140
120
S co
re o
n st
an da
rd a
ch ie
ve m
en t
te st
Score on math aptitude test
100
80
60
40
20
0 806040200
Best fit linear regression line
linear regression: A mathematical procedure to predict the value of a dependent variable based on a single independent variable and the linear relationship between the two.
CHAPTER 6 • Business Intelligence and Analytics 281
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
A number of advanced statistical tests can be used to examine whether or not these assumptions are true for a given set of data and the resulting linear regression equation. For example, the coefficient of determination, denoted r² (and pronounced r squared) is a number that indicates how well data fit a sta- tistical model—sometimes simply a line or a curve. An r² of 1 indicates that the regression line perfectly fits the data, whereas an r² of 0 indicates that the line does not fit the data at all. An r² of 0.92 means that 92 percent of the total variation in Y can be explained by the linear relationship between X and Y as described by the regression equation. The other 8 percent of total variation in Y remains unexplained. A data scientist would always perform several tests to determine the validity of a linear regression to understand how well the model matches to actual data.
Data Mining Data mining is a BI analytics tool used to explore large amounts of data for hidden patterns to predict future trends and behaviors for use in decision making. Used appropriately, data mining tools enable organizations to make predictions about what will happen so that managers can be proactive in capitalizing on opportunities and avoiding potential problems.
Among the three most commonly used data mining techniques are associ- ation analysis (a specialized set of algorithms sorts through data and forms statistical rules about relationships among the items), neural computing (historical data is examined for patterns that are then used to make predic- tions), and case-based reasoning (historical if-then-else cases are used to recognize patterns).
The Cross-Industry Process for Data Mining (CRISP-DM) is a six-phase structured approach for the planning and execution of a data mining project (see Figure 6.7). It is a robust and well-proven methodology, and although it was first conceived in 1999, it remains the most widely used methodology for data mining projects.15 The goals for each step of the process are summarized in Table 6.1.
FIGURE 6.7 The Cross-Industry Process for Data Mining (CRISP-DM) CRISP-DM provides a structured approach for planning and execut- ing a data mining project. Source: Piatetsky, Gregory, “CRISP-DM, Still the Top Methodology for Analytics, Data Mining, or Data Science Projects,” KDNug- gets, October 28, 2014, www.kdnuggets .com/2014/10/crisp-dm-top-methodology -analytics-data-mining-data-science-pro jects.html.
Data preparation
Evaluation
Deployment
Database
Modeling
Business understanding
Data understanding
data mining: A BI analytics tool used to explore large amounts of data for hidden patterns to predict future trends and behaviors for use in decision making.
Cross-Industry Process for Data Mining (CRISP-DM): A six-phase structured approach for the planning and execution of a data mining project.
282 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Here are a few examples showing how data mining can be used:
● Based on past responses to promotional mailings, identify those consu- mers most likely to take advantage of future mailings.
● Examine retail sales data to identify seemingly unrelated products that are frequently purchased together.
● Monitor credit card transactions to identify likely fraudulent requests for authorization.
● Use hotel booking data to adjust room rates so as to maximize revenue. ● Analyze demographic data and behavior data about potential customers to
identify those who would be the most profitable customers to recruit. ● Study demographic data and the characteristics of an organization’s most
valuable employees to help focus future recruiting efforts. ● Recognize how changes in an individual’s DNA sequence affect the risk of
developing common diseases such as Alzheimer’s or cancer.
The average production cost of a Hollywood movie in 2007 was $106 million, with an additional $36 million spent on marketing of the film. With that kind of money being spent, potential investors need to have a good sense of what films will earn a profit and which ones won’t. Researchers from the University of Iowa took data from two online sources (the Internet Movie Database and Box Office Mojo) to build a database of over 14,000 films and 4,000 actors and directors from films released between 2000 and 2010. They calculated return on investment for each film to get an estimate of its profit- ability. The researchers then used a data mining algorithm to discover pat- terns that predict movie profitability. Using the algorithm, the researchers discovered that the factor most strongly correlated with a film’s profitability is the average gross revenue made by the director’s previous films—directors who have generated more revenue in the past are correlated with greater profitability in future. Somewhat surprisingly, while big stars boost box office receipts, they don’t guarantee a profit, because they cost a lot to hire in the first place and they are often involved in higher budget films that require more revenue to generate a profit.16
Dashboards Measures are metrics that track progress in executing chosen strategies to attain organizational objectives and goals. These metrics are also called key performance indicators (KPIs) and consist of a direction, measure, target, and time frame. To enable comparisons over different time periods, it is also important to define the KPIs and to use the same definition from year to
TABLE 6.1 Goals for each phase of CRISP-DM Phase Goal
Business understanding ● Clarify the business goals for the data mining project, convert the goals into a predictive analysis problem, and design a project plan to accomplish these objectives.
Data understanding ● Gather data to be used (may involve multiple sources), become familiar with the data, and identify any data quality problems (lack of data, missing data, data needs adjust- ment, etc.) that must be addressed.
Data preparation ● Select a subset of data to be used, clean data to address quality issues, and transform data into form suitable for analysis.
Modeling ● Apply selected modeling techniques.
Evaluation ● Assess if the model achieves business goals.
Deployment ● Deploy the model into the organization’s decision-making process.
Source: Leaper, Nicole, “A Visual Guide to CRISP-DM Methodology,” https://exde.files.wordpress.com/2009/03/crisp_visualguide.pdf, accessed January 20, 2016.
key performance indicator (KPI): A metric that tracks progress in executing chosen strate- gies to attain organizational objectives and goals and consists of a direction, measure, target, and time frame.
CHAPTER 6 • Business Intelligence and Analytics 283
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
year. Over time, some existing KPIs may be dropped and new ones added as the organization changes its objectives and goals. Obviously, just as different organizations have different goals, various organizations will have different KPIs. The following are examples of well-defined KPIs:
● For a university. Increase (direction) the five-year graduation rate for incoming freshman (measure) to at least 80 percent (target) starting with the graduating class of 2022 (time frame).
● For a customer service department. Increase (direction) the number of customer phone calls answered within the first four rings (measure) to at least 90 percent (target) within the next three months (time frame).
● For an HR organization. Reduce (direction) the number of voluntary resignations and terminations for performance (measure) to 6 percent or less (target) for the 2018 fiscal year and subsequent years (time frame).
A dashboard presents a set of KPIs about the state of a process at a spe- cific point in time. Dashboards provide rapid access to information, in an easy-to-interpret and concise manner, which helps organizations run more effectively and efficiently.
Options for displaying results in a dashboard can include maps, gauges, bar charts, trend lines, scatter diagrams, and other representations, as shown in Figures 6.8 and Figure 6.9. Often items are color coded (e.g., red ¼ problem; yellow ¼ warning; and green ¼ OK) so that users can see at a glance where attention is needed. Many dashboards are designed in such a manner that users can click on a section of the chart displaying data in one format and drill down into the data to gain insight into more specific areas. For example, Figure 6.9 represents the results of drilling down on the sales region of Figure 6.8.
Dashboards provide users at every level of the organization the informa- tion they need to make improved decisions. Operational dashboards can be designed to draw data in real time from various sources, including corpo- rate databases and spreadsheets, so decision makers can make use of up-to-the-minute data.
FIGURE 6.8 Category management dashboard for total U.S. region This dashboard summarizes a number of sales measures.
Source: www.microstrategy.com/us/analytics/technology.
dashboard: A presentation of a set of KPIs about the state of a process at a specific point in time.
284 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Widely used BI software comes from many different vendors, including Hewlett Packard, IBM, Information Builders, Microsoft, Oracle, and SAP, as shown in Table 6.2. Vendors such as JasperSoft and Pentaho also provide open-source BI software, which is appealing to some organizations.
Self-Service Analytics Self-service analytics includes training, techniques, and processes that empower end users to work independently to access data from approved sources to perform their own analyses using an endorsed set of tools. In the past, such data analysis could only be performed by data scientists. Self- service analytics encourages nontechnical end users to make decisions based on facts and analyses rather than intuition. Using a self-service analytics appli- cation, end users can gather insights, analyze trends, uncover opportunities and issues, and accelerate decision making by rapidly creating reports, charts, dashboards, and documents from any combination of enterprise information assets. Self-service analytics eliminates decision-making delays that can arise if all requests for data analyses must be made through a limited number of data scientists and/or information system resources. It also frees up these resources to do higher-level analytics work. Ideally, self-service analytics will lead to faster and better decision making.
An organization can take several actions to ensure an effective self-service analytics program. First, to mitigate the risks associated with self-service ana- lytics, data managers should work with business units to determine key metrics, an agreed-upon vocabulary, processes for creating and publishing reports, the privileges required to access confidential data, and how to define and implement security and privacy policies. The information systems organi- zation should help users understand what data is available and recommended for business analytics. One approach to accomplishing this is to provide a data dictionary for use by end users. Training, on both the data and on the use of self-service applications, is critical for getting end workers up to speed
FIGURE 6.9 Category management dashboard for Northwest region This dashboard summarizes a number of revenue measures.
Source: www.microstrategy.com/us/analytics/technology.
self-service analytics: Training, techniques, and processes that empower end users to work indepen- dently to access data from approved sources to perform their own analyses using an endorsed set of tools.
CHAPTER 6 • Business Intelligence and Analytics 285
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
on how they can use the information in the BI system. Finally, data privacy and security measures should be in place to ensure that the use of the data meets legal, compliance, and regulatory requirements.
A well-managed self-service analytics program allows technology profes- sionals to retain ultimate data control and governance while limiting informa- tion systems staff involvement in routine tasks. Modern data management requires a true balancing act between enabling self-service analysis and pro- tecting sensitive business information, as shown in Figure 6.10.
Table 6.3 presents the pros and cons associated with self-service BI and analytics.
For self-service analytics tools to be effective, they must be intuitive and easy to use. Business users simply don’t have the time to learn how to work with complex tools or sophisticated interfaces. A self-service analytics applica- tion will only be embraced by end users if it allows them to easily access their own customized information, without extensive training. Microstrategy, Power BI, Qlik, SAS Analytics, Tableau, and TIBCO Software are just a few examples of the dozens of software options available for self-service analytics.
Expert Storybooks, a cloud-based, self-service analytics service from IBM’s Watson Analytics line, provides data analysis models that offer connections to a range of data sources, along with secure connections to corporate data. Expert Storybooks are tools for creating sophisticated data visualizations to help users find relevant facts and discover patterns and relationships to make predictive decisions. There are several Expert Storybooks available, including
TABLE 6.2 Widely used BI software Vendor Product Description
HP Autonomy IDOL17 Enables organizations to process unstructured as well as structured data; the software can examine the intricate relationships between data to answer the crucial question “Why has this happened?”
IBM Cognos Business Intelligence18
Turns data into past, present, and future views of an organization’s operations and performance so decision makers can identify opportunities and minimize risks; snapshots of business performance are provided in reports and inde- pendently assembled dashboards.
Information Builders
WebFOCUS19 Produces dashboards and scorecards to display a high-level view of critical indicators and metrics; the software enables users to analyze and manipulate information, with minimal training. It also supports dynamic report distribu- tion, with real-time alerts, and fully automates the scheduling and delivery of vital information.
Microsoft Power BI for Office 36520
Allows users to model and analyze data and query large data sets with pow- erful natural-language queries; it also allows users to easily visualize data in Excel.
Oracle Business Intelligence21
Offers a collection of enterprise BI technology and applications; tools includ- ing an integrated array of query, reporting, analysis, mobile analytics, data integration and management, desktop integration, and financial performance management applications; operational BI applications; and data warehousing.
Oracle Hyperion22 Provides software modules to enable financial management; modules include those for budgeting, planning, and forecasting; financial reporting; database management; financial consolidation; treasury management; and analytics.
SAS Enterprise BI Server23 Provides software modules to support query and analysis, perform OLAP processing, and create customizable dashboards; the software integrates with Microsoft Office.
SAP Business Objects24 Offers a suite of applications that enable users to design and generate reports, create interactive dashboards that contain charts and graphs for visualizing data, and create ad hoc queries and analysis of data; it also allows users to search through BI data sources.
286 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
one that uses baseball statistics from AriBall to build predictions of player per- formance, enabling users to gain an edge over their fantasy baseball competi- tors. A variety of other Storybooks help end users incorporate weather data into revenue analysis; analyze social data to measure reputational risk; analyze marketing campaign data; identify and analyze trends in customer profitability; analyze market trends for investment strategy; and examine relationships among pay, performance, and credit risk.25
Fire Department Turns to BI Analytics New York City has nearly 1 million buildings, and each year, more than 3,000 of them experience a major fire. The Fire Department of the City of New York (FDNY) is adding BI analytics to its arsenal of firefighting equipment. It has created a database of over 60 different factors (e.g., building location, age of the building, whether it has electrical issues, the number and location of sprinklers) in an attempt to determine which buildings are more likely to have a fire than others. The values of these parameters for each building are fed into a BI analytics system
TABLE 6.3 Pros and cons associated with self-service BI and analytics Pros Cons
Gets valuable data into the hands of the people who need it the most—end users.
If not well managed, it can create the risk of erroneous analysis and reporting, leading to potentially damaging decisions within an organization.
Encourages nontechnical end users to make decisions based on facts and analyses rather than intuition.
Different analyses can yield inconsistent conclusions, resulting in wasted time trying to explain the differences. Self-service analytics can also result in proliferating “data islands,” with duplications of time and money spent on analyses.
Accelerates and improves decision making. Can lead to over spending on unapproved data sources and business analytics tools.
Business people can access and use the data they need for decision making, without having to go to technology experts each time they have a new question, thus filling the gap caused by a shortage of trained data scientists.
Can exacerbate problems by removing the checks and balances on data preparation and use. Without strong data governance, organizations can end up with lots of silos of information, bad analysis, and extra costs.
FIGURE 6.10 Importance of data management Modern data management requires a true balancing act between enabling self-service analysis and protecting sensitive business information.
Self-service analytics
Protecting sensitive business information
CHAPTER 6 • Business Intelligence and Analytics 287
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
that assigns each of the city’s 330,000 inspectable buildings a risk score. (FDNY doesn’t inspect single and two-family homes.) Fire inspectors then use these risk scores to prioritize which buildings to visit on their weekly inspections.26
Review Questions 1. What kinds of BI analytics tools and techniques is the FDNY likely to use in
sifting through all this data and determining a building’s risk score? 2. Identify three other parameters that ought to be taken into consideration
when setting priorities for building inspections.
Critical Thinking Questions 1. While making investments in BI analytics seems like a good idea, FDNY is
strongly challenged in measuring its success. Officials may be able to cite sta- tistics showing a reduction in the number of fires, but demonstrating that BI analytics tools were the reason behind that decrease may be difficult because it involves proving a negative—that something didn’t happen because of its efforts. Go to the FDNY citywide statistics Web site at www.nyc.gov/html /fdny/html/stats/citywide.shtml. Use those statistics and a data visualization tool of your choice to see if you can discern any change in the number of fires since the BI analytics system was installed in 2014.
2. Can you identify other approaches that would be effective in demonstrating the value of BI analytics in reducing the impact of fires in New York City?
Summary
Principle: The goal of business intelligence (BI) and analytics is to support improved decision making.
Business intelligence (BI) includes a wide range of applications, practices, and technologies for the extraction, transformation, integration, visualization, analysis, and presentation of data to support improved decision making.
Business analytics is the extensive use of data and quantitative analysis to support fact-based decision making within organizations.
A data scientist is an individual who combines strong business acumen, a deep understanding of analytics, and a healthy appreciation of the limitations of their data, tools, and techniques to deliver real improvements in decision making. The educational requirements for a data scientist are quite rigorous, and the job outlook for this profession is extremely good.
A number of components must be in place for an organization to get real value from its BI and analytics efforts: a solid data management program (including a strong data governance element), creative data scientists, and a strong organizational commitment to data-driven decision making.
Principle: There are many BI and analytics techniques and tools that can be used in a wide range of problem-solving situations.
Spreadsheets, reporting and querying tools, data visualization, online ana- lytical processing (OLAP), drill-down analysis, linear regression, data mining, and dashboards are examples of commonly used BI tools.
Business managers and end users often turn to spreadsheets to create use- ful reports and graphs, as well as to employ “what-if” analyses and find the optimal solution to a problem with multiple constraints.
288 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Reporting and querying tools can present data in an easy-to-understand fashion—via formatted data, graphs, and charts. Many of the reporting and querying tools enable end users to make their own data requests and format the results without the need for additional help from the IT organization.
Data visualization is the presentation of data in a pictorial or graphical format. A wide array of tools and techniques are available for creating visual representations that can immediately reveal otherwise difficult-to-perceive pat- terns or relationships in the underlying data.
Online analytical processing (OLAP) is a method to analyze multidimen- sional data (data cubes) from many different perspectives. Databases built to support OLAP processing consist of data cubes that contain numeric facts called measures, which are categorized by dimensions, such as time and geography.
Drill-down analysis involves the interactive examination of high-level sum- mary data in increasing detail to gain insight into certain elements.
Simple linear regression is a mathematical procedure technique for predict- ing the value of a dependent variable based on a single independent variable and the linear relationship between the two.
Data mining is a BI analytics tools used to explore large amounts of data for hidden patterns to predict future trends and behaviors for use in decision mak- ing. The Cross-Industry Process for Data Mining (CRISP-DM) is a six-phase structured approach used for the planning and execution of a data mining project.
A dashboard presents a set of KPIs about the state of a process at a specific point in time. Dashboards provide rapid access to information, in an easy- to-interpret and concise manner, which helps organizations run more effec- tively and efficiently.
Self-service analytics includes training, techniques, and processes that empower end users to work independently to access data from approved sources to perform their own analyses using an endorsed set of tools. Self- service analytics empowers end users to work independently. A number of measures must be in place to ensure an effective self-serve analytics program and to reduce the risk of invalid analyses leading to poor decisions.
Key Terms
business intelligence (BI)
conversion funnel
Cross-Industry Process for Data Mining (CRISP-DM)
dashboard
data cube
data mining
data visualization
drill-down analysis
key performance indicator (KPI)
linear regression
online analytical processing (OLAP)
self-service analytics
word cloud
Chapter 6: Self-Assessment Test
The goal of business intelligence (BI) is to support improved decision making.
1. Which of the following statements is not true? a. The data used in BI is often pulled from mul-
tiple sources—both internal and external to the organization.
b. Users may access the data and BI applications via the Web or through organizational intra- nets and extranets—often using mobile devices, such as smartphones and tablets.
c. The data used in BI applications can come from data warehouses, data marts, and data lakes.
CHAPTER 6 • Business Intelligence and Analytics 289
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
d. BI is strictly the realm of data scientists; end users and business managers should be dis- couraged from using these tools and techniques.
2. An individual who combines strong business acumen, a deep understanding of analytics, and healthy appreciation of their data, tools, and techniques to deliver real improvements in deci- sion making is called a _____________. a. data steward b. database administrator c. data scientist d. database manager
3. Which of the following is not an essential component for a highly effective BI program? a. Creative data scientists b. Strong data management program c. Strong management commitment to
data-driven decision making d. The most current and powerful BI and
analytics tools and software 4. Most data scientists have computer programming
skills and are familiar with languages and tools used to process big data, such as: a. Hadoop, Hive, R b. Python, R, and Assembly c. Visual Basic, Java, and Cobol d. PL/1, Hadoop, PHP
Principle: There are many business intelligence (BI) and analytics techniques and tools that can be used in a wide range of problem-solving situations.
5. ____________ is a BI analytics tool that involves the interactive examination of high-level sum- mary data in increasing detail to gain insight. a. OLAP b. Drill-down analysis c. Linear regression d. Dashboard
6. A(n) _______________________ is a measure that tracks progress in executing chosen strategies to attain organizational objectives and goals.
7. Self-service analytics encourages nontechnical end users to make decisions based on facts and analyses rather than intuition. True or False?
8. __________ is a BI analytics tool used to explore large amounts of data for hidden patterns to pre- dict future trends and behaviors for use in deci- sion making. a. Linear regression b. Data mining c. OLAP d. Data visualization
9. A(n) ________________________ is a graphical representation that summarizes the steps a con- sumer takes in making the decision to buy your product and become a customer.
Chapter 6: Self-Assessment Test Answers
1. d 2. c 3. d 4. a 5. b
6. key performance indicator (KPI) 7. True 8. b 9. conversion funnel
Review Questions
1. Provide a definition of business intelligence (BI). 2. Provide a definition of business analytics. 3. Identify and briefly discuss several benefits that
can be gained through the use of BI and analytics.
4. Describe the role of a data scientist. What educa- tion and training are required of data scientists?
5. What is online analytical processing (OLAP), and how is it used?
6. What is a data cube? Define three data dimen- sions of a data cube that might be used to analyze sales by product line.
7. What is drill-down analysis and how is it used?
8. What is linear regression? Identify two variables that have a strong linear relationship.
9. What is r2, and how is it used to evaluate how well data fits a linear regression model?
10. What is data mining? Identify three commonly used data mining techniques.
11. What are key performance indicators (KPIs)? Identify three KPIs that might be used in a doc- tor’s or dentist’s office to measure the patient office visit experience.
12. What is meant by self-service analytics? Identify some of the pros and cons of self-service analytics.
290 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Discussion Questions
1. Identify and briefly discuss the components that must be in place for an organization to gain real value from its BI and analytics efforts.
2. How would you define BI? Identify and briefly discuss a real-world application of BI that you recently experienced.
3. Imagine that you are the sales manager of a large luxury auto dealer. What sort of data would be useful to you in order to contact potential new car customers and invite them to visit your dealership? Where might you get such data? What sort of BI tools might you need to make sense of this data?
4. You answer your door to find a political activist who asks you to sign a petition to place a propo- sition on the ballot that, if approved, would ban the use of data mining that includes any data about the citizens of your state. What would you do?
5. What is the difference between OLAP analysis and drill-down analysis? Provide an example of the effective use of each technique.
6. Identify at least four well-defined KPIs that could be used by the general manager at a large, full- service health club to track the current state of operations, including availability of trainers; sta- tus of workout equipment; condition of indoor and outdoor swimming pools; use of the spa and salon; utilization of the basketball, handball, and tennis courts; and condition of the showers and locker rooms. Sketch what a dashboard display- ing those KPIs might look like.
7. Your nonprofit organization wishes to increase the efficiency of its fundraising efforts. What sort of data might be useful to achieve this goal? How might BI tools be used to analyze this data?
8. Describe the CRISP-DM model, and explain how it can be used to plan and execute a data mining effort.
9. Must you be a trained statistician to draw valid conclusions from the use of BI tools? Why or why not?
Problem-Solving Exercises
1. You are the sales manager of a software firm that provides BI software for reporting, query, and business data analysis via OLAP and data mining. Write a few paragraphs and create a 3-5 slide presentation that your sales reps can use when calling on potential customers to help them understand the business benefits of BI.
2. Go to the NASA Goddard Institute for Space Studies Web site at http://data.giss.nasa.gov/gis temp and read about the temperature data sets available. Next, use the NASA Global land-sea
temperature data set for the period 1880 to pres- ent at http://data.giss.nasa.gov/gistemp/tableda ta_v3/GLB.Ts+dSST.txt and create a linear regres- sion of annual mean temperature in degrees Fahrenheit versus year. Be sure to adjust the table values based on the notes that accompany this table.
3. Use the Help function of Excel to learn more about the Excel Scenario Manager and the Excel Solver Add-in.
Team Activities
1. A large customer call center for a multinational retailer has been in operation for several months, but has continually failed to meet both customers’ and senior management’s expectations. Your team has been called in to develop a dashboard to help monitor and improve the operations of the call center. What KPIs would you track? Sketch a sample dashboard for this application.
2. Your team has decided to enter a Fantasy Base- ball League. Use IBM’s Watson analytics Story- books to select the best team in the league.
3. Your team has been hired to reapply the NYCFD BI analytics system to the NYCPD in order to prioritize areas of the city for patrol. Describe what data you might need for such an analysis. What BI analytics techniques would you use to become familiar with the data and develop an algorithm for ranking the various area for patrol?
CHAPTER 6 • Business Intelligence and Analytics 291
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Web Exercises
1. Do research to learn more about the Goddard Institute of Space Science Surface Temperature Analysis (GISTEMP) temperature measurements used by many scientists to assert that global warming is occurring. One source of such infor- mation can be found at http://data.giss.nasa.gov /gistemp/FAQ.html. Read carefully the sections that explain why adjusted rather than raw data is used. Briefly summarize the kinds of adjustments made to temperature measurements and discuss how this affects your confidence in the data.
2. Do research on the Web to find business analytics applications that can run on a smartphone.
Prepare a brief paragraph summarizing the fea- tures and potential applications of three applica- tions of most interest to you.
3. Do research on the Web to identify examples of a social network allowing a large national retailer to mine its data to learn more about the social network members and to develop targeted direct mailings and emails promoting its products. What are the pros and cons of sharing such data? How do social network members feel when they learn that their data is being shared? In your opinion, under what conditions is this a legiti- mate use of social network member data?
Career Exercises
1. Do research on CareerBuilder, Indeed, LinkedIn, or SimplyHired to identify what you think is an attractive job opening available for a data scien- tist. What does this role entail, and what respon- sibilities must the data scientist perform? What sort of education and experience is required for this position? Is the role of a data scientist of any interest to you? Why or why not?
2. What kinds of decisions are critical for success in a career that interests you? How might you use BI
or analytics to help improve your decision mak- ing? Can you identify and specific techniques or tools that you might use?
3. Copy and paste the text describing a job oppor- tunity in which you are interested into an online word cloud generator. What insights do you gain from the resulting word cloud? How might the results lead you to customize your resume to respond to this job posting?
Case Studies
Case One
Analytics Used to Predict Patients Likely to Be Readmitted Unplanned hospital readmissions are a serious matter for patients and a quality and cost issue for the healthcare system of every country. For example, in the United States, during 2011, nearly 19 percent of Medicare patients were readmitted to the hospital within 30 days of their initial discharge, running up an additional $26 billion in healthcare costs. Hospitals are seeking more effective ways to identify patients at high risk of readmission—especially now that Medicare has begun reducing payments to hospitals with high readmission rates.
Identifying patients at high risk for readmission is important so that hospitals can take a range of preventative measures, including heightened patient education along with medication reconciliation on the day of discharge, increased home services to ensure patient effective at home convalescence, follow-up appointments scheduled for soon after discharge, and follow-up phone calls to ensure an additional level of protection.
Several studies have attempted to identify the key factors that indicate a high risk for unplanned hospital readmission. One study was based on the analysis of the Belgian Hospital Discharge Dataset. This data set contains
patient demographics, data about the hospital stay (date and type of admission and discharge, referral data, admitting department, and destination after discharge), and clinical data (primary and secondary diagnoses). Since 1990, Belgium has required the collection of this data for all inpatients in all acute hospitals. The data is managed by a commission that controls the content and format of patient registration, the data collecting procedures, and the completeness, validity, and reliability of the collected data. In addition, the quality of the data is audited by the Belgium Ministry of Public Health in two ways. First, a software program checks the data for missing, illogical, and outlier values. Second, by regular hospital visits, a random selection of patient records is reviewed to ensure that data were recoded correctly.
Key factors for hospital readmission based on analysis of the Belgian Hospital Discharge Dataset included: (1) chronic cardiovascular disease, (2) patients with chronic pulmonary disease, (3) patients who experienced multiple emergency room visits over the past six months, (4) patients discharged on a Friday, and (5) patients who had a prolonged length of hospital stay. The study also found that patients with short hospital stays were not at high risk for readmission. The research highlighted the need for healthcare providers to work with caregivers and primary care physicians to
292 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
coordinate a smoother transition from hospital to home, especially for patients discharged on Friday, to reduce unplanned readmissions.
The mission of Penn Medicine Center for Evidence-based Practice (CEP) is to support healthcare quality and safety at the University of Pennsylvania Health System (UPHS) through the practice of evidence-based medicine. Established in 2006, Penn Medicine’s CEP is staffed by a hospital director, three research analysts, six physician and nurse liaisons, a health economist, a biostatistician, administrator, and librarians. A study conducted by a team at the CEP examined two years of UPHS discharge data and found that a single variable—prior admission to the hospital two or more times within a span of one year—was the best predictor of being readmitted in the future. This marker was added to UPHS’s EHR, and patient results were tracked for the next year. During that time, patients who triggered the readmission alert were subsequently readmitted 31 percent of the time. When an alert was not triggered, patients were readmitted only 11 percent of the time.
A group of physicians conducted yet a third study using data from a 966-bed, teaching hospital during a five-month period in 2011. Their objective was to determine the association between a composite measure of patient condition at discharge, the Rothman Index (RI), and unplanned readmission within 30 days of discharge. Software employing the Rothman Index tracks the overall state of health of patients by continuously gathering 26 key pieces of data, including vital signs (temperature, blood pressure, heart, blood oxygen saturation, and respiratory rate), nursing assessments, cardiac rhythms, and lab test results from a patient’s EHR to calculate the Rothman Index, a number between 1 and 100. A patient’s Rothman Index is updated continuously throughout the day. A high score indicates a relatively healthy patient, whereas a low score indicates the patient warrants close monitoring or immediate assistance. A physician or nurse can quickly grasp the condition of the patient based on both current score and the trend in the score. The software also draws a graph of the patient’s Rothman Index over time that can be displayed in the patient’s room, on a central nursing station screen, or on a care provider’s mobile device. The software can even send mobile phone alerts to doctors and nurses when a patient’s condition warrants attention.
The Rothman Index study included clinical data from the hospital’s EHR system as well as from a patient activity database for all adult discharges. There was a total of 12,844 such cases. The researchers excluded encounters that were readmissions within 30 days of a previous discharge (2,574), patients who were admitted for observation only (501), patients with length of stay less than 48 hours (3,243), and patients who died during the hospital stay (189)—yielding a sample of 6,337 eligible inpatient discharges. From this sample, 535 additional patients were eliminated due to missing clinical data, for a sample of 5,802 patients, or 92 percent of all eligible inpatient discharges. Sixteen percent of the sample patients had an unplanned readmission within 30 days of discharge. The risk of readmission for a patient in the highest risk category (Rothman Index lower than 70) was more than 1 in 5 while the risk of readmission for patients in the lowest risk category was about 1 in 10.
Critical Thinking Questions 1. Three different analytic studies by three experienced
and highly respected groups of researchers yielded three similar but somewhat different results. Do you believe that the results of these studies are consistent? Why or why not?
2. Do you think the findings of these studies can be applied broadly to all hospitals and medical centers across the United States and around the world? Why or why not?
3. A hospital specializing in the care of patients with various forms of heart disease is attempting to deter- mine the cause of readmission of its patients. Should it rely of the results of general studies such as those described here or should it gather its own data, perform an analysis and draw its own conclusions? Support your recommendation.
SOURCES: Shinkman, Ron, “Readmissions Lead to $41.3B in Additional Hospital Costs,” FierceHealthFinance, April 20, 2014, www.fiercehealth finance.com/story/readmissions-lead-413b-additional-hospital-costs /2014-04-20; Kern, Christine, “5 Risk Factors for Unplanned Read- missions Identified,” Health IT Outcomes, September 8, 2015, www .healthitoutcomes.com/doc/risk-factors-for-unplanned-readmissions -identified-0001; van den Heede, Koen; Sermeus, Walter; Diya, Luwis; Lesaffre, Emmanuel; and Vleugels, Arthur, “Adverse Outcomes in Belgian Acute Hospitals: Retrospective Analysis of the National Hospital Discharge Dataset,” International Journal for Quality in Health Care, vol. 18, no. 3, 2006, pp. 211–219, Advance Access Publication: 23 March 2006, http://intqhc.oxfordjournals.org/content/intqhc/18/3/211.full.pdf; “Center for Evidence-Based Practice,” Penn Medicine, www.uphs.upenn .edu/cep/, accessed January 12, 2015; “ ‘Rothman Index’ May Help to Lower Repeat Hospitalization Risk,” Medical Press, August 15, 2013, http://medicalxpress.com/news/2013-08-rothman-index-hospitaliza tion.html. Bradley, Elizabeth, PhD; Yakusheva, Olga, PhD; Horwitz, Leora, MD; Sipsma, Heather, PhD; and Fletcher, Jason, PhD, “Identifying Patients at Increased Risk for Unplanned Readmission,” US National Library of Medicine National Institutes of Health, September 1, 2014, http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3771868/.
Case Two
Sunny Delight Improves Profitability with a Self-Service BI Solution When implementing a self-service analytics program, information systems staff and end users across an organization often must be willing to give up some control and autonomy in exchange for a cohesive data management strategy. Companies that effectively implement self-service analytics, however, usually find those trade-offs are outweighed by the competitive advantages gained for the organization as a whole.
For Sunny Delight Beverages, a Cincinnati-based producer of juice-based drinks, the payoff from using self- service analytics software has been significant. The company, which generates more than $550 million in annual revenue through sales of its SunnyD, Fruit20, and VeryFine brands, estimates that its newly implemented, self-service analytics program has resulted in a $195,000 annual reduction in staffing costs and a $2 million annual increase in profits.
Getting to these results, however, has not been easy for Sunny Delight. Like many companies, it had developed a patchwork of departmental business analytics applications
CHAPTER 6 • Business Intelligence and Analytics 293
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
over the years. Sunny Delight’s infrastructure was particularly complex as the company has been bought and sold multiple times since it was founded in 1963. At one point, Sunny Delight’s 480 employees were working with eight different legacy BI applications, resulting in some departments spending up to a week each month producing data that was often not in agreement with the data generated by other departments. Reconciling and rolling up the data was time consuming and left little time for in-depth analysis, much less strategy development and execution.
The data silos also meant that Sunny Delight had no real visibility into its business, which lead to revenue unpredictably, higher-than-necessary inventory levels, and lower margins. The company’s sales efforts were hampered because the sales team did not have a true understanding of the effectiveness and profitability of specific sales promotions. For example, the sales department was unable to correlate the impact of a promotional discount with order volume—a key metric for judging the effectiveness of a promotional program. The company was also unable to tie shipping costs directly to specific promotions, which was significant since the timing of many promotions required shipping products to stores on weekends, when shipping and warehouse labor costs were higher.
When the company made the decision to revamp its analytics efforts, the company’s CIO and CFO pulled together a cross-functional team of managers from sales, marketing, logistics, warehousing, and accounting who were responsible for developing a comprehensive picture of the required BI functionality—which ranged from simple, canned reports to complex, ad hoc data analysis tools. Working to understand each department’s needs built credibility for the project team and helped them choose the solution that would be most effective across the company, which they did after evaluating 17 different options.
The team selected Birst, a cloud-based, self-service BI solution that offers an end to data silos with what it refers to as “local execution with global governance.” Because the project team understood that a centrally managed data source was critical to ensuring consistent user-generated data and analysis across the company, they also opted to implement a data warehouse at the same time Birst was rolled out to employees.
According to John Gordos, Sunny Delight’s associate director of application development, Birst provides Sunny Delight with a single, networked source of data, which employees at all levels can access quickly and easily, regardless of where they work. Birst’s data governance features mean that Sunny Delight’s IS team maintains final control over all data, while the user-friendly interface, which is the same whether users are accessing data on a PC, laptop, or smartphone, makes it easy for nontechnical users to access and customize the system’s departmental dashboards.
With the data from the new system, Sunny Delight was able to create a more efficient production schedule that
allowed it to cut back on production, decrease inventory levels, and reduce plant overtime costs by 90 percent—all without impacting order fulfillment. And with a clearer picture of overall costs, the sales and distribution teams worked together to revise shipping schedules, resulting in a 7 percent drop in the transportation costs tied to promotions.
According to Gordos, “Birst helps [Sunny Delight] employees to think fast because they no longer have to worry about building and aggregating the data. They just get the data, and then they think about it—instead of accumulating it.”
Critical Thinking Questions 1. Is it surprising to you that a relatively small company
like Sunny Delight could end up with so many differ- ent analytics tools? How might the fact that Sunny Delight has changed ownership multiple times have impacted the number and variety of BI tools being used?
2. What are some of the trade-offs of a move to an enterprise-level analytics solution for individual end users who might have grown accustomed to working with their own customized solutions for generating data?
3. According to a recent report by Gartner, most busi- ness users will have access to some sort of self- service BI tool within the next few years; however, Gartner estimates that less than 10 percent of com- panies will have sufficient data governance practices in place to prevent data inconsistencies across the organization. Why do you think so many companies continue to invest in new analytics tools without implementing governance programs that ensure data consistency?
SOURCES: “Sunny Delight Beverages Co,” Sunny Delight Beverages, Co., ww2.sunnyd.com/company/overview.shtml, accessed March 16, 2016; Boulton, Clint, “How Sunny Delight Juices up Sales with Cloud-Based Analytics,” CIO, September 14, 2015, www.cio.com/article/2983624 /business-analytics/how-sunny-delight-juices-up-sales-with-cloud-based -analytics.html; “Birst Customer Testimonial: John Gordos - Associate Director, Application Development,” YouTube video, posted by BirstBI, August 14, 2014, www.youtube.com/watch?v=d3AjCIzWO5Y; “SunnyD Case Study,” Birst, February 1, 2016, www.google.com/url?sa=t&rct =j&q=&esrc=s&source=Web&cd=4&cad=rja&uact=8&ved=0ahUKEwi nieHr78XLAhXFwj4KHa-5CzMQFggtMAM&url=https%3A%2F%2Fwww .birst.com%2Fwp-content%2Fuploads%2F2016%2F02%2FBirst _CaseStudy_SunnyD_NetworkedBI.pdf&usg=AFQjCNFwbr-mGBWeu5zU mu_k40JAPOO_Mw&bvm=bv.116954456,d.amc; “Birst Sunny D Testi- monial,” YouTube video, posted by BirstBI, October 9, 2015, www .youtube.com/watch?v=tEuHH4IGHLU; Roberts, Shawn, “How Analytics Saved Sunny Delight $1M,” CIO Insight, October 14, 2015, www .cioinsight.com/it-strategy/big-data/how-analytics-saved-sunny-delight -1m.html; “Networked BI,” Birst, www.birst.com/product, accessed March 16, 2016.
Notes
1. “Helse Vest,” Microsoft, February 6, 2014, https://custo mers.microsoft.com/Pages/CustomerStory.aspx? recid=2223.
2. “MetLife Auto & Home Puts Brakes on Fraud with CSC’s Fraud Evaluator,” CSC, www.csc.com/p_and_c_genera l_insurance/success_stories/45406-metlife_auto_and_ho
294 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
me_puts_brakes_on_fraud_with_csc_s_fraud_evaluator, accessed January 8, 2016.
3. “Getting Started with Analytics: Kroger Uses Simulation Optimization to Improve Pharmacy Inventory Manage- ment,” INFORMS, www.informs.org/Sites/Getting -Started-With-Analytics/Analytics-Success-Stories/Case -Studies/Kroger, accessed January 8, 2016.
4. “Getting Started with Analytics: DaimlerChrysler: Using a Decision Support System for Promotional Pricing at the Major Auto Manufacturer, INFORMS, www.informs.org /Sites/Getting-Started-With-Analytics/Analytics-Success -Stories/Case-Studies/DaimlerChrysler, accessed January 8, 2016.
5. “Getting Started with Analytics: Optimizing Chevron’s Refineries,” INFORMS, https://www.informs.org/Sites /Getting-Started-With-Analytics/Analytics-Success-Stories /Case-Studies/Chevron, accessed January 8, 2016.
6. “Getting Started with Analytics: Coca-Cola Enterprises: Optimizing Product Delivery of 42 Billon Soft Drinks a Year,” INFORMS, www.informs.org/Sites/Getting -Started-With-Analytics/Analytics-Success-Stories/Case -Studies/Coca-Cola-Enterprises, accessed January 8, 2016.
7. Violino, Bob, “The Hottest Jobs in IT: Training Tomor- row’s Data Scientists,” Forbes, June 26, 2014, www.for bes.com/sites/emc/2014/06/26/the-hottest-jobs-in-it-train ing-tomorrows-data-scientists/#131733cd4b63.
8. “Argosy Hits the Jackpot with OpenText and Teradata,” Open Text, http://connectivity.opentext.com/resource -centre/success-stories/Success_Story_Argosy_Hits_the _ Jackpot_with_OTIC_and_Teradata.pdf.pdf, accessed January 19, 2015.
9. “UK Hospital Sees Cloud-Based BI Service as a Tool to Boost Clinical Outcomes and Efficiency,” Microsoft, http://blogs.msdn.com/b/powerbi/archive/2014/04/16 /uk-hospital-sees-cloud-based-bi-service-as-a-tool-to -boost-clinical-outcomes-and-efficiency.aspx, accessed February 8, 2015.
10. “Who We Are,” FFF Enterprises, www.fffenterprises.com /company/who-we-are.html, accessed January 20, 2014.
11. “At FFF Enterprises Collaboration Is Key to Success with QlikView,” Qlik, www.qlik.com/us/explore/customers /customer-listing/f/fff-enterprises, accessed January 20, 2015.
12. “Adviso and Technologia Use the Power of Multi- Channel Funnels to Discover the True Paths to Conver- sion,” Google Analytics, https://static.googleusercontent .com/media/www.google.com/en/us/analytics/customers /pdfs/technologia.pdf, accessed January 25, 2016.
13. “Starbucks Coffee Company Delivers Daily, Actionable Information to Store Managers, Improves Business Insight with High Performance Data Warehouse,” Ora- cle, www.oracle.com/us/corporate/customers/customer
search/starbucks-coffee-co-1-exadata-ss-1907993.html, accessed January 20, 2014.
14. Misson, Chris, “AQUARIUS WebPortal—a Flash Flooding Emergency Management Success Story,” Hydrology Cor- ner Blog, October 21, 2014, http://aquaticinformatics .com/blog/aquarius-webportal-flash-flooding-emergency -management.
15. Piatetsky, Gregory, “CRISP-DM, Still the Top Methodol- ogy for Analytics, Data Mining, or Data Science Projects,” KDNuggets, October 28, 2014, www.kdnuggets.com /2014/10/crisp-dm-top-methodology-analytics-data-min ing-data-science-projects.html.
16. “Data Mining Reveals the Surprising Factors behind Successful Movies,” MIT Technology Review, June 22, 2015, www.technologyreview.com/view/538701/data -mining-reveals-the-surprising-factors-behind-successful -movies.
17. McNulty, Eileen, “HP Rolls Out BI and Analytics Soft- ware Bundle,” dataconomy, June 10, 2014, http://datac onomy.com/hp-rolls-bi-analytics-software-bundle.
18. “Cognos Business Intelligence: Coming Soon to the Cloud,” IBM, www-03.ibm.com/software/products/en /business-intelligence, accessed January 19, 2015.
19. “Business Intelligence for Everyone,” Information Builders, www.informationbuilders.com/products/webfo cus, accessed January 19, 2015.
20. Lardinois, Frederic, “Microsoft’s Power BI for Office 365 Comes out of Preview, Simplifies Data Analysis and Visualizations,” Tech Crunch, February 10, 2014, http:// techcrunch.com/2014/02/10/microsofts-power-bi-for -office-365-comes-out-of-preview-simplifies-data-analy sis-and-visualizations.
21. “Oracle Business Intelligence,” Oracle, www.oracle.com /technetwork/middleware/index-084205.html, accessed January 19, 2015.
22. Rouse, Margaret, “Oracle Hyperion,” TechTarget, http:// searchfinancialapplications.techtarget.com/definition /Oracle-Hyperion, accessed January 19, 2015.
23. “SAS Enterprise BI Server,” SAS, www.sas.com/en_us /software/business-intelligence/enterprise-bi-server.html, accessed January 30, 2015.
24. Rouse, Margaret, “SAP Business Objects BI,” TechTarget, http://searchsap.techtarget.com/definition/SAP-Busines sObjects-BI, accessed January 19, 2015.
25. Ferranti, Marc, “IBM’s Watson Analytics Offers New Data Discovery Tools for Everyday Business Users,” PC World, October 13, 2015, www.pcworld.com/article /2992124/ibms-watson-analytics-offers-new-data-discov ery-tools-for-everyday-business-users.html.
26. Dwoskin, Elizabeth, “How New York’s Fire Department Uses Data Mining,” Digits, January 24, 2014, http://blogs .wsj.com/digits/2014/01/24/how-new-yorks-fire-depart ment-uses-data-mining.
CHAPTER 6 • Business Intelligence and Analytics 295
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
CHAPTER
7 Knowledge Management and Specialized Information Systems
docstockmedia/Shutterstock.com
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Know?Did Yo u
• Watson, a supercomputer developed by IBM with artifi- cial intelligence capabilities, was able to soundly defeat two prior champions of the popular TV game show, Jeopardy! Now a cloud-based Watson system is being used by doctors to develop treatment options for a wide range of diseases.
• Some experts have predicted that every home will have a robot of some sort by 2025. One area of particular interest is the use of robots as companions and care- givers for people who are sick, elderly, or physically challenged.
Principles Learning Objectives
• Knowledge management allows organizations to share knowledge and experience among its workers.
• Discuss the relationships between data, informa- tion, and knowledge.
• Identify the benefits associated with a sound knowledge management program.
• List some of the tools and techniques used in knowledge management.
• Artificial intelligence systems form a broad and diverse set of systems that can replicate human decision making for certain types of well-defined problems.
• Define the term "artificial intelligence" and state the objective of developing artificial intelligence systems.
• List the characteristics of intelligent behavior and compare the performance of natural and artificial intelligence systems for each of these characteristics.
• Identify the major components of the artificial intelligence field and provide one example of each type of system.
• Multimedia and virtual reality systems can reshape the interface between people and infor- mation technology by offering new ways to com- municate information, visualize processes, and express ideas creatively.
• Discuss the use of multimedia in a business setting.
• Define the terms “virtual reality” and “augmented reality” and provide three examples of these applications.
• Specialized systems can help organizations and individuals achieve their goals.
• Discuss examples of specialized systems for organizational and individual use.
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Why Learn about Knowledge Management and Specialized Information Systems? Knowledge management and specialized information systems are used in almost every industry. As a manager, you might use a knowledge management system to obtain advice on how to approach a problem that others in your organization have already encountered. As an executive at an automotive company, you might oversee robots that attach windshields to cars or paint body panels. As a stock trader, you might use a special system called a neural network to uncover patterns to make investment decisions. As a new car sales manager you might incorporate virtual reality into a company Web site to show potential customers the features of your various models. As a member of the military, you might use computer simulation as a training tool to prepare you for combat. As an employee of a petroleum company, you might use an expert system to determine where to drill for oil and gas. This chapter provides many additional examples of these types of specialized information systems. Learning about these systems will help you discover new ways to use information systems in your day-to-day work.
As you read this chapter, consider the following:
• What are the many uses of information systems designed to collect knowledge and provide expertise?
• Can specialized information systems and devices provide expertise superior to that which can be obtained through human effort?
This chapter identifies the challenges associated with knowledge manage- ment, provides guidance to overcome these challenges, presents best practices for selling and implementing a successful knowledge management project, and outlines various technologies that support knowledge management. We begin with a definition of knowledge management and identify several knowledge management applications and their associated benefits.
What Is Knowledge Management?
Knowledge management (KM) comprises a range of practices concerned with increasing awareness, fostering learning, speeding collaboration and innovation, and exchanging insights. Knowledge management is used by organizations to enable individuals, teams, and entire organizations to collec- tively and systematically create, share, and apply knowledge in order to achieve their objectives. Globalization, the expansion of the services sector, and the emergence of new information technologies have caused many orga- nizations to establish KM programs in their IT or human resource manage- ment departments. The goal is to improve the creation, retention, sharing, and reuse of knowledge. A knowledge management system is an organized col- lection of people, procedures, software, databases, and devices that creates, captures, refines, stores, manages, and disseminates knowledge, as shown in Figure 7.1.
An organization’s knowledge assets often are classified as either explicit or tacit (see Table 7.1). Explicit knowledge is knowledge that is documen- ted, stored, and codified—such as standard procedures, product formulas, customer contact lists, market research results, and patents. Tacit knowledge is the know-how that someone has developed as a result of personal experi- ence; it involves intangible factors such as beliefs, perspective, and a value system. Examples include how to ride a bike, the decision-making process used by an experienced coach to make adjustments when her team is down at halftime of a big game, a physician’s technique for diagnosing a rare illness and prescribing a course of treatment, and an engineer’s approach to cutting
knowledge management (KM): A range of practices concerned with increasing awareness, fostering learn- ing, speeding collaboration and inno- vation, and exchanging insights.
explicit knowledge: Knowledge that is documented, stored, and codified—such as standard proce- dures, product formulas, customer contact lists, market research results, and patents.
tacit knowledge: The know-how that someone has developed as a result of personal experience; it involves intangible factors such as beliefs, perspective, and a value system.
298 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
costs for a project that is over budget. This knowledge cannot be documented easily; yet, tacit knowledge is key to high performance and competitive advantage because it’s difficult for others to copy.
Much of the tacit knowledge that people carry with them is extremely useful but cannot be shared with others easily. This means that new employ- ees might spend weeks, months, or even years learning things on their own that more experienced coworkers might have been able to convey to them. In some cases, these nuggets of valuable knowledge are lost forever when experienced employees retire, and others never learn them.
A major goal of knowledge management is to somehow capture and doc- ument the valuable work-related tacit knowledge of others and to turn it into explicit knowledge that can be shared with others. This is much easier said than done, however. Over time, experts develop their own processes for their areas of expertise. Their processes become second nature and are so internal- ized that they are sometimes unable to write down step-by-step instructions to document the processes.
Two processes are frequently used to capture tacit knowledge— shadowing and joint problem solving. Shadowing involves a novice observ- ing an expert executing her job to learn how she performs. This technique is often used in the medical field to help young interns learn from experienced physicians. With joint problem solving, the novice and the expert work side by side to solve a problem so that the expert’s approach is slowly revealed to the observant novice. Thus a plumber trainee will work with a master plumber to learn the trade.
FIGURE 7.1 Knowledge management processes Knowledge management comprises a number of practices. Source: From Reynolds, Information Tech- nology for Managers, 2E. © 2016 Cengage Learning.
Create
Disseminate Refine
StoreManage
Capture
Knowledge base
TABLE 7.1 Explicit and tacit knowledge Asset Type Description Examples
Explicit knowledge Knowledge that is documented, stored, and codified
Customer lists, product data, price lists, a database for telemarketing and direct mail, patents, best practices, standard procedures, and market research results
Tacit knowledge Personal knowledge that is not documented but embedded in individual experience
Expertise and skills unique to individual employ- ees, such as how to close a sale or troubleshoot a complex piece of equipment
shadowing: A process used to cap- ture tacit knowledge that involves a novice observing an expert executing her job to learn how she performs.
joint problem solving: A process used to capture tacit knowledge where the novice and the expert work side by side to solve a problem so that the expert’s approach is slowly revealed to the observant novice.
CHAPTER 7 • Knowledge Management and Specialized Information Systems 299
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
The next section discusses how KM is used in organizations and illustrates how these applications lead to real business benefits.
Knowledge Management Applications and Associated Benefits Organizations employ KM to foster innovation, leverage the expertise of peo- ple across the organization, and capture the expertise of key individuals before they retire. Examples of knowledge management efforts that led to these results and their associated benefits are discussed in the following sections.
Foster Innovation by Encouraging the Free Flow of Ideas Organizations must continuously innovate to evolve, grow, and prosper. Organizations that fail to innovate will soon fall behind their competition. Many organizations implement knowledge management projects to foster innovation by encouraging the free flow of ideas among employees, contrac- tors, suppliers, and other business partners. Such collaboration can lead to the discovery of a wealth of new opportunities, which, after evaluation and testing, may lead to an increase in revenue, a decrease in costs, or the crea- tion of new products and services.
TMW Systems, a provider of logistics operations and fleet management systems, has experienced rapid growth over the past several years. The com- pany now has more than 700 employees in its Cleveland headquarters and in satellite offices across North America.1 As the company grew, it became more difficult to ensure that all employees had access to the most current knowl- edge available within the company because most information was shared via email or shared network drives. To ensure that its base of institutional knowl- edge was being preserved and to encourage collaboration and innovation across all of its offices, TMW implemented a knowledge management system with a strong social learning feature, which places an emphasis on decentra- lized information sharing. The system, which is part of an intentional cultural shift at TMW toward a more open and collaborative working environment, allows employees to easily share new ideas, expertise, and best practices with other employees no matter where they are based.2
Leverage the Expertise of People across the Organization It is critical that an organization enables its employees to share and build on one another’s experience and expertise. In this manner, new employees or employees moving into new positions are able to get up to speed more quickly. Workers can share thoughts and experiences about what works well and what does not, thus preventing new employees from repeating some of the mistakes of others. Employees facing new (to them) challenges can get help from coworkers in other parts of the organization whom they have never even met to avoid a costly and time-consuming “reinvention of the wheel.” All of this enables employees to deliver valuable results more quickly, improve their productivity, and get products and new ideas to market faster.
White & Case, an international law firm headquartered in New York City, represents well-known organizations around the world through its offices in more than 20 countries. The firm’s employees have diverse backgrounds and speak more than 60 different languages.3 One strength of the firm is that the lawyers truly operate as a team by constantly sharing know-how, experience, and market and client information. Thus, a client anywhere in the world receives the full benefit of White & Case’s global knowledge. The firm’s knowl- edge management system pulls relevant information from the firm’s document management, CRM, case management, and billing and financial management systems as well as from lawyers’ work histories to create a context for all this information. The system enables lawyers to find all relevant knowledge within
300 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
the firm about a case or subject, often within a matter of minutes. As a result of its ability to leverage its global knowledge, White & Case has been able to win new business, such as that of a major manufacturing company that approached the firm’s New York office to find out if it had expertise in privatizing an Eastern European company. Using the enterprise search software, an attorney in New York quickly determined that the company had experience in this area and that the best lawyer for the job was working out of the firm’s Germany office.4
Capture the Expertise of Key Individuals before They Retire In the United States, 3 to 4 million employees will retire each year for the next 20 years or so. Add to that a 5 to 7 percent employee turnover as workers move to different companies, and it is clear that organizations are facing a tremendous challenge in trying to avoid the loss of valuable experience and expertise. Many organizations are using knowledge management to capture this valuable exper- tise before it simply walks out the door and is lost forever. The permanent loss of expertise related to the core operations of an organization can result in a sig- nificant loss of productivity and a decrease in the quality of service over time.
The state of New Hampshire has developed a knowledge management and transfer model to prevent critical knowledge loss as state employees retire. The process begins by identifying what critical tasks the individual per- forms and assessing whether others can perform these tasks. To do this, the employee is asked to answer questions such as the following:
● If you left your position today, what wouldn’t get done because no one else knows how to do it?
● How important is this work? What is the impact of it not getting done? ● If this work is important, what resources exist to help others learn this
task? ● If this work is important, how should we plan to address this knowledge
gap? Who will learn this? How and when?
Following this discussion, the employee and his manager define appropri- ate methods to transfer any critical knowledge. This could include transferring the knowledge to others, creating job aids, providing on-the-job training for a replacement, and so on.5
Best Practices for Selling and Implementing a KM Project Establishing a successful KM program is challenging, but most of the chal- lenges involved have nothing to do with the technologies or vendors employed. Instead they are challenges associated with human nature and the manner in which people are accustomed to working together. A set of best practices for selling and implementing a KM project are summarized in Figure 7.2 and are discussed in the following sections.
Connect KM to goals and objectives
Start with small pilot and enthusiastic
participants
Identify valuable tacit knowledge
Get employee buy in
FIGURE 7.2 Steps in selling and implementing a knowledge management project The key challenges have to do with human nature and how people work together. Source: From Reynolds, Information Technology for Managers, 2E. © 2016 Cengage Learning.
CHAPTER 7 • Knowledge Management and Specialized Information Systems 301
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Connect the KM Effort to Organizational Goals and Objectives When starting a KM effort, just as with any other project, you must clearly define how that effort will support specific organizational goals and objec- tives, such as increasing revenue, reducing costs, improving customer service, or speeding up the time to bring a product to market. Doing so will help you sell the project to others and elicit their support and enthusiasm; it will also help you determine if the project is worthwhile before the organization com- mits resources to it. Although many people may intuitively believe that shar- ing knowledge and best practices is a worthy idea, there must be an underlying business reason to do so. The fundamental business case for implementing knowledge management must be clearly defined.
Start with a Small Pilot Involving Enthusiasts Containing the scope of a project to impact only a small part of the organiza- tion and a few employees is definitely less risky than trying to take on a proj- ect very large in scope. With a small-scale project, you have more control over the outcome, and if the outcome is not successful, the organization will not be seriously impacted. Indeed, failure on a small scale can be considered a learn- ing experience on which to build future KM efforts. In addition, obtaining the resources (people, dollars, etc.) for a series of small, successful projects is typ- ically much easier than getting large amounts of resources for a major organization-wide project.
Furthermore, defining a pilot project to address the business needs of a group of people who are somewhat informed about KM and are enthusiastic about its potential can greatly improve the odds of success. Targeting such a group of users reduces the problem of trying to overcome skepticism and unwillingness to change, which have doomed many a project. Also, such a group of users, once the pilot has demonstrated some degree of success, can serve as strong advocates who communicate the positive business benefits of KM to others.
Identify Valuable Tacit Knowledge Not all tacit knowledge is equally valuable, and priorities must be set in terms of what knowledge to go after. The intent of a KM program is to identify, cap- ture, and disseminate knowledge gems from a sea of information. Within the scope of the initial pilot project, an organization should identify and prioritize the tacit knowledge it wants to include in its KM system.
As Toyota Financial Services (TFS) was preparing to move its North Amer- ican headquarters from California to Texas, the company implemented a cloud-based knowledge management system, with the goal of ensuring that the important tacit knowledge of its employees was not lost during the transi- tion. In the two-year lead-up to the move, TFS employees were encouraged to use the platform to post questions and share expertise, allowing the company to develop a repository of curated subject matter expertise that the company will use to train new employees in Texas.6
Get Employees to Buy In Managers must create a work culture that places a high value on tacit knowl- edge and that strongly encourages people to share it. In a highly competitive work environment, it can be especially difficult to get workers to surrender their knowledge and experience as these traits make the employees more valuable as individual contributors. For example, it would be extremely diffi- cult to get a highly successful mutual fund manager to share her stock- picking technique with other fund managers. Such sharing of information would tend to put all fund managers on a similar level of performance and would also tend to level the amount of their annual compensation.
302 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Some organizations believe that the most powerful incentive for experts to share their knowledge is to receive public recognition from senior man- agers and their peers. For example, some organizations provide recognition by mentioning the accomplishments of contributors in a company email or newsletter, or during a meeting. Other companies identify knowledge sharing as a key expectation for all employees and even build this expectation into the employees’ formal job performance reviews. Many organizations provide incentives in a combination of ways—linking KM directly to job performance, creating a work environment where sharing knowledge seems like a safe and natural thing to do, and recognizing people who contribute.
Technologies That Support KM We are living in a period of unprecedented change where the amount of available knowledge is expanding rapidly. As a result, there is an increasing need for knowledge to be quality filtered and distributed to people in a more specific task relevant and timely manner. Technology is needed to acquire, produce, store, distribute, integrate, and manage this knowledge. Organiza- tions interested in piloting KM should be aware of the wide range of technol- ogies that can support KM efforts. These include communities of practice, organizational network analysis, a variety of Web 2.0 technologies, business rules management systems, and enterprise search tools. These technologies are discussed in the following sections.
Communities of Practice A community of practice (CoP) is a group whose members share a common set of goals and interests and regularly engage in sharing and learning as they strive to meet those goals. A CoP develops around topics that are important to its members. Over time, a CoP typically develops resources such as models, tools, documents, processes, and terminology that represent the accumulated knowledge of the community. It is not uncommon for a CoP to include mem- bers from many different organizations. CoP has become associated with knowledge management because participation in a CoP is one means of developing new knowledge, stimulating innovation, or sharing existing tacit knowledge within an organization.
The origins and structures of CoPs vary widely. Some may start up and organize of their own accord; in other cases, there may be some sort of orga- nizational stimulus that leads to their creation. Members of an informal CoP typically meet with little advanced planning or formality to discuss problems of interest, share ideas, and provide advice and counsel to one another. Mem- bers of a more formal CoP meet on a regularly scheduled basis with a planned agenda and identified speakers.
The General Services Administration (GSA) was established in 1949 to streamline the administrative work of the federal government.7 The GSA’s Office of Citizen Services and Innovative Technologies supports eight differ- ent communities of practice that focus on topics such as crowdsourcing, citi- zen science, and mobile government.8 Recently, the agency founded an interagency CoP focused on improving the delivery of government services. The Customer Experience Community of Practice (CX-COP), which has close to 600 members from more than 140 federal, state, and local U.S. government offices and agencies, provides government customer experience professionals a hub where they can gather—both online and in person—to ask questions, share best practices, and collaborate.9,10
Organizational Network Analysis Organizational network analysis (ONA) is a technique used for document- ing and measuring flows of information among individuals, workgroups,
community of practice (CoP): A group whose members share a com- mon set of goals and interests and regularly engage in sharing and learn- ing as they strive to meet those goals.
organizational network analy- sis (ONA): A technique used for documenting and measuring flows of information among individuals, work- groups, organizations, computers, Web sites, and other information sources.
CHAPTER 7 • Knowledge Management and Specialized Information Systems 303
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
organizations, computers, Web sites, and other information sources (see Figure 7.3). Each node in the diagram represents a knowledge source; each link represents a flow of information between two nodes. Many software tools support organizational network analysis, including Cytoscape, Gephi, GraphChi, NetDraw, NetMiner, NetworkX, and UCINET.
In analyzing social media communications from sources such as text, video, and chat as well as “likes” and “shares,” many experts agree that the most sig- nificant data isn’t the content itself, but rather the metadata that connects vari- ous pieces of content to form a complete picture. Metadata is data that describes other data. For instance, metadata about social media use could relate to properties of the message (e.g., whether the message is comical, sarcastic, genuine, or phony) and of the author (e.g., sex, age, interests, political view- point, ideological beliefs, and degree of influence on the audience). The meta- data enables analysts to make judgments about how to interpret and value the content of the message. Without the important metadata, it is not possible to know the value of the communications and how to take effective action.11
ONA has many knowledge management applications, ranging from map- ping knowledge flows and identifying knowledge gaps within organizations to helping establish collaborative networks. ONA provides a clear picture of how geographically dispersed employees and organizational units collaborate (or don’t collaborate). Organizations frequently employ ONA as part of a larger organizational network analysis to identify subject experts and then set up mechanisms (e.g., communities of practice) to facilitate the passing of knowledge from those experts to colleagues. Software programs that track email and other kinds of electronic communications may be used to identify in-house experts.
Westwood Professional Services, Inc., a Minnesota-based engineering and survey firm, recently conducted an organizational network analysis of one of its business units, which had been experiencing extensive change due to rapid growth. Through the analysis, the company was able to determine which employees within the business unit were connecting most frequently and the extent to which members of different subteams were collaborating.
FIGURE 7.3 Organizational network analysis Each node in the diagram represents a knowledge source; each link represents a flow of information between two nodes.
Steve Alan
Johnny
Carson
Laura
George Carlin
Rodney
Bob
Hope
Frank Jim
Sara
Jane
Stevie
Emma
Alice Susan
Aaron
metadata: Data that describes other data.
304 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
The company used the results of the analysis to develop targeted team- building initiatives and reevaluate its organizational structures to ensure they continued to support information sharing and creative problem solving—both high priorities for the company.12
Web 2.0 Technologies “Web 2.0” is a term describing changes in technology and Web site design to enhance information sharing, collaboration, and functionality on the Web. Major corporations have integrated Web 2.0 technologies such as blogs, for- ums, podcasts, RSS newsfeeds, and wikis to support knowledge management to improve collaboration, encourage knowledge sharing, and build a corpo- rate memory. For example, many organizations are using Web 2.0 technolo- gies such as podcasts and wikis to capture the knowledge of longtime employees, provide answers to cover frequently asked questions, and save time and effort in training new hires.
Business Rules Management Systems Change is occurring all the time and at a faster and faster pace—changes in economic conditions, new government and industry rules and regulations, new competitors, product improvements, new pricing and promotion strate- gies, and on and on. Organizations must be able to react to these changes quickly to remain competitive. The decision logic of the operational systems that support the organization—systems such as order processing, pricing, inventory control, and customer relationship management (CRM)—must con- tinually be modified to reflect these business changes. Decision logic, also called business rules, includes policies, requirements, and conditional state- ments that govern how the systems work.
The traditional method of modifying the decision logic of information sys- tems involves heavy interaction between business users and IT analysts work- ing together over a period of weeks, or even months, to define new systems requirements and then to design, implement, and test the new decision logic. Unfortunately, this approach to handling system changes is often too slow, and in some cases, results in incorrect system changes.
A business rule management system (BRMS) is software used to define, execute, monitor, and maintain the decision logic that is used by the operational systems and processes that run the organization. A BRMS enables business users to define, deploy, monitor, and maintain organizational poli- cies and the decisions flowing from those policies—such as claim approvals, credit approvals, cross-sell offer selection, and eligibility determinations— without requiring involvement from IT resources. This process avoids a potential bottleneck and lengthy delays in implementing changes and improves the accuracy of the changes.
BRMS components include a business rule engine that determines which rules need to be executed and in what order. Other BRMS components include an enterprise rules repository for storing all rules, software to manage the various versions of rules as they are modified, and additional software for reporting and multiplatform deployment. Thus, a BRMS can become a reposi- tory of important knowledge and decision-making processes that includes the learnings and experiences of experts in the field. The creation and mainte- nance of a BRMS can become an important part of an organization’s knowl- edge management program.
BRMS is increasingly used to manage the changes in decision logic in applications that support credit applications, underwriting, complex order processing, and difficult scheduling. The use of BRMS leads to faster and more accurate implementation of necessary changes to organizations’ policies and procedures. Table 7.2 lists several business rule management software vendors and their products.
business rule management system (BRMS): Software used to define, execute, monitor, and maintain the decision logic that is used by the operational systems and processes that run the organization.
CHAPTER 7 • Knowledge Management and Specialized Information Systems 305
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
HanseMerkur Krankenversicherung is a German health insurance com- pany. The firm developed a BRMS to replace the time-consuming manual pro- cesses required to confirm insurance coverage with an automatic reconciliation of the information extracted from invoices (contract type, ser- vice submitted, insured party, billing amount, etc.). Automation of this and many of its other billing processes enabled HanseMerkur to maintain its level of service with no increase in staff even though the number of customers tri- pled from 366,000 to 1.2 million over the course of six years.13
Adobe is a digital marketing and digital media solutions provider whose products include Adobe Creative Cloud, a cloud-based subscription service; Adobe Digital Publishing Suite, which enables users to create, distribute, and optimize content for tablets; Adobe Photoshop for working with digital images; and Adobe Acrobat, which supports communication and collaboration on documents and other content both inside and outside an organization.14
Maintaining the rules needed for effective and efficient territory assignment and sales-lead distribution was a significant challenge for Adobe given its size, number of customers, personnel turnover, and the geographic distribu- tion of its sales force and product lines. To enable the company to react quickly to changes within its sales organization, Adobe implemented a BRMS system that includes tools that allow for the routine shifting of assignments due to personnel changes as well as more complex annual go-to-market terri- tory changes.15
DBS (formerly known as the Development Bank of Singapore) is a lead- ing financial services group in Asia and a leading consumer bank in Singapore and Hong Kong. The bank has a growing presence across Asia, and it serves more than 4 million customers, including 1 million retail customers through 250 branches.16 Assessing the risk and creditworthiness of individuals and businesses is a critical activity for DBS. However, until recently, this was an error-prone, labor-intensive process built around the completion of a ques- tionnaire during an interview between a relationship manager and an appli- cant. During the interview, applicants could provide any answer they chose as the process was not linked directly to any data. To revamp its inadequate credit reporting system, DBS implemented a BRMS that relies on verifiable customer and credit data rather than on unsubstantiated information supplied by the applicant. The BRMS supports eight different scoring models, each with hundreds of rules and hundreds of factors that go into a score. The rules are derived from a combination of regulatory sources, such as the Monetary Authority of Singapore, and statistical analysis performed by the bank’s credit portfolio analytics department. DBS has greatly improved its credit model with a resulting reduction in risk. As a result, the amount of financial reserves required to cover unanticipated losses has been reduced. The BRMS also allows the bank to quickly adapt the rules and factors inherent in its credit
TABLE 7.2 Business rule management software Software Manufacturer Product
Appian Corporation Business Process Management (BPM) Software Suite
Bosch Software Innovations inubit BPM
CA Aion Business Rules Expert
IBM Operational Decision Manager
Open Source Process Maker BPM
Oracle Business Rules
Pegasystems Pega Business Rules Platform
Progress Corticon
306 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
reporting process to respond to new opportunities and changing business conditions.17
Enterprise Search Software Enterprise search is the application of search technology to find information within an organization. Enterprise search software matches a user’s query to many sources of information in an attempt to identify the most important con- tent and the most reliable and relevant source.
Enterprise search software indexes documents from a variety of sources— such as corporate databases, departmental files, email, corporate wikis, and document repositories. When a search is executed, the software uses the index to present a list of relevance-ranked documents from these various sources. The software must be capable of implementing access controls so users are restricted to viewing only documents to which they have been granted access. Enterprise search software may also allow employees to move selected information to a new storage repository and apply controls to ensure that the files cannot be changed or deleted. Table 7.3 lists a number of enter- prise search products.18
Members of IT and human resources organizations may use enterprise search software to enforce corporate guidelines on the storage of confidential data on laptops that leave the office, and governance officials may use it to ensure that all guidelines for the storage of information are being followed.
Founded in the 1890s as a printing press manufacturer, Harris Corpora- tion now generates $1 billion in annual revenue through the sale of communi- cation services and systems to clients in a wide range of industries, including avionics, defense, energy, government, health care, and transportation.19
Harris employs more than 15,000 people across 125 countries, including 3,000 engineers in the Government Communications Systems Division (GCSD). The engineers in this division work in 12 different offices and need an effective way to access existing information assets in a variety of repositories—all while maintaining very high levels of security. GCSD imple- mented a unified enterprise search platform that allows engineers to search various company databases, file shares, SharePoint sites, and the company intranet using one search engine. Access permissions are granted through the system on a “need-to-know” basis. The search engine indexes document files as well as videos, which the company uses extensively to record meetings and training sessions. The software has cut down on the time engineers spend looking for relevant information; enabled faster, incremental innovation that is built on knowledge accrued through previous projects; and increased collaboration among employees in different offices.20
Enterprise search software can also be used to support Web site visitor searches. It is critical that such software returns meaningful results to ensure
TABLE 7.3 Enterprise search solutions Software Manufacturer Software Product
Attivio Active Intelligence Engine
BA Insight Knowledge Integration Platform
Coveo Enterprise Search & Relevance
Dassault Systemes Exalead CloudView
Google Google Search Appliance
HP HP Autonomy
Mark Logic Corporation Mark Logic
enterprise search: The application of search technology to find information within an organization.
enterprise search software: Software that matches a user’s query to many sources of information in an attempt to identify the most important content and the most reliable and rele- vant source.
CHAPTER 7 • Knowledge Management and Specialized Information Systems 307
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
that visitors get search results that meet their needs, thus increasing the rate at which Web site visitors convert to paying customers and are encouraged to spend more time at your site.
Electronic discovery is another important application of enterprise search software. Electronic discovery (e-discovery) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. The Federal Rules of Civil Procedure governs the processes and requirements of parties in federal civil suits and sets the rules regarding e-discovery. These rules compel civil litigants to both preserve and produce electronic documents and data related to a case, such as email, voice mail, texts, graphics, photographs, contents of databases, spreadsheets, Web pages, and so on. “We can’t find it” is no lon- ger an acceptable excuse for not producing information relevant to a lawsuit.
Effective e-discovery software solutions preserve and destroy data based on approved organizational policies through processes that cannot be altered by unauthorized users. To be useful, this software must also allow users to locate all of the information pertinent to a lawsuit quickly, with a minimum amount of manual effort. Furthermore, the solution must work for all data types across dissimilar data sources and systems and operate at a reasonable cost. The legal departments of many organizations are collaborating with their IT organization and technology vendors to identify and implement a solution that meets these e-discovery requirements.
A recent development in the area of e-discovery is the use of “predictive coding,” which involves the use of computer algorithms rather than a full manual review to determine the relevance of electronic documents in a law- suit. The algorithms are developed by having attorneys and other people knowledgeable about the case documents review a subset of documents; the results of that review are used to “teach” the software what to search for.21
Ideally, predictive coding would greatly reduce the costs and time required to complete e-discovery in large-scale litigations. In practice, however, this pro- cess can be another area of contention in a lawsuit. In Rio Tinto v. Vale, S.A. et al., a much-watched case in which predictive coding was used, the parties to the lawsuit spent months arguing over the protocols being used to develop the coding algorithms.22
KM Experiment You are a talent scout for a professional sports team. Over the years, the players you have recommended have had outstanding performance records for your team. Indeed, although you are only in your late thirties, you are frequently cited as one of the top talent recruiters in the league.
You have read and reread the study guide on knowledge management your general manager provided you two weeks ago. In addition to some basic defini- tions and discussion of KM, it includes several examples of successful applications of KM to the selection of top recruits for academic and athletic scholarships. Now you are sitting in your hotel room staring at the email from the general manager. He wants you to become the subject of a KM experiment for the team. The goal is to train the other three talent scouts for the team in your approach.
Review Questions 1. Do you think that shadowing or joint problem solving would be a more effec-
tive way to share your tacit knowledge with the other scouts? Why? 2. Would the formation of a community of practice be an effective method for
sharing tacit knowledge among all the scouts? How might such a CoP operate?
electronic discovery (e-discovery): Any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case.
308 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Questions 1. For years, you have competed against the other scouts to sign the most pro-
ductive new talent. How do you feel about being asked to share your insights and expertise with the other scouts?
2. What sort of bonus or incentive could management offer to make you strongly motivated to participate in this experiment and make it a success?
Overview of Artificial Intelligence
At a Dartmouth College conference in 1956, John McCarthy proposed the use of the term artificial intelligence (AI) to describe computers with the ability to mimic or duplicate the functions of the human brain. A paper was pre- sented at the conference proposing a study of AI based on the conjecture that “every aspect of learning or any other feature of intelligence can in principle be so precisely described that a machine can be made to simulate it.”23 Many AI pioneers attended this first conference; a few predicted that computers would be as “smart” as people by the 1960s. The prediction has not yet been realized, but many applications of artificial intelligence can be seen today, and research continues.
Watson is the first commercially available cognitive computing capability, a computer capable of processing information like a human. As such, Watson represents a new era in computing. The system, delivered through the cloud, analyzes large volumes of data, understands complex questions posed in natu- ral language, and proposes evidence-based answers. Watson continuously learns, gaining in value and knowledge over time, from previous interactions. Watson learns in three ways: by being taught by its users, by learning from prior interactions, and by being presented with new information.24 An early version of Watson was able to soundly defeat prior champions of the popular TV game show, Jeopardy! The artificial intelligence computer can process human speech, search its vast databases for possible responses, and reply in a human voice. See Figure 7.4.
FIGURE 7.4 IBM Watson IBM Watson is being used to develop treatment options for cancer patients based on the DNA of their disease Ca
ro ly n Co le /G et ty Im ag es
artificial intelligence: The ability to mimic or duplicate the functions of the human brain.
CHAPTER 7 • Knowledge Management and Specialized Information Systems 309
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Now a cloud-based Watson system is being used by doctors to develop treatment options for a wide range of diseases, including glioblastoma, an aggressive brain cancer that kills over 13,000 people in the United States each year. Watson will correlate data from the DNA associated with each glioblas- toma patient’s disease to the latest findings from medical journals, new stud- ies, medical images, and clinical records to develop a highly personalized treatment regimen. The goal is for Watson to increase the number of patients who can benefit from care options uniquely tailored to their disease’s DNA. Watson will continually learn and improve as it deals with each new patient scenario and new medical research becomes available.
Artificial Intelligence in Perspective Computers were originally designed to perform simple mathematical opera- tions, using fixed programmed rules and eventually operating at millions of computations per second. When it comes to performing mathematical opera- tions quickly and accurately, computers beat humans’ hands down. However, computers still have trouble recognizing patterns, adapting to new situations, and drawing conclusions when not provided complete information—all activi- ties that humans can perform quite well. Artificial intelligence systems tackle these sorts of problems. Artificial intelligence systems include the people, procedures, hardware, software, data, and knowledge needed to develop computer systems and machines that can simulate human intelligence pro- cesses, including learning (the acquisition of information and rules for using the information), reasoning (using rules to reach conclusions), and self- correction (using the outcome from one scenario to improve its performance on future scenarios).
AI is a complex and interdisciplinary field that involves several specialties, including biology, computer science, linguistics, mathematics, neuroscience, philosophy, and psychology. The study of AI systems causes one to ponder philosophical issues such as the nature of the human mind and the ethics of creating objects gifted with human-like intelligence. Today, artificial intelli- gence systems are used in many industries and applications. Researchers, scientists, and experts on how human beings think are often involved in developing these systems.
Nature of Intelligence From its earliest stages, the emphasis of much AI research has been on developing machines with the ability to “learn” from experiences and apply knowledge acquired from those experiences; to handle complex situations; to solve problems when important information is missing; to determine what is important and to react quickly and correctly to a new situation; to understand visual images, process and manipulate symbols, and be creative and imaginative; and to use heuristics—all of which together is considered intelligent behavior.
The Turing Test, designed by Alan Turing, a British mathematician, attempts to determine whether a computer can successfully impersonate a human. Human judges are connected to the computer and to another human via an instant messaging system and the only information flowing between the contestants is text. The judges pose questions on any topic from the arts to zool- ogy, even questions about personal history and social relationships. To pass the test, the computer must communicate via this medium so competently that the judges cannot tell the difference between the computer’s responses and the human’s responses.25 No computer has yet passed the Turing Test, although many computer scientists believe it may happen in the next few years.26 The Loebner Prize is an annual competition in artificial intelligence that awards prizes to the computer system designed to simulate an intelligent conversation
artificial intelligence system: The people, procedures, hardware, software, data, and knowledge needed to develop computer systems and machines that can simulate human intelligence processes, including learn- ing (the acquisition of information and rules for using the information), rea- soning (using rules to reach conclu- sions), and self-correction (using the outcome from one scenario to improve its performance on future scenarios).
intelligent behavior: The ability to learn from experiences and apply knowledge acquired from those experi- ences; to handle complex situations; to solve problems when important infor- mation is missing; to determine what is important and to react quickly and cor- rectly to a new situation; to understand visual images, process and manipulate symbols, and be creative and imagina- tive; and to use heuristics.
310 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
that is considered by the judges to be the most humanlike. Although no one has yet won the $100,000 top prize for passing the Turing Test, each year a prize of $4,000 and a bronze medal is awarded for the computer that is con- sidered by the judges to be the most humanlike.27
Some of the specific characteristics of intelligent behavior include the abil- ity to do the following:
● Learn from experience and apply the knowledge acquired from expe- rience. Learning from past situations and events is a key component of intelligent behavior and is a natural ability of humans, who learn by trial and error. This ability, however, must be carefully programmed into a computer system. Today, researchers are developing systems that can “learn” from experience. The 20 Questions (20Q) Web site, www.20q.net (see Figure 7.5), is an example of a system that learns.28 The Web site is an artificial intelligence game that learns as people play.
● Handle complex situations. In a business setting, top-level managers and executives must handle a complex market, challenging competitors, intricate government regulations, and a demanding workforce. Even human experts make mistakes in dealing with these matters. Very careful planning and elaborate computer programming are necessary to develop systems that can handle complex situations.
● Solve problems when important information is missing. An integral part of decision making is dealing with uncertainty. Often, decisions must be made with little or inaccurate information because obtaining complete information is too costly or impossible. Today, AI systems can make important calculations, comparisons, and decisions even when informa- tion is missing.
● Determine what is important. Knowing what is truly important is the mark of a good decision maker. Developing programs and approaches to allow computer systems and machines to identify important information is not a simple task.
● React quickly and correctly to a new situation. A small child, for exam- ple, can look over an edge and know not to venture too close. The child reacts quickly and correctly to a new situation. On the other hand, with- out complex programming, computers do not have this ability.
FIGURE 7.5 The 20Q Web site 20Q is a game where users play the popular game, 20 Questions, against an artificial intelligence foe. Source: www.20q.net
CHAPTER 7 • Knowledge Management and Specialized Information Systems 311
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
● Understand visual images. Interpreting visual images can be extremely difficult, even for sophisticated computers. Moving through a room of chairs, tables, and other objects can be trivial for people but extremely complex for machines, robots, and computers. Such machines require an extension of understanding visual images, called a perceptive system. Having a perceptive system allows a machine to approximate the way a person sees, hears, and feels objects.
● Process and manipulate symbols. People see, manipulate, and process symbols every day. Visual images provide a constant stream of information to our brains. By contrast, computers have difficulty handling symbolic pro- cessing and reasoning. Although computers excel at numerical calculations, they aren’t as good at dealing with symbols and three-dimensional objects. Recent developments in machine-vision hardware and software, however, allow some computers to process and manipulate certain symbols.
● Be creative and imaginative. Throughout history, some people have turned difficult situations into advantages by being creative and imagina- tive. For instance, when defective mints with holes in the middle arrived at a candy factory, an enterprising entrepreneur decided to market these new mints as LifeSavers instead of returning them to the manufacturer. Ice cream cones were invented at the St. Louis World’s Fair when an imaginative store owner decided to wrap ice cream with a waffle from his grill for portability. Developing new products and services from an exist- ing (perhaps negative) situation is a human characteristic. While software has been developed to enable a computer to write short stories, few com- puters can be imaginative or creative in this way.
● Use heuristics. For some decisions, people use heuristics (rules of thumb arising from experience) or even guesses. Some computer systems obtain good solutions to complex problems (e.g., scheduling the flight crews for a large airline) based on heuristics rather than trying to search for an optimal solution, which might be technically difficult or too time consuming.
Brain-Computer Interface Developing a link between the human brain and the computer is another excit- ing aspect of artificial intelligence research. The idea behind a brain-computer interface (BCI) is to directly connect the human brain to a computer so that human thought can control the activities of the computer. One potential use of BCI technology would be to give people without the ability to speak or move (a condition called locked-in syndrome) the capability to communicate, control a computer, and move artificial limbs. Honda Motors has developed a BCI sys- tem that allows a person to complete certain operations, such as bending a leg, with 90 percent accuracy. See Figure 7.6. The new system uses a special helmet that can measure and transmit brain activity to a computer.
AI is a broad field that includes several specialty areas, such as expert sys- tems, robotics, vision systems, natural language processing, learning systems, and neural networks. See Figure 7.7. Many of these areas are related; advances in one can occur simultaneously with or result in advances in others.
Expert Systems An expert system consists of hardware and software that stores knowledge and makes inferences, enabling a novice to perform at the level of an expert. Like human experts, computerized expert systems use heuristics, or rules of thumb, to arrive at conclusions or make suggestions. Since expert systems can be difficult, expensive, and time consuming to develop, they should be developed when there is a high potential payoff or when they have the poten- tial to significantly reduce downside risk and the organization wants to cap- ture and preserve irreplaceable human expertise.
perceptive system: A system that approximates the way a person sees, hears, and feels objects.
expert system: A system that con- sists of hardware and software that stores knowledge and makes infer- ences, enabling a novice to perform at the level of an expert.
312 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Components of Expert Systems An expert system is made up of a collection of integrated and related compo- nents, including a knowledge base, an inference engine, an explanation facil- ity, a knowledge base acquisition facility, and a user interface. A diagram of a typical expert system is shown in Figure 7.8.
As shown in the figure, the user interacts with the user interface, which interacts with the inference engine. The inference engine interacts with the
FIGURE 7.6 Brain-machine interface Honda Motors has developed a brain-machine interface that mea- sures electrical current and blood flow change in the brain and uses the data to control ASIMO, the Honda robot. YO
SH IK A ZU
TS U N O /A FP /G et ty Im ag es
Natural language processing
Neural networks
Vision systems Learningsystems
Robotics
Artificial intelligence
Expert systems
FIGURE 7.7 Conceptual model of artificial intelligence AI is a broad field that includes several specialty areas.
CHAPTER 7 • Knowledge Management and Specialized Information Systems 313
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
other expert system components to provide expertise. This figure also shows the inference engine coordinating the flow of knowledge to other components of the expert system.
Knowledge Base The knowledge base stores all relevant information, data, rules, cases, and relationships that the expert system uses. As shown in Figure 7.9, a knowledge base is a natural extension of a database and an information and decision support system. A knowledge base must be devel- oped for each unique expert system supplication. Rules and cases are fre- quently used to create a knowledge base.
A rule is a conditional statement that links conditions to actions or out- comes. In many instances, these rules are stored as IF-THEN statements, which are rules that suggest certain conclusions. The FICO Blaze Advisor sys- tem is a rules-based platform that allows business users to develop and test rule-based decision applications used by clients for benefits eligibility determi- nation, insurance underwriting, regulatory compliance monitoring, and per- sonal and commercial lending—among other uses.29
A case-based system can also be used to develop a solution to a current problem or situation. In such a system, each case typically contains a descrip- tion of the problem, plus a solution and/or the outcome. The case-based solu- tion process involves (1) finding cases stored in the knowledge base that are similar to the problem or situation at hand, (2) reusing the case in an attempt to solve the problem at hand, (3) revising the proposed solution if necessary, and (4) retaining the new solution as part of a new case. A washing machine repairman who fixes a washer recalling another washer that presented similar
FIGURE 7.8 Components of an expert system An expert system includes a knowl- edge base, an inference engine, an explanation facility, a knowledge base acquisition facility, and a user interface.
Knowledge base
Knowledge base
acquisition facility
Inference engine
Explanation facility
Experts User
User interface
FIGURE 7.9 Relationships between data, information, and knowledge A knowledge base stores all relevant information, data, rules, cases, and relationships that an expert system uses.
Database raw facts
Information and decision support information
Knowledge base patterns and relationships
Increasing understanding
rule: A conditional statement that links conditions to actions or outcomes.
IF-THEN statement: A rule that suggests certain conclusions.
314 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
symptoms is using case-based reasoning, so is the lawyer who advocates a particular outcome in a trial based on legal precedents.
Inference Engine The main purpose of an inference engine is to seek infor- mation and relationships from the knowledge base and to provide answers, predictions, and suggestions similar to the way a human expert would. In other words, the inference engine is the component that delivers the expert advice. Consider the expert system that forecasts future sales for a product. One approach is to start with a fact such as “The demand for the product last month was 20,000 units.” The expert system searches for rules that con- tain a reference to product demand. For example, “IF product demand is over 15,000 units, THEN check the demand for competing products.” As a result of this process, the expert system might use information on the demand for competitive products. Next, after searching additional rules, the expert system might use information on personal income or national infla- tion rates. This process continues until the expert system can reach a conclu- sion using the data supplied by the user and the rules that apply in the knowledge base.
Explanation Facility An important part of an expert system is the explanation facility, which allows a user or decision maker to understand how the expert system arrived at certain conclusions or results. A medical expert system, for example, might reach the conclusion that a patient has a defective heart valve given certain symptoms and the results of tests on the patient. The explana- tion facility allows a doctor to find out the logic or rationale of the diagnosis made by the expert system. The expert system, using the explanation facility, can indicate all the facts and rules that were used in reaching the conclusion, which the doctors can look at to determine whether the expert system is pro- cessing the data and information correctly and logically.
Knowledge Acquisition Facility A challenging aspect of developing a useful expert system is the creation and updating of the knowledge base. In the past, when more traditional programming languages were used, developing a knowledge base was tedious and time consuming. Each fact, relationship, and rule had to be programmed—usually by an experienced programmer.
Today, specialized software allows users and decision makers to create and modify their own knowledge bases through the knowledge acquisition facility, using user-friendly menus. The purpose of the knowledge acquisition facility is to provide a convenient and efficient means of capturing and storing all components of the knowledge base. The knowledge acquisition facility acts as an interface between experts and the knowledge base.
User Interface The main purpose of the user interface is to make an expert system easier for users and decision makers to develop and use. At one time, skilled computer personnel created and operated most expert systems; today, simplified user interfaces permit decision makers to develop and use their own expert systems.
Participants in Developing and Using Expert Systems Typically, several people are involved in developing and using an expert sys- tem. The domain expert is the person or group with the expertise or knowl- edge the expert system is trying to capture (domain). A knowledge engineer is a person who has training or experience in the design, development, imple- mentation, and maintenance of an expert system. Knowledge engineers can help transfer the knowledge from the expert system to the knowledge user. The knowledge user is the person or group who uses and benefits from
inference engine: Part of the expert system that seeks information and relationships from the knowledge base and provides answers, predictions, and suggestions similar to the way a human expert would.
explanation facility: Component of an expert system that allows a user or decision maker to understand how the expert system arrived at certain conclusions or results.
knowledge acquisition facility: Part of the expert system that provides a convenient and efficient means of capturing and storing all the compo- nents of the knowledge base.
domain expert: The person or group with the expertise or knowledge the expert system is trying to capture (domain).
knowledge engineer: A person who has training or experience in the design, development, implementation, and maintenance of an expert system.
knowledge user: The person or group who uses and benefits from the expert system.
CHAPTER 7 • Knowledge Management and Specialized Information Systems 315
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
the expert system. Knowledge users do not need any previous training in computers or expert systems.
Expert System Shells and Products An expert system shell is a suite of software that allows construction of a knowledge base and interaction with this knowledge base through the use of an inference engine. Expert system shells are available for both personal com- puters and mainframe systems, with some shells costing less than $500. In addition, off-the-shelf expert system shells are complete and ready to run. The user enters the appropriate data or parameters, and the expert system provides output to the problem or situation.
Robotics Robotics is a branch of engineering that involves development and manu- facture of mechanical or computer devices that can perform tasks that require a high degree of precision or are tedious or hazardous for human beings, such as painting cars or making precision welds. Karel Capek intro- duced the word “robot” in his 1921 play, R.U.R. (an abbreviation of Ros- trum’s Universal Robots). The play was about an island factory that produced artificial people called “robots” who are consigned to do drudg- ery work and eventually rebel and overthrow their creators, causing the extinction of human beings.30 Organizations today do indeed use robots to perform dull, dirty, and/or dangerous jobs. They are often used to lift and move heavy pallets in warehouses, perform welding operations, and pro- vide a way to view radioactively contaminated areas of power plants inac- cessible by people.
However, the use of robots has expanded and is likely to continue to grow. Robots are increasingly being used in surgical procedures ranging from prostrate removal to open-heart surgery. See Figure 7.10. Robots can provide doctors with enhanced precision, improved dexterity, and better visualization. In 2014, the U.S. Navy’s Bluefin 21 robotic submarine made several trips below the Indian Ocean’s surface to scan the seabed for any trace of the miss- ing Malaysia Airlines Flight 370. iRobot (www.irobot.com) is a company that builds a variety of robots, including the Roomba for vacuuming floors, the
FIGURE 7.10 Robotic surgery The arms of the Da Vinci robot assist in a kidney transplant. A surgeon controls the robot remotely from a corner of the operating room. Ma
st er
Vi de o/ Sh ut te rs to ck .c om
robotics: A branch of engineering that involves the development and manufacture of mechanical or com- puter devices that can perform tasks requiring a high degree of precision or that are tedious or hazardous for humans.
316 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Looj for cleaning gutters, and the PackBot, an unmanned vehicle used to assist and protect soldiers.31
Some robots, such as the ER series by Intelitek, can be used for training or entertainment.32 Wonder Workshop created robots Dash and Dot to help young children (ages 5+) to learn programming concepts and creative prob- lem solving.33
Some people fear that robots will increasingly take jobs from human employees. For example, the use of autonomous vehicles may place millions of truck drivers, chauffeurs, and cab drivers out of work. Some experts have predicted that every home will have a robot of some sort by 2025. One area of particular interest is the use of robots as companions and caregivers for people who are sick, elderly, or physically challenged.34,35
Vision Systems Another area of AI involves vision systems, which include hardware and software that permit computers to capture, store, and process visual images. 3D machine-vision systems are used to increase the accuracy and speed of industrial inspections of parts. Automated fruit-picking machines use a unique vacuum gripper combined with a vision system to pick fruit. Facebook is developing an AI vision system called DeepFace, which creates 3D models of the faces in photos. The technology represents a vast improvement over cur- rent facial recognition software. DeepFace can correctly tell if two photos show the same person with 97.25 percent accuracy. This nearly matches humans, who are correct 97.53 percent of the time. The technology, which uses more than 120 million parameters, can also recognize people whose faces are not showing with 83 percent accuracy, using features such as body shape, posture, hairstyle, and clothing. 36,37
Natural Language Processing Natural language processing is an aspect of artificial intelligence that involves technology that allows computers to understand, analyze, manipu- late, and/or generate “natural” languages, such as English. Many companies provide natural language processing help over the phone. When you call a help phone number, you are typically given a menu of options and asked to speak your responses. Many people, however, become easily frustrated talk- ing to a machine instead of a human. The Naturally Speaking application from Dragon Systems uses continuous voice recognition, or natural speech, that allows the user to speak to the computer at a normal pace without paus- ing between words. The spoken words are transcribed immediately onto the computer screen. See Figure 7.11.
FIGURE 7.11 Voice recognition software With the NaturallySpeaking applica- tion from Dragon Systems, computer users can speak and have their words transcribed into text for input to software such as Microsoft Word. Source: Nuance Communications.
vision system: The hardware and software that permit computers to cap- ture, store, and manipulate visual images.
natural language processing: An aspect of artificial intelligence that involves technology that allows com- puters to understand, analyze, manip- ulate, and/or generate “natural” languages, such as English.
CHAPTER 7 • Knowledge Management and Specialized Information Systems 317
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
After converting sounds into words, natural language-processing systems react to the words or commands by performing a variety of tasks. Brokerage services are a perfect fit for voice recognition and natural language-processing technology to replace the existing “press 1 to buy or sell a stock” touchpad tele- phone menu system. Using voice recognition to convert recordings into text is also possible. Some companies claim that voice recognition and natural language-processing software is so good that customers forget they are talking to a computer and start discussing the weather or sports scores.
Learning Systems Another aspect of AI deals with learning systems, a combination of software and hardware that allows a computer to change how it functions or how it reacts to situations based on feedback it receives. For example, some comput- erized games have learning abilities. If the computer does not win a game, it remembers not to make the same moves under the same conditions again. Some learning systems utilize reinforcement learning, which involves the use of sequential decisions—with learning taking place between each decision. Reinforcement learning often involves sophisticated computer programming and optimization techniques. The computer makes a decision, analyzes the results, and then makes a better decision based on the analysis. The process, often called dynamic programming, is repeated until it is impossible to make improvements in the decision.
Learning systems software requires feedback on the results of actions or decisions. At a minimum, the feedback needs to indicate whether the results are desirable (winning a game) or undesirable (losing a game). The feedback is then used to alter what the system will do in the future.
After Google combined natural language processing with learning systems in its Android smartphone operating system, it reduced word-recognition errors by 25 percent.38 With this new technology, the voice assistant is also able to ask questions to clarify what a user is searching for.
Neural Networks An increasingly important aspect of AI involves neural networks, also called neural nets. A neural network is a computer system that can recognize and act on patterns or trends that it detects in large sets of data. A neural network employs massively parallel processors in an architecture that is based on the human brain’s own meshlike structure. As a result, neural networks can pro- cess many pieces of data at the same time and learn to recognize patterns.
AI Trilogy, available from the Ward Systems Group (www.wardsystems .com), is a neural network software program that can run on a standard PC. The software package’s NeuroShell Predictor component can be used to make predictions, such as agricultural production estimates and call volume forecasts. The NeuroShell Classifier can be used to aid in classification and decision-making tasks, such as alarm system malfunction diagnosis and sales prospect selection. See Figure 7.12. The software package also contains Gene- Hunter, which uses a special type of algorithm called a genetic algorithm to get the best result from the neural network system. (Genetic algorithms are discussed next.) Some pattern recognition software uses neural networks to make credit lending decisions by predicting the likelihood a new borrower will pay back a loan. Neural networks are also used to identify bank or credit card transactions likely to be fraudulent. Large call centers use neural net- works to create staffing strategies by predicting call volumes.
Dr. José R. Iglesias-Rozas at the Katharinenhospital in Stuttgart, Germany, is a leader in researching the use of neural networks to diagnose the degree of malignancy of tumors. In his early research, microscopic sections of 786 different human brain tumors were collected. A neural network tool called
learning system: A combination of software and hardware that allows a computer to change how it functions or how it reacts to situations based on feedback it receives.
neural network: A computer system that can recognize and act on patterns or trends that it detects in large sets of data.
318 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
NeuralTools was then used to predict the degree of malignancy based on the presence of 10 histological characteristics. The neural network accurately pre- dicted over 95 percent of the sample cases. Dr. Iglesias-Rozas plans to expand his research to analyze over 30 years of data from more than 8,000 patients with brain tumors.39
Other Artificial Intelligence Applications Other artificial intelligence applications include genetic algorithms, which solve problems based on the theory of evolution—using the concept of survival of the fittest as a problem-solving strategy. The genetic algorithm uses a fitness function that quantitatively evaluates a set of initial candidate solutions. The highest- scoring candidate solutions are allowed to “reproduce,” with random changes introduced to create new candidate solutions. These digital offspring are sub- jected to a second round of fitness evaluation. Again, the most promising candi- date solutions are selected and used to create a new generation with random changes. The process repeats for hundreds or even thousands of rounds. The expectation is that the average fitness of the population will increase each round and that eventually very good solutions to the problem will be discovered.
Genetic algorithms have been used to solve large, complex scheduling problems, such as scheduling airline crews to meet flight requirements while minimizing total costs and staying within federal guidelines on maximum crew flight hours and required hours of rest. Genetic algorithms have also
FIGURE 7.12 Neural network software NeuroShell Predictor uses recognized forecasting methods to look for future trends in data. Source: Ward Systems Group, Inc.
genetic algorithm: An approach to solving problems based on the theory of evolution; uses the concept of sur- vival of the fittest as a problem-solving strategy.
CHAPTER 7 • Knowledge Management and Specialized Information Systems 319
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
been used to design mirrors that funnel sunlight to a solar collection and radio antenna that pick up signals from space.
Another artificial intelligence application, intelligent agent (also called an intelligent robot or bot), consists of programs and a knowledge base used to perform a specific task for a person, a process, or another program. Like a sports agent who searches for the best endorsement deals for a top athlete, an intelligent agent is often used to search for the best price, schedule, or solution to a problem. The programs used by an intelligent agent can search large amounts of data as the knowledge base refines the search or accommo- dates user preferences. Often used to search the vast resources of the Internet, intelligent agents can help people find information on any topic, such as the best price for a hotel stay or used car.
IBM Watson Offers Advice to Cancer Patients IBM and the American Cancer Society (ACS) are working in partnership to develop a Watson-based advisor to support cancer patients. They will create this robust resource by drawing upon massive sources of data from both organiza- tions, and then train Watson to use the data to understand and anticipate indivi- duals’ needs. In addition, the advisor will learn about the patient and that patient’s planned treatment regimen, allowing it to offer personalized advice that matches the patient’s individual characteristics, preferences, and treatment plan.40
The goal is for the Watson-based advisor to anticipate the needs of people with different types of cancers, at different stages of the disease, and at various points in treatment. For example, a person with lung cancer experiencing unusual levels of pain could ask what might be causing pain. The advisor would be designed to respond with information on symptoms and self-management options associated with that persons’ current and future phases of treatment, based on the experiences of people with similar characteristics.
Review Questions 1. How might visual systems and natural language processing be incorporated
into the Watson cancer adviser system? 2. What other major branches of artificial intelligence are employed in the
Watson cancer patient adviser?
Critical Thinking Questions 1. One of the challenges of a cognitive computing capability such as the Watson
cancer adviser is keeping the information that Watson draws on as current as possible. Over time, new approaches, courses of treatment, medicines, and ideas will be discovered that are improvement over the old way of doing things. How might the Watson cancer adviser be kept as current as possible?
2. Cancer patients frequently suffer from depression. Do you think it is possible for Watson to recognize symptoms of depression and provide encouragement and advice to the patient? How might this be accomplished?
Multimedia and Virtual Reality
The use of multimedia and virtual reality has helped many companies achieve a competitive advantage and increase profits. The approach and technology used in multimedia is often the foundation of virtual reality systems, discussed later in this section. While these specialized information systems are not used by all organizations, they can play a key role for many. We begin with a dis- cussion of multimedia.
intelligent agent: Programs and a knowledge base used to perform a specific task for a person, a process, or another program; also called an intelli- gent robot or bot.
320 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Overview of Multimedia Multimedia is content that uses more than one form of communication—such as text, graphics, video, animation, audio, and other media. Multimedia tools can be used to help an organization achieve its goals through the production of compelling brochures, presentations, reports, and documents. Many compa- nies use multimedia approaches to develop animations and video games to help advertise products and services. For example, insurance company Geico uses an animated gecko in some of its TV ads. Animation software, such as Blender, GoAnimate, and Powtoon, offer tools for individuals and businesses looking to develop these types of animations. Although not all organizations use the full capabilities of multimedia, most use text and graphics capabilities.
Text and Graphics Most organizations use text and graphics to develop reports, financial state- ments, advertising pieces, and other documents for internal and external use. Internally, organizations use text and graphics to communicate policies, guidelines, procedures, and much more to employees. Externally, they use text and graphics to communicate to suppliers, customers, federal and state governmental agencies, and a variety of other stakeholders. Different sizes, fonts, and colors can be used to create different effects with text. Graphics such as photographs, illustrations, drawings, a variety of charts, and other still images can be used to create interest and illustrate a message. Some pop- ular digital image formats include EPS (Encapsulated PostScript), GIF (Graphic Interchange Format), JPEG (Joint Photographic Experts Group for- mat), PNG (Portable Network Graphics), TIFF (Tagged Image File Format), and Raw image files.
While standard word-processing programs are an inexpensive and simple way to develop documents and reports that require text and graphics, most organizations use specialized software. Adobe Illustrator, for example, can be used to create typography and vector graphics, such as illustrations and logos. Other graphics programs include CorelDraw by Corel Corporation and Serif DrawPlus. Software products such as Adobe InDesign can be used for page design, layout, and publishing of digital and print manuals, brochures, and reports. Adobe Photoshop is a sophisticated and popular software package that can be used to edit photographs and other visual images. Once created, these documents and reports can be saved in an Adobe PDF file, which can be used for printing or for digital delivery. Other photo-editing software includes Apple’s iPhoto, Corel PaintShop Pro, and Pixelmator—among many others.
Microsoft PowerPoint can be used to develop presentations with sound and animation that can be displayed on a large viewing screen. Prezi and Swipe are both Web-based presentation software alternatives to PowerPoint.
Many graphics programs can also create 3D images. Once used primarily in movies, 3D technology can be employed by companies to design products, such as motorcycles, jet engines, and bridges. Autodesk, for example, makes exciting 3D software that companies can use to design everything from fruit- packing machines for Sunkist to large skyscrapers and other buildings for architectural firms.41 The technology used to produce 3D movies is also avail- able with some TV programs. Nintendo developed the Nintendo 3DS, one of the first portable gaming devices that displays images in 3D.
Audio Audio, which includes music, human voices, recorded sounds, and a variety of computer-generated sounds, can be stored in a variety of file formats, including AAC (Advanced Audio Coding), AIFF (Audio Interchange File For- mat), ALAC (Apple Lossless Audio Codec), FLAC (Free Lossless Audio Codec), MIDI (Musical Instrument Digital Interface), MP3 (Motion Picture Experts
multimedia: Content that uses more than one form of communication—such as text, graphics, video, animation, audio, and other media.
CHAPTER 7 • Knowledge Management and Specialized Information Systems 321
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Group Audio Layer 3), and WAV (wave format). The term “streaming audio” refers to audio files that are played while they are being downloaded from the Internet.
Input to audio software includes audio recording devices, microphones, imported music or sound from CDs or audio files, MIDI instruments that can create music and sounds directly, and other audio sources. Once stored, audio files can be edited and augmented using audio software, such as Apple Quick- Time, Microsoft Sound Recorder, Adobe Audition, and SourceForge Audacity. See Figure 7.13. Once edited, audio files can also be used to enhance presenta- tions, create music, broadcast satellite radio signals, develop audio books, record podcasts, add realism to movies, and enrich video and animation.
Video and Animation The moving images of video and animation are typically created by rapidly displaying one still image after another. Video and animation can be stored in a variety of file formats, including AVI (Audio Video Interleave), FLV/FV4 (Flash Video), MOV (QuickTime format) files, MPEG (Motion Picture Experts Group format), QTFF (QuickTime File Format), and WMV (Windows Media Video). When video files are played while they are being downloaded from the Internet, it’s called streaming video. For example, Amazon Prime, Hulu, and Netflix are just three of the many sites through which users can stream movies and TV programs. On the Internet, Java applets (small downloadable programs) and animated GIF files can be used to animate or create “moving” images.
A number of video and animation software products can be used to create and edit video and animation files. Many video and animation programs can create realistic 3D moving images. James Cameron’s movie Avatar used sophisticated computers and 3D imaging to create one of the most profitable movies in history. Adobe’s Premiere and After Effects and Apple’s Final Cut Pro can be used to edit video images taken from cameras and other sources. Final Cut Pro, for example, has been used to edit and produce full-length motion pictures shown in movie theaters. Adobe Flash and LiveMotion can be used to add motion and animation to Web pages.
Video and animation have many business uses. Companies that develop computer-based or Internet training materials often use video and audio soft- ware. An information kiosk at an airport or shopping mall can use animation to help customers check in for a flight or get information.
FIGURE 7.13 Audio-editing software Audacity provides tools for editing and producing audio files in a variety of formats. Source: Audacity.
322 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Visual effects involve the integration of live-action footage and generated imagery to create settings that look completely lifelike, but would be danger- ous or extremely expensive to capture on film. RenderMan is Pixar’s technical specification for a standard communications interface between 3D computer graphics programs and rendering programs. (Rendering is the final step in the animation process and provides the final appearance to the animation with visual effects such as shading, texture mapping, shadows, reflections, and motion blurs.) RenderMan software is used widely to create outstanding graphics for feature films and broadcast television. Indeed, it was used on every Visual Effects Academy Award Winner for 15 straight years.42
File Conversion and Compression Most multimedia applications are created, edited, and distributed in a digital file format, such as the ones discussed earlier. Older inputs to these applications, however, can be in an analog format—from old home movies, magnetic tapes, vinyl records, or similar sources. In addition, some older digital formats are no longer popular or used. In order to edit and process analog and older digital formats using current multimedia software, the content must be converted into a newer digital format. Files can be converted using software or specialized hardware. Some of the multimedia software, such as Adobe Premiere, Adobe Audition, and others, have this analog-to-digital conversion capability. Stand- alone software and specialized hardware can also be used. Grass Valley, for example, is a hardware device that can be used to convert analog video to digi- tal video or digital video to analog video. With this device, you can convert old VHS tapes to digital video files or digital video files to an analog format.
Because multimedia files can be large, it’s sometimes necessary to com- press files to make them easier to download from the Internet or send as email attachments. Many of the multimedia software programs discussed earlier can be used to compress multimedia files. In addition, standalone file conversion programs, such as PNGGauntlet, ScriptPNG, WinZip, and Wonder- share Video Converter Ultimate, can be used to compress many file formats.
Designing a Multimedia Application Designing multimedia applications requires careful thought and a systematic approach. Multimedia applications can be printed in brochures, placed into corporate reports, uploaded to the Internet, or displayed on large screens for viewing. Because these applications are typically more expensive than prepar- ing documents and files in a word-processing program, it is important to spend time designing the best possible multimedia application. Designing a multimedia application requires that the end use of the document or file be carefully considered. For example, some text styles and fonts are designed for Internet display. Because different computers and Web browsers display infor- mation differently, it is a good idea to select styles, fonts, and presentations based on computers and browsers that are likely to display the multimedia application. Because large files can take much longer to load into a Web page, smaller files are usually preferred for Web-based multimedia applications.
Overview of Virtual Reality The term “virtual reality” was initially coined in 1989 by Jaron Lanier, founder of VPL Research. Originally, the term referred to immersive virtual reality in which the user becomes fully immersed in an artificial, 3D world that is completely generated by a computer. Through immersion, the user can gain a deeper understanding of the virtual world’s behavior and functionality.
A virtual reality system enables one or more users to move and react in a computer-simulated environment. Virtual reality simulations require special interface devices that transmit the sights, sounds, and sensations of the
virtual reality system: A system that enables one or more users to move and react in a computer-simulated environment.
CHAPTER 7 • Knowledge Management and Specialized Information Systems 323
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
simulated world to the user. These devices can also record and send the speech and movements of the participants to the simulation program, enabling users to sense and manipulate virtual objects much as they would real objects. This natural style of interaction gives the participants the feeling that they are immersed in the simulated world. For example, an auto manu- facturer can use virtual reality to simulate and design automobiles and pro- duction lines in factories.
In justifying Facebook’s $2 billion acquisition of virtual reality company Oculus VR, Mark Zuckerberg said that “while mobile is the key platform for today, virtual reality will be one of the major platforms for tomorrow. Imagine enjoying a courtside seat at a game, studying in a classroom of students and teachers from all over the world or consulting with a doctor face-to-face, just by putting on goggles in your home.”43 In late 2015, Oculus VR released one of the first social virtual reality applications—an app that allows users of the Samsung Gear VR headset to go to a virtual movie theater (in the form of a selected avatar), watch a movie, and chat with other people who are also in the theater.44
Interface Devices To see in a virtual world, the user often wears a head-mounted display (HMD) with screens directed at each eye. The HMD also contains a position tracker to monitor the location of the user’s head and the direction in which the user is looking. Employing this information, a computer generates images of the vir- tual world—a slightly different view for each eye—to match the direction in which the user is looking and displays these images on the HMD. In addition to Oculus VR (Oculus Rift) and Samsung (Gear VR), other big players in the emerging virtual reality interface industry include Google (Cardboard), HTC (Vive), Microsoft (Hololens), and Sony (PlayStation VR).
The Electronic Visualization Laboratory (EVL) at the University of Illinois at Chicago introduced a room constructed of large screens on three walls and a floor on which the graphics are projected. The CAVE (Cave Automatic Virtual Environment), as the room is called, provides the illusion of immer- sion by projecting stereo images on the walls and floor of a room-sized cube (www.evl.uic.edu). Several people wearing lightweight stereo glasses can enter and walk freely inside the CAVE. A head-tracking system continu- ously adjusts the stereo projection to the current position of the leading viewer. The most recent version of the CAVE is called CAVE2 and features realistic high-resolution graphics that respond to user interactions. See Figure 7.14.
FIGURE 7.14 Large-scale virtual reality environment The CAVE2 virtual reality system has 72 stereoscopic LCD panels encir- cling the viewer 320 degrees and creates a 3D environment that can simulate the bridge of the Starship U.S.S. Enterprise, a flyover of the planet Mars, or a journey through the blood vessels of the brain. AP
Im ag es /C ha rle s Re x A rb og as t
324 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
In a virtual world, users hear sounds through earphones, and informa- tion reported by the position tracker is used to update audio signals. When a sound source in virtual space is not directly in front of or behind the user, the computer transmits sounds to arrive at one ear a little earlier or later than at the other and to be a little louder or softer and slightly different in pitch.
The haptic interface, which relays the sense of touch and other physical sensations in the virtual world, is the least developed and perhaps the most challenging virtual reality component to create. One virtual reality company has developed a haptic interface device that can be placed on a person’s fin- gertips to give an accurate feel for game players, surgeons, and others. With the use of a glove and position tracker, the computer locates the user’s hand and measures finger movements. The user can reach into the virtual world and handle objects; still, it is difficult to generate the sensations of a person tapping a hard surface, picking up an object, or running a finger across a tex- tured surface. Touch sensations also have to be synchronized with the sights and sounds users experience. Today, some virtual reality developers are even trying to incorporate taste and smell into virtual reality applications.
Forms of Virtual Reality Aside from immersive virtual reality, virtual reality can also refer to applica- tions that are not fully immersive, such as mouse-controlled navigation through a 3D environment on a graphics monitor, stereo viewing from the monitor via stereo glasses, and stereo projection systems. Augmented reality, a newer form of virtual reality, has the ability to superimpose digital data over real photos or images. Augmented reality is being used in a variety of settings. Some luxury car manufacturers, for example, display dashboard information, such as speed and remaining fuel, on windshields. The technol- ogy is also used in some military aircraft and is often called heads-up display. The use of lines (typically yellow and blue) that are superimposed onto a football field during broadcasted games to indicate the first down marker and the line of scrimmage is another example of augmented reality. GPS maps can be combined with real pictures of stores and streets to help you locate your position or find your way to a new destination. Using augmented reality, you could point a smartphone camera at a historic landmark, such as a castle, museum, or other building, and have information about the landmark appear on your screen, including a brief description of the landmark, admission price, and hours of operation. Although still in its early phases of implementa- tion, augmented reality has the potential to become an important feature of tomorrow’s smartphones and similar mobile devices.
Virtual Reality Applications Thousands of applications of virtual reality are available, with more being developed as the cost of hardware and software declines and as people’s ima- ginations are opened to the potential of virtual reality. Virtual reality applica- tions are being used in medicine, education and training, business, and entertainment, among other fields.
Medicine Virtual reality has been successful in treating children with autism by helping them pick up on social cues, refine their motor skills, and acquire real-life skills, such as looking both ways before crossing the street. Some children with autism interact well with technology because of its predictability, control- lability, and incredible patience. Virtual reality has also been used to help train medical students with simulations for many forms of surgery from brain surgery to delivery of a baby.45
CHAPTER 7 • Knowledge Management and Specialized Information Systems 325
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Education and Training Virtual environments are used in education to bring new resources into the classroom. Thousands of administrators, faculty, researchers, staff, and stu- dents are members of the Immersive Education Initiative (IEI), a nonprofit international partnership of colleges, companies, research institutes, and universities working together to define and develop open standards, best practices, platforms, and communities of support for virtual reality and game-based learning and training systems. The IEI sponsors immersive edu- cation summits as well as clubs and camps for children, college students, and corporate professionals.
Google’s Expeditions Pioneer Program is a pilot immersive education ini- tiative that brings virtual reality kits into the classroom so that students can take part in expeditions that help them learn about locations around world. Using cheap cardboard headsets, Android phones, and a teacher-operated tab- let, Google Expeditions lets students experience 360-degree views of outer space, the White House, caves in Slovakia, Buckingham Palace, Antarctica, the Amazon rainforest, the Great Barrier Reef, and 100 other locations.46,47
Virtual technology is also being used to train members of the military. To help with aircraft maintenance, a virtual reality system has been developed to simulate an aircraft and give a user a sense of touch, while computer graphics provide a sense of sight and sound. The user sees, touches, and manipulates the various parts of the virtual aircraft during training. Also, the Pentagon is using a virtual reality training lab to prepare for a military crisis. The virtual reality system simulates various war scenarios.
Business and Commerce Virtual reality is being used in business for many purposes—to provide virtual tours of plants and buildings, enable 360-degree viewing of a product or machine, and train employees. For example, Ford uses virtual reality technol- ogy to refine its auto designs. Designers and engineers are able to scrutinize the interior and exterior of a car design. Because the virtual reality technology is tied directly into Ford’s Autodesk computer aided design (CAD) system, workers can even inspect a particular component to see exactly how it is designed.48
Several teams within the National Football League (NFL) have begun using virtual reality applications to train players. The teams are able to load all of their offensive and defensive plays into the system, which uses a 360-degree high-definition capture of each position on the football field. Players training with the system are able to study the plays from a first- person perspective, rewinding plays as necessary. While the player is training, coaches can see what the player is seeing and doing, providing ongoing feed- back. The VR systems are an enhancement to the previous off-field training programs that focused on players learning plays by reading large playbooks and watching DVDs of games.49,50
Swedish furniture chain IKEA recently launched a virtual reality app that allows users to experiment with different kitchen design features, such as cab- inet configurations, countertop materials, and drawer pulls. The app is intended to help consumers make design choices and visualize space in three dimensions by allowing them to quickly make changes and view their cus- tomized kitchens from different perspectives. The company is using this pilot program to explore the possibilities of virtual reality technology in terms of connecting with and empowering its customers.51
Microsoft is developing its Oculus virtual reality headset for enterprise workers to interact with office productivity software.52 With a headset and associated software, users can see Microsoft Excel PivotTables that actually pivot in 3D, send weekly status reports that appear in a fully immersive
326 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
environment, and generate PowerPoint presentations that support full posi- tional head tracking and provide a 3D stereo sound sensation for the listener. Virtual reality headsets such as those by Oculus Rift can be used to walk through the simulated environment.
Launching Google Expeditions You have been asked to help a local elementary school explore the feasibility of implementing the Google Expeditions Pioneer Program. This program enables students to experience over 100 locations around the world using virtual reality.
Review Questions 1. Do research to find out how the school can sign up for this program and what
hardware and software is required. 2. What training is necessary for teachers to lead this program?
Critical Thinking Questions 1. Prepare a recommendation for the school outlining the steps and resources
necessary to take advantage of this program. 2. What potential barriers to implementing this program could arise? How might
these be overcome?
Other Specialized Systems
In addition to artificial intelligence, expert systems, and virtual reality, other interesting specialized systems continue to be developed, including assistive technology systems, game theory, and informatics.
Assistive Technology Systems Assistive technology systems include a wide range of assistive, adaptive, and rehabilitative devices to help people with disabilities perform tasks that they were formerly unable to accomplish or had great difficulty accomplishing.
Many assistive technology products are designed to enhance the human- computer interface. Electronic pointing devices are available that enable users to control the pointer on the screen without the use of hands, using ultrasound, infrared beams, eye movements, and even nerve signals and brain waves. Sip- and-puff systems are activated by inhaling or exhaling. Braille embossers can translate text into embossed Braille output. Screen readers can be used to speak everything displayed on the computer screen, including text, graphics, control buttons, and menus. Speech recognition software enables users to give commands and enter data using their voices rather than a mouse or keyboard. Text-to-speech synthesizers can “speak” all data entered to the computer to allow users who are visually impaired or who have learning difficulties to hear what they are typing.53 Stephen Hawking is an English theoretical physicist and cosmologist considered by many to be the most intelligent man alive today. Hawking is almost entirely paralyzed and uses assistive technology systems to communicate his thoughts and to interact with computers. See Figure 7.15.
Personal assistive listening devices help people understand speech in dif- ficult situations. They separate the speech that a person wants to hear from background noise by improving what is known as the “speech to noise ratio.” A personal assistive learning device typically has at least three compo- nents: a microphone, a transmission technology, and a device for receiving the signal and bringing the sound to the ear.54
assistive technology system: An assistive, adaptive, or rehabilitative device designed to help people with disabilities perform tasks that they were formerly unable to accomplish or had great difficulty accomplishing.
CHAPTER 7 • Knowledge Management and Specialized Information Systems 327
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Personal emergency response systems use electronic sensors connected to an alarm system to help maintain security, independence, and peace of mind for anyone who is living alone, at risk for falls, or recuperating from an illness or surgery. These systems include fall detectors, heart monitors, and unlit gas sensors. When an alert is triggered, a message is sent to a caregiver or contact center who can respond appropriately.
Game Theory Game theory is a mathematical theory for developing strategies that maximize gains and minimize losses while adhering to a given set of rules and constraints. Game theory is frequently applied to solve various decision-making problems in which two or more participants are faced with choices of action, by which each may gain or lose, depending on what others choose to do or not to do. Thus, the final outcome of a game is determined jointly by the strategies chosen by all participants. Such decisions involve a degree of uncertainty because no partici- pant knows for sure what course of action the other participants will take. In zero-sum games, the fortunes of the players are inversely related so that one par- ticipant’s gain is the other participant’s loss. In non-zero-sum games, it is wise for the participants to cooperate so that the action taken by one participant may ben- efit both participants. Two-person zero-sum games are used by military strate- gists. Many-person non-zero-sum games are used in many business decision- making settings. Game theory Explorer and Gambit are collections of software tools for building, analyzing, and exploring game models.55
In the TV game show Jeopardy!, contestants typically select a single cate- gory and progressively move down from the top question (easiest and lowest dollar value) to the bottom (hardest and highest dollar value). This provides the contestants and viewers with an easy-to-understand escalation of diffi- culty. Recently, however, one player used a much different strategy, employ- ing the fundamentals of game theory. The player sought out the Daily Double questions, which are usually hidden in one of the three highest-paying and most difficult questions in the categories. Thus rather than selecting a single category and increasing the degree of difficulty, he began with the two most
FIGURE 7.15 Stephen Hawking Stephen Hawking employs a number of assistive technology systems to support his activities. Th
e W or ld in H D R/ Sh ut te rs to ck .c om
game theory: A mathematical theory for developing strategies that maximize gains and minimize losses while adhering to a given set of rules and constraints.
328 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
difficult questions in the category. Once the two most difficult questions were taken off the board in one category, he skipped to another category in search of the Daily Doubles. This strategy proved highly successful.56
The U.S. Coast Guard employs a game theory system called PROTECT (Port Resiliency for Operational/Tactical Enforcement to Combat Terrorism) to randomize patrols while still achieving a very high level of security that provides maximum deterrence. There are insufficient resources to provide full security coverage around the clock at all high-value potential targets in the 361 shipping ports in the United States. This means that enemies can observe patrol and monitor activities and take actions in an attempt to avoid patrols. PROTECT generates patrol and monitoring schedules that take into account the importance of different targets at each port and the enemy’s likely surveil- lance and anticipated reaction to those patrols.57
Informatics Informatics is the combination of information technology with traditional dis- ciplines, such as medicine or science, while considering the impact on indivi- duals, organizations, and society. Informatics places a strong emphasis on the interaction between humans and technology—with the goal of engineering information systems that provide users with the best possible user experience. Indeed, informatics represents the intersection of people, information, and technology. See Figure 7.16. The field of informatics has great breadth and encompasses many individual specializations such as biomedical, health, nurs- ing, medical, and pharmacy informatics. Those who study informatics learn how to build new computing tools and applications. They gain an understand- ing of how people interact with information technology and how information technology shapes our relationships, our organizations, and our world.
Biomedical informatics (or bioinformatics) develops, studies, and applies theories, methods, and processes for the generation, storage, retrieval, use, and sharing of biomedical data, information, and knowledge. Bioinformatics has been used to help map the human genome and conduct research on bio- logical organisms. Using sophisticated databases and artificial intelligence, bioinformatics helps unlock the secrets of the human genome, with the objec- tive of preventing diseases and saving lives. Many universities have courses on bioinformatics and offer bioinformatics certification.
Healthcare informatics is the science of how to use data, information, and technology to improve human health and the delivery of healthcare services. It applies principles of computer and information science to the advancement of patient care, life sciences research, health professional education, and pub- lic health. Journals, such as Healthcare Informatics, report current research on applying computer systems and technology to increase efficiency, reduce medical errors, and improve health care.
Boston Medical Center (BMC) has implemented a healthcare informatics program to develop and measure several key operational metrics to improve
FIGURE 7.16 Informatics Informatics represents the intersec- tion of people, information, and technology.
People
Technology
Informatics
Information
informatics: The combination of information technology with traditional disciplines, such as medicine or sci- ence, while considering the impact on individuals, organizations, and society.
CHAPTER 7 • Knowledge Management and Specialized Information Systems 329
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
efficiency in its operating room procedures. The system is being used to optimize surgical schedules, wait times, postsurgical unit availability, and patient-discharge processes. By optimizing the use of its operating rooms, the hospital is able to ensure that surgeons are fully utilizing their assigned operating room time, and—even more important for patient care—reduce the time it takes for a patient to have surgery after diagnosis.58
Allina Health Employs Healthcare Informatics Allina Health is a not-for-profit healthcare system that owns or operates 14 hospitals and over 90 clinics throughout Minnesota and western Wisconsin. The organization created an enterprise-wide data warehouse of clinical, financial, operational, patient satisfaction, and other data. The data is used to calculate and track various healthcare measures that measure performance and can identify opportunities for improvement.
Review Questions 1. What sort of training and experience is needed by the individuals who built
and operate this system? What about by the individuals who use this system? 2. Identify several sources from which the data for this system may be obtained.
Critical Thinking Questions 1. Provide several examples of key patient healthcare measures that are tracked
by this system. 2. Provide an example or two of how this system might be used to identify an
opportunity for improvement in the treatment of patients.
Summary
Principle: Knowledge management allows organizations to share knowledge and experience among its workers.
Knowledge management is a range of practices concerned with increasing awareness, fostering learning, speeding collaboration and innovation, and exchanging insights. A knowledge management system is an organized collec- tion of people, procedures, software, databases, and devices used to create, capture, store, share, and use the organization’s knowledge and experience.
Explicit knowledge is objective and can be measured and documented in reports, papers, and rules. Tacit knowledge is hard to measure and document and is typically not objective or formalized.
A major goal of knowledge management is to somehow capture and docu- ment the valuable work-related tacit knowledge of others and to turn it into explicit knowledge that can be shared with others.
Two processes are frequently used to capture tacit knowledge—shadowing and joint problem solving. Shadowing involves a novice observing an expert exe- cuting her job to learn how she performs. This technique often is used in the medi- cal field to help young interns learn from experienced physicians. With joint problem solving, the novice and the expert work side by side to solve a problem so that the expert’s approach is slowly revealed to the observant novice.
Organizations employ KM to foster innovation, leverage the expertise of people across the organization, and capture the expertise of key individuals before they retire.
Some organizations and professions use communities of practice (CoP), which are groups of people with common interests who come together to cre- ate, store, and share knowledge on a specific topic.
330 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Obtaining, storing, sharing, and using knowledge is the key to any knowl- edge management system, which often leads to additional knowledge creation, storage, sharing, and usage. Many tools and techniques can be used to create, store, and use knowledge. These tools and techniques are available from IBM, Microsoft, and other companies and organizations.
Establishing a successful KM program is challenging, but most of the chal- lenges involved have nothing to do with the technologies or vendors employed. Instead they are challenges associated with human nature and the manner in which people are accustomed to working together. Best practices for selling and implementing a KM project include connecting KM to goals and objectives, starting with a small pilot and enthusiastic participants, identifying tacit knowledge, and getting employee buy in.
Organizations interested in piloting KM should be aware of the wide range of technologies that can support KM efforts. These include communities of practice, organizational network analysis, a variety of Web 2.0 technologies, business rules management systems, and enterprise search tools.
Principle: Artificial intelligence systems form a broad and diverse set of systems that can replicate human decision making for certain types of well-defined problems.
The term artificial intelligence (AI) is used to describe computers with the ability to mimic or duplicate the functions of the human brain. The objective of building AI systems is not to replace human decision making but to replicate it for certain types of well-defined problems.
Artificial intelligence systems include the people, procedures, hardware, software, data, and knowledge needed to develop computer systems and machines that can simulate human intelligence processes, including learning (the acquisition of information and rules for using the information), reasoning (using rules to reach conclusions), and self-correction (using the outcome from one scenario to improve its performance on future scenarios).
Intelligent behavior encompasses several characteristics, including the abil- ities to learn from experience and apply this knowledge to new experiences, handle complex situations and solve problems for which pieces of information might be missing, determine relevant information in a given situation, think in a logical and rational manner and give a quick and correct response, and understand visual images and process symbols. Computers are better than peo- ple at transferring information, making a series of calculations rapidly and accurately, and making complex calculations, but human beings are better than computers at all other attributes of intelligence.
Artificial intelligence is a broad field that includes several key components, such as expert systems, robotics, vision systems, natural language processing, learning systems, and neural networks.
An expert system consists of hardware and software that stores knowledge and makes inferences, enabling a novice to perform at the level of an expert. An expert system is made up of a collection of integrated and related compo- nents, including a knowledge base, an inference engine, an explanation facility, a knowledge acquisition facility, and a user interface.
Robotics is a branch of engineering that involves development and manu- facture of mechanical or computer devices that can perform tasks that require a high degree of precision or are tedious or hazardous for human beings, such as painting cars or making precision welds.
Vision systems include hardware and software that permit computers to capture, store, and manipulate images and pictures (e.g., face-recognition software).
CHAPTER 7 • Knowledge Management and Specialized Information Systems 331
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Natural language processing allows the computer to understand and react to statements and commands made in a “natural” language, such as English.
Learning systems use a combination of software and hardware to allow a computer to change how it functions or reacts to situations based on feedback it receives (e.g., a computerized chess game).
A neural network is a computer system that can recognize and act on pat- terns or trends that it detects in large sets of data.
A genetic algorithm is an approach to solving problems based on the the- ory of evolution and the concept of survival of the fittest. Intelligent agents consist of programs and a knowledge base used to perform a specific task for a person, a process, or another program.
Principle: Multimedia and virtual reality systems can reshape the interface between people and information technology by offering new ways to communicate information, visualize processes, and express ideas creatively.
Multimedia is content that uses more than one form of communication— such as text, graphics, video, animation, audio, and other media that can be used to help an organization efficiently and effectively achieve its goals. Multi- media tools can be used to help an organization achieve its goals through the production of compelling brochures, presentations, reports, and documents. Presentation software such as Microsoft PowerPoint, Prezi, and Swipe can be used to develop presentations with sound and animation that can be displayed on a large screen. Other applications of multimedia include audio, video, and animation. File compression and conversion are often needed in multimedia applications to import or export analog files and to reduce file size when stor- ing multimedia files and sending them to others. Designing a multimedia appli- cation requires careful thought to get the best results and achieve corporate goals.
A virtual reality system enables one or more users to move and react in a computer-simulated environment. Virtual reality simulations require special interface devices that transmit the sights, sounds, and sensations of the simu- lated world to the user. These devices can also record and send the speech and movements of the participants to the simulation program. Thus, users can sense and manipulate virtual objects much as they would real objects. This natural style of interaction gives the participants the feeling that they are immersed in the simulated world.
Virtual reality can also refer to applications that are not fully immersive, such as mouse-controlled navigation through a three-dimensional environment on a graphics monitor, stereo viewing from the monitor via stereo glasses, and stereo projection systems. Some virtual reality applications allow views of real environments with superimposed virtual objects. Augmented reality, a newer form of virtual reality, can superimpose digital data over real photos or images. Virtual reality applications are found in medicine, education and training, real estate and tourism, and entertainment.
Principle: Specialized systems can help organizations and individuals achieve their goals.
A number of specialized systems have recently appeared to assist organi- zations and individuals in new and exciting ways. Assistive technology systems include a wide range of assistive, adaptive, and rehabilitative devices to help people with disabilities perform tasks that they were formerly unable to accomplish or had great difficulty accomplishing. Game theory is a mathemat- ical theory that helps to develop strategies for maximizing gains and
332 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
minimizing losses while adhering to a given set of rules and constraints. Infor- matics is the combination of information technology with traditional disci- plines such as medicine or science, while considering the impact on individuals, organizations, and society. It represents the intersection of people, information, and technology.
Key Terms
artificial intelligence
artificial intelligence system
assistive technology system
business rule management system (BRMS)
community of practice (CoP)
domain expert
electronic discovery (e-discovery)
enterprise search
enterprise search software
expert system
explanation facility
explicit knowledge
game theory
genetic algorithm
IF-THEN statement
inference engine
informatics
intelligent agent
intelligent behavior
joint problem solving
knowledge acquisition facility
knowledge engineer
knowledge management (KM)
knowledge user
learning systems
metadata
multimedia
natural language processing
neural network
perceptive system
robotics
rule
shadowing
organizational network analysis (ONA)
tacit knowledge
virtual reality system
vision system
Chapter 7: Self-Assessment Test
Knowledge management allows organizations to share knowledge and experience among its workers.
1. knowledge is knowledge that is documented, stored, and codified.
2. Tacit knowledge is extremely useful and can be easily shared with others. True or False?
3. Which of the following is not a benefit associated with knowledge management? a. It helps leverage the expertise of people
across the organization. b. It helps capture the expertise of key indivi-
duals before they retire. c. It helps contain the specialized knowledge of
experts to a few people on a need-to-know basis.
d. It fosters innovation by encouraging the free flow of ideas.
4. The initial step in selling and implementing a knowledge management project is . a. get employee buy in b. identify valuable tacit knowledge c. start with a small pilot project and enthusiastic
participants d. connect knowledge management to goals and
objectives
Artificial intelligence systems form a broad and diverse set of systems that can replicate human decision making for certain types of well-defined problems.
5. The use of enables humans and computers to find a good solution, although not optimal, to a complex problem. a. perceptive systems b. heuristics c. visual systems d. robotics
CHAPTER 7 • Knowledge Management and Specialized Information Systems 333
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
6. The component of an expert sys- tem seeks information and relationships to pro- vide answers, predictions, and suggestions similar to the way a human expert would. a. knowledge base b. explanation facility c. inference engine d. user interface
7. Robots are increasingly being used in surgical procedures including open-heart surgery. True or False?
8. Facebook’s AI vision system called DeepFace can correctly tell if two photos show the same person with accuracy. a. less than 50 percent b. between 50 percent and 75 percent c. between 75 percent and 95 percent d. over 95 percent
9. is a type of artificial system that enables a computer to change how it functions or reacts to situations based on feedback it receives. a. Neural network b. Voice recognition system c. Learning system d. Vision system
10. is a computer system that can rec- ognize and act on patterns or trends that it detects in large sets of data. a. Neural network b. Voice recognition system c. Learning system d. Vision system
11. algorithms solve problems using the concept of survival of the fittest as a problem- solving strategy.
Multimedia and virtual reality systems can reshape the interface between people and information
technology by offering new ways to communicate information, visualize processes, and express ideas creatively.
12. are some of the file formats that can be used to store graphic images. a. MP3, WAV, and MIDI b. AVI, MPEG, and MOV c. DOC and DOCX d. EPS, GIF, JPEG, PNG, TIFF, and Raw
13. When video files are played while they are being downloaded from the Internet, it is called video.
14. software is used widely to create outstanding graphics for feature films and has been used on every Visual Effects Academy Award for over 15 years. a. Apple’s Final Cut Pro b. Adobe Audition c. Prezi d. Pixar’s RenderMan
15. acquired the virtual reality com- pany Oculus VR. a. Apple b. Microsoft c. Facebook d. Google
Specialized systems can help organizations and individuals achieve their goals.
16. systems include a wide range of devices that help people with disabilities to per- form tasks that they were formerly unable to accomplish or had great difficulty accomplishing.
17. involves the use of information systems to develop competitive strategies for people, organizations, or even countries.
Chapter 7: Self-Assessment Test Answers
1. Explicit 2. False 3. c 4. d 5. b 6. c 7. True 8. d 9. c
10. a 11. Genetic 12. d 13. streaming 14. d 15. c 16. Assistive technology 17. Game theory
Review Questions
1. Identify and briefly discuss the six processes that comprise knowledge management.
2. Briefly explain the difference between explicit and tacit knowledge. Give an example of each.
334 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
3. Identify and briefly describe two processes fre- quently used to capture explicit knowledge.
4. Name four key steps in selling and implementing a knowledge management project.
5. What is a community of practice (CoP)? Give an example of a CoP. What are some of the advan- tages of participating in a CoP?
6. What is organizational network analysis? How is it used?
7. What is enterprise search software and how is it used?
8. How would you define artificial intelligence? 9. Identify several specific characteristics of intelli-
gent behavior. 10. Identify six major branches of artificial
intelligence. 11. What are the fundamental components of an
expert system and what function does each perform?
12. Give several examples of robots being used in the real world. What advantages do robots provide?
13. What is DeepFace and how is it used? 14. What is natural language processing? 15. What is a learning system? Give an example of a
learning system. 16. What is a neural network? Give an example of a
neural network. 17. What is a genetic algorithm? Give an example of
the use of a genetic algorithm. 18. Identify and briefly describe five forms of media
that can be used to help an organization achieve its goals. Identify at least two software programs that are used to work with each of these media types.
19. What is the difference between file conversion and file compression?
20. What is a virtual reality system? Identify three areas of virtual reality application.
21. What is an assistive technology system? 22. What is game theory? Identify two applications of
game theory. 23. What is informatics?
Discussion Questions
1. You are an entry-level manager for the customer service desk of a telecommunications firm that provides telephone, Internet access, and cable TV services. A knowledge management system would be useful to capture, store, and retrieve much of the explicit and tacit knowledge needed to provide excellent service. An expert system would prove valuable in helping customer service reps to handle common, reoccurring problems. The organization only has the time and resources to develop one of these two systems. What factors must you consider in making the choice of which system to develop?
2. We are capable of building computers that exhibit human-level intelligence. Are there cer- tain areas of application where we should push to accelerate the building of such computers? Why these application areas? Are there certain areas of application we should avoid? Why these applica- tion areas?
3. Many of us use heuristics each day in completing ordinary activities—such as planning our meals, executing our workout routine, or determining what route to drive to school or work. Imagine that you are developing a set of heuristics for deciding which social invitations to accept. What rules or heuristics would you include?
4. How could you use a community of practice to help you in your work or studies? How would you go about identifying who to invite to join the CoP?
5. A bank is considering implementing a business rules management system for assessing the risk
and creditworthiness of individuals as part of the loan approval process. What might be the bene- fits of such a system? What are some of the factors that must be weighed in this decision? What potential legal or ethical issues might arise in the use of such a system?
6. Describe a situation in which the use of an expert system would be highly practical as well as very beneficial.
7. What are some of the routine day-to-day house- hold tasks that robots are able to accomplish today? What additional tasks might they be able to do in the near future? Are there certain limita- tions that restrict the kind of household chores robots can do?
8. Describe how a combination expert system and natural language processing could be used to provide student counseling for registering for classes. How successful do you think such a sys- tem would be? Explain.
9. Discuss the similarities and differences between learning systems and neural systems. Give an example of how each technology might be used.
10. What are the differences and similarities between a database and a knowledge base?
11. Describe how game theory might be used in a business setting.
12. Describe how augmented reality can be used in a classroom. How could it be used in a work setting?
13. Describe how assistive living systems might ben- efit the residents of a nursing home.
CHAPTER 7 • Knowledge Management and Specialized Information Systems 335
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Problem-Solving Exercises
1. You are investigating the use of automated robots to replace some of the tasks performed by waiters and waitresses in your neighborhood restaurant. The robots are capable of clearing tables and delivering food to customers. Customer interac- tions to order food would continue to be done by humans. You estimate that you could reduce your staff from 15 workers making $15/hour to around 7 workers. In addition, you are sure that use of the robots would attract additional customers perhaps increasing sales by $100,000/year. The robots cost $75,000 each and you figure you will need two or three depending on how fast busi- ness increases. Perform an analysis to determine
if hiring robots and letting humans go makes good economic sense.
2. Shoot a brief video of you and some friends. Download the video to a computer in your school’s computer lab that has video editing software. Use this software to experiment making edits to the video. Write a brief report summariz- ing your experience learning and using this software.
3. Capture a large text file and use a data compres- sion program to reduce the size of the file and email it to a friend. Verify that your friend is able to open and decompress the file. Repeat this exercise with a large video file.
Team Activities
1. You and your team are challenged to visit the local entertainment centers in search of the most realistic virtual reality game that requires a player to wear a head-mounted display. What makes this game so realistic? Is there any way it could be improved? Talk to the manager and try to identify the hardware and software employed. Summarize your findings in a brief report.
2. Work with your team to design an expert system to predict how many years it will take a typical student to graduate from your college or univer- sity. Some factors to consider include the major
the student selects, the student’s SAT score, the number of courses taken each semester, and the number of parties or social activities the student attends each month. Identify six other factors that should be considered. Develop six IF-THEN rules or cases to be used in the expert system.
3. Have your team members explore the use of assistive technology systems by recent combat veterans. Write a short paper summarizing your findings and the advantages and disadvantages of these type systems.
Web Exercises
1. NelNet is one of the nation’s largest student loan servicing companies. The U.S. Department of Education contracts with companies like NelNet to provide servicing options for their student loans including:
● Take in and apply payments to student loans
● Administer the transfer of student loans ● Process student loan programs, such as for-
giveness, forbearance, and deferment ● Report to credit agencies past due payments ● Seek repayment from defaulted loans
NelNet chose to deploy a knowledge manage- ment system called OpenText Process Suite. Go online and investigate the features and
capabilities of this suite of software products. What functions does OpenText provide that can augment and assist customer relationship man- agement (CRM) systems? Research and briefly document students’ recent experience with NelNet.
2. Do research to identify instances in which robots have taken jobs away from human employees. Do you believe that the increasing use of robots should be encouraged? Why or why not? Write a one-page summary of your findings and opinions.
3. Use the Internet to identify several applications of neural networks. Write a brief summary of these applications.
Career Exercises
1. Identify several career fields that are likely to be negatively impacted by artificial intelligence
applications. Can you identify any career fields that might be positively impacted?
336 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
2. Do research to explore career opportunities in healthcare informatics. What sort of training and experience is necessary for such a career? What sort of role does this prepare one to fulfill? What is the forecast for the number of job openings and starting salaries? Does this career field inter- est you?
3. Imagine that you are forming a community of practice to deal with the issues associated with transitioning to a new career. Identify people from your experience who you would like to include as members. Why factors did you con- sider when you selected these people? Identify three key topics you would like the community to address.
Case Studies
Case One
The NASA Knowledge Map At 11:38 a.m. on January 28, 1986, the space shuttle orbiter Challenger launched from Cape Canaveral, Florida. Less than a second later, gray smoke streamed out from a hot flare burning in the rocket motor. The flare ignited liquid hydrogen and nitrogen inside the fuel tank, which exploded 73 seconds after liftoff. The Challenger was torn apart, and all seven astronauts were killed.
In the days and weeks following the disaster, it became clear that two O-ring seals within the rocket booster had failed. Engineers working for the space agency had warned of just such a failure. In particular, they had expressed concerns that the O-ring seals could fail when outside temperatures dropped below 53 degrees Fahrenheit. On the morning of January 28, the temperature was 36 degrees. The launch pad was covered with solid ice.
In response to the Challenger disaster, NASA established the Program and Project Initiative whose purpose was to improve individual competency for NASA employees—and to prevent another catastrophe. The Challenger, however, was followed by the failure of three expensive Mars missions. The software system used for the Mars Climate Orbiter mission erred when one part of the software used pound-force units to calculate thrust, whereas another part used the newton metric unit. Less than a month later, the Mars Polar Lander crashed into the surface of the planet at too high velocity— triggering the failure of a concurrent mission, the Mars Deep Space 2 probes. A review of the Deep Space 2 mission revealed that NASA engineers had decided to skip a complete system impact test in order to meet the project’s tight deadline. In the wake of these failures, NASA sought to improve communication and collaboration among teams. Yet in 2003, a large piece of insulation foam broke off from the Columbia space shuttle during launch, creating a hole in its wing, ultimately causing a catastrophic breach of the shuttle during reentry; again, all seven astronauts on board were killed.
These terrible losses brought about a fundamental change in NASA’s approach to knowledge management. In 1976, NASA had created the Office of the Chief Engineer (OCE), which was initially staffed by only one employee whose job was to offer advice and expertise on NASA’s administration. In response to the Challenger disaster, NASA established the Academy of Project/Program and Engineering Leadership (APPEL) as a resource for developing NASA’s technical staff. In 2004, the agency moved APPEL to the OCE in order to promote talent development through the analysis
of lessons learned and through knowledge capture—the codification of knowledge. The purpose was to improve not only individual but also team performance and to overcome the disconnect between the different engineering and decision-making teams across the huge organization. The overarching goal was to create an organization that learns from its mistakes. APPEL emphasized not only technical training curriculum but also the sharing of practitioner experience, storytelling, and reflective activities. In 2012, NASA furthered this initiative and established the role of chief knowledge officer whose mission is to capture implicit and explicit knowledge. Today, the agency has an extensive knowledge management system called NASA Knowledge Map, which is a tool that helps employees navigate the enormous collection of knowledge within NASA. The map encompasses six major categories: (1) Case Studies and Publications, (2) Face-to-Face Knowledge Services, (3) Online Tools, (4) Knowledge Networks, (5) Lessons Learned and Knowledge Processes, and (6) Search/Tag/Taxonomy Tools.
Fifteen organizations within NASA contribute to Case Studies and Publications. The Goddard Space Flight Center, for example, publishes studies that range from analysis of the Challenger disaster to an analysis of a protest submitted by a NASA contractor who lost a follow-up contract. The latter case may not seem critical, but in one such case, the Office of Inspector General had to launch a formal investigation that cost NASA time, money, and energy. This case study was then integrated into the APPEL curriculum with the goal of avoiding the mistakes that led to the protest. The Johnson Space Center issues oral history transcripts, as well as newsletters, case studies, and reports. The Jet Propulsion Laboratory publishes conference papers and a Flight Anatomy wiki that tracks prelaunch and in-flight anomalies.
Face-to-Face Knowledge Services comprise programs that are conducted in person at many locations, including, for example, workshops presented by the NASA Engineering and Safety Center. Within the Online Tools category are video libraries, portals, document repositories, and synchronous and asynchronous collaboration and sharing sites. Some of these tools are quite sophisticated. For example, Human Exploration and Operations (HEO) deploys a GroupSystems Think Tank decision support tool to improve group decision making. The Knowledge Networks category includes information about formal and informal communities of practice, mass collaborative activities, and methods for locating and accessing experts, and group workspaces for projects such as static code analysis.
Twenty organizations within NASA contribute data to the Lessons Learned and Knowledge Processes databases, which
CHAPTER 7 • Knowledge Management and Specialized Information Systems 337
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
capture and store knowledge, lessons learned, and best practices. These include, for example, HEO’s knowledge- based risks library with topics covering project management, design and development, systems engineering, and integration and testing. HEO also sponsors lessons-learned workshops and forums on topics such as solar array deployment, shuttle transition and retirement, system safety, and risk management.
Finally, the system’s Search/Tag/Taxonomy Tools allow individuals to access organization-specific sites as well as the abundance of materials offered through the five other KM programs. This final category within the KM system may be the most important, as NASA’s own inspector general issued a report indicating that the tremendous wealth of KM resources is still significantly underutilized. For instance, NASA managers rarely consult the Lessons Learned Information System (LLIS) despite NASA requirements that they do so. The Glenn Research Center received $470,000 over two years to support LLIS activities, but contributed only five reports to the system during that time. Moreover, the inspector general concluded that inconsistent policy direction, disparate KM project development, and insufficient coordination marginalize the system.
NASA is clearly at the bleeding edge of large-scale KM system development, creating the tools of the future. APPEL and other NASA teams are able to make use of some amazing tools that are being developed within the agency. It may be, however, that NASA’s KM system suffers from the same disjointed development and communication barriers that led to the space shuttle disasters and the failures of the Mars missions. Yet, it is vital that NASA learn to make use of its state-of-the-art KM system as the success of every NASA mission requires that thousands of employees are able to make the most of NASA’s vast collection of knowledge.
Critical Thinking Questions 1. How is the KM system at NASA different from other
KM systems that you have studied within the chapter? How is it similar?
2. What steps can NASA take to make sure that the KM system is better utilized by individuals and teams?
3. What can NASA do to ensure that individuals and teams can find what they need within the mountain of data residing within the KM system?
4. Is NASA’s KM system, as it exists now, a good way to combat the type of failures the agency has experienced in the past? If not, how could the KM system be chan- ged to support mission success?
5. Are there other measures that NASA should take in addition to or in conjunction with the development of its KM system?
SOURCES: Oberg, James, “7 Myths about the Challenger Shuttle Disaster,” NBC News, January 25, 2011, www.nbcnews.com/id /11031097/ns/technology_and_science-space/t/myths-about-challenger -shuttle-disaster/#.U2AsyIFdUrU; Atkinson, Joe, “Engineer Who Opposed Challenger Launch Offers Personal Look at Tragedy,” NASA Researcher News, October 5, 2012, www.nasa.gov/centers/langley/news/researcher news/rn_Colloquium1012.html; “Challenger Disaster,” History Channel, www.history.com/topics/challenger-disaster, accessed April 29, 2014; “Failure as a Design Criteria,” Plymouth University, www.tech.plym.ac .uk/sme/interactive_resources/tutorials/failurecases/hs1.html, accessed
April 29, 2014; Lipowicz, Alice, “Is NASA’s Knowledge Management Program Obsolete?,” GCN Technology, Tools and Tactics for Public Sector IT, March 19, 2012, http://gcn.com/Articles/2012/03/15/NASA -knowledge-management-IG.aspx; Luttrell, Anne, “NASA’s PMO: Building and Sustaining a Learning Organization,” Project Management Institute, www.pmi.org/Learning/articles/nasa.aspx, accessed February 9, 2015; Hoffman, Edward J. and Boyle, Jon, “Tapping Agency Culture to Advance Knowledge Services at NASA,” ATD, September 15, 2013, www.td.org /Publications/Magazines/The-Public-Manager/Archives/2013/Fall/Tap ping-Agency-Culture-to-Advance-Knowledge-Services-at-NASA; “Knowledge Map,” NASA, http://km.nasa.gov/knowledge-map/, accessed February 9, 2015.
Case Two
Doctor on Demand Enables Physicians to Make House Calls In addition to cost, provider availability and travel time are barriers for many Americans seeking access to healthcare services. In fact, a recent study of 4,000 patients determined that, on average, patients spend 38 minutes on travel time to and from outpatient appointments. Improving patient’s access to care continues to be a priority for healthcare providers and government agencies across the United States, and an increasing number of companies have begun offering telemedicine services, such as video-based doctors’ appointments, as a potential solution.
Founded in 2013, Doctor on Demand, offers the possibility of increasing access to health care through video visits with doctors who can diagnose and treat a range of noncritical symptoms for patients who are unable or unwilling to visit a clinic. Using the Doctor on Demand services, patients can connect with one of more than 1,400 licensed physicians through the company’s Web site using a Chrome, Firefox, or Safari browser or via an Android or iOS app. In addition to video conferences, the Doctor on Demand app allows patients to upload high-resolution images so that doctors can better assess certain conditions.
The top conditions treated by the service are cold and flu symptoms, sore throats, urinary tract infections, skin rashes, diarrhea and vomiting, eye issues, sports injuries, and travel- related illnesses. The site also offers video visits with board- certified lactation consultants for women who are breastfeeding. In addition, patients who need psychological or psychiatric services can consult with mental health professionals via the service.
According to Adam Jackson, CEO of Doctor on Demand, the most frequent users of the company’s services are working mothers, who often have questions about their children’s health but aren’t always able (or willing) to take time off to get every question answered. According to Jackson, 92 percent of video consultations require no in- person follow-up.
Although Doctor on Demand suggests that patients have access to Wi-Fi to ensure the highest quality appointment, the company promises a smooth experience as long as patients have a 4G or LTE connection. Patients who have connection problems can also switch to audio only to complete a visit, if necessary. The Doctor on Demand network runs on a cloud- based platform run by Amazon Web Services. Due to the nature of the communication, the company had to go through several steps to ensure that all of its infrastructure
338 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
was compliant with HIPAA (Health Insurance Portability and Accountability Act) requirements.
Most experts predict a shift to telemedicine, including video doctors’ visits, will continue. In fact, a report by analytics company IHS Technology predicts that video consultations will increase from 2 million in 2015 to 5.4 million by 2020. For some patients, however, technology limitations will continue to impede their ability to access health care through telemedicine services. A grainy connection or one that cuts out in the middle of an appointment is unlikely to result in a high quality of care. Other hurdles that will also need to be overcome include patient’s privacy concerns, patients’ uncertainty about when a video appointment is appropriate in terms of symptoms, and patients’ lack of trust that a virtual provider can accurately diagnose and treat them. That concern was reinforced by a recent study published in the JAMA Internal Medicine that found significant variations in the quality of care provided by different companies offering virtual visits for the diagnosis and treatment of common acute illnesses.
Critical Thinking Questions 1. Would you consider using Doctor on Demand or a
similar service to access treatment for a minor health- care issue? If not, which aspects of the service are most concerning to you (privacy, quality of care, security or other technology issues, etc.)?
2. Do more research online about Doctor on Demand and two of its competitors (such as Amwell, MDLive, and Teladoc). What information does each company pro- vide on its Web site that is designed to ease patients’ concerns about privacy, quality, and technology-
related issues? Which company does the best job of convincing you that their service is safe and secure?
3. In the study on patient travel time, researchers found that minority patients and those who were unem- ployed faced longer travel times when visiting a doc- tor. Rural Americans also often have more difficulty accessing health care. Is a video-based telemedicine app likely to improve access for those populations? How might this technology be used in a way that would be more likely to improve healthcare access for those populations?
SOURCES: Doyle, Kathryn, “Study: How Long You Wait to See a Doctor Is Linked to Race, Employment,” Huffington Post, October 6, 2015, www.huffingtonpost.com/entry/study-how-long-you-wait-to-see-a-doc tor-is-linked-to-race-employment_us_5613b0cbe4b0baa355ad2621; “Troubleshooting,” Doctor on Demand, https://doctorondemand.zen desk.com/hc/en-us/sections/200218868-Troubleshooting, accessed April 9, 2016; “Our Mission,” Doctor on Demand, www.doctorondemand.com /our-mission, April 8, 2016; Lapowsky, Issie, “Video Is about to Become the Way We All Visit the Doctor,” Wired, www.wired.com/2015/04 /united-healthcare-telemedicine; Van Thoen, Lindsay, “Healthcare IT is Failing (And It Needs AWS), Logicworks (blog), July 20, 2015, www .logicworks.net/blog/2015/07/healthcare-cloud-saas-aws; Japsen, Bruce, “Doctors’ Virtual Consults with Patients to Double by 2020,” Forbes, August 9, 2015, www.forbes.com/sites/brucejapsen/2015/08/09/as-tele health-booms-doctor-video-consults-to-double-by-2020/#639cbc4e5d66; “Press Release: “39% of Tech-Savvy Consumers Have Not Heard of Telemedicine: HealthMine Survey,” HealthMine, March 27, 2016, www .prnewswire.com/news-releases/39-of-tech-savvy-consumers-have-not -heard-of-telemedicine-healthmine-survey-300241737.html#continue -jump; Schoenfield, Adam J., et al., “Variation in Quality of Urgent Health Care Provided during Commercial Virtual Visits,” JAMA Internal Medicine, April 4, 2016, http://archinte.jamanetwork.com/article.aspx? articleid=2511324.
Notes
1. “About TMW,” TMW, www.tmwsystems.com/about-tmw, accessed March 22, 2016.
2. “TMW Deploys Bloomfire for Social Learning,” Bloom- fire (blog), April 16, 2015, https://bloomfire.com /blog/tmw-deploys-bloomfire-for-social-learning.
3. “About the Firm,” White & Case, www.whitecase.com /about/, accessed February 5, 2015.
4. Britt, Phil, “Creating a More Knowledgeable, Nimble Organization,” KM World, January 30, 2015, www .kmworld.com/Articles/Editorial/Features/Creating-a- more-knowledgeable-nimble-organization-101536.aspx.
5. “Knowledge Management & Transfer Model {Techniques and Forms},” Division of Personnel, Department of Administrative Service, State of New Hampshire, www .admin.state.nh.us/hr/documents/Workforce_Develop ment/Knowledge%20Management%20&%20Transfer% 20Model.doc, accessed February 26, 2015.
6. “Kaleo Software Secures $7 Million to Accelerate Inno- vation and Growth,” Kaleo, October 15, 2015, www .kaleosoftware.com/press/seriesa.
7. “This is GSA,” U.S. General Services Administration (GSA), www.gsa.gov/thisisgsa/#/welcome, accessed April 2, 2016.
8. “Communities,” DigitalGov, www.digitalgov.gov/commu nities, accessed April 3, 2016.
9. “GSA Leads Customer Service Community of Practice,” FedScoop, October 7, 2015, http://fedscoop.com /gsa-leads-customer-experience-community-of-practice.
10. “Customer Experience Community,” U.S. General Ser- vices Administration (GSA), www.digitalgov.gov/commu nities/customer-experience-community, accessed April 2, 2015.
11. Grimes, Seth, “Metadata, Connection, and the Big Data Story,” Breakthrough Analysis, April 26, 2014, http:// breakthroughanalysis.com/2014/04/26/metadata-con nection-and-the-big-data-story/.
12. “Using Organizational Network Analysis to Build a Better Business,” Society for Human Resource Manage- ment,” May 2015, www.shrm.org/publications/hrmaga zine/editorialcontent/2015/0515/pages/05115-organiza tional-network-analysis.aspx.
13. “HanseMerkur Automates Its Service Billing Processes Using inubit,” Bosch Financial Software, www.bosch -si.com/media/en/finance_7/documents_2/brochures_1 /success_stories/insurance_3/hansemerkur.pdf, accessed February 7, 2015.
14. “Adobe Fast Facts,” Adobe, www.images.adobe.com/con tent/dam/acom/en/fast-facts/pdfs/fast-facts.pdf, accessed April 6, 2016.
CHAPTER 7 • Knowledge Management and Specialized Information Systems 339
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
15. “Adobe,” Progress, www.progress.com/customers/adobe, accessed February 7, 2015.
16. “About Us,” DBS, www.dbs.com/about-us/default.page, accessed January 29, 2016.
17. “DBS,” Progress, www.progress.com/customers/dbs, accessed January 29, 2016.
18. Andrews, Whit and Koehler-Kruener, Hanns, “Magic Quadrant for Enterprise Search,” Gartner, August 19, 2015, www.gartner.com/doc/reprints?id=1 -2LH0EF0&ct=150820&st=sg.
19. “Company Information,” Harris Corporation,” http://har ris.com/about, accessed April 6, 2017.
20. “Harris Corporation Increases Productivity with Coveo,” Coveo, www.coveo.com/~/media/Files/CaseStudies/Har ris_Corporation_Increases_Productivity_with_Coveo _ for_Advanced_Enterprise_Search.ashx, accessed April 6, 2016.
21. Deutchman, Leonard, “2015 in Review: What Happened, Is Happening and Will Happen,” Legal Intelligencer, January 5, 2016, www.thelegalintelligencer.com/latest -news/id=1202746177129/2015-in-Review-What-Hap pened-Is-Happening-aibnd-Will-Happen?mcode =1395262324557&curindex=918&slreturn=2016 0307160543.
22. Krause, Jason, “The Battle of Rio Tinto–Predictive Cod- ing Hits Snags in Marquee Case,” Association of Certified E-Discovery Specialists (blog), July 24, 2015, www.aceds .org/the-battle-of-rio-tinto-predictive-coding-hits-snags -in-marquee-case.
23. McCarthy, J., Minsky, M.L., Rochester, N., and Shannon, C.E., “A Proposal for the Dartmouth Summer Research Project on Artificial Intelligence,” August 31, 1955, www-formal.stanford.edu/jmc/history/dartmouth/dart mouth.html.
24. “What is Watson,” http://www.ibm.com/smarterplanet /us/en/ibmwatson/what-is-watson.html, accessed April 26, 2016.
25. “By 2029 No Computer—or ‘Machine Intelligence’—Will Have Passed the Turing Test,” Long Bets, http://longbets .org/1/, accessed May 2, 2014.
26. “The Aspen Institute: Google’s Eric Schmidt with Walter Isaacson on ‘The New Digital Age,’ YouTube video, 1:09, July 24, 2013, www.youtube.com/watch? v=3Ox4EMFMy48.
27. Gee, Sue, “Mitsuku Wins Loebner Prize 2013,” I-Programmer, September 15, 2013, www.i-programmer .info/news/105-artificial-intelligence/6382-mitsuku-wins -loebner-prize-2013.html.
28. 20Q Web site, www.20q.net, accessed May 2, 2014. 29. “FICO® Blaze Advisor® Decision Rules Management
System,” FICO, www.fico.com/en/products/fico-blaze -advisor-decision-rules-management-system#overview, accessed April 7, 2016.
30. Capek, Karel, “Beyond the Robots,” Legacy.com, www .legacy.com/news/legends-and-legacies/karel-capek –beyond-the-robots/302/#sthash.RQyp1B1R, accessed May 3, 2014.
31. The Web site for iRobot Web page, www.irobot.com, accessed April 8, 2016.
32. “REC (Robotics Engineering Curriculum),” Intelitek, www.intelitek.com/engineering/rec_curriculum, accessed April 8, 2016.
33. “Meet Dash and Dot,” Wonder Workshop, www.make wonder.com, accessed April 8, 2016
34. Martin, Alexander, “SoftBank, Alibaba Team Up on Robot,” The Wall Street Journal, June 18, 2015, www.wsj .com/articles/pepper-softbanks-emotional-robot-goes -global-1434618111.
35. Smith, Aaron and Janna Anderson, “Predictions for the State of AI and Robotics in 2025,” PewResearchCenter, August 6, 2014, www.pewinternet.org/2014/08/06/pre dictions-for-the-state-of-ai-and-robotics-in-2025.
36. “Facebook’s New Face Recognition Knows You from the Side,” CNN Money, April 4, 2014, http://money.cnn.com /2014/04/04/technology/innovation/facebook-facial-rec ognition/.
37. Elgan, Mike, “Is Facial Recognition a Threat on Facebook and Google,” June 29, 2015, www.computerworld.com /article/2941415/data-privacy/is-facial-recognition-a -threat-on-facebook-and-google.html.
38. D’Orazio, Dante, “Google Now and Speech Recognition Get Big Updates in Android 4.4 Kitkat,” The Verge, October 31, 2013, www.theverge.com/2013/10/31 /5051458/android-kit-kat-bring-big-updates-to-google -now-and-speech-recognition.
39. “Neural Tools Used for Tumor Diagnosis,” Palisade Case Studies, www.palisade.com/cases/katherinenhospital .asp?caseNav=byIndustry, accessed May 3, 2014.
40. Taft, Darryl, “IBM Partners with American Cancer Society on Watson Cancer Advisor,” eWeek, April 12, 2016, http:// www.eweek.com/database/ibm-partners-with-american -cancer-society-on-watson-cancer-advisor.html.
41. “KEITV Customer Success Stories—Sunkist Growers,” http://ketiv.com/company/customer-success-stories/sunk ist, accessed May 6, 2014.
42. Seymour, Mike, “Pixar’s RenderMan Turns 25 (Exclu- sive),” fx Guide, July 25, 2013, www.fxguide.com/fea tured/pixars-renderman-turns-25.
43. King, Leo, “Facebook, Oculus, and Businesses’ Thirst for Virtual Reality,” Forbes, March 30, 2014, www.forbes .com/sites/leoking/2014/03/30/facebook-oculus-and-busi nesses-thirst-for-virtual-reality.
44. Elgan, Mike, “Why Virtual Reality Is the Next Social Net- work,” Computerworld, November 2, 2015, www.compu terworld.com/article/2999819/social-media/why-virtual -reality-is-the-next-social-network.html?phint=newt% 3Dcomputerworld_thisweek&phint=idg_eid% 3D144dfe65577ba4663c4cefdafdff5932#tk. CTWNLE_nlt_thisweek_2015-11-02.
45. Casti, Taylor, “6 Ways Virtual Reality Is Already Chang- ing the World (No Facebook Required),” Huffington Post, March 28, 2014, www.huffingtonpost.com/2014 /03/28/virtual-reality-uses-medicine-autism-ptsd-burn -amputee-victims_n_5045111.html.
46. Lardinois, Frederic, “Google Expands Its VR Program for Students to More U.S. Schools,” TechCrunch, November 9, 2015, http://techcrunch.com/2015/11/09/google -expands-its-vr-program-for-students-to-more-u-s-schools.
47. “Introducing the Expeditions Pioneer Program,” Google, www.google.com/edu/expeditions, accessed April 8, 2016.
48. King, Leo, “Ford, Where Virtual Reality Is Already Manufacturing Reality,” Forbes, May 3, 2014, www .forbes.com/sites/leoking/2014/05/03/ford-where-virtual -reality-is-already-manufacturing-reality.
340 PART 3 • Business Information Systems
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
49. Gaudiosi, John, “Here’s Why NFL Teams Are Training in Virtual Reality,” Fortune, August 10, 2015, http://fortune .com/2015/08/10/strivr-virtual-reality-nfl.
50. “The Story,” STRIVR, www.strivrlabs.com/about, accessed April 9, 2016.
51. “IKEA Launches Pilot Virtual Reality (VR) Kitchen Experience for HTC Vive on Steam,” IKEA, April 4, 2016, www.ikea.com/us/en/about_ikea/newsitem/040516 _Virtual-Reality.
52. Hart, Brian, “Microsoft Targets Enterprise Virtual Reality with Business Oriented VR Headset,” Road to VR, April 1, 2014, www.roadtovr.com/microsoft-enterprise-virtual -reality-business-vr-headset/.
53. “Microsoft Accessibility—Types of Assistive Technology Products,” www.microsoft.com/enable/at/types.aspx, accessed May 12, 2014.
54. “Assistive Listening Systems and Devices,” http://nad .org/issues/technology/assistive-listening/systems-and -devices, accessed May 12, 2014.
55. Savani, Rahul and von Stengel, Bernhard, “Game Theory Explorer—Software for the Applied Game Theorist,” March 16, 2014, www.maths.lse.ac.uk/Personal/stengel /TEXTE/largeongte.pdf.
56. Levenson, Eric, “Jeopardy’s New Game-Theory Devotee Is One to Keep an Eye on,” The Wire, Jan 31, 2014, www .thewire.com/entertainment/2014/01/jeopardys-newest -star-proves-optimal-strategy-really-unfriendly/357609.
57. “Port Resilience Operational / Tactical Enforcement to Combat Terrorism (PROTECT) Model for the United States Coast Guard,” http://teamcore.usc.edu/projects /coastguard/, accessed May 13, 2014.
58. Leventhal, Rajiv, “At Boston Medical Center, Using Ana- lytics to Improve OR Efficiencies,” Healthcare Informat- ics,” March 24, 2016, www.healthcare-informatics.com /article/boston-medical-center-using-analytics-improve -or-efficiencies.
CHAPTER 7 • Knowledge Management and Specialized Information Systems 341
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
PART 4 SystemDevelopment Chapter 8 System Acquisition and Development
master_art/Shutterstock.com
343 Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
CHAPTER
8 System Acquisition and Development
master_art/Shutterstock.com
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Know?Did Yo u
• Amazon is contemplating entering into competition with FedEx and UPS to deliver products directly to its customers by creating a global delivery network, with the goal of dramatically cutting costs and speeding delivery. Amazon is facing a major development effort to build the information systems to support this plan.
• The waterfall approach to system development allows for a high degree of management control. It is for this reason that this 50-year-old approach is frequently followed when an organization contracts with another to build its information system, even though the agile software development is often faster and can lead to higher quality results.
Principles Learning Objectives
• Organizations can obtain software using one of two basic approaches: buy or build.
• Identify the pros and cons associated with both buying and building software.
• A system under development following the waterfall approach moves from one phase to the next, with a management review at the end of each phase.
• Identify the advantages and disadvantages of the waterfall approach to system development.
• Identify and state the goal of each of the six phases of the waterfall approach.
• Identify and briefly describe the primary tools and techniques used during system development.
• Define five types of feasibility that must be assessed.
• Identify the purpose and participants involved in various types of testing from unit testing to user acceptance testing.
• Identify three approaches for system cutover.
• Agile development is an iterative system devel- opment process that develops a system in “sprint” increments lasting from two weeks to two months.
• Describe the agile development process.
• Identify the advantages and disadvantages of the agile system development approach.
• Describe the role of the scrum master and prod- uct owner in the scrum framework.
• Discuss extreme programming (XP) and DevOps.
• When buying off-the-shelf software, the effort required to modify the software package as well as existing software so that they work well together must be taken into account as a major factor in selecting the final vendor and software.
• Outline a process for evaluation and selection of a software package.
• Identify the key factors to be considered in selecting a software package.
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Why Learn about System Acquisition and Development? Throughout this book, you have seen many examples of the use of information systems to support organizations and people in a variety of careers. But where does an organization start when looking to acquire or develop these systems? And how can you work with IS personnel, such as system analysts and computer programmers, to get the information systems that you need to succeed on the job or in your own business? This chapter provides the answers to these questions along with specific examples of how new or modified systems are initiated, analyzed, designed, constructed, tested, and implemented in a number of industries. We start with a discussion of the forces that lead an organization to acquire new software and then move on to an overview of the two basic approaches to acquiring software.
As you read this chapter, consider the following:
• What options exist for organizations to acquire or develop an information system?
• What role should end users and other stakeholders play in the acquisition or development of a new system?
Buy versus Build
Organizations continue to spend considerable time and resources developing and acquiring software to support a wide range of applications, including business intelligence and analytics, e-commerce, enterprise-level functions, and mobile apps. Opportunities and problems that frequently trigger the initi- ation of an information system project include the following:
● Organizations may pursue opportunities to use information systems to support a key organization strategy or to seize a significant, and ideally long-term, competitive advantage. Amazon is evaluating just such a move—it is contemplating entering into competition with FedEx and UPS to deliver products directly to its customers. Such an aggressive supply chain move would create a global delivery network controlling the flow of goods from factories around the world to customer doorsteps anywhere in the world—cutting costs and speeding delivery. Major changes in infor- mation systems and business processes at Amazon will be necessary to support this plan.1
● Pressure to increase profitability and improve operational efficiencies often drives organizations to implement new approaches and technology. NBTY, Inc., a manufacturer of vitamins and nutritional supplements, has been conducting a multiyear business transformation focused on achieving oper- ational efficiency and productivity gains to meet challenging financial tar- gets mandated by NBTY’s parent Carlyle Group. The company implemented custom software to enable architects, construction workers, and contractors to quickly share information and cut the time required to remodel a Vitamin World store in half. NBTY is reapplying lessons learned from that experience to automate business processes and boost operational efficiencies for its Puritan’s Pride and Holland & Barrett brands.2
● The availability of new technology can create an opportunity to offer new services or attract new customers. Walgreens was an early adopter of mobile technology and developed a mobile app that enables customers to print photos, order prescription refills, and earn points toward future pur- chases. Walgreens went beyond these basics by allowing more than 240 third-party software providers to integrate with the company’s mobile application through APIs. Now customers can manage their medication
346 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
schedules from their Apple Watches and earn and redeem points using Apple Pay.3
Organizations can obtain software using one of two basic approaches: buy or build. Buying off-the-shelf software is less risky and leads to quicker deploy- ment; however, maintenance and support costs may become expensive with this approach, and the software may not be an exact match to the needs and work processes of the organization. Building custom software can provide a better match to the current work processes and provide a potential competitive advantage; however, software development can be extremely costly, and it can take months or even years to develop custom software. The advantages and disadvantages of these two approaches are summarized in Table 8.1.
Buying existing software developed by a software manufacturer enables an organization to test drive and evaluate it before making a major commit- ment to purchase it and install it. Once purchased, the existing software can be installed with minimal disruption (ideally) so that user needs can be quickly met and the organization can begin reaping the benefits from the information system. Software buyers do not actually own the software, nor can they access it to make changes or improvements; they are simply licensed to use the software on a computer. With no access to the underlying source code, user organizations must pay maintenance and support costs to the man- ufacturer or to a third party authorized to fix bugs or add new functionality. For some organizations, these costs can become excessive. As a result, many organizations are turning to open source software with access to the source code permitted so that it can be studied, changed, and improved by the orga- nization’s own software professionals—with no maintenance charges. Indeed, the amount and quality of support for open source software is dependent on whether or not there are people, resources, and interest among the organiza- tions using the software to develop updates and fix bugs.
The set of activities involved in building information systems to meet users’ needs is called system development. System development projects can range from small to very large and are conducted in fields as diverse as nuclear science research and video game development. If an organization elects to build a system, it can use its own employees (perhaps augmented with contractors) to develop the system, or it can hire an outside company to manage and/or perform all of the system development work. The latter approach allows an organization to focus on what it does best, by delegating software development to companies that have world-class development capa- bilities. This can be important since the system development efforts for even
TABLE 8.1 The pros and cons of buying versus building software Strategy Pros Cons
Buy A software solution can be acquired and deployed relatively quickly. An organization can “test drive” software before acquiring it.
Unmodified, the software may not be a good match to an organization’s needs. Maintenance and support costs can become excessive.
Build Customized software is more likely to be a good match to an organization’s needs. A custom application provides the potential to achieve com- petitive advantage.
The cost to build a system can be quite high compared to the cost of purchasing off- the-shelf software. Customized software can take months or even years to deploy.
CHAPTER 8 • System Acquisition and Development 347
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
relatively small projects can require months, with large projects requiring years of effort. Unfortunately, in spite of everyone’s best efforts, a significant number of large system development projects are likely to fail.
Organizations can use several different approaches when developing their own software. Two of those—the waterfall and agile software development processes—are discussed in the next section, followed by a discussion of a process to follow when purchasing off-the-shelf software.
Waterfall System Development Process
The waterfall system development process is a sequential, multistage system development process in which work on the next stage cannot begin until the results of the current stage are reviewed and approved or modified as neces- sary. It is referred to as a waterfall process because progress is seen as flowing steadily downward (like a waterfall) through the various phases of develop- ment. The phases of the waterfall system development process can vary from one company to the next, but many organizations use an approach with six phases: investigation, analysis, design, construction, integration and testing, and implementation. Once the system is built, organizations complete the addi- tional steps of operation, maintenance, and disposition. See Figure 8.1.
As shown in Figure 8.1, a system under development moves from one phase of the waterfall process to the next. At the end of each phase, a review is conducted to ensure that all tasks and deliverables associated with that phase were produced and that they are of good quality. In addition, at the end of each phase, the overall project scope, costs, schedule, and benefits associated
Investigation
Analysis
Design
Construction
Integration & testing
Implementation
FIGURE 8.1 Waterfall system development process Progress flows steadily downward (like a waterfall) through the various phases of development.
waterfall system development process: A sequential, multistage system development process in which work on the next stage cannot begin until the results of the current stage are reviewed and approved or modified as necessary.
348 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
with the project are reviewed to ensure that the project is on track and worth completing. As a result, the waterfall approach allows for a high degree of man- agement control. It is for this reason that this approach is frequently followed when an organization contracts with another to build its information system. However, a major problem with this approach is that users do not interact with the solution until the integration and testing phase when the system is nearly complete. This can lead to a mismatch between system capabilities, users’ expectations, and organizational needs. Table 8.2 lists additional advantages and disadvantages of the waterfall system development process.
The Energy Information Administration (EIA) serves as an advisor to the U.S. Department of Energy and is responsible for collecting energy data, con- ducting analysis, and making forecasts about future energy inventories, demand, and prices. Since 2011, EIA has spent close to $20 million on its IT Transformation Project, a major system development effort designed to enhance efficiencies within the agency. However, the program has been mired in poor project management and has failed to produce any significant results or benefits.4 This project obviously would have benefitted from a higher degree of management control.
System Investigation System investigation is the initial phase in the development of a new or modified business information system whose purpose is to gain a clear under- standing of the specifics of the problem to solve or the opportunity to address. What is the scope of the problem? Who is affected and how? How often does this occur? After gaining a good understanding of the problem, the next ques- tion is, “Is the problem worth addressing?” Given that organizations have lim- ited resources—people and money—this question deserves careful attention. What are the potential costs, both the one-time initial costs and recurring costs? What risks are associated with the project? If successful, what benefits, both tangible and intangible, will the system provide? The steps of the investi- gation phase are outlined next and discussed on the following pages:
1. Review system investigation request. 2. Identify and recruit team leader and team members. 3. Develop budget and schedule for investigation. 4. Perform investigation.
TABLE 8.2 Advantages and disadvantages of waterfall system development process
Advantages Disadvantages
Formal review at the end of each phase allows maximum management control.
Users get a system that meets the needs as understood by the developers; however, this might not be what the users really needed.
This approach requires creation of considerable system documentation so that system requirements can be traced back to stated business needs.
Often, user needs go unstated or are miscommunicated or misunderstood.
Approach produces many intermediate products that can be reviewed to mea- sure progress toward developing the system.
Users can’t easily review intermediate products and evaluate whether a par- ticular product (e.g., a data-flow dia- gram) will lead to a system that meets their business requirements.
system investigation: The initial phase in the development of a new or modified business information system whose purpose is to gain a clear understanding of the specifics of the problem to solve or the opportunity to address.
CHAPTER 8 • System Acquisition and Development 349
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
5. Perform preliminary feasibility analysis. 6. Prepare draft of investigation report. 7. Review results of investigation with steering team.
Review System Investigation Request Because system development requests can require considerable time and effort to investigate, many organizations have adopted a formal procedure for initiating a system investigation. Ideally, a system investigation request is com- pleted by members of the organization that will be most affected by the new or modified system. This request typically includes the following information:
● A preliminary statement of the problem or opportunity to be addressed (this will be refined during the course of the investigation)
● A brief discussion of how this effort aligns with previously defined com- pany and organization objectives, goals, and strategies
● Identification of the general areas of the business and business processes to be included in the scope of the study (e.g., the handling of customer discounts in the order-processing system)
The information in the system request helps senior management rational- ize and prioritize the activities of the IS department and decide which investi- gation projects should be staffed. Based on the overall IS plan, the organization’s needs and goals, and the estimated value and priority of the proposed projects, managers make decisions regarding which system investi- gation requests will be approved.
Identify and Recruit Team Leader and Team Members After managers grant approval to initiate a system investigation, the next step is to identify and recruit a person who will lead the investigation phase, fol- lowed by the other members of the investigation team. The members of the investigation team are responsible for gathering and analyzing data, preparing an investigation phase report, and presenting the results to the project steer- ing team. The system investigation team can be quite diverse, often with members located around the world. Business knowledge of the areas under study, communication, and collaboration are keys to successful investigation teams. Members of the development team may change as a project moves through the various development phases, depending on the knowledge, expe- rience, and skills required during each phase.
Develop Budget and Schedule for Investigation After the team has been formed, its members work together to develop a list of specific objectives and activities that must be accomplished during the system investigation phase along with a schedule for completing the work. The team establishes major milestones to help monitor progress and determine whether problems or delays occur in performing system investigation. The group also prepares a budget to complete the investigation including any travel required and funds necessary to cover the use of any outside resources or consultants.
Perform Investigation The major tasks to perform during investigation include refining the initial problem definition and scope described in the system investigation request, identifying the high-level business requirements the system must meet, and identifying any issues or risks associated with the project.
Joint Application Development Joint application development (JAD) is a structured meeting process that can accelerate and improve the efficiency and effectiveness of not only the investigation phase but also the analysis and
joint application development (JAD): A structured meeting process that can accelerate and improve the efficiency and effectiveness of the investigation, analysis, and design phases of a system development project.
350 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
design phases of a system development project. JAD involves carefully planned and designed meetings in which users, stakeholders, and IS profes- sionals work together to analyze existing systems, define problems, identify solution requirements, and propose and evaluate possible solutions including costs and benefits. See Figure 8.2. The JAD process has proven to be extremely effective and efficient at accomplishing these tasks. In addition, the highly participative nature of the sessions goes a long way to helping ensure stakeholders and users buy into the results. With today’s technology, such as group decision support systems and video conferencing, it is possible to con- duct effective live JAD sessions with people located in many different places without the need for expensive travel.
The success or failure of a JAD session depends on how well the JAD facilitator plans and manages the session. It is not unusual for the facilitator to spend three hours planning and preparing for the JAD session for each hour the JAD session lasts. In addition, the participants of a JAD session must be carefully chosen to include users of the system as well as people from other organizations who will likely be affected by, provide input for, or receive output from the system. Ideally, people from the operational level as well as the executive level will attend. Table 8.3 identifies the JAD session participants as well as their role and qualifications.
The consulting firm Liquid Mercury Solutions uses JAD in working with its clients on a routine basis to define and develop information system solutions.5
Functional Decomposition Functional decomposition is a technique that involves breaking down a complex problem or system into smaller parts that are more manageable and easier to understand. It is frequently used during the investiga- tion phase to define the business processes included within the scope of the system. Recall that a process is a set of logically related tasks performed to achieve a defined outcome. A process is usually initiated in response to a spe- cific event and requires input that it processes to create output. Often, feedback is generated that is used to monitor and refine the process.
To create the functional decomposition chart (see Figure 8.3), begin with the name of the system and then identify the highest-level processes to be per- formed. Each process should have a two-word “verb-subject” name that clearly
FIGURE 8.2 JAD session JAD can accelerate and improve the efficiency and effectiveness of the investigation, analysis, and design phases of a system development project. wa
ve br ea km
ed ia /S hu tt er st oc k. co m
CHAPTER 8 • System Acquisition and Development 351
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
defines the process. Next, break those high-level processes down into lower- level subprocesses. For the system investigation phase, two or three levels of decomposition are usually sufficient to define the scope of the system.
Perform Preliminary Feasibility Analysis The technical, economic, legal, operational, and schedule feasibility are assessed during the feasibility analysis, which is only a preliminary analysis that will be repeated with more accuracy during the analysis and design phases, when more details about the system and its requirements are known.
TABLE 8.3 JAD participants and their role Role Responsibilities Qualifications
Facilitator ● Determines JAD session objectives ● Plans JAD session to meet objectives ● Leads JAD session ● Encourages everyone to participate
● Excellent meeting facilitator ● Unbiased and does not take sides
Decision makers
● Resolve conflicts ● Avoid gridlock
● Stakeholders selected by project sponsor to make decisions
● Have the authority and willingness to make decisions
Users ● Describe business as it is and as it should be ● Provide business expertise ● Define problems, identify potential benefits, analyze
existing system, define requirements of a new system, and propose and evaluate possible solutions
● Represent all major areas affected ● Expert in their area of the business
System developers
● Observe carefully ● Offer technical opinion on cost or feasibility, if requested ● Gain deep understanding of customers’ needs and desires
● Member of system development team
Scribe ● Participate in discussion to clarify points and capture them accurately
● Document key points, issues, next steps, and decisions throughout the JAD session
● Publish results of JAD session and solicit feedback
● Excellent listening skills ● Experience in using software
engineering tools to document requirements and create system models
Stock management
system
Manage stock
Check stock
Order stock
Receive stock
Store stock
Add new
supplier
Update supplier
data
Delete supplier
Manage suppliers
FIGURE 8.3 Functional decomposition chart Functional decomposition is used to define the scope of the system.
feasibility analysis: An assess- ment of the technical, economic, legal, operational, and schedule feasibility of a project.
352 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Technical feasibility examines whether a project is feasible within the current limits of available technology. Determining the technical feasibility is critical when new technology is first being considered for use within an organization, prior to its widespread use. A number of companies are cur- rently participating in a technical feasibility study to determine if advanced positioning signals transmitted from a GPS satellite can be used to control a self-steering robotic tractor to within an accuracy of 5 centimeters. Such accuracy is needed to ensure that the self-steering robotic tractor tires can be guided to run between rows of planted rice without causing damage to the crop.6
Economic feasibility determines whether the expected benefits associ- ated with the project outweigh the expected costs sufficiently to make the project financially attractive. Cost and benefit estimates should be made for multiple years to allow for calculation of the internal rate of return or net present value of the project. It is important to recognize that at this early stage of the development process, the cost and benefit amounts are rough estimates and subject to change should the project continue. So, while the mathematics involved may make it appear that the results are precise, in actu- ality, the result is no more accurate than cash flow estimates, which are often no more than refined guesses. Table 8.4 lists some of the typical costs and benefits that need to be considered.
Organizations must guard against spending more than is appropriate as the success or failure of a system development effort will, at least to some degree, be measured against meeting the project budget. The U.K. Ministry of Defence wasted millions of pounds on a planned £1.3 billion (approximately $2.2 billion) information system designed to enable the army to recruit online. A key benefit to be derived from the project was to increase recruitment levels above historic levels; however, this goal has not been achieved.7
Legal feasibility is the process of determining whether laws or regula- tions may prevent or limit a system development project. Legal feasibility involves an analysis of existing and future laws to determine the likelihood of legal action against the system development project and the possible conse- quences of such action. For example, nearly every country in Europe and many in Latin America, Asia, and Africa have implemented data protection laws that prohibit the disclosure or misuse of information held on private individuals. These laws make it possible for the human resources departments of multinational companies to share personal employee data across country borders only in limited circumstances.
Operational feasibility is the process of determining how a system will be accepted by people and how well it will meet various system performance expectations. Assessing the operational feasibility of a project includes taking into consideration people issues, such as overcoming employee resistance to change, gaining managerial support for the system, providing sufficient moti- vation and training, and rationalizing any conflicts with organizational norms and policies. In other words, if the system is developed, will it be used? Oper- ational feasibility also takes into account the need to meet certain system per- formance requirements (e.g., response time for frequent online transactions, number of concurrent users it must support, reliability, and ease of use) that are considered important to system users and stakeholders.
Schedule feasibility is the process of determining whether a project can be completed within a desired time frame. This process involves balancing the time and resource requirements of the project with other projects. For example, many projects that involve delivering a new financial information system have a desired start-up date at the beginning of the organization’s fis- cal year. Unfortunately, it is not always possible to meet this date, and so a compromise must be made—deliver part of the system at the start of the fiscal year or wait another year to deliver the full system.
technical feasibility: The process of determining whether a project is feasible within the current limits of available technology.
economic feasibility: The process of determining whether the project makes financial sense and whether predicted benefits offset the cost and time needed to obtain them.
legal feasibility: The process of determining whether laws or regula- tions may prevent or limit a system development project.
operational feasibility: The pro- cess of determining how a system will be accepted by people and how well it will meet various system performance expectations.
schedule feasibility: The process of determining whether the project can be completed within a desired time frame.
CHAPTER 8 • System Acquisition and Development 353
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
TABLE 8.4 Cost/benefit table Costs Year 1 Year 2 Year … Year N
Costs to analyze, design, construct, integrate and test, and implement system
Employees
Vendor
Software customization
Travel
Hardware costs
Software tools costs
Other costs
Initial costs to establish system
Software license fees
New hardware costs
Cost to upgrade existing hardware
Cost to upgrade network
User training
Purchase of any necessary data
Cost to migrate existing data to new system
Other costs
Ongoing operations costs
Software lease or rental fees
Hardware lease or rental fees
Network usage fees
System operations and support staff
User training
Increased electric and other utilities
Costs associated with disaster recovery
Other costs
Tangible benefits (can be quantified in dollars)
Reduction in current costs
Reduction in current staff
Reduction in inventory levels
Reduction in computer hardware costs
Reduction in software costs
Other reduced costs
Increase in revenue
Increase in sales from reaching new customers
Increase in sales from charging more
Acceleration in cash flow
Other increases in revenue
Intangible benefits (difficult to quantify in dollars)
Improved customer service
Improved employee morale
354 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Prepare Draft of Investigation Report The system investigation ends with production of a system investigation report that summarizes the results of the system investigation and recom- mends a course of action: continue on to system analysis, modify the project in some manner and perhaps repeat the system investigation, or drop the project altogether. See Figure 8.4. A typical table of contents for a system investigation report is shown in Figure 8.5.
Review Results of Investigation with Steering Team The system investigation report is reviewed with the steering team to gain their input and counsel. Typically, the written report is shared in advance and then the project manager and selected members of the team meet with the steering team to present their recommendations.
After the project review, the steering team might agree with the recom- mendations of the system development team or it might suggest a change in project focus to concentrate more directly on meeting a specific company objective. Another alternative is that everyone might decide that the project is
FIGURE 8.4 System investigation recommendation The system investigation report summarizes the results of the system investigation and recommends a course of action.
Drop project
Continue Redefine project and
redo investigation
© St ua rt M ile s/ Sh ut te rs to ck .c om
Systems Investigation Report Table of Contents
EXECUTIVE SUMMARY DESCRIPTION OF OPPORTUNITY PROJECT SCOPE BUSINESS REQUIREMENTS ISSUES AND CONSTRAINTS FEASIBILITY ANALYSIS RECOMMENDATION NEXT STEPS
FIGURE 8.5 Table of contents for a system investigation report A typical system investigation report begins with an executive summary and ends with a list of next steps.
system investigation report: A summary of the results of the system investigation, with a recommendation of a course of action.
CHAPTER 8 • System Acquisition and Development 355
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
not feasible and thus cancel the effort. This input is used to finalize the sys- tem investigation report.
System Analysis After a project has completed the investigation phase and been approved for fur- ther study, the next step is to answer the question, “What must the information system do to solve the problem or capitalize on the opportunity?” The overall emphasis of the system analysis is on gathering data on the existing system, determining the requirements for the new system, considering alternatives within identified constraints, and investigating the feasibility of alternative solutions. The primary outcome of system analysis is a prioritized list of system requirements and a recommendation of how to proceed with the project. The steps in the sys- tem analysis phase are outlined next and discussed in the following pages. Note that many of the steps were also performed during system investigation:
1. Identify and recruit team leader and team members. 2. Develop budget and schedule for system analysis activities. 3. Study existing system. 4. Develop prioritized set of requirements. 5. Identify and evaluate alternative solutions. 6. Perform feasibility analysis. 7. Prepare draft of system analysis report. 8. Review results of system analysis with steering team.
The Los Angeles Police Department (LAPD) is comprised of over 9,000 offi- cers and serves 3.9 million residents spread across the 485 square miles of the city of Los Angeles. LAPD conducted a system analysis to define the require- ments for a Use of Force System (UOFS) to monitor officer performance and behavior. The UOFS collects information about each use of force incident including suspect, officer, and witness data. The application applies a series of business rules that trigger a review and investigation into the use of force by appropriate parties, often by multiple levels of LAPD management.8
Identify and Recruit Team Leader and Team Members In many cases, there is some personnel turnover when a project moves from the system investigation phase to the system analysis phase. Some players may no longer be available to participate in the project, and new members with a different set of skills and knowledge may be required. So, the first step in system analysis is to identify and recruit the team leader and members. Ideally, some members of the original investigation team will participate in the system analysis to provide project continuity.
Develop Budget and Schedule for System Analysis Activities After the participants in the system analysis phase are determined, the team develops a list of specific objectives and activities required to complete the system analysis. The team also establishes a schedule—complete with major milestones to track project progress. The group also prepares a budget of the resources required to complete the system analysis, including any required travel expenses as well as funds to cover the use of outside resources.
Study Existing System The purpose of studying the existing system is to identify its strengths and weaknesses and examine current inputs, outputs, processes, security and con- trols, and system performance. While analysis of the existing system is impor- tant to understanding the current situation, the study team must recognize that after a point of diminishing returns, further study of the existing system will fail to yield additional useful information.
system analysis: The phase of system development that focuses on gathering data on the existing system, determining the requirements for the new system, considering alternatives within identified constraints, and investigating the feasibility of alternative solutions.
356 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Many useful sources of information about the existing system are avail- able, as shown in Figure 8.6. JAD sessions, direct observation with one or more members of the analysis team directly observing the existing system in action, and surveys are often used to uncover pertinent information from the various sources.
Develop Prioritized Set of Requirements The purpose of this step is to determine user, stakeholder, and organizational needs for the new or modified system. A set of requirements must be deter- mined for system processes (including inputs, processing, outputs, and feed- back), databases, security and controls, and system performance. See Figure 8.7. As requirements are identified, an attempt is made to prioritize each one by using the following categories:
● Critical. Almost all users agree that the system is simply not acceptable unless it performs this function or provides this capability. Lack of this feature or capability would cause users to call a halt to the project.
● Medium priority. While highly desirable, most users agree that although their work will be somewhat impaired, the system will still be effective without this feature or capability. Some users may argue strongly for this feature or capability but, in the end, would want the project to continue even without this capability.
● Low priority. Most users agree that their ability to use the system to accomplish their work will only be minimally impaired by lack of this feature or capability, although it would be “nice to have.” Almost no user argues strongly for this feature or capability.
Identifying, confirming, and prioritizing system requirements is perhaps the single most critical step in the entire waterfall system development pro- cess because failure to identify a requirement or an incorrect definition of a requirement may not be discovered until much later in the project, causing much rework, additional costs, and delay in the system effort.
The use of JAD sessions with a cross section of users and stakeholders in the project is an effective way to define system requirements. A technique often used in a JAD session is to ask managers and decision makers to list only the factors that are critical to the success of their areas of the organization.
FIGURE 8.6 Internal and external sources of data for system analysis JAD sessions, direct observation, and surveys are often used to uncover data from the various sources.
Internal Sources
Users, stakeholders, and managers
Organization charts
Forms and documents
Procedure manuals and policies
Financial reports
IS manuals
Other measures of business process
External Sources
Customers
Suppliers
Stockholders
Government agencies
Competitors
Outside groups
Journals, etc.
Consultants
CHAPTER 8 • System Acquisition and Development 357
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
A critical success factor (CSF) for a production manager might be adequate raw materials from suppliers, while a CSF for a sales representative could be a list of customers currently buying a certain type of product. Starting from these CSFs, the processes, databases, security and control, and performance require- ments associated with each CSF can be identified.
Processes The functional decomposition performed during the investigation phase identifies the majority of the processes to be included within the scope of a new system. Now, the processes must be further defined so that they will be practical, efficient, economical, accurate, and timely to avoid project delays. In addition, the individuals or organizations responsible for complet- ing each step in the process must be identified.
A process requires input that it uses to create output. Often, feedback is generated. The questions that need to be answered during system analysis are: what data entities are required, where will this data come from, what methods will be used to collect and enter the data, who is responsible for data input, and what edits should be performed on the input data to ensure that it is accurate and complete? Another important consideration is the crea- tion of an audit trail that records the source of each data item, when it entered the system, and who entered it. The audit trail may also need to capture when the data is accessed or changed and by whom.
Because the success of a new system is highly dependent upon the acceptability of its output, the identification of common system outputs—such as printed reports, screens, and files—is critical to developing a complete set of system requirements.
Data-Flow Diagram A data-flow diagram (DFD) is a diagram used during both the analysis and design phases to document the processes of the current system or to provide a model of a proposed new system. A DFD shows not only the various processes within the system but also where the data needed for each process comes from, where the output of each process will be sent, and what data will be stored and where. The DFD does not provide any infor- mation about the process timing (e.g., whether the various processes happen in sequence or are parallel).
DFDs are easy to develop and are easily understood by nontechnical peo- ple. Data-flow diagrams use four primary symbols:
● The data-flow line includes arrows that show the direction of data movement.
FIGURE 8.7 Defining system requirements System requirements must be checked for consistency so that they all fit together.
Processes Databases
Security and controls
System performance
© ze nt ili a/ Sh ut te rs to ck .c om
data-flow diagram (DFD): A dia- gram used during both the analysis and design phases to document the processes of the current system or to provide a model of a proposed new system.
358 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
● The process symbol identifies the function being performed (e.g., check status, issue status message).
● The entity symbol shows either the source or destination of the data (e.g., customer, warehouse).
● A data store symbol reveals a storage location for data (e.g., pending orders, accounts receivable).
Figure 8.8 shows a level 1 DFD. Each of the processes shown in this dia- gram could be documented in more detail to show the subprocesses and cre- ate a level 2 DFD. Frequently, level 3 DFD diagrams are created and used in the analysis and design phases.
Databases Data modeling is the process of defining the databases that a sys- tem will draw data from as well as any new databases that it will create. The use of entity-relationship (ER) diagrams is one technique that is frequently used for this critical step. An ER diagram is used to show logical relationships among data entities, such as in Figure 8.9. An ER diagram (or any other modeling tool) cannot by itself fully describe a business problem or solution
CUSTOMER WAREHOUSE
ACCOUNTING
1.0
In-stock requestOrder
Status message
Status data
Shipping order
Pending orders
Payment
Accounting data
Accounts receivable
Inventory reports
Accounts receivable data
D2
Invoice
D1
Shipping confirmation
Order data
Order data
Order data
Check status
3.0
Generate shipping
order
2.0
Issue status
messages
4.0
Manage accounts
receivable 5.0
Produce reports
FIGURE 8.8 Data-flow diagram A data-flow diagram documents the processes of the current system or provides a model of a proposed new system.
CHAPTER 8 • System Acquisition and Development 359
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
because it lacks descriptions of the related activities. It is, however, a good place to start because it describes entity types and attributes about which data might need to be collected for processing.
Security and Control Security and control considerations need to be an integral part of the entire system development process. Unfortunately, they are often treated as an afterthought, after system requirements have been defined and system design is well underway. This approach usually leads to problems that become security vulnerabilities, which can cause major security breaches resulting in significant legal and system modification expenses. A more effec- tive and less costly approach is to define security and control requirements when other system requirements are being identified. The following list pro- vides examples of areas for which security and control requirements might need to be defined:9
● Access controls, including controls to authenticate and permit access only to authorized individuals
● Encryption of electronic customer information, including while in transit or in storage on networks or systems to which unauthorized individuals may gain access
● Dual control procedures, segregation of duties, and employee background checks for employees with responsibilities for or access to customer, employee, or organization-sensitive information
● Monitoring systems and procedures to detect actual and attempted attacks on or intrusions into information systems
● Measures to protect against destruction, loss, or damage of customer, employee, or organization-sensitive data due to potential environmental hazards, such as fire and water damage, technological failures, or disas- ters such as hurricanes and terrorism
● Business resumption procedures to get the system up and running with no major business disruption and with no loss of data in the event of a disaster (e.g., fire, hurricane, terrorism)
People with a special interest in security and control include the organiza- tion’s internal auditors and members of senior management. They should pro- vide input and advice during the system analysis and design phases.
System security and control requirements need to be defined in the con- text of the organization’s existing policies, standards, and guidelines. See
FIGURE 8.9 Entity-relationship (ER) diagram for a customer order database Development of ER diagrams helps ensure that the logical structure of application programs is consistent with the data relationships in the database.
Serves
Salesperson
Product
Customer
Orders
Places
Line items
Includes Specifies
Invoice
Generates
360 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Figure 8.10. For example, the Gramm–Leach–Bliley Act requires companies legally defined as financial institutions to ensure the security and confidentiality of customer information. Thus, financial institutions have established policies, standards, and guidelines to which any new information system must adhere.
System Performance How well a system performs can be measured through its performance requirements. Failure to meet these system performance requirements results in unproductive workers, dissatisfied customers, and missed opportunities to deliver outstanding business results. System perfor- mance is usually determined by factors such as the following:
● Timeliness of output. Is the system generating output in time to meet organizational goals and operational objectives? Since GEICO began advertising that you can save 15 percent on auto insurance in just 15 min- utes, speed has become a key factor for many consumers in selecting an insurance company. Nationwide now touts its online tool as the fastest path to a quick car insurance quote, and The General insurance company boasts, “Give us two minutes and we’ll give you an auto insurance quote.”
● Ease of use. Developing applications that managers and employees can easily learn and use is essential to ensure that people will work with the applications productively.
● Scalability. A scalable information system can handle business growth and increased business volume without a noticeable degradation in performance.
● System response time. The average response time for frequent online transactions is a key factor in determining worker productivity and cus- tomer service.
● Availability. Availability measures the hours per month the system is scheduled to be available for use. Systems typically must be unavailable a few hours a week to allow for software upgrades and maintenance.
● Reliability. Reliability measures the hours the system is actually available for use divided by the hours the system is scheduled to be available and is expressed as a percentage. Worker productivity decreases and customer dissatisfaction increases as system reliability decreases.
Identify and Evaluate Alternative Solutions The analysis team must think creatively and consider several system solution options. By looking at the problem in new or different ways, questioning cur- rent assumptions and the way things are done today, and removing current
FIGURE 8.10 Context for new system security and control requirements New system security and control requirements must be developed within the organization’s existing policies, standards, and guidelines.
• Corporate policies that define what actions to take and why
• Baseline requirements that must be met by information systems
• Best practices to implement a security measure
• Descriptions of new security and control measures to implement for this system
Guidelines
Standards
Policy
New system requirements
CHAPTER 8 • System Acquisition and Development 361
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
constraints and barriers, the team is free to identify highly creative and effec- tive information system solutions. Such critical analysis requires unbiased and careful questioning of whether system elements are related in the most effec- tive ways, considering new or different relationships among system elements, and possibly introducing new elements into the system. Critical analysis also involves challenging users about their needs and determining which are truly critical requirements rather than “nice to have” features.
The Pareto principle (also known as the 80–20 rule) is a rule of thumb used in business that helps people focus on the vital 20 percent that generate 80 percent of the results. This principle means that 80 percent of the desired system benefits can be achieved by implementing 20 percent of the system requirements. An 80–20 option will have a low cost and quick completion schedule relative to other potential options. However, this option may not be an ideal solution and may not even be acceptable to the users, stakeholders, and the steering team who may be expecting more. Additional candidate solu- tions can be defined that implement all or most of the critical priority system requirements and team-selected subsets of the medium and low-priority requirements. Table 8.5 illustrates some of the many potential candidates the analysis team may want to evaluate.
Perform Feasibility Analysis At this stage in the system development process, the project team has identified several promising solutions based on implementing all or most of the critical requirements and various subsets of the medium and low-priority requirements. The feasibility analysis conducted during the investigation phase is repeated for each of the candidate solutions the team wants to consider. At this stage, the analysis can be more in-depth because more is known about the system and its requirements as well as the costs and benefits of the various options.
Prepare Draft of System Analysis Report System analysis concludes with a formal system analysis report summarizing the findings of this phase of the project. The table of contents for a typical system analysis report is shown in Figure 8.11. This report is a more complete and detailed version of the system investigation report. At this phase of the project, the costs and benefits of the project should be fairly accurate, cer- tainly more accurate than at the end of the investigation phase.
Review Results of System Analysis with Steering Team The system analysis report is presented to the project steering team with a recommendation to stop, revise, or go forward with the system development project. Following the steering team meeting, the project team incorporates
TABLE 8.5 Additional candidates for system analysis Scope of System Build System Customize Software Package
Build system that meets all critical requirements, but no medium or low-priority requirements
Option #1
Modify package so that it meets all critical requirements, but no medium or low-priority requirements
Option #2
Build system that meets 20 percent of all requirements that will provide 80 percent of the system benefits
Option #3
Modify package so that it meets 20 percent of all requirements that will provide 80 percent of the system benefits
Option #4
Implement software package as is, with no customization to enable it to meet unique requirements
Option #5
Pareto principle (80–20 rule): An observation that for many events, roughly 80 percent of the effects come from 20 percent of the causes.
362 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
the recommendations and suggested changes into the final report. It is not unusual for changes to the project scope, budget, benefits, or schedule to be requested based on the findings from the analysis phase. However, the proj- ect sponsor and the steering team must request and formally approve of any changes.
System Design The purpose of the system design phase is to answer the question, “How will the information system solve this problem?” The primary result of the system design phase is a technical design that details system outputs, inputs, controls, and user interfaces; specifies hardware, software, databases, telecommunica- tions, personnel, and procedures; and shows how these components are inter- related. In other words, system design creates a complete set of technical specifications that can be used to construct the information system. The steps in the system design phase are outlined next and discussed in the following pages. Again, note that many of the steps were performed in the investigation and system analysis phase but are now repeated with more current and com- plete information.
1. Identify and recruit team leader and team members. 2. Develop schedule and budget for system design activities. 3. Design user interface. 4. Design system security and controls. 5. Design disaster recovery plan. 6. Design database. 7. Perform feasibility analysis. 8. Prepare draft of system design report. 9. Review results of system design with steering team.
Identify and Recruit Team Leader and Team Members Because some personnel turnover is likely when moving from the system analysis phase to the system design phase, the first step in system design is to identify and recruit the team leader and members. Ideally, some members of the system analysis team will participate in the system design to ensure project continuity.
Systems Analysis Report Table of Contents
EXECUTIVE SUMMARY DESCRIPTION OF OPPORTUNITY PROJECT SCOPE BUSINESS REQUIREMENTS ISSUES AND CONSTRAINTS SUMMARY OF ALTERNATIVES CONSIDERED FEASIBILITY ANALYSIS RECOMMENDATION NEXT STEPS
FIGURE 8.11 Typical table of contents for a report on an existing system The system analysis report is a more complete and detailed version of the system investigation report.
system design: The stage of system development that answers the question, “How will the information system solve a problem?”
CHAPTER 8 • System Acquisition and Development 363
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Develop Schedule and Budget for System Design Activities The system design team begins by developing a list of specific objectives and activities required to complete the system design phase. It also establishes a schedule complete with major milestones to track project progress. Some tasks may involve working with the steering team to resolve issues and ques- tions raised during the review of the system analysis phase. The group also prepares a budget for completing the system design, including any required travel costs and funds to cover the use of outside resources.
Design User Interface How users experience an information system determines whether the system will be accepted and used. In speaking about the importance of user interface design for Apple software products, Jef Raskin, an interface expert, once said, “As far as the customer is concerned, the interface is the product.”10
User interface design integrates concepts and methods from computer sci- ence, graphics design, and psychology to build interfaces that are accessible, easy to use, and efficient. Over the years, various authors have identified user interface design principles, including those listed in Table 8.6.11,12
User interface design must consider a number of components. Most sys- tems provide a sign-on procedure that requires identification numbers, pass- words, and other safeguards to improve security and prevent unauthorized use. With a menu-driven system, users select what they want to do from a list of alternatives. Most people can easily operate these types of systems. In addi- tion, many designers incorporate a help feature into the system or program. When users want to know more about a program or software feature or what type of response is expected, they can activate the help feature. Systems often use lookup tables to simplify and shorten data entry. For example, if you are entering a sales order for a company, you can type its abbreviation, such as ABCO. The program searches the customer table and looks up the informa- tion you need to complete the sales order for the company abbreviated as ABCO.
Using screen painter software, an analyst can efficiently design the fea- tures, layout, and format of the user interface screens. See Figure 8.12. Several screens can be linked together to simulate how the user can move from
TABLE 8.6 Principles of good user interface design Principle How to Apply
Strive for consistency Consistent sequences of actions should be required in similar situations; identical terminology should be used in prompts, menus, and help screens; and consistent commands should be employed throughout.
Offer informative feedback
For every user action, there should be some system feedback. For frequent and minor actions, the response can be modest, while for infrequent and major actions, the response should be more substantial.
Offer simple error handling
As much as possible, design the system so the user cannot make a serious error. If an error is made, the system should be able to detect the error and offer simple, comprehensible instruc- tions for handling the error.
One primary action per screen
Every screen should support a single action of real value to the user.
Provide progressive disclosure
Show only what is necessary on each screen. If the user is making a choice, show enough information to allow the user to choose and then display details on a subsequent screen.
Strive for aesthetic integrity
The graphic design elements used in an interface should be simple and clean, pleasant to look at, and easy to understand.
364 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
screen to screen to accomplish tasks. Conducting an interactive screen design session with a few users at a time is an effective process for defining the system user interface.
Design System Security and Controls The system analysis phase identified areas where system security and controls need to be defined. During the design phase, designers must develop specific system security and controls for all aspects of the information system, including hardware, software, database systems, telecommunications, and Internet opera- tions, as shown in Table 8.7. Security considerations involve error prevention, detection, and correction; disaster planning and recovery; and systems controls. The goal is to ensure secure systems without burdening users with too many identification numbers and passwords for different applications.
After the controls are developed, they should be documented in standards manuals that indicate how to implement the controls. The controls should then be implemented and frequently reviewed. It is common practice to mea- sure how often control techniques are used and to take action if the controls have not been implemented. Organizations often have compliance depart- ments to make sure the IS department is adhering to its systems controls along with all local, state, and federal laws and regulations.
Design Disaster Recovery Plan A disaster recovery plan is a documented process to recover an organiza- tion’s business information system assets including hardware, software, data, networks, and facilities in the event of a disaster. It is a component of the organization’s overall business continuity plan, which also includes an occu- pant emergency plan, a continuity of operations plan, and an incident man- agement plan. A disaster recovery plan focuses on technology recovery and identifies the people or the teams responsible to take action in the event of a disaster, what exactly these people will do when a disaster strikes, and the information system resources required to support critical business processes.
Disasters can be natural or manmade, as shown in Table 8.8. In perform- ing disaster recovery planning, organizations should think in terms of not being able to gain access to their normal place of business for an extended period of time, possibly up to several months.
FIGURE 8.12 User interface design Analysts can develop screen mock- ups and simulate how the user moves from screen to screen. Pre
ss m as te r/ Sh ut te rs to ck .c om
disaster recovery plan: A docu- mented process to recover an organi- zation’s business information system assets including hardware, software, data, networks, and facilities in the event of a disaster.
CHAPTER 8 • System Acquisition and Development 365
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
As part of defining the business continuity plan, organizations conduct a business impact analysis to identify critical business processes and the resources that support them. The recovery time for an information system resource should match the recovery time objective for the most critical busi- ness processes that depend on that resource. Some business processes are more pivotal to continued operations and goal attainment than others. These processes are called mission-critical processes. An order-processing system, for example, is usually considered mission-critical. Without it, the sales orga- nization cannot continue its daily activities, which generate the cash flow needed to keep the business operating.
For some companies, personnel backup can be critical. Without the right number of trained employees, the business process can’t function. For infor- mation system hardware, hot and cold sites can be used as backups. A dupli- cate, operational hardware system that is ready for use (or immediate access to one through a specialized vendor) is an example of a hot site. If the pri- mary computer has problems, the hot site can be used immediately as a backup. However, the hot site must be situated so that it will not be affected by the same disaster. Another approach is to use a cold site, which is a com- puter environment that includes rooms, electrical service, network links, data
TABLE 8.7 Using system controls to enhance security Controls Description
Input controls Maintain input integrity and security; their purpose is to reduce errors while protecting the com- puter system against improper or fraudulent input. Input controls range from using standardized input forms to eliminating data-entry errors and using tight password and identification controls.
Processing controls Deal with all aspects of processing and storage; the use of passwords and user authentication controls, backup copies of data, and storage rooms that have tight security systems are exam- ples of processing and storage controls.
Output controls Ensure that output is handled correctly; in many cases, output generated from the computer system is recorded in a file that indicates the reports and documents that were generated, the time they were generated, and their final destinations.
Database controls Deal with ensuring an efficient and effective database system; these controls include the use of user authentication controls and passwords, without which a user is denied access to certain data and information. Many of these controls are provided by database management systems.
Telecommunications controls
Provide accurate and reliable data and information transfer among systems; network controls include firewalls and encryption to ensure correct communication while eliminating the poten- tial for fraud and crime.
Personnel controls Ensure that only authorized personnel have access to certain systems to help prevent computer-related mistakes and crime; personnel controls can involve the use of user authenti- cation controls and passwords that allow only certain people access to particular data and information. ID badges and other security devices (such as smart cards) can prevent unautho- rized people from entering strategic areas in the information systems facility.
TABLE 8.8 Various disasters can disrupt business operations Intentional Man-Made Disasters Accidental Man-Made Disasters Natural Disasters
Sabotage Auto accident knocks down power lines to a data center
Flood
Terrorism Backhoe digs up a telecommunications line Tsunami
Civil unrest Operator error Hurricane/cyclone
Fire Earthquake
Volcanic eruption
mission-critical process: A pro- cess that plays a pivotal role in an organization’s continued operations and goal attainment.
hot site: A duplicate, operational hardware system that is ready for use (or immediate access to one through a specialized vendor).
cold site: A computer environment that includes rooms, electrical service, telecommunications links, data storage devices, and the like.
366 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
storage devices, and similar equipment. If a primary computer has a problem, backup computer hardware is brought into the cold site, and the complete system is made operational.
Cloud computing has added another dimension to disaster recovery plan- ning. If your organization is hit by a disaster, information systems that are running on the cloud are likely to be operational and accessible by workers from anywhere they can access the Internet. Data is also stored safely and securely at the site of the cloud-computing service provider, which could be hundreds of miles from the organization. On the other hand, if the cloud ser- vice provider is hit by a disaster, it may cause a serious business disruption for your organization even if it is otherwise unaffected by a distant disaster. Thus, part of the evaluation of a cloud service provider must include analysis of the provider’s disaster recovery plans.
Files and databases can be protected by making a copy of all files and databases changed during the last few days or the last week, a technique called incremental backup. This approach to backup uses an image log, which is a separate file that contains only changes to applications or data. Whenever an application is run, an image log is created that contains all changes made to all files. If a problem occurs with a database, an old data- base with the last full backup of the data, along with the image log, can be used to re-create the current database.
Organizations can also hire outside companies to help them perform disaster planning and recovery. EMC, for example, offers data backup in its RecoverPoint product.13 For individuals and some applications, backup copies of important files can be placed on the Internet. Failover is another approach to backup. When a server, network, or database fails or is no longer function- ing, failover automatically switches applications and other programs to a redundant or replicated server, network, or database to prevent an interrup- tion of service. SteelEye’s LifeKeeper and Application Continuous Availability by NeverFail are examples of failover software.14,15 Failover is especially important for applications that must be operational at all times.
Design Database The database provides a user view of data and makes it possible to add and modify data, store and retrieve data, manipulate the data, and generate reports. One of the steps in designing a database involves “telling” the database man- agement system (DBMS) the logical and physical structure of the data and the relationships among the data for each user. This description is called a schema, and it is entered into the DBMS using a data definition language. A data defini- tion language (DDL) is a collection of instructions and commands that define and describe data and relationships in a specific database.
Another important step in designing the database is to establish a data dictionary, a detailed description of all data used in the database. A data dic- tionary is valuable in maintaining an efficient database that stores reliable information with no redundancy, and it makes it easy to modify the database when necessary. Data dictionaries also help computer and system program- mers who require a detailed description of data elements stored in a database to create the code to access the data. Adhering to the standards defined in the data dictionary also makes it easy to share data among various organizations without the need for extensive data scrubbing and translation.
Perform Feasibility Analysis As a result of the work done during the design phase, the project team has a much better understanding of what it will take to build the system, how it will operate, and what benefits it can deliver. It is appropriate to reassess the technical, economic, legal, operational, and schedule feasibility based on these new learnings.
CHAPTER 8 • System Acquisition and Development 367
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Prepare Draft of System Design Report System design concludes with a formal system design report summarizing the findings of this phase of the project. Any changes from the system analysis findings are highlighted and explained. The table of contents for a typical sys- tem design report is shown in Figure 8.13. This report is a more complete and detailed version of the system investigation report.
Review Results of System Design with Steering Team The system design report is presented to the project steering team with a rec- ommendation to stop, revise, or go forward with the system development project. The steering team carefully reviews the recommendations because if the project is to proceed, considerable human and financial resources will be committed and legally binding vendor contracts will be signed. Following the steering team meeting, the project team incorporates the recommendations and changes suggested into the final report.
At the end of the design phase, organizations employing the waterfall system development process freeze the scope and the user and business requirements. Any potential changes that are identified or suggested after this point must go through a formal scope change process. This process requires the organization to assess how the proposed changes affect the project feasibility, cost, and schedule. It may be necessary to rerun cost/ben- efit analyses to ensure that the project is still financially viable. Next, the proposed changes are presented to the project steering team along with their associated costs and schedule impact. The steering team must approve the changes before the project team can begin work to incorporate them into the current design. Frequently, the steering team disapproves changes to ensure that the project is completed without exceeding the current budget and schedule. If the steering team approves the changes, however, the proj- ect team might need to repeat portions of the system analysis and design phases to incorporate the changes.
Construction The system construction phase follows the completion of the system design phase when the project steering team approves of proceeding with the
Systems Design Report Table of Contents
EXECUTIVE SUMMARY DESCRIPTION OF OPPORTUNITY PROJECT SCOPE BUSINESS REQUIREMENTS ISSUES AND CONSTRAINTS SUMMARY OF ALTERNATIVES CONSIDERED ALTERNATIVE RECOMMENDED FEASIBILITY ANALYSIS RECOMMENDATION NEXT STEPS
FIGURE 8.13 Typical table of contents for a system design report The system design report is a more complete and detailed version of the system investigation report.
368 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
project. System construction converts the system design into an operational system by coding and testing software programs, creating and loading data into databases, and performing initial program testing. These steps are out- lined next and are discussed in the following sections:
1. Code software components. 2. Create and load data. 3. Perform unit testing.
Code Software Components Software code must be written according to defined design specifications so that the system meets user and business needs and operates in the manner the user expects. Most software development organizations use a variety of soft- ware tools to generate program source code that conforms to those specifica- tions. The following list includes a sampling of these types of software tools:
● Some template-driven code generators can create source code automati- cally. CodeSmith Generator is an example of a template-driven code generator that automates the creation of common application source code for several languages (e.g., C#, Java, VB, PHP, ASP.NET, and SQL). The templates are designed to create typical types of business programs. Developers using CodeSmith Generator can modify a template or create a customized template to generate necessary code.16
● Screen painter programs are used to design new data-entry screens for software applications. This easy-to-use software allows developers to create screens by “painting” them and then use “dialog boxes” to define the characteristics of the data that goes in each field.
● Menu-creation software allows users to develop and format menus with features such as color palettes, graphics characters, automatically gener- ated boxes, headings, and system variables.
● Report generator software captures an image of a desired report and generates the code to produce that report based on the database and database schema you are using. In many cases, users can design and code reports with this software.
The Arizona court system, which includes the State Supreme Court, 15 Superior Courts, 85 Municipal, and 76 Limited Jurisdiction courts, decided to use software code generators to code components for a recent systems overhaul. All the courts must coordinate scheduling of court dates, keep track of state- issued citations, and track adults and juveniles on probation. Over time, the Arizona courts developed a number of systems using various programming lan- guages, making it difficult to modify programs to keep up with changes in the law. The court system is now rewriting many of its applications and standardiz- ing on the Microsoft ASP.NET architecture. The courts are using a software code generator called Visible Developer to generate 85 to 90 percent of the code.17
An organization also needs useful software documentation to accompany the software code. Technical documentation includes written details that computer operators follow to execute the program and that analysts and pro- grammers use to solve problems or modify the program. Technical documen- tation explains the purpose of every major piece of computer code. It also identifies and describes key variables.
User documentation is developed for the people who use the system. In easy-to-understand language, this type of documentation shows how the pro- gram can and should be used to perform user tasks. Linx Software produces LinxCRM, a customer relationship management system. The company imple- mented special software to help it create high-quality user documentation including annotated screen shots from the system. Linx also created a video to help train users.18
system construction: The phase of system development that converts the system design into an operational system by acquiring and installing hardware and software, coding and testing software programs, creating and loading data into databases, and performing initial program testing.
technical documentation: Written details used by computer operators to execute the program and by analysts and programmers to solve problems or modify the program.
user documentation: Written descriptions developed for people who use a program; in easy-to-understand language, it shows how the program can and should be used to meet the needs of its various users.
CHAPTER 8 • System Acquisition and Development 369
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Create and Load Data This step of the construction phase involves making sure that all files and databases are populated and ready to be used with the new information sys- tem. Data for the initial loading of a new database may come from several sources—the old files or database of the system being replaced, from files of other systems used in the organization, or from data sources purchased from an outside organization. In any case, it may be necessary to write new pro- grams to read the old data from these sources, reformat the data into a format compatible with the database design of the new system, and then merge these data sources together. Another program may be needed to edit the merged data for accuracy and completeness and to add new entities, attributes, and/ or relationships. For example, if an organization is installing a new customer relationship management program, a program might need to read the old cus- tomer contact data and convert it to a format that the new system can use. However, if the old customer contact data does not contain the same data, such as a separate “bill to” and “ship to” address for existing customers, this data may need to be added manually. The “bill to” address may be used to calculate to which of the organization’s sales regions the customer belongs for sales reporting and accounting purposes. For many projects, con- siderable time and effort is expended in creating and loading a new database. See Figure 8.14.
Reformat data from source 1
Reformat data from source 2
Edit and correct data
Manual corrections
Merge
Reformat data from source 3
Reformatted data 1
Data source 1
Data source 3
Reformatted data 2
Merged data
Edited and corrected
data
Correction file
Load and update
database
Database
Reformatted data 3
Data source 2
FIGURE 8.14 Database preparation tasks Creating and loading a new database can take considerable resources.
370 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Perform Unit Testing With the programs written and the database available, it is now possible for the developers to do initial testing of code components. This process is called unit testing, which involves testing individual components of code (subrou- tines, modules, and programs) to verify that each unit performs as designed. Unit testing is accomplished by developing test data that ideally will force an individual component to execute all of its various functions and user features. In addition, each program is tested with abnormal input to determine how it will handle erroneous input. As testers find problems, they modify the pro- grams to work correctly. A good set of unit tests can be saved and rerun each time any code is changed to quickly detect any new defects.
Integration and Testing Several types of testing must be conducted before a new or modified informa- tion system is ready to be put into production. These tests are outlined next and discussed in the following sections:
1. Integration testing 2. System testing 3. Volume testing 4. User acceptance testing
Integration Testing Integration testing involves linking individual components together and test- ing them as a group to uncover any defects in the interface between one com- ponent and another (e.g., component 1 fails to pass a key parameter to component 2). Even if unit testing is successful, developers cannot assume that individual components can be combined into a working system. Unfortunately, one component that functions incorrectly can affect another component and, if these problems go undetected, they can cause serious trouble later.
System Testing System testing involves testing the complete, integrated system (hardware, software, databases, people, and procedures) to validate that the information system meets all specified requirements. System testing is often done by inde- pendent testers who were not involved in developing program code. They attempt to make the system fail. They frequently employ testing called black box testing because it requires no specific knowledge of the application’s code and internal logic. In other words, the system tester is aware of what the software is supposed to do but is not aware of how it does it.
Volume Testing Volume testing involves evaluating the performance of the information system under varying yet realistic work volume and operating conditions (e.g., data- base size, number of concurrent users, number of transactions, and number of queries). The goals of volume testing are to determine the work load at which systems performance begins to degrade and to identify and eliminate any issues that prevent the system from reaching its required system-level performance.
User Acceptance Testing During user acceptance testing (UAT), trained users test the information sys- tem to verify that it can complete required tasks in a real-world operating environment and perform according to the system design specifications. UAT is also known as beta testing, application testing, and end-user testing. Unlike system testing, which ensures that the system itself works, UAT determines whether the system meets its intended business needs.
unit testing: Testing of individual components of code (subroutines, modules, and programs) to verify that each unit performs as designed.
integration testing: Testing that involves linking all of the individual components together and testing them as a group to uncover any defects in the interfaces between individual components.
System testing: Testing the com- plete, integrated system (hardware, software, databases, people, and pro- cedures) to validate that the information system meets all specified requirements.
volume testing: Testing to evaluate the performance of the information system under varying yet realistic work volume and operating conditions to determine the work load at which system performance begins to degrade and to identify and eliminate any issues that prevent the system from reaching its required service-level performance.
user acceptance testing (UAT): Testing performed by trained system users to verify that the system can complete required tasks in a real-world operating environment and perform according to the system design specifications.
CHAPTER 8 • System Acquisition and Development 371
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
UAT is a critical activity that must be completed successfully before newly developed software can be rolled out to the market. In the case of implement- ing a software package or software developed by an outside organization, the customer performs user acceptance testing before accepting transfer of owner- ship. UAT involves the following steps:
1. The UAT test team is selected from the set of likely users. 2. The UAT test team is trained using the currently available training material. 3. The overall UAT strategy and schedule is defined. 4. The UAT team designs test cases to exercise the functions and features of
the information system. 5. The test cases are documented in a clear and simple step-by-step manner
to make the tests easy to execute. 6. The UAT team executes the defined test cases and documents the results
of each test. 7. The software development team reviews the test results and makes any
required changes to the code so it meets the design specifications. 8. The UAT team retests the information system until all defects have been
fixed or it is agreed that certain defects will not be fixed. 9. The UAT team indicates its acceptance or nonacceptance of the informa-
tion system. If accepted, the information system is ready to be fully implemented.
10. The UAT team provides feedback on the user training material so it can be updated and improved.
Prior to releasing a new software package or a major revision of an exist- ing package, commercial software development organizations conduct alpha and beta testing. Alpha testing is a limited internal acceptance test where employees of the software development organization and a limited number of other “friendlies” use the software and provide feedback. After fixing pro- blems uncovered in alpha testing, the developer makes a beta test version of the software available to potential users outside the organization. For exam- ple, Microsoft might make a free beta test version of software available on the Internet to increase the amount of feedback.
Most software manufacturers and third-party software developers have a user acceptance document—a formal agreement the end user organiza- tion signs stating that a phase of the installation or the complete system is approved. This is a legal document that usually removes or reduces the IS vendor’s liability for problems that occur after the user acceptance docu- ment has been signed. Because this document is so important, many com- panies get legal assistance before they sign it. Stakeholders can also be involved in acceptance testing to make sure that their benefits are indeed realized.
Table 8.9 summarizes five types of testing: unit testing, integration testing, system testing, volume testing, and user acceptance testing.
Implementation A number of steps are involved in system implementation. These are outlined next and discussed in the following sections.
1. User preparation 2. Site preparation 3. Installation 4. Cutover
User Preparation User preparation is the process of readying managers, decision makers, employees, system users, and stakeholders to accept and use the new system.
user acceptance document: A formal agreement that the organization signs stating that a phase of the instal- lation or the complete system is approved.
user preparation: The process of readying managers, decision makers, employees, other users, and stake- holders to accept and use the new system.
372 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Ideally, user preparation begins in the early stages of system investigation and continues through implementation.
The major challenges to successful implementation of an information sys- tem are often more behavioral than technical. Successfully introducing an information system into an organization requires a mix of organizational change skills and technical skills. Strong, effective leadership is required to overcome the behavioral resistance to change and achieve a smooth and suc- cessful system introduction.
The dynamics of how change is implemented can be viewed in terms of the Lewin and Schein three-stage model for change: (1) ceasing old habits and creating a climate that is receptive to change; (2) learning new work methods, behaviors, and systems; and (3) reinforcing changes to make the new process second nature, accepted, and part of the job.
Leavitt’s Diamond is a change model that proposes that every organiza- tional system is made up of people, tasks, structure, and technology—any change in one of these elements will necessitate a change in the other three ele- ments. Thus, to successfully implement a new information system, appropriate changes must be made to the people, structure, and tasks affected by the new system. People must be convinced to take a positive attitude to the change and be willing to exhibit new behaviors consistent with the change. Management might need to modify the reward system to recognize those who exhibit the desired new behaviors. Training in any required new skills is also necessary.
The technology acceptance model (TAM) specifies the factors that can lead to better attitudes about the use of a new information system, along with its higher acceptance and usage. Perceived usefulness and perceived ease of use strongly influence whether someone will use an information system. Man- agement can improve that perception by demonstrating that others have used the system effectively and by providing user training and support.
The diffusion of innovation theory cautions that adoption of any innova- tion does not happen all at once for all members of the targeted population;
TABLE 8.9 Tests conducted on an information system Form of Test What Is Tested Purpose of Test Who Does It
Unit Test individual units of the system.
Verify that each unit performs as designed.
Software developers
Integration Test all of the individual units of the information system linked together.
Uncover any defects between individual components of the information system.
Software developers or inde- pendent software testers, using black box testing measures
System Test the complete, integrated system (hardware, software, databases, people, and procedures).
Validate that the information system meets all specified requirements.
Independent test team, separate from the software development team
Volume Evaluate the performance of the information system under realistic and varying work volume and operating conditions.
Determine the work load at which system performance begins to degrade and identify and eliminate any issues that prevent the system from performing at the required service level.
System development team and members of the operations organization
User acceptance
Test the complete, integrated system (hardware, software, databases, people, and procedures).
Verify the information system can complete required tasks in a real-world operating envi- ronment and do this according to the system design specifications.
Trained users of the system
CHAPTER 8 • System Acquisition and Development 373
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
rather, it is a drawn-out process, with some people quicker to adopt the inno- vation than others. Rogers’ diffusion of innovation theory defined five catego- ries of adopters, each with different attitudes toward innovation. When promoting an innovation to a target population, first understand the charac- teristics of the target population that will help or hinder adoption of the inno- vation and then apply the appropriate strategy. This theory can be useful in planning the roll-out of a new information system.
Because user training is so important, some companies employ a variety of training approaches including in-house, software, video, Internet, among others. The material used to train the UAT team can serve as a starting point, with changes based on feedback from the test team.
The eventual success of any system depends not only on how users work with it, but how well the IS personnel within the organization can operate and support it. The IS personnel should also attend training sessions similar to those for the users, although their sessions can provide more technical details. Effective training will help IS personnel use the new system to per- form their jobs and support other users in the organization. IBM and many other companies use online and simulated training programs to cut training costs and improve effectiveness.
Site Preparation A location for the hardware associated with the new system needs to be pre- pared, a process called site preparation. For a small system, site preparation can be as simple as rearranging the furniture in an office to make room for a computer. The computer and associated hardware in a larger system might require special wiring, air conditioning, or construction. A special floor, for example, might have to be built and cables placed under it to connect the var- ious computer components, and a new security system might be needed to protect the equipment. The project team needs to consider the amount of site preparation that may be necessary and build sufficient lead time into the schedule to allow for it.
Today, most organizations place a priority on developing IS sites that are energy efficient and secure. One company, for example, installed special secu- rity kiosks that let company visitors log on and request a meeting with a com- pany employee. The employee can see the visitor on his or her computer screen and accept or reject the visitor. If the visitor is accepted, the kiosk prints a visitor pass, which allows the person access to the building.
M&T Bank is the largest deposit holder in western New York, with head- quarters in Buffalo. The bank invested around $60 million in data centers over a three-year period to meet current business needs and strengthen its backup systems in case of disasters.19
Installation Installation is the process of physically placing the computer equipment on the site and making it operational. Although normally the manufacturer is responsible for installing computer equipment, someone from the organiza- tion (usually the IS manager) should oversee the process, making sure that all equipment specified in the contract is installed at the proper location. After the system is installed, the manufacturer performs several tests to ensure that the equipment is operating as it should.
Cutover Cutover is the process of switching from an old information system to a replacement system. Cutover is critical to the success of the organization; if not done properly, the results can be disastrous.
Hershey’s, the largest chocolate manufacturer in North America, provides a classic example of a failed system cutover. The company planned to
site preparation: Preparation of the location of a new system.
installation: The process of physically placing the computer equipment on the site and making it operational.
cutover: The process of switching from an old information system to a replacement system.
374 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
upgrade a mix of legacy information systems into an integrated environment of the latest software from leading vendors, including SAP for ERP functional- ity, Manugistics for supply chain management, and Siebel for customer relation- ship management. The cutover was targeted for July, one of the company’s busiest months, when it was shipping orders for Halloween and Christmas. Unfortunately, Hershey’s was not well prepared, and the cutover was a fiasco. As a result, Hershey was unable to process over $100 million worth of orders. The resulting operational paralysis led to nearly a 20 percent drop in quarterly profits and an 8 percent decline in share price.
Organizations can follow one of several cutover strategies. See Figure 8.15. Direct conversion (also called plunge or direct cutover) involves stopping the old system and starting the new system on a given date. Direct conver- sion is a high-risk approach because of the potential for problems and errors when the old system is shut off and the new system is turned on at the same instant.
Shell is one of the largest corporations in the world, with recent annual revenues exceeding $265 billion.20 One of Shell’s major business units is called Downstream, an organization that converts crude oil into a range of refined products, which are moved and marketed around the world for domestic, industrial, and transport use. 21 The 37,000 workers in 36 countries in the Downstream business rely on SAP-based software to complete their
FIGURE 8.15 System cutover strategies Cutover can be through direct conversion, phase-in approach, pilot start-up, or parallel start-up.
New system
Direct conversion
Phase-in approach (by component) or pilot start-up (by group)
Parallel start-up
Old system component 1 or group 1
Old system component 2 or group 2
Old system
New system
Old system
Cutover 1
Cutover
Cutover 3Cutover 2
Old system component 3 or group 3
New system
direct conversion: A cutover strat- egy that involves stopping the old sys- tem and starting the new system on a given date; also called plunge or direct cutover.
CHAPTER 8 • System Acquisition and Development 375
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
work, making it a mission-critical application. A few years ago, Shell decided to upgrade to a new version of the Downstream software to access new func- tions and support services. The planning and work involved in completing the world’s largest SAP upgrade culminated in a direct cutover 18 months after that project started. Shell had many tasks to accomplish before the cutover, including updating several databases, installing new application servers, repla- cing hardware, and expanding storage capacity by 30 percent. Despite its huge complexity and the high risk associated with such a major cutover, the upgrade was a success.22
Many organizations follow a phase-in approach, where components of the new system are slowly phased in while components of the old one are slowly phased out. When everyone is confident that all components of the new system are performing as expected, the old system is completely phased out. This gradual replacement is repeated for each component until the new system has fully replaced the old system. In some cases, the phase-in approach, also called a piecemeal approach, can take several months.
Pilot start-up involves running the complete new system for one group of users rather than for all users. For example, a manufacturing company with many retail outlets throughout the country could use the pilot start-up approach and install a new inventory control system at one of its retail outlets. When the system runs without problems at the pilot location, the new inven- tory control system can then be implemented at other outlets, one by one.
Parallel start-up involves running both the old and new systems for a period of time. The performance and output of the new system are compared closely with the performance and output of the old system, and any differ- ences are reconciled. When users are comfortable that the new system is working correctly, the old system is eliminated.
System Operation and Maintenance The steps involved in system operation and maintenance are outlined next and discussed in the following sections.
1. Operation 2. Maintenance 3. Disposal
Operation System operation involves the use of a new or modified system under all kinds of operating conditions. Getting the most out of a new or modified sys- tem during its operation is the most important aspect of system operations for many organizations. To provide adequate user support, many companies establish a formal help desk for their employees and customers. A help desk consists of computer systems, manuals, people with technical expertise, and other resources needed to solve problems and give accurate answers to ques- tions. End users, who experience problems accessing or using an information system, can access the help desk’s Web site or request support via a call or text to the help desk.
Monitoring is the process of measuring system performance by tracking the number of errors encountered, the amount of memory required, the amount of processing or CPU time needed, and other performance indicators. If a particular system is not performing as expected, it should be modified or a new system should be developed or acquired.
System performance products can measure all components of an informa- tion system, including hardware, software, database, and network systems. Microsoft Visual Studio, for example, has features that allow system developers to monitor and review how applications are running and performing, enabling
phase-in approach: A cutover strategy that involves slowly replacing components of the old system with those of the new one; this process is repeated for each component until the new system is running every compo- nent and performing as expected; also called a piecemeal approach.
pilot start-up: A cutover strategy that involves running the complete new system for one group of users rather than for all users.
parallel start-up: A cutover strategy that involves running both the old and new systems for a period of time and closely comparing the output of the new system with the output of the old sys- tem; any differences are reconciled. When users are comfortable that the new system is working correctly, the old system is eliminated.
system operation: Involves the use of a new or modified system under all kinds of operating conditions.
monitoring: The process of measur- ing system performance by tracking the number of errors encountered, the amount of memory required, the amount of processing or CPU time needed, and other performance indicators.
376 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
developers to make changes if needed. IBM Tivoli OMEGAMON XE is a suite of performance monitors designed for the analysis of IBM mainframe operating systems—such as z/OS and z/VM—and various subsystems, such as CICS, DB2, and IMS. Precise Software Solutions has system performance products that pro- vide around-the-clock performance monitoring for ERP systems, Oracle database applications, and other programs.23 HP also offers a software tool called Business Technology Optimization (BTO) to help companies analyze the performance of their computer systems, diagnose potential problems, and take corrective action if needed. When properly used, system performance products can quickly and efficiently locate actual or potential problems.
Allscripts is a $2.6 billion publicly traded company that provides practice management, electronic healthcare records, and financial software to hun- dreds of physician practices, hospitals, and other healthcare organizations. Its customers typically have between 7 and 20 servers running Allscripts applica- tions at all times, and keeping the software running without interruption is a major challenge. To solve this problem, Allscripts has its customers install eG performance monitoring software from Citrix to monitor the network, operat- ing system, and applications on its servers. This enables Allscripts to quickly identify and fix system and software problems before they affect users.24
System review is the process of analyzing a system to make sure it is operating as intended. System review often compares the performance and benefits of the system as it was designed with the actual performance and benefits of the system in operation.
U.S. citizens were alarmed and dismayed when an audit of 731 Veterans Affairs (VA) hospitals and clinics found that some 57,000 veterans nationwide in need of medical care experienced wait times of 90 days or longer for their first medical appointments. An additional 64,000 veterans were not even on the VA electronic waiting list for doctor appointments that they had requested. Shockingly, 13 percent of VA employees interviewed said they were told to falsify records so that wait times would appear shorter.25 In a separate audit of its information systems, the VA inspector reported that the agency had continuing problems protecting its mission-critical systems. The audit found that although the VA had made progress developing security poli- cies and procedures, it still suffered from “significant deficiencies related to access controls, configuration management controls, continuous monitoring controls, and service continuity practices designed to protect mission-critical systems.”26 It is not clear to what degree these system shortcomings contrib- uted to the incorrect reporting of wait times.
Internal employees, external consultants, or both can perform a system review. An organization’s billing application, for example, might be reviewed for errors, inefficiencies, and opportunities to reduce operating costs. In addi- tion, the billing application might be reviewed if corporations merge, if one or more new managers require different information or reports, or if federal laws on bill collecting and privacy change. This is an event-driven approach to system review.
Maintenance System maintenance is a stage of system development that involves chang- ing and enhancing the system to make it more useful in achieving user and organizational goals. Reasons for program maintenance include the following:
● Poor system performance, such as slow response time for frequent transactions
● Changes in business processes ● Changes in the needs of system stakeholders, users, and managers ● Bugs or errors in the program ● Technical and hardware problems
system review: The process of analyzing a system to make sure it is operating as intended.
system maintenance: A stage of system development that involves changing and enhancing the system to make it more useful in achieving user and organizational goals.
CHAPTER 8 • System Acquisition and Development 377
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
● Corporate mergers and acquisitions ● Changes in government regulations ● Changes in the operating system or hardware on which the application
runs
Organizations can perform system maintenance in-house, or they can hire outside companies to perform maintenance for them. Many companies that use information systems from Oracle or SAP, for example, hire those compa- nies to maintain their systems. System maintenance is important for indivi- duals, groups, and organizations. Individuals looking to system-maintenance services, for example, can use the Internet, computer vendors, and indepen- dent maintenance companies, including YourTechOnline.com (www.yourte chonline.com), Geek Squad (www.geeksquad.com), and PC Pinpoint (www .pcpinpoint.com). Organizations often have personnel dedicated to system maintenance. Software maintenance for purchased software can cost 20 per- cent or more of the purchase price annually.
The maintenance process can be especially difficult for older software. A legacy system is an old system, which might have cost millions of dollars to develop, patch, and modify over the years. The maintenance costs for legacy systems can become quite expensive, and, at some point, it becomes more cost effective to switch to new programs and applications than to repair and maintain the legacy system.
Royal Bank of Scotland (RBS) and National Westminster Bank (NatWest) are two of the United Kingdom’s largest and most established banks. How- ever, some customers of these banks have experienced problems using ATMs or debit cards due to problems with legacy banking systems. Some of the banks’ systems are over 30 years old and were originally designed to handle simple branch banking. Over the years, the banks have had to make changes to support ATMs, online banking, and mobile banking as well as changes to accommodate new regulatory requirements. Many of these changes were implemented by different development teams using different programming languages running on different computers and operating systems, making it impossible for one person or team to fully comprehend the entire system.27
The two banks recently announced that they will be spending £1 billion (approximately $1.7 billion USD) to improve their personal and small busi- ness banking services to make it easier for customers on the move.28
Four generally accepted categories signify the amount of change involved in maintenance. A slipstream upgrade is a minor system upgrade—typically a code adjustment or minor bug fix. Many companies don’t announce to users that a slipstream upgrade has been made; however, because a slip- stream upgrade usually requires recompiling all the code, it can create entirely new bugs. This maintenance practice explains why the same computers some- times work differently with what is supposedly the same software. A patch is a minor change to correct a problem or make a small enhancement. The fix is usually patched into an existing program; that is, the programming code representing the system enhancement is usually added to the existing code. Many patches come from off-the-shelf software vendors. Although slipstream upgrades and patches are minor changes, they can cause users and support personnel big problems if the programs do not run as before. A new release is a significant program change that often requires changes in the documenta- tion of the software. Finally, a new version is a major program change, typi- cally encompassing many new features. Figure 8.16 shows the relative amount of change and effort required to test and implement these four cate- gories of system maintenance.
Because of the amount of effort that can be spent on maintenance, many organizations require a request for maintenance form to be completed and approved before authorizing the modification of an information system. This
slipstream upgrade: A minor system upgrade-typically a code adjustment or minor bug fix; it usually requires recompiling all the code, and in so doing, it can create entirely new bugs. patch: A minor system change to correct a problem or make a small enhancement; it is usually an addition to an existing program.
release: A significant program change that often requires changes in the documentation of the software.
version: A major program change, typically encompassing many new features.
378 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
form is usually signed by a business manager who documents the need for the change and identifies the priority of the change relative to other work that has been requested. The IS group reviews the form and identifies the programs that need to be changed, determines the programmer to assign to the project, estimates the expected completion date, and develops a technical description of the change. A cost/benefit analysis might be required if the change requires substantial resources. The completed change request is then reviewed and pri- oritized relative to the other change requests that have been made.
Disposal At some point, an existing information system may become obsolete, uneco- nomical to operate and/or maintain, or unrepairable. Information systems typically evolve to this stage in the life cycle because the system can no longer be modified to keep up with changing user and business requirements, outdated technology causes the system to run slowly or unreliably, or key vendors are no longer able or willing to continue to provide necessary service or support.
System disposal is a stage of system development that involves those activ- ities that ensure the orderly dissolution of the system, including disposing of all equipment in an environmentally friendly manner, closing out contracts, and safely migrating information from the system to another system or archiving it in accordance with applicable records management policies. The steps involved in system disposal are outlined and discussed in the following sections.
1. Communicate intent. 2. Terminate contracts. 3. Make backups of data. 4. Delete sensitive data. 5. Dispose of hardware.
Communicate Intent A memo communicating the intent to terminate the infor- mation system should be distributed to all key stakeholders, months in advance of the actual shutdown. This ensures that everyone is aware of the shutdown and allows time for them to convert to the new system or process replacing the terminated system. For example, the Microsoft Windows XP operating system was released in 2001. Microsoft announced in September 2007 that it would end support of this popular operating system in April 2014. Despite the end-of-life announcement, an estimated 25 percent of con- sumers and businesses including 75 percent of ATMs in the United States had not converted to a replacement operating system by early 2014.29
FIGURE 8.16 System-maintenance efforts This chart shows the relative amount of change and effort associated to test and implement slipstream upgrades, patches, releases, and versions.
Patch Release Client effort to test and implement change
Slipstream upgrade
Amount of change
to system
Version
system disposal: A stage of system development that involves those activities that ensure the orderly disso- lution of the system, including disposing of all equipment in an environmentally friendly manner, closing out contracts, and safely migrating information from the system to another system or archiving it in accordance with applicable records management policies.
CHAPTER 8 • System Acquisition and Development 379
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
Terminate Contracts The various vendors who provide hardware, software, or services associated with the information system must be notified well in advance to avoid any penalty fees associated with abrupt termination of a contract.
Make Backups of Data Prior to deleting files associated with the system, backup copies of data must be made according to the organization’s records- management policies.
Delete Sensitive Data Extreme care must be taken to remove customer, employee, financial, and company-sensitive data from all computer hardware and storage devices before disposing of it. Otherwise, an organization’s dis- carded equipment could become a treasure trove to competitors or identity thieves. When a file is deleted, the bits and pieces of the file physically stay on a computer hard drive until they are overwritten, and they can be retrieved with a data recovery program. To remove data from a hard drive perma- nently, the hard drive needs to be wiped clean. The program used should overwrite or wipe the hard drive several times. An alternative is to remove the hard drive and physically destroy it.
Dispose of Hardware After backing up and then removing data from drives, members of the project team can dispose of obsolete or damaged computer hardware. Governments, environmental agencies, and leading hardware man- ufacturers are attempting to reduce hazardous materials in electronic pro- ducts; however, some hardware components still contain materials that are toxic to the environment. Responsible disposal techniques should be used regardless of whether the hardware is sold, given away, or discarded. Many computer hardware manufacturers including Dell and HP have developed programs to assist their customers in disposing of old equipment.
Now that we have discussed the waterfall system development process, we turn our attention to discussion of the agile system development process.
User Acceptance Testing for New Accounting System You are a member of the finance and accounting organization of a midsized sporting goods retailer. You are knowledgeable of all facets of your firm’s current accounting systems and have been working in accounts receivable for the past three years. The firm is implementing a new cloud-based accounting system to han- dle general ledger, accounts payable, accounts receivable, and payroll tasks. You have been selected to plan and lead the user acceptance testing for the accounts receivable portion of the system. This will be a full-time activity for you over the next two to three months, and during that time, other employees will fill in to take care of most of your day-to-day responsibilities.
Review Questions 1. Outline the tasks that must be accomplished to successfully complete user
acceptance testing. 2. Your normal work activities and responsibilities have not allowed you time to
become familiar with this project and the new system and its capabilities. What actions would you take to get caught up quickly?
Critical Thinking Questions 1. How would you go about selecting and recruiting end users to participate in
the user acceptance testing? How would you determine how many end users are needed for testing?
2. What do you think might be the biggest barriers to completion of the user acceptance testing in a timely manner?
380 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Agile Development
Agile development is an iterative system development process that develops the system in “sprint” increments lasting from two weeks to two months. Unlike the waterfall system development process, agile development accepts the fact that system requirements are evolving and cannot be fully understood or defined at the start of the project. Agile development concentrates instead on maximizing the team’s ability to deliver quickly and respond to emerging requirements— hence the name agile. In an agile development project, the team stops and ree- valuates the system every two weeks to two months, giving it ample opportunity to identify and implement new or changed system requirements.30
Scrum is an agile development framework that uses a team-based approach in order to keep the development effort focused and moving quickly. Scrum emphasizes individuals and interactions over processes and tools, work- ing software over comprehensive documentation, customer collaboration over contract negotiation, and responding to change over following a plan.31
A scrum master is the person who coordinates all scrum activities, and a scrum team consists of a dozen or fewer people who perform all system development activities from investigation to testing so there is less personnel turnover than on the typical waterfall system development project. The scrum master does not fill the role of a traditional project manager and has no peo- ple management responsibilities. Instead, the primary responsibility of the scrum master is to anticipate and remove barriers to the project team produc- ing its deliverables and meeting the project schedule.32
The product owner is a person who represents the project stakeholders and is responsible for communicating and aligning project priorities between the stakeholders and development team. The product owner holds the prod- uct vision; he or she is responsible for describing what should be built and why—but now how.33
Using the scrum method, the product owner works with the stakeholders and team to create a prioritized list of project requirements called a product backlog. Next, a sprint planning session is held, during which the team selects the highest priority requirements from the top of the product backlog to cre- ate the sprint backlog; they then decide how to implement those require- ments. The team sets a certain amount of time—typically two to eight weeks—to complete its work. During the sprint, each day at the same time, the team meets briefly (15 minutes at most) to share information necessary for coordination. At this meeting, team members describe what they com- pleted the previous day and identify any obstacles that stand in their way of completing the day’s activities. The sprint is complete when the team presents a working system that incorporates the new requirements and that can be used and evaluated. During the sprint review meeting, the team shares what it learned from the current sprint iteration so that knowledge can be applied in the next sprint iteration. See Figure 8.17. Along the way, the scrum master keeps the team focused on its goals.34
Agile development requires cooperation and frequent face-to-face meet- ings with all participants, including system developers and users, as they modify, refine, and test the system’s capabilities and how it meets users’ needs. Organizations are using agile development to a greater extent today to improve the results of system development, including global projects requir- ing IS resources distributed in many locations. Agile is often better suited for developing smaller information systems than larger ones. During an agile project, the level of participation of stakeholders and users is much higher than in other approaches. Table 8.10 lists advantages and disadvantages of agile development.35
agile development: An iterative system development process that develops the system in "sprint" increments lasting from two weeks to two months.
scrum: An agile development framework that emphasizes a team- based approach in order to keep the development effort focused and moving quickly.
scrum master: The person who coordinates all the scrum activities of a team.
product owner: A person who represents the project stakeholders and is responsible for communicating and aligning project priorities between the stakeholders and development team.
CHAPTER 8 • System Acquisition and Development 381
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Extreme programming (XP) is a form of agile software development that promotes incremental development of a system using short development cycles to improve productivity and to accommodate new customer require- ments. Other essentials of extreme programming include programming in pairs, performing extensive code review, unit testing of all code, putting off the programming of system features until they are actually needed, use of a flat project management structure, simplicity and clarity in code, expecting changes in system requirements as the project progresses and the desired solution is better understood, and frequent communication with the customer and other programmers. These qualities make extreme programming compati- ble with agile software development.36
DevOps is the practice of blending the tasks performed by the develop- ment staff (who are typically responsible for design, coding, and testing) and the IT operations groups (who typically handle operational deployment tasks, such as server provisioning and job scheduling) to enable faster and more reliable software releases.37 This approach is key to successful agile develop- ment environments where organizations go live with new software releases every two to four weeks. And in many organizations, DevOps is being used as part of a continuous deployment strategy, in which releases are launched daily—and in some cases, multiple times a day. Many industry experts view DevOps as an outgrowth of the agile development movement, with an exten- sion of agile development principles to include systems and operations rather than just code.
Requirements refinement
meeting
Sprint planning session
Prioritized list of system requirements
(product backlog)
Requirements to implement
during this iteration (sprint backlog)
2–8 week sprint
Daily scrum meeting
Sprint review
meeting
Working system of
requirements implemented
so far
FIGURE 8.17 The Scrum agile software development process The Scrum agile approach develops a system in sprint increments lasting from two weeks to two months.
TABLE 8.10 Advantages and disadvantages of agile development Advantages Disadvantages
For appropriate projects, this approach puts an application into production sooner than any other approach.
It is an intense process that can burn out system developers and other project participants.
Documentation is produced as a by-product of completing project tasks.
This approach requires system analysts and users to be skilled in agile system development tools and agile techniques.
Agile forces teamwork and lots of interaction between users and stakeholders.
Agile requires a larger percentage of stakeholders’ and users’ time than other approaches.
extreme programming (XP): A form of agile software development that promotes incremental development of a system using short development cycles to improve productivity and to accom- modate new customer requirements.
DevOps: The practice of blending the tasks performed by the development and IT operations groups to enable faster and more reliable software releases.
382 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Under traditional software development approaches, the application development team gathers business requirements, writes code, and tests programs in an isolated development environment. The code is then released to the IT operations group to deploy in the real-world operational environment of end users. This involves gluing together all the components of an application, including databases, messaging infrastructure, external services, the passing and receiving of data to/from other systems, and third-party dependencies.
DevOps principles reshape all the move-into-production activities so that they become automated, collaborative, continuous, incremental, iterative, and self-service. Responsive teams adopt DevOps practices of self-service configu- ration, automated provisioning (using predefined procedures that are carried out electronically without requiring human intervention), continuous build, continuous integration, continuous delivery, automated release management, and incremental testing, as shown in Figure 8.18.
Although DevOps can mean slightly different things depending on how it is deployed at different companies, at its core, DevOps places a priority on collaboration, with operations staff and development engineers participating together, over the entire systems life cycle—from design and development through testing and implementation.38
Starwood Hotels and Resorts Worldwide used the DevOps approach with good success on a $150 million project aimed at redoing the company’s cen- tral reservation system. As Starwood has continued to implement DevOps, it has found the process has led to a more complete description of user require- ments, a 66 percent reduction in time to deploy systems, and 20 percent fewer errors in production.39
Table 8.11 compares the key features of the agile and waterfall system development processes.
FIGURE 8.18 DevOps is part of a continuous deployment strategy in which releases can be launched daily DevOps blends tasks performed by development staff and IT operations groups. Source: Chris Haddad, “Overcome DevOps Adoption Barriers to Accelerate Software Delivery,” Tech Well Insights, May 8, 2015, www.techwell.com/techwell-insights/2015 /05/overcome-devops-adoption-barriers- accelerate-software-delivery.
Define acceptance
criteria
Define acceptance
criteria
Define acceptance
criteria
PlanPlan
Automated testing
Automated testing
BuildBuild
Release
Release
DeployDeploy Continuous monitoring Continuous monitoring
OperateOperate
CHAPTER 8 • System Acquisition and Development 383
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
Firm’s First Agile Project You were hired into a new company that was impressed with your two years of experience as a scrum master on a variety of information systems projects. Your new firm has a large in-house information system development staff that is trained and experienced in the use of the waterfall software development process. You have been assigned responsibility as a scrum master for a key project that will be the firm’s first agile project. You have also been asked to train the project man- ager, team, and newly appointed product owner in the agile process and their associated roles and responsibilities.
Review Questions 1. As part of the team’s initial project kickoff meeting, you have been asked to
briefly summarize the differences between the waterfall and agile software development process. What would you say?
2. Following your discussion, one of the team members asks, “so why are we changing to a new software development process? We are all comfortable with the way we do things now.” What do you say?
Critical Thinking Questions 1. There is likely to be some confusion over the role of project manager, scrum
master, and product owner. What can you do to avoid this potential problem? 2. What other potential problems can you anticipate as the team moves forward
with its first agile project? What can be done to avoid these potential issues?
Buying Off-the-Shelf Software
Today, most organizations purchase or rent the software they need rather than make it—simply because it costs too much and takes too long to build a quality information system. Organizations elect to build proprietary systems only when its information system requirements are unique. This may be because of the nature of the business or because the organization is attempt- ing to build an information system that will provide it with a strategic compet- itive advantage.
A software application can vary from an unmodified, commercial off- the-shelf (COTS) software package at one extreme to a custom, written- from-scratch program at the other extreme. Between those two extremes is a range of options based on the degree of customization. A comparison of the
TABLE 8.11 Comparison of approaches to system development
Characteristic
Software Development Approach
Agile Waterfall
Description An iterative process that develops the sys- tem in sprint increments lasting 2–8 weeks; each increment focuses on implementing the highest priority requirements that can be completed in the allotted time
A sequential multistage process where work on the next stage cannot begin until the results of the previous stage are reviewed and approved or modified as necessary
Basic assumption System requirements cannot be fully defined at start of project
All critical system requirements must be fully defined before any coding begins
How requirements and design are defined
Users interacting with system analysts and working software
Users interacting with system analysts and system documentation and/or models
Associated processes Scrum Structured system analysis and design
384 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
two extreme approaches is shown in Table 8.12. One question that must be answered during system analysis phase is: which solution approach is best for this particular system? This decision is often called the make-or-buy decision.
Package Evaluation Phase As with system development, purchasing off-the-shelf software requires that an organization go through several steps to ensure that it purchases the soft- ware that best meets its needs and then implements it effectively. These steps are part of the package evaluation phase of a project that comes after the sys- tem analysis phase as shown in Figure 8.19. At this point in the project, the scope of the system and critical business and user requirements should be known. There should be a rough budget and schedule as well.
Package Evaluation Phase
1. Identify potential solutions. 2. Select top contenders. 3. Research top contenders. 4. Perform final evaluation of leading solutions. 5. Make selection. 6. Finalize contract.
Identify Potential Solutions The project team should make a preliminary assessment of the software mar- ketplace to determine whether existing packages can meet the organization’s needs. The primary tool for doing this is the request for information (RFI), a document that outlines an organization’s needs and requests vendors to respond with information about if and how they can meet those needs and the time and resources required. See Figure 8.20. The RFI outlines the scope of the desired system and preliminary system requirements based on the results so far of the system analysis. Importantly, the RFI should ask each ven- dor to identify two or three customers who may be contacted as references. The RFI is typically sent to several vendors who are thought to be capable of providing the desired software.
TABLE 8.12 Comparison of developed and off-the-shelf software Factor Develop (Make) Off-the-Shelf (Buy)
Cost The cost to build the system can be difficult to estimate accurately and is frequently higher than off-the-shelf
The full cost to implement an off-the-shelf solution is also difficult to estimate accurately but is likely to be less than a custom software solution
Needs Custom software is more likely to satisfy your needs
Might not get exactly what you need
Process improvement
Tend to automate existing business processes even if they are poor
Adoption of a package may simplify or streamline a poor existing business process
Quality Quality can vary depending on the program- ming team
Can assess the quality before buying
Speed Can take years to develop Can acquire it right now
Staffing and support Requires in-house skilled resources to build and support a custom-built solution
Requires paying the vendor for support
Competitive advantage
Can develop a competitive advantage with good software
Other organizations can have the same software and same advantage
request for information (RFI): A document that outlines an organiza- tion’s hardware or software needs and requests vendors to provide information about if and how they can meet those needs and the time and resources required.
CHAPTER 8 • System Acquisition and Development 385
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Select Top Contenders The project team will review the information provided by the vendors in response to the RFI and narrow their choice down to the most promising alternatives for further evaluation. This may require a visit to a vendor’s place of business to meet key managers and observe a demo of the vendor’s system. This selection is made on the basis on how well the vendor’s software appears to meet the organization’s needs, preliminary cost and timing esti- mates, information gleaned from references, and how easy the vendor has been to work with so far.
Research Top Contenders A final evaluation begins with a detailed investigation of the contenders’ pro- posals as well as in-depth discussions with two or three customers of each contender to learn about their experience with the vendor and the software.
FIGURE 8.19 Software package implementation process Software package implementation eliminates several of the phases of the waterfall approach.
Investigation
Systems analysis
Package evaluation
Integration & testing
Implementation
Request for Information Table of Contents
DESCRIPTION OF DESIRED SYSTEM PRELIMINARY SYSTEM REQUIREMENTS INFORMATION REQUESTED WHO TO CONTACT FOR FURTHER INFORMATION DATE RESPONSE DESIRED
FIGURE 8.20 Recommended table of contents for a request for information The RFI outlines the desired system and its requirements, identifying key pieces of data that the soft- ware vendor must include in the proposal.
386 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
An organization must carefully evaluate each vendor’s software package to see how well it supports the business processes that are within the scope of the project. Looking at each business process, the organization should deter- mine if the package supports the process fully and exactly as it needs to be performed. If not, must the software be modified to meet the organization’s requirements, or must the organization modify its business process? If an organization decides it must modify the software to meet its business require- ments, it must then determine who will do the necessary modifications, how long will they take, and how much will they cost.
Often purchased software must integrate with other existing software (e.g., a new accounts payable and accounts receivable software package must integrate with the firm’s existing general ledger system). The amount of effort required to modify the new software and existing software so that they work well together must be determined and taken into account as a major factor in selecting the final vendor and software.
For major software purchases, the contenders should be asked to make a final presentation and to fully demonstrate their solution using a performance evaluation test conducted in a computing environment (e.g., computing hardware, operating system software, database management system) and with a workload (e.g., number of concurrent users, database size, and number of transactions) that matches the intended operating conditions. Such a test can help measure system performance attributes such as ease of use and response time.
Make Selection Selecting the best software package solution involves weighing the following factors:
● How well the vendor’s solution matches the needs of the users and business
● The amount of effort required to integrate the new software with existing software
● Results of the performance evaluation test ● Relative costs (including any software modifications) and benefits ● The technical, economic, legal, operational, and schedule feasibility ● Input from legal and purchasing resources on the legal and financial
viability of the contender ● Feedback from customers on how well the software performs as well as
on the quality of the support provided by the vendor
Finalize Contract Once a selection is made, a contract with the vendor must be negotiated and finalized. Although the vendor may insist that everyone signs a standard con- tract, every contract should be thoroughly reviewed by experienced members of an organization’s legal and purchasing departments. Recognize that the standard contract is written from the vendor’s perspective and protects its interests, not yours. Request a copy of the vendor’s standard contract at the start of the software package evaluation process and allow at least two months for review and negotiation of a final contract.
Organizations that use the cloud-computing or software-as-a-service approach need to take special precautions in signing contracts with the ser- vice provider. The contract should clarify how the provider ensures data pri- vacy, handles discovery if there is a lawsuit, resolves service-level problems, and manages disaster recovery; it should also detail where the cloud- computing servers and computers are located. Organizations should confirm this information in discussions with other customers of the service provider and by a visit to the service provider’s facilities.
performance evaluation test: A comparison of vendor options con- ducted in a computing environment (e.g., computing hardware, operating system software, database manage- ment system) and with a workload (e.g., number of concurrent users, database size, and number of transactions) that matches its intended operating conditions.
CHAPTER 8 • System Acquisition and Development 387
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
A contract covering the modification of a software package should have provisions for monitoring system modification quality and progress, owner- ship and property rights of the new or modified system, contingency provi- sions in case something doesn’t work as expected, and dispute resolution if something goes wrong. Customizing the package actually changes the pack- age into custom-made software, resulting in the potential loss of support from the original vendor. This might necessitate third-party support, which should be factored into the contract negotiations.
Integration and Testing Several types of testing must be conducted before a software package is ready to be put into production. This is particularly true if the software package has been modified to meet the needs of the organization or the software package must inte- grate with existing information systems (e.g., a new accounts payable system must integrate with the organization’s existing general ledger system). The following types of tests, already discussed earlier in the chapter, need to be completed.
1. Integration testing 2. System testing 3. Volume testing 4. User acceptance testing
Implementation The organization cannot just count on the vendor to execute the implementa- tion of the package—full and active participation by the project’s stakeholders and end users is essential to success. Key implementation tasks include:
● Use data-flow diagrams to map current business processes and require- ments to the software, and identify any gaps that must be filled by chang- ing current processes or by modifying the software.
● Install the software and configure all of its capabilities and options to meet the project requirements.
● Customize any aspects of the solution needed for the organization. ● Integrate existing software with the new software. ● Train end users. ● Test the software to ensure that it meets all processes and requirements. ● Convert historical data from the old software so that it can be used by the
new software. ● Roll out the new software to users in a live work environment. ● Provide for ongoing end-user support and training.
Hospital Switches Electronic Health Record Software Midwest Regional Hospital (fictional) is a 500-bed general medical and surgical facility with 25,000 admissions and 7,500 annual inpatient and 17,500 outpatient surgeries annually. Its emergency room has 52,000 visits each year. It is a non- profit hospital that treats both adult and child patients. Over 1,200 nurses, techni- cians, doctors, and physicians practice at the hospital.
An electronic health record (EHR) is an electronic version of a patient’s medi- cal history that is maintained by the provider over time and may include all of the key administrative clinical data relevant to that person’s care, including demo- graphics, progress notes, problems, medications, vital signs, past medical history, immunizations, laboratory data, and radiology reports. The EHR automates access to this information, and the more sophisticated versions of EHR software can also produce an online “digital chart” that displays up-to-date patient information in
388 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
real time, complete with decision support tools for physicians and nurses. One of the key features of an EHR is that health information can be created and managed by authorized providers in a digital format capable of being shared with other providers across more than one healthcare organization, including laboratories, specialists, medical imaging facilities, pharmacies, emergency facilities, and school and workplace clinics.
Midwest Hospital was an early pioneer in the adoption of EHR software, implementing the technology in 2004. Unfortunately, the vendor that Midwest selected has not been able to keep up with evolving regulatory requirements and the changing needs of its healthcare clients. Its software is fast becoming obsolete, and it is rumored that the firm will soon eliminate support of its software. You have been hired as a consultant to lead a project to replace the original software with software from one of the current leading EHR software providers— Allscripts, Cerner Corporation, or Epic Systems Corporation.
Review Questions 1. Is there a need to conduct a preliminary software package evaluation? Why or
why not? 2. What tasks would you attempt to complete in your first two weeks as a project
leader?
Critical Thinking Questions 1. The hospital administrators have made it clear to you that the software vendor
must be chosen and the software installed as soon as possible. What measures do you feel comfortable taking to accelerate the process without raising the risk of choosing the wrong software or having a rough system start-up?
2. A safety-critical system is one whose failure or misuse may cause human injury or death. Given that an EHR system can be considered to be such a sys- tem, which tasks associated with software implementation deserve special attention?
Summary
Principle: Organizations can obtain software using one of two basic approaches: buy or build.
Buying off-the-shelf software is less risky and leads to quicker deployment; however, maintenance and support costs may become expensive with this approach, and the software may not be an exact match to the needs and work processes of the organization.
Building custom software can provide a better match to the current work processes of the organization and provide a potential competitive advantage; however, the cost can become extremely high, and it can take months or even years to develop the software.
Principle: A system under development following the waterfall approach moves from one phase to the next, with a management review at the end of each phase.
The set of activities involved in building information systems to meet users’ needs is called system development.
CHAPTER 8 • System Acquisition and Development 389
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
The waterfall system development process cycle is a sequential, multistage system development process in which work on the next stage cannot begin until the results of the current stage are reviewed and approved or modified as necessary. It is referred to as a waterfall process because progress is seen as flowing steadily downward (like a waterfall) through the various phases of development.
The phases of the waterfall system development process can vary from one company to the next, but many organizations use an approach with six phases: investigation, analysis, design, construction, integration and testing, and imple- mentation. Once the system is built, organizations complete the additional steps of operation and maintenance and disposition.
At the end of each phase, a review is conducted to ensure that all tasks and deliverables associated with that phase were produced and that they are of good quality. In addition, at the end of each phase, the overall project scope, costs, schedule, and benefits associated with the project are reviewed to ensure that the project is on track and worth completing. As a result, the waterfall system development process allows for a high degree of manage- ment control.
System investigation is the key initial phase in the development of a new or modified business information system. The purpose of this phase is to gain a clear understanding of the specifics of the problem to solve or the opportunity to address.
Joint application development (JAD) is a structured meeting process that can accelerate and improve the efficiency and effectiveness of not only the investigation phase but also the analysis and design phases of a system devel- opment project.
Functional decomposition is a technique used primarily during the investi- gation phase to define the business processes included within the scope of the system.
The technical, economic, legal, operational, and schedule feasibility are assessed during the feasibility analysis.
After a project has completed the investigation phase and been approved for further study, the next step is system analysis, which answers the question, “What must the information system do to solve the problem or capitalize on the opportunity?”
The overall emphasis of analysis is gathering data on the existing system, determining the requirements for the new system, considering alternatives within identified constraints, and investigating the feasibility of alternative solutions.
Identifying, confirming, and prioritizing system requirements is perhaps the single most critical step in the entire waterfall system development process because failure to identify a requirement or an incorrect definition of a require- ment may not be discovered until much later in the project, causing much rework, additional costs, and delay in the systems effort.
A data-flow diagram (DFD) is a diagram used during both the analysis and design phases to document the processes of the current system or to provide a model of a proposed new system. A DFD shows not only the various processes within the system but also where the data needed for each process comes from, where the output of each process will be sent, and what data will be stored and where.
The purpose of system design phase is to answer the question, “How will the information system solve this problem?” The primary result of the system design phase is a technical design that details system outputs, inputs, controls, and user interfaces; specifies hardware, software, databases, telecommunica- tions, personnel, and procedures; and shows how these components are
390 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
interrelated. In other words, system design creates a complete set of technical specifications that can be used to construct the information system.
During the design phase, designers must develop specific system security and controls for all aspects of the information system, including hardware, soft- ware, database systems, telecommunications, and Internet operations.
System construction converts the system design into an operational system by coding and testing software programs, creating and loading data into data- bases, and performing initial program testing.
Several types of testing must be conducted before a new or modified infor- mation system is ready to be put into production, including unit testing, inte- gration testing, system testing, volume testing, and user acceptance testing.
System implementation includes the following activities: user preparation, site preparation, installation, and cutover.
System operation involves using the new or modified system under all kinds of operating conditions. Getting the most out of a new or modified system during its operation is the most important aspect of system operation for many organizations.
System maintenance involves changing and enhancing the system to make it more useful in achieving user and organizational goals. There are many reasons why system maintenance is required.
System disposal involves those activities that ensure the orderly dissolution of the system, including disposing of all equipment in an environmentally friendly manner, closing out contracts, and safely migrating information from the system to another system or archiving it in accordance with applicable records management policies.
Principle: Agile development is an iterative system development process that develops a system in “sprint” increments lasting from two weeks to two months.
Unlike the waterfall system development process, agile development accepts the fact that system requirements are evolving and cannot be fully understood or defined at the start of the project. Agile development concen- trates instead on maximizing the team’s ability to deliver quickly and respond to emerging requirements—hence the name agile.
Scrum is an agile development framework that uses a team-based approach in order to keep the development effort focused and moving quickly. Scrum emphasizes individuals and interactions over processes and tools, working soft- ware over comprehensive documentation, customer collaboration over contract negotiation, and responding to change over following a plan.
A scrum master is the person who coordinates all scrum activities, and a scrum team consists of a dozen or fewer people who perform all system devel- opment activities from investigation to testing.
The product owner is a person who represents the project stakeholders and is responsible for communicating and aligning project priorities between the stakeholders and development team. The product owner holds the product vision; he or she is responsible for describing what should be built and why— but now how.
Extreme programming (XP) is another agile software development approach that promotes incremental development of a system using short development cycles to improve productivity and to accommodate new cus- tomer requirements.
DevOps is the practice of blending the tasks performed by the develop- ment and IT operations groups to enable faster and more reliable software releases. This approach is key to successful agile development.
CHAPTER 8 • System Acquisition and Development 391
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Principle: When buying off-the-shelf software, the effort required to modify the soft- ware package as well as existing software so that they work well together must be taken into account as a major factor in selecting the final vendor and software.
Today, most organizations purchase or rent the software they need rather than build it—simply because it costs too much or takes too long to build a quality information system.
The analysis team should make a preliminary assessment of the software marketplace to determine whether existing packages can meet the organiza- tion’s needs. The primary tool for doing this is the request for information (RFI), a document that outlines an organization’s hardware or software needs and requests vendors to respond with information about if and how they can meet those needs and the time and resources required.
A preliminary evaluation of software packages and vendors began dur- ing system analysis when the two or three strongest contenders were identi- fied. The final evaluation begins with a detailed investigation of the contenders’ proposals as well as discussions with two or three customers of each vendor.
Key Terms
agile development
cold site
cutover
data-flow diagram (DFD)
DevOps
direct conversion
disaster recovery plan
economic feasibility
extreme programming (XP)
feasibility analysis
hot site
installation
integration testing
joint application development (JAD)
legal feasibility
mission-critical processes
monitoring
operational feasibility
parallel start-up
Pareto principle (80–20 rule)
patch
performance evaluation test
phase-in approach
pilot start-up
product owner
release
request for information (RFI)
schedule feasibility
scrum
scrum master
site preparation
slipstream upgrade
system analysis
system construction
system disposal
system testing
system design
system investigation
system investigation report
system maintenance
system operation
system review
technical documentation
technical feasibility
unit testing
user acceptance document
user acceptance testing (UAT)
user documentation
user preparation
version
volume testing
waterfall system development process
392 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Chapter 8: Self-Assessment Test
Organizations can obtain software using one of two basic approaches: buy or build.
1. software is less risky and leads to quicker deployment; however, maintenance and support costs may become expensive. a. Custom b. Enterprise c. Off-the-shelf d. Personal productivity
2. software can provide a better match to the current work processes of the orga- nization and may provide a potential competitive advantage; however, software development can be extremely costly, and it can take months or even years to complete. a. Custom b. Enterprise c. Off-the-shelf d. Personal productivity
A system under development following the water- fall approach moves from one phase to the next, with a management review at the end of each phase.
3. Many organizations use a waterfall approach with six phases, including investigation, analysis, design, , integration and testing, and implementation.
4. The waterfall approach allows for a high degree of management control, but it does not allow for user interaction with the system until the inte- gration and testing phase, when the system is nearly complete. True or False?
5. The purpose of the system investigation phase is to . a. define what the information system must do
to solve the problem or capitalize on the opportunity
b. gain a clear understanding of the specifics of the problem to solve or the opportunity to address
c. gather data on the existing system and determine the requirements for the new system
d. identify, confirm, and prioritize system requirements
6. is a diagram used to document the processes of the current system or to provide a model of a proposed new system.
7. The overall emphasis of the phase is on gathering data on the existing system,
determining the requirements of the new system, considering alternatives within identified con- straints, and investigating the feasibility of alter- native solutions. a. investigation b. analysis c. design d. construction
8. The primary tool for assessing the software mar- ketplace to determine whether existing packages can meet the organization’s needs is the . a. system investigation report b. request for quotation c. RFI d. system design report
9. The phase converts the system design into an operational system by coding and testing software programs, creating and loading data into databases, and performing initial pro- gram testing. a. system analysis b. system construction c. system implementation d. system testing and integration
Agile development is an iterative system development process that develops a system in “sprint” increments lasting from two weeks to two months.
10. is an agile development framework that uses a team-based approach in order to keep the development effort focused and moving quickly.
11. In the scrum framework, the is a person who represents the project stakeholders and is responsible for communicating and align- ing project priorities between stakeholders and the development team. a. project manager b. scrum master c. product owner d. project sponsor
12. is the practice of blending the tasks performed by the development and IT operations groups to enable faster and more reliable soft- ware releases. a. Scrum b. Extreme programming c. JAD d. DevOps
CHAPTER 8 • System Acquisition and Development 393
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
When buying off-the-shelf software, the effort required to modify the software package as well as existing software so that they work well together must be taken into account as a major factor in selecting the final vendor and software.
13. A preliminary evaluation of software packages and vendors begins during the
phase when the two or three strongest conten- ders are identified. a. system investigation b. system design c. system analysis d. feasibility analysis
Chapter 8: Self-Assessment Test Answers
1. c 2. a 3. construction 4. True 5. b 6. Data-flow diagram 7. b
8. c 9. b 10. Scrum 11. c 12. d 13. c
Review Questions
1. What are primary characteristics of the water- fall system development process? What is the rationale for using the term “waterfall” to describe it?
2. Identify and state the purpose of each of the six phases of the waterfall system development process.
3. Why do many organizations have a formal pro- cess for requesting a system investigation?
4. What are the four different kinds of feasibility that must be assessed? Why is the feasibility of a system reviewed during the investigation, analy- sis, and design phases?
5. What is the difference between tangible and intangible benefits? Identify five tangible benefits that are frequently associated with an information system.
6. What are the key elements of a system investiga- tion report?
7. What is the purpose of studying the existing sys- tem during the analysis phase?
8. Identify several areas for which system security and control requirements need to be defined.
9. Identify and briefly describe six system perfor- mance factors.
10. What is a business continuity plan? What is a disaster recovery plan?
11. Identify and briefly describe four types of testing that are conducted during the integration and testing phase.
12. Define the terms slipstream upgrade, patch, release, and version as they relate to system maintenance.
13. What is the difference between the roles and responsibilities of a scrum master and product owner?
14. What is extreme programming (XP)? What is its goal? 15. An organization has selected and is now imple-
menting a software package. Identify three key factors that will determine the cost and time required for implementation.
Discussion Questions
1. Provide two examples of opportunities or pro- blems that are likely to trigger the need for an information system project.
2. Thoroughly discuss the pros and cons of buying versus building software.
3. What are the advantages and disadvantages of following the waterfall system development process?
4. Outline the steps necessary to conduct an effec- tive joint application development (JAD) session. Who should participate in such a session? What is the role of the JAD facilitator?
5. Once a project has successfully made it through the system investigation phase, should it ever be cancelled? Why or why not?
394 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
6. You have been assigned to write a newspaper report on a major information system project failure run by your school’s information system organization. Where would you start, and who would you speak with?
7. Why is it important for business managers to have a basic understanding of the system devel- opment process?
8. Define the Pareto principle, and discuss how it applies to prioritizing system requirements.
9. Identify and describe how three different change models that can be applied to improve
the probability of successful system implementation.
10. Describe and discuss the pros and cons of three different system cutover strategies.
11. What is the fundamental difference in approach between waterfall and agile system development?
12. How does DevOps support the agile system development process?
13. Identify and briefly discuss four key tasks asso- ciated with the successful implementation of a software package.
Problem-Solving Exercises
1. You are acquiring a new information system for The Fitness Center, a company with three fitness centers in your metropolitan area, with a total of 1,200 members and 20 to 30 full and part-time employees in each location. Through previous research efforts, the director of marketing has determined that your clientele is interested in a state-of-the-art software system to track all their fitness and health-related activities. Each piece of equipment in the gym will be modified to allow entry of the member’s ID number, record- ing the date, time of day, weight used, and number of reps or workout length. Members and fitness consultants want to be able to log in to the system from any computer or mobile device and see displays of various reports (calories burned, muscle groups worked, blood pressure, distance run, steps taken, etc.) for a user- specified time period. Use word-processing software to identify at least six high-priority requirements for such a system. Use a
spreadsheet or project management program to identify and schedule the tasks that must be performed in order to choose the best software package and implement it.
2. The preliminary investigation of a software proj- ect has been completed. Two different project teams have estimated the costs associated with the development and maintenance of a new sys- tem. One team based their estimates on the assumption that the waterfall system develop- ment process would be used for the project; the other team plans to follow the agile approach. A third option is to purchase off-the-shelf soft- ware that provides nearly all the benefits of a custom-built solution. Review the estimates below, and choose the best approach for the project: waterfall development, agile develop- ment, or off-the-shelf software implementation. Provide a solid rational for your choice. Identify any assumptions you must make in reaching your decision.
Waterfall Agile Off-the-Shelf Software
Total effort months to complete the system 45 38 6
Cost per effort month $10k $10k $10k
Cost of software package $350k
Elapsed time until a partial working version is available (months)
Not applicable 2 Not applicable
Elapsed time until all currently envisioned features are available (months)
8 5 3
Annual savings generated by the complete system $180k $180k $160k
3. A new sales ordering system needs a relational database that contains a customer table, a product inventory table, and an order table. Use a word-processing, graphics, or spread- sheet program to draw an entity-relationship
diagram showing the relationships among these entities. Next, design each of these tables showing the keys and attributes to be included in each table. Include five sample records for each table.
CHAPTER 8 • System Acquisition and Development 395
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Team Activities
1. Your team has been hired to define the scope and feasibility of a project to create a database of job openings and descriptions for the companies visiting your campus each term. Students would be able to log on to the system and request an appointment with each company’s recruiter. Recruiters would be granted access to each student’s summary transcript (courses taken, but no grades shown) and resume. Describe the tasks your team would perform to complete the system investigation phase. Who else needs to be involved in the system investigation? Develop a data-flow diagram that defines the scope of this system.
2. Your team has been selected to monitor the disposal of your school’s 10-year-old student-
registration system. Develop a list of the activities that need to be completed to complete this task. Which activities are of most concern?
3. You and your team have been hired to perform a system investigation for a fast food restaurant that wants to implement new tools and processes to improve its customer service. Currently, the restaurant has a poor reputation for not correctly filling customers’ orders and for taking too long to do it. Perform a functional decomposition to define the scope and basic requirements of such a system. Brainstorm some ideas to improve the situation, and choose one to pursue based on its technical, economic, legal, operational, and schedule feasibility.
Web Exercises
1. Do research on the Web to identify application development tools that support the rapid devel- opment of high-quality apps for both iPhone and Android-based smartphones. Develop a spread- sheet that summarizes the features and pros and cons of three of these tools.
2. Do research to identify the three leading elec- tronic health record (EHR) systems. Go on social media and find comments from the users
of these systems. If you were leading a project team to select an EHR system for a large hospital, which one would you choose? Why?
3. Do research to determine the current level of adoption of DevOps around the globe. Which organizations seem to be leaders in DevOps? What initiatives are these companies taking that makes them leaders?
Career Exercises
1. A new advertising and promotion-planning system is being developed for a major manu- facturer of consumer products. Management is seeking candidates to serve as the product owner on this key $2 million, six-month project. Identify some characteristics and desired expe- rience that the ideal candidate would possess.
2. Perform research to learn what is required to have a successful career as a software developer for smartphones. What sort of education and experience is needed? What personal characteris- tics would be helpful in such a career? How
would one get started in such a career, and what are starting salaries?
3. Identify an information system frequently employed by people in a career field you are inter- ested in. Discuss how you might be involved as a user in the development or acquisition of such a system for your future company. Identify three things that you could do as a project participant that would greatly improve the likelihood of a success- ful project. Now, identify three things that you could do (or fail to do) that could greatly diminish the probability of success of such a project.
396 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Case Studies
Case One
Etsy Uses DevOps for Rapid Deployment Looking for a unique gift—such as a personalized, hand- stamped fishing lure or maybe a vintage gold hairpin or even a crocheted hat for your cat? If so, you might want to join the 24 million active buyers who turn to the Web site Etsy as their source for handmade and vintage products—ranging from art and photography to clothing and jewelry to home décor and furniture.
Etsy was founded in 2005 in an apartment in Brooklyn, New York, by a small group of people who saw a need for an online exchange where crafters and artists could sell their handmade and vintage goods along with art and craft supplies. The company, which views itself as a global community of creative entrepreneurs, shoppers, manufacturers, and suppliers, now has more than 800 employees and a peer-to-peer e-commerce site that generated close to $2.4 billion in sales in 2015. Currently, the site has over 35 million items available for sale from 1.6 million active sellers around the world.
Early on, Etsy placed a high priority on developing a sophisticated technology platform to support its business, with an engineering culture centered around a philosophy that the company has dubbed “Code as Craft” (the company even operates an engineering blog under that name). However, as with many start-ups, the development of Etsy’s internal structures was not always carefully planned. As a result, siloes and other barriers to collaboration gradually developed across the company, affecting its ability to keep its software development efforts on the cutting edge.
Despite those challenges, the company grew rapidly, and as early as 2008, the company was deploying new releases to its site twice a week—a pace matched by few other companies at the time. However, each of those deployments typically took over four hours to complete, and according to Michael Rembetsy, vice president of technical operations at Etsy, “Deploys were very painful. We had a traditional mindset: developers write the code and ops deploys it.” That divide often resulted in faulty releases that shut down the site for prolonged periods, causing real concern for the users around the world who relied on the site to make a living.
When Chad Dickerson, who had spent years as CTO at Yahoo!, joined Etsy as its new CTO, he quickly brought in a new technical management team, which pushed the company to adopt a more agile approach to software development in order to roll out improvements and updates with greater ease and fewer disruptions. According to Jon Cowie, an operations engineer at Etsy, “Bringing that group in is what first planted the seed of DevOps and the move to a continuous rate of delivery, and it’s all really grown from there. As the company has grown, this idea that the closer
developers and operations work together and understand each other’s problems, the more the company can achieve, has really taken hold.”
Like many companies, Etsy was attracted to DevOps as a way to create a more responsive software development process—one that allows for continuous integration and deployment. However, adopting DevOps practices has also encouraged a more collaborative approach to development— a shift that has been both challenging and rewarding for the company. Notes Cowie, “The hardest part is getting the business culture right…. You may have to deal with stakeholders at different levels who may not like this idea of relinquishing some power or giving people access to systems they previously haven’t had.”
One of the big rewards for Etsy is that its developers are now able to push code to a production server up to 60 times a day. Often, the first release is to a limited audience of employees or a small, randomly selected group of users. With testing and feedback, the code can then be pushed to the entire Etsy community. According to Rembetsy, “We started to understand that if developers felt the responsibility for deploying code to the site they would also, by nature, take responsibility for if the site was up or down, take into consideration performance, and gain an understanding of the stress and fear of a deploy.”
As Rembetsy notes, “Mistakes happen, we find them, fix them, and move on. The important thing is to learn something from the process, and never make the mistake again in the future.”
Critical Thinking Questions 1. It is perhaps not surprising that Etsy was an early
adopter of DevOps. It is a relatively small company, with a start-up culture, and its move to DevOps was championed by company leaders. Do you think deploying DevOps practices would be more difficult in a larger, more established organization? How might a company begin to make the cultural changes needed to move to the more collaborative, rapid-deployment approach that DevOps offers?
2. At Etsy, new developers are expected to begin pushing code to production on day one. That expectation is one way Etsy encourages its employees to embrace change—and a certain degree of risk—instead of fear- ing it. Would you feel comfortable working as a busi- ness manager in a company that gives individual developers so much freedom and responsibility? What would be some of the advantages to a business man- ager of such a culture? What might be some of the disadvantages?
3. What would be some of the criteria you would use to measure the success of a shift to DevOps practices within a company?
CHAPTER 8 • System Acquisition and Development 397
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
SOURCES: “About Etsy,” Etsy, www.etsy.com/about/?ref=ftr, April 28, 2016; Dix, John, “How Etsy Makes DevOps Work,” Network World, February 19, 2015, www.networkworld.com/article/2886672/software /how-etsy-makes-devops-work.html; Donnelly, Caroline, “Case Study: What the Enterprise Can Learn from Etsy’s DevOps Strategy,” Compu- terWeekly, June 9, 2015, www.computerweekly.com/news/4500247782 /Case-study-What-the-enterprise-can-learn-from-Etsys-DevOps-strategy; Heusser, Matthew, “Continuous Deployment Done in Unique Fashion at Etsy.com,” CIO, March 12, 2012, www.cio.com/article/2397663/devel oper/continuous-deployment-done-in-unique-fashion-at-etsy-com.html; “What Is DevOps,” The Agile Admin, https://theagileadmin.com/what-is -devops, accessed April 27, 2016.
Case Two
British Telecom Spreading Agile Development across the Globe In 2005, British Telecom (BT) took a big risk: the company dropped its use of the waterfall system development process and embraced agile development. Previously, BT had outsourced the gathering of system requirements to a third company, which would typically take three to nine months to meet with customers and stakeholders and create a requirements list. Next, the project would move back to BT where programmers often struggled to interpret the requirements and then develop and test the system within 18 months—although some projects needed more time. In late 2005, however, BT took only 90 days to roll out a new Web-based system for monitoring phone traffic. The new system allowed traffic managers to change switches and other physical devices more quickly in order to handle shifts in load along BT’s telecommunications network. The success of this initial project reverberated throughout the IT world, as BT became the first telecommunications giant to adopt agile development—sometimes developing products in three 30-day iterative cycles.
The new system development approach had other advantages, too: programmers and customers communicated closely and teams from different locations around the world, initially the United Kingdom and India, worked together to develop the system. To overcome customer doubts, BT invited them to development “hot houses” to see how the agile development process worked. Many customers became such ardent believers that they adopted the agile approach themselves. In 2010, BT used its new system development process to create the 21st Century Next Generation Access Network process, which enjoyed an 80 percent return on its initial investment within its first year. Today, BT deploys agile development to service its customers across the globe.
In 2014, for example, BT applied the agile approach to deploy telepresence solutions for the international energy and chemical producer Sasol, a company with over 34,000 employees based in 37 countries. To oversee
its operations and interact with clients, senior Sasol managers based in South Africa were traveling millions of miles each year, which was not good for the managers, the company’s budget, or the planet. As an alternative, BT installed telepresence suites across South Africa and in Houston, London, Calgary, and Hamburg. Sasol achieved a 100 percent usage rate at each of these suites, and BT secured a five-year contract to provide continued support.
BT had one major concern about agile development: previously, the company had conducted 16 or 17 types of tests before deploying a new system. Many feared that a shorter life cycle meant compromising on quality assurance. However, BT now continues testing with customers after system setup and finds that testing the product with customer involvement has significant advantages.
“The main advantage I see is that you spend more time working on the right [system] features by talking to customers all the time and working on it,” says Kerry Buckley, a software developer who worked on the initial phone-traffic monitoring system. Moreover, software engineers working at BT are excited about working on customer-facing live applications. As one engineer notes, “All your work matters and will be released to the public.” Agile development at BT has taken system developers out of their isolated bubble, inspiring them, and proving to the IT world that agile development can work.
Critical Thinking Questions 1. Are there certain personal characteristics one should
look for in candidates who will participate in or lead agile system projects? If so, what are they, and why are they important?
2. How might the establishment of telepresence suites support the use of the agile system development pro- cess? What do you think are some of the capabilities of such suites?
3. How might extreme programming and DevOps provide further improvements in the BT system development process?
SOURCES: Hoffman, Thomas, “BT: A Case Study in Agile Programming,” InfoWorld, March 11, 2008, www.infoworld.com/d/developer-world /bt-case-study-in-agile-programming-112?page=0,0; Grant, Ian, “BT Switches to Agile Techniques to Create New Products,” ComputerWeekly, January 29, 2010, www.computerweekly.com/news/1280091969 /BT-switches-to-agile-techniques-to-create-new-products; “About Sasol: Overview,” Sasol, www.sasol.com/about-sasol/company-profile/over view; accessed July 8, 2014; “Turning a Far-Flung Organisation into a Single Community,” BT, July 9, 2014, http://letstalk.globalservices.bt .com/en; “Software Engineer, IVR at BT (British Telecom),” The JobCrowd, April 23, 2014, www.thejobcrowd.com/employer/bt-british -telecom/reviews/software-engineer-ivr-at-bt-british-telecom.
398 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Notes
1. Schuman, Evan, “What Amazon Is Doing with Its Supply Chain Could Devastate the Competition,” Computer- world, February 12, 2016, www.computerworld.com /article/3032656/retail-it/amazons-supply-chain-move -could-prove-devastating.html
2. Boulton, Clint, “Custom Software Drives Vitamin World Stores Remodeling,” CIO, Feb 12, 2016, www.cio.com /article/3033084/software/custom-software-drives -vitamin-world-stores-remodeling.html.
3. Boulton, Clint, “Walgreens CIO Starts with the Customer and Works Backward,” CIO, February 9, 2016, www.cio .com/article/3031054/vertical-industries/walgreens-cio -starts-with-the-customer-and-works-backward.html.
4. Boyd, Aaron, “Energy IT Project Failing due to Mismanage- ment, Poor Planning,” Federal Times, November 24, 2015, www.federaltimes.com/story/government/it/management /2015/11/24/eia-it-transformation/76307870/.
5. “Joint Application Development,” Liquid Mercury Solutions, http://liquidmercurysolutions.com/whatwedo /spdev/Pages/Joint-Application-Development.aspx, accessed February 21, 2016.
6. “Utilizing a Self-Steering Robotic Tractor in the Devel- opmental Phases of Rice,” Hitachi, www.hitachi.com.au /documents/news/150114-Utilizing-a-Self-steering -Robotic-Tractor-in-the-Developmental-Phases-of-Rice .pdf, accessed February 21, 2016.
7. “Ministry of Defence ‘Wasted Millions on Failed Computer System’,” Guardian, January 13, 2014, www .theguardian.com/uk-news/2014/jan/14/ministry-of -defence-failed-computer-system.
8. “LAPD Best Policing Practices through Early Interven- tion,” Sierra-Cedar, www.sierra-cedar.com/wp-content /uploads/sites/12/2015/07/CSS-LAPD.pdf, accessed February 22, 2016.
9. “Interagency Guidelines Establishing Information Secu- rity Standards,” Board of Governors of the Federal Reserve System, www.federalreserve.gov/bankinforeg /interagencyguidelines.htm, accessed June 9, 2014.
10. Ward, Brian, “The Importance of Good Interface Design,” heehaw.digital (blog), February 27, 2013, http://blog.heehaw.co.uk/2013/02/the-importance-of -good-interface-design.
11. Shneiderman, Ben and Plaisant, Catherine, Designing the User Interface: Strategies for Effective Human- Computer Interaction, 5.ed, 2009, Pearson: New York.
12. Porter, Joshua, “Principles of User Interface Design,” Bokardo (blog), http://bokardo.com/principles-of-user -interface-design/, accessed July 3, 2014.
13. “RecoverPoint,” EMC, www.emc.com/storage/recover point/recoverpoint.htm, accessed June 16, 2014.
14. “SteelEye LifeKeeper,” SteelEye Technology, Inc., www .ha-cc.org/high_availability/components/application _availability/cluster/high_availability_cluster/steeleye _lifekeeper, accessed June 16, 2014.
15. “NeverFail Application Continuous Availability,” VirtualizationAdmin.com, www.virtualizationadmin .com/software/High-Availability/Neverfail-for-VMware -VirtualCenter-.html, accessed June 16, 2014.
16. “CodeSmith Generator,” CodeSmith, www.codesmith tools.com/product/generator, accessed July 1, 2014.
17. “The Arizona Supreme Court Creates the Ultimate Outsource and Insource Simultaneously,” Visible, www .visible.com/News/arizona.htm, accessed July 2, 2014.
18. Dr. Explain Web site, www.drexplain.com/what-do -users-say, accessed July 14, 2014.
19. Kline, Allissa, “M&T to Invest $20M, Upgrade Data Center,” Buffalo Business First, March 10, 2014, www .bizjournals.com/buffalo/news/2014/03/10/m-t-to -invest-20m-in-data-center-upgrade.html.
20. “Selected Financial Data,” Shell, http://reports.shell.com /annual-report/2015/strategic-report/selected-financial -data.php, accessed April 26, 2016.
21. “Shell Businesses in the U.S.,” Shell, www.shell.us /aboutshell/shell-businesses.html, accessed July 8, 2014.
22. “A Record-Breaking Feat,” T-Systems, February 2013, www.t-systems.com/umn/global-collaboration-from -a-private-cloud-shell-pulls-off-the-largest-sap-upgrade -in-history-/1125808_2/blobBinary/Best-Practice_02 -2013_Shell_EN.pdf?ts_layoutId=1100966.
23. “Precise Application Performance Platform,” Precise, www.precise.com, accessed July 14, 2014.
24. “Allscripts,” eG Innovations, www.eginnovations.com /news/Allscripts_Case_study_letter_12914.pdf, accessed July 14, 2014.
25. Wagner, Dennis, “VA Scandal Audit: 120,000 Veterans Experience Long Waits for Care,” Azcentral, June 9, 2014, www.azcentral.com/story/news/arizona /investigations/2014/06/09/va-scandal-audit-veterans -delayed-care/10234881.
26. Brewin, Bob, “VA Failed to Protect Critical Computer Systems, Audit Finds,” Nextgov (blog), May 29, 2014, www.nextgov.com/defense/whats-brewin/2014/05 /va-failed-protect-critical-computer-systems-audit-finds /85429.
27. Osborne, Hilary, “Why Do Bank IT Systems Keep Failing?” Guardian, January 27, 2014, www.theguardian .com/money/2014/jan/27/bank-it-systems-keep-failing- lloyds-rbs-natwest.
28. “More than £1BN Committed to Improve Banking Ser- vices,” RBS, June 27, 2014, www.rbs.com/news/2014/06 /more-than-p1bn-committed-to-improve-banking -services.html.
29. “End of Windows XP Support Will Be Trouble for Busi- nesses and Consumers,” CBS Evening News, April 8, 2014, www.cbsnews.com/videos/end-of-windows-xp -support-will-be-trouble-for-businesses-consumers/.
30. “What Is Agile?” Agile Methodology, http://agile methodology.org, accessed August 3, 2014.
CHAPTER 8 • System Acquisition and Development 399
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
31. “Core Scrum: What Is Scrum?,” ScrumAlliance, www .scrumalliance.org/scrum/media/ScrumAllianceMedia /Files%20and%20PDFs/Learn%20About%20Scrum /Core-Scrum.pdf, accessed April 26, 2016.
32. “Learn About Scrum?” Scrum Alliance, www.scrumalliance .org/why-scrum, accessed April 26, 2016.
33. “Core Scrum: What Is Scrum?,” ScrumAlliance. 34. “Scrum Methodology,” My PM Expert, http://scrummethod
ology.com/, accessed August 3, 2014. www.my-project -management-expert.com/the-advantages-and-disadvan tages-of-agile-software-development.html, accessed August 3, 2014.
35. De Sousa, Susan, “The Advantages and Disadvantages of Agile Development,” My PM Expert, www.my-project -management-expert.com/the-advantages-and
-disadvantages-of-agile-software-development.html, accessed August 3, 2014.
36. “The Rules of Extreme Programming,” Extreme Pro- gramming, www.extremeprogramming.org/rules.html, accessed August 3, 2014.
37. Greene, Daniel, “What Is DevOps,” TechCrunch, May 1, 2015, http://techcrunch.com/2015/05/15/what-is-devops.
38. Barker, Colin, “What Is DevOps and Why Does It Mat- ter?,” ZDNet, www.zdnet.com/article/what-is-devops -and-why-does-it-matter.
39. Gates, Robert, “Hotel Hits the Gas Pedal with Souped Up DevOps Model,” TechTarget, March 7, 2016, http:// searchdatacenter.techtarget.com/news/4500278116 /Hotel-hits-the-gas-pedal-with-souped-up-DevOps -model.
400 PART 4 • System Development
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
PART 5 Information Systemsin Business and Society
Chapter 9 Cybercrime and Information System Security
Chapter 10 Ethical, Legal, and Social Issues of Information Systems
phoenixman/Shutterstock.com
401 Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
CHAPTER
9 Cybercrime and Information System Security
igor.stevanovic/Shutterstock.com
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Know?Did Yo u
• A zero-day attack is one that takes place before the security community and/or software developers become aware of and fix a security vulnerability. While one would hope that the discoverer of a zero-day vulnera- bility would immediately inform the original software manufacturer so that a fix can be created for the problem, in some cases, this knowledge is sold on the black market to cyberterrorists, governments, or large organizations that may then use it to launch their own cyberattacks. For example, information about one zero-day vulnerability in Apple’s iOS reportedly sold for
$500,000. Packages of zero-day exploits have been sold to U.S. government contractors for $2.5 million a year.
• The volume of global phishing attacks is alarming. It is estimated that about 156 million phishing emails are sent each day, with 16 million of those successfully evading email filters. Of those, roughly 50 percent (or 8 million) are opened, and 800,000 recipients per day click on malicious URL links contained in the emails.
Principles Learning Objectives
• Computer crime is a serious and rapidly growing area of concern requiring management attention.
• Explain why computer incidents are so prevalent.
• Identify and briefly describe the types of com- puter exploits and their impact.
• Organizations must take strong measures to ensure secure, private, and reliable computing experiences for their employees, customers, and business partners.
• Describe the earmarks of a strong security program.
• Identify specific measures used to prevent com- puter crime.
• Outline actions that must be taken in the event of a successful security intrusion.
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Why Learn about Cybercrime and Information System Security? The security of data and information systems used in business is of utmost importance. Confidential business data and private customer and employee information must be safeguarded, and systems must be protected against malicious acts of theft or disruption. Although the need for security is obvious, it must often be balanced against other business needs. Business managers, IS professionals, and IS users all face a number of complex trade-offs regarding IS security, such as the following: How much effort and money should be spent to safeguard against computer crime? (In other words, how safe is safe enough?) What should be done if recommended computer security safeguards make conducting business more difficult for customers and employees, resulting in lost sales and increased costs? If a firm is a victim of a computer crime, should it pursue prosecution of the criminals at all costs, maintain a low profile to avoid the negative publicity, inform affected customers, or take some other action?
As you read this chapter, consider the following:
• What key trade-offs and ethical issues are associated with the safeguarding of data and information systems?
• What are the key elements of a multilayer process for managing security vulnerabilities based on the concept of reasonable assurance?
The Threat Landscape
The number of cybercrimes being committed against individuals, organiza- tions, and governments continues to increase, and the destructive impact of these crimes is also intensifying. The brands, reputation, and earnings of many organizations around the world have been negatively impacted by such crimes. As a result, organizations are putting in place a range of countermea- sures to combat cybercrime. For instance, the worldwide financial services industry spent $27.4 billion on IT security and fraud prevention in 2015.1
And a recent survey of more than 10,000 IT professionals around the world revealed the following:2
● 58 percent of global companies have an overall security strategy. ● 54 percent have a CISO (chief information security officer) in charge of
security. ● 53 percent have employee security-awareness and training programs. ● 52 percent have security standards for third parties. ● 49 percent conduct threat assessments. ● 48 percent actively monitor and analyze security intelligence.
In spite of all these countermeasures, however, the number of computer security incidents surged from 2014 to 2015 in the following industries: public sector organizations; entertainment, media and communications; technology and telecommunications companies; pharmaceuticals and life sciences; and power and utilities organizations.3
Why Computer Incidents Are So Prevalent Increasing computing complexity, higher computer user expectations, expanding and changing systems, an increase in the prevalence of bring your own device (BYOD) policies, a growing reliance on software with known vul- nerabilities, and the increasing sophistication of those who would do harm have caused a dramatic increase in the number, variety, and severity of secu- rity incidents are increasing dramatically.
404 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Increasing Complexity Increases Vulnerability The computing environment has become enormously complex. Cloud com- puting, networks, computers, mobile devices, virtualization, operating systems, applications, Web sites, switches, routers, and gateways are interconnected and driven by hundreds of millions of lines of code. This environment con- tinues to increase in complexity every day. The number of possible entry points to a network expands continually as more devices are added, increas- ing the possibility of security breaches.
Higher Computer User Expectations Today, time means money, and the faster computer users can solve a prob- lem, the sooner they can be productive. As a result, computer help desks are under intense pressure to respond very quickly to users’ questions. Under duress, help desk personnel sometimes forget to verify users’ identities or to check whether they are authorized to perform a requested action. In addition, even though most have been warned against doing so, some computer users share their login ID and password with other coworkers who have forgotten their own passwords. This can enable workers to gain access to information systems and data for which they are not authorized.
Expanding and Changing Systems Introduce New Risks Business has moved from an era of stand-alone computers, in which critical data was stored on an isolated mainframe computer in a locked room, to an era in which personal computers and mobile devices connect to networks with millions of other computers, all capable of sharing information. Busi- nesses have moved quickly into e-commerce, mobile computing, collaborative work groups, global business, and interorganizational information systems. Information technology has become ubiquitous and is a necessary tool for organizations to achieve their goals. However, it is increasingly difficult for IT organizations to keep up with the pace of technological change, successfully perform an ongoing assessment of new security risks, and implement approaches for dealing with them.
Increased Prevalence of Bring Your Own Device Policies Bring your own device (BYOD) is a business policy that permits, and in some cases encourages, employees to use their own mobile devices (smart- phones, tablets, or laptops) to access company computing resources and applications, including email, corporate databases, the corporate intranet, and the Internet. Proponents of BYOD say it improves employee productivity by allowing workers to use devices with which they are already familiar—while also helping to create an image of a company as a flexible and progressive employer. Most companies have found they cannot entirely prevent employ- ees from using their own devices to perform work functions. However, this practice raises many potential security issues as it is highly likely that such devices are also used for nonwork activity (browsing Web sites, blogging, shopping, visiting social networks, etc.) that exposes them to malware much more frequently than a device used strictly for business purposes. That mal- ware may then be spread throughout the company. In addition, BYOD makes it extremely difficult for IT organizations to adequately safeguard additional portable devices with various operating systems and a myriad of applications.
Growing Reliance on Commercial Software with Known Vulnerabilities In computing, an exploit is an attack on an information system that takes advantage of a particular system vulnerability. Often this attack is due to poor system design or implementation. Once the vulnerability is discovered, software developers create and issue a “fix,” or patch, to eliminate the problem. Users of
bring your own device (BYOD): A business policy that permits, and in some cases encourages, employees to use their own mobile devices (smart- phones, tablets, or laptops) to access company computing resources and applications, including email, corporate databases, the corporate intranet, and the Internet.
exploit: An attack on an information system that takes advantage of a particular system vulnerability.
CHAPTER 9 • Cybercrime and Information System Security 405
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
the system or application are responsible for obtaining and installing the patch, which they can usually download from the Web. (These fixes are in addition to other maintenance and project work that software developers perform.)
Any delay in installing a patch exposes the user to a potential security breach. The need to install a fix to prevent a hacker from taking advantage of a known system vulnerability can create a time-management dilemma for sys- tem support personnel trying to balance a busy work schedule. Should they install a patch that, if left uninstalled, could lead to a security breach, or should they complete assigned project work so that the anticipated project savings and benefits from the project can begin to accrue on schedule? According to Secu- nia, a provider of vulnerability intelligence and management tools, the number of new software vulnerabilities identified in 2014 jumped 18 percent from the previous year to 15,435—an average of 42 per day—as shown in Table 9.1.4,5
Clearly, it can be difficult to keep up with all the required patches to fix these vulnerabilities. Of special concern is a zero-day attack, which is an attack that takes place before the security community and/or software developers become aware of and fix a security vulnerability. While one would hope that the discoverer of a zero-day vulnerability would immediately inform the original software manufacturer so that a fix can be created for the problem, in some cases, this knowledge is sold on the black market to cyberterrorists, governments, or large organizations that may then use it to launch their own cyberattacks. For example, information about one zero-day vulnerability in Apple’s iOS reportedly sold for $500,000.6 On the other hand, the U.S. government has also chosen to keep information about vulnerabilities secret in cases in which government security experts have determined that the hole has “a clear national security or law enforcement” use. Packages of zero-day exploits have been sold to U.S. govern- ment contractors for $2.5 million a year.7
A serious zero-day vulnerability was discovered in Apple’s OS X El Capitan operating system, enabling hackers to circumvent the company’s System Integrity Protection (SIP), which is designed to prevent malicious code from modifying protected files and stealing sensitive data. The infection is difficult to detect, and even if users do discover it, it is impossible for them to remove the infection, since SIP would work against them, preventing users from reaching or altering the malware-laced system file. Apple patched the vulnerability in updates for El Capitan 10.11.4 and iOS 9.3 that were released on March 21, 2016.8
U.S. companies increasingly rely on commercial software with known vul- nerabilities. Even when vulnerabilities are exposed, many corporate IT organi- zations prefer to use already installed software as is rather than implement security fixes that will either make the software harder to use or eliminate “nice-to-have” features that will help sell the software to end users.
TABLE 9.1 Total number of new software vulnerabilities identified annually
Year Number of Software Vulnerabilities Identified
2007 7,540
2008 8,369
2009 7,716
2010 9,747
2011 9,307
2012 9,875
2013 13,075
2014 15,435
zero-day attack: An attack that takes place before the security community and/or software developers become aware of and fix a security vulnerability.
406 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Increasing Sophistication of Those Who Would Do Harm Previously, the stereotype of a computer troublemaker was that of an intro- verted “geek” working on his own and motivated by the desire to gain some degree of notoriety. This individual was armed with specialized, but limited, knowledge of computers and networks and used rudimentary tools, perhaps downloaded from the Internet, to execute his exploits. While such individuals still exist, it is not this stereotyped individual who is the biggest threat to IT security. Today’s computer menace is much better organized and may be part of an organized group (e.g., Anonymous, Chaos Computer Club, Lizard Squad, TeslaTeam) that has an agenda and targets specific organizations and Web sites. Some of these groups have ample resources, including money and sophisticated tools to support their efforts. Today’s computer attacker has greater depth of knowledge and expertise in getting around computer and network security safeguards. Table 9.2 summarizes the types of perpetrators of computer mischief, crime, and damage.
Types of Exploits There are numerous types of computer attacks, with new varieties being invented all the time. This section discusses some of the more common attacks, including ransomware, viruses, worms, Trojan horses, blended threat, spam, distributed denial-of-service, rootkits, advanced persistent threat, phish- ing, spear-phishing, smishing and vishing, identity theft, cyberespionage, and cyberterrorism.
While we usually think of such exploits being aimed at computers, smart- phones continue to become more computer capable. Increasingly, smart- phone users store an array of personal identity information on their devices, including credit card numbers and bank account numbers. Smartphones are used to surf the Web and transact business electronically. The more people use their smartphones for these purposes, the more attractive these devices become as targets for cyberthieves. One form of smartphone malware runs up charges on users’ accounts by automatically sending messages to numbers that charge fees upon receipt of a message.
Ransomware Ransomware is malware that stops you from using your computer or acces- sing your data until you meet certain demands such as paying a ransom or sending photos to the attacker. Computers become infected when users open
TABLE 9.2 Classifying perpetrators of computer crime Type of Perpetrator Description
Black hat hacker Someone who violates computer or Internet security maliciously or for illegal personal gain (in contrast to a white hat hacker who is someone who has been hired by an organization to test the security of its information systems)
Cracker An individual who causes problems, steals data, and corrupts systems
Malicious insider An employee or contractor who attempts to gain financially and/or disrupt a company’s infor- mation systems and business operations
Industrial spy An individual who captures trade secrets and attempts to gain an unfair competitive advantage
Cybercriminal Someone who attacks a computer system or network for financial gain
Hacktivist An individual who hacks computers or Web sites in an attempt to promote a political ideology
Cyberterrorist Someone who attempts to destroy the infrastructure components of governments, financial institutions, and other corporations, utilities, and emergency response units
ransomware: Malware that stops you from using your computer or accessing your data until you meet certain demands such as paying a ransom or sending photos to the attacker.
CHAPTER 9 • Cybercrime and Information System Security 407
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
an email attachment containing the malware or are lured to a compromised Web site by a deceptive email or pop-up window. Ransomware can also be spread through removable USB drives or Yahoo Messenger, with the payload disguised as an image.
Hollywood Presbyterian Medical Center was forced to shut down its com- puter network after hackers encrypted some of its data in February, 2016. Ini- tially, the hospital refused to pay the ransom, and hospital employees were forced to resort to paper, pencil, phones, and fax machines to carry out many of their tasks, including accessing patient data. The hospital sought help from the FBI, the Los Angeles Police Department, and cybersecurity consultants, but it was never able to access to the data. After a week, the hospital paid the ransom of $12,000. By February 15, access to the data was fully restored and there was no evidence that any patient or employee data had been accessed.9
Viruses Computer virus has become an umbrella term for many types of malicious code. Technically, a virus is a piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner. For example, the virus may be programmed to display a certain message on the computer’s display screen, delete or modify a certain document, or reformat the hard drive. Almost all viruses are attached to a file, so that when the infected file is opened, the virus executes. A virus is spread to other machines when a computer user shares an infected file or sends an email with a virus-infected attachment. In other words, viruses spread by the action of the “infected” computer user.
Macro viruses have become a common and easily created form of virus. Attackers use an application macro language (such as Visual Basic or VBScript) to create programs that infect documents and templates. After an infected document is opened, the virus is executed and infects the user’s application templates. Macros can insert unwanted words, numbers, or phrases into documents or alter command functions. After a macro virus infects a user’s application, it can embed itself in all future documents created with the application. The “WM97/Resume.A” virus is a Word macro virus spread via an email message with the subject line “Resume - Janet Simons.” If the email recipient clicks on the attachment, the virus deletes all data in the user’s computer or mobile device.
Worms Unlike a computer virus, which requires users to spread infected files to other users, a worm is a harmful program that resides in the active memory of the computer and duplicates itself. Worms differ from viruses in that they can propagate without human intervention, often sending copies of themselves to other computers by email. A worm is capable of replicating itself on your computer so that it can potentially send out thousands of copies of itself to everyone in your email address book, for example.
The negative impact of a worm attack on an organization’s computers can be considerable—lost data and programs, lost productivity due to workers being unable to use their computers, additional lost productivity as workers attempt to recover data and programs, and lots of effort for IT workers to clean up the mess and restore everything to as close to normal as possible. The cost to repair the damage done by each of the Code Red, SirCam, and Melissa worms was estimated to exceed $1 billion, with that of the Conficker, Storm, and ILOVEYOU worms totaling well over $5 billion.10,11
Trojan Horses A Trojan horse is a seemingly harmless program in which malicious code is hidden. A victim on the receiving end of a Trojan horse is usually tricked into
virus: A piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner.
worm: A harmful program that resides in the active memory of the computer and duplicates itself.
Trojan horse: A seemingly harmless program in which malicious code is hidden.
408 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
opening it because it appears to be useful software from a legitimate source, such as an update for software the user currently has installed on his or her computer. The program’s harmful payload might be designed to enable the hacker to destroy hard drives, corrupt files, control the computer remotely, launch attacks against other computers, steal passwords or spy on users by recording keystrokes and transmitting them to a server operated by a third party. A Trojan horse often creates a “backdoor” on a computer that enables an attacker to gain future access to the system and compromise confidential or private information.
A Trojan horse can be delivered via an email attachment, downloaded to a user’s computers when he or she visits a Web site, or contracted via a remov- able media device, such as a DVD or USB memory stick. Once an unsuspect- ing user executes the program that hosts the Trojan horse, the malicious payload is automatically launched as well—with no telltale signs. Common host programs include screen savers, greeting card systems, and games.
Department of Homeland Security (DHS) officials say they have evidence that harmful Trojan horse malware has been planted in the software that runs much of the U.S. critical infrastructure, including oil and gas pipelines, power transmission grids, water distribution and filtration systems, and even nuclear power generation plants. DHS believes that the malware was planted by the Russians as early as 2011 as a deterrent to a U.S. cyberattack on Russia. The Tro- jan horse would allow nonauthorized users to control or shut down key compo- nents of U.S. infrastructure remotely from their computer or mobile device.12
Another type of Trojan horse is a logic bomb, which executes when it is triggered by a specific event. For example, logic bombs can be triggered by a change in a particular file, by typing a specific series of keystrokes, or at a spe- cific time or date. Malware attacks employing logic bombs compromised some 32,000 Windows, Unix, and Linux systems at half a dozen South Korean organi- zations, including three major television broadcasters and two large banks. A component of the attack was “wiper” malware triggered by a logic bomb set to begin overwriting a computer’s master boot record at a preset time and day.13
Blended Threat A blended threat is a sophisticated threat that combines the features of a virus, worm, Trojan horse, and other malicious code into a single payload. A blended threat attack might use server and Internet vulnerabilities to initiate and then transmit and spread an attack on an organization’s computing devices, using multiple modes to transport itself, including email, IRC (Inter- net Relay Chat), and file-sharing networks. Rather than launching a narrowly focused attack on specific EXE files, a blended threat might attack multiple EXE files, HTML files, and registry keys simultaneously.
Spam Email spam is the use of email systems to send unsolicited email to large num- bers of people. Most spam is a form of low-cost commercial advertising, some- times for questionable products such as pornography, phony get-rich-quick schemes, and worthless stock. Spam is also an extremely inexpensive method of marketing used by many legitimate organizations. For example, a company might send email to a broad cross section of potential customers to announce the release of a new product in an attempt to increase initial sales. However, spam is also used to deliver harmful worms and other malware.
The cost of creating an email campaign for a product or service is several hundred to a few thousand dollars, compared to tens of thousands of dollars for direct-mail campaigns. In addition, email campaigns might take only a couple of weeks (or less) to develop, compared with three months or more for direct-mail campaigns, and the turnaround time for feedback averages 48 hours for email as opposed to weeks for direct mail. However, the benefits of
logic bomb: A form of Trojan horse malware that executes when it is triggered by a specific event.
blended threat: A sophisticated threat that combines the features of a virus, worm, Trojan horse, and other malicious code into a single payload.
spam: The use of email systems to send unsolicited email to large numbers of people.
CHAPTER 9 • Cybercrime and Information System Security 409
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
spam to companies may be largely offset by the public’s generally negative reaction to receiving unsolicited ads.
Spam forces unwanted and often objectionable material into email boxes, detracts from the ability of recipients to communicate effectively due to full mail- boxes and relevant emails being hidden among many unsolicited messages, and costs Internet users and service providers millions of dollars annually. It takes users time to scan and delete spam email, a cost that can add up if they pay for Internet connection charges on an hourly basis (such as at an Internet café). It also costs money for Internet service providers (ISPs) and online services to transmit spam, which is reflected in the rates charged to all subscribers.
There is an even more sinister side to spam—often it is used to entice unsuspecting recipients to take actions that will result in malware being downloaded to their computer. Symantec, a provider of security, storage, and systems management solutions, began noticing multiple instances of short- duration, high-volume spam attacks targeting millions of users. The messages instructed recipients to click on a link to a URL, which, if done, resulted in the Trojan “Infostealer.Dyranges (Dyre)” being downloaded to their computer. This Trojan is known to steal financial information.14
The Controlling the Assault of Non-Solicited Pornography and Mar- keting (CAN-SPAM) Act states that it is legal to spam, provided the messages meet a few basic requirements—spammers cannot disguise their identity by using a false return address, the email must include a label specifying that it is an ad or a solicitation, and the email must include a way for recipients to indicate that they do not want future mass mailings. Despite CAN-SPAM and other measures, the percentage of spam in email messages averaged 57 per- cent in one week in January, 2015, according to Trustwave, an organization that helps businesses protect data and reduce security risk.15
Many companies—including Google, Microsoft, and Yahoo!—offer free email services. Spammers often seek to use email accounts from such major, free, and reputable Web-based email service providers, as their spam can be sent at no charge and is less likely to be blocked. Spammers can defeat the reg- istration process of the free email services by launching a coordinated bot attack that can sign up for thousands of email accounts. These accounts are then used by the spammers to send thousands of untraceable email messages for free.
A partial solution to this problem is the use of CAPTCHA to ensure that only humans obtain free accounts. CAPTCHA (Completely Automated Pub- lic Turing Test to Tell Computers and Humans Apart) software generates and grades tests that humans can pass and all but the most sophisticated com- puter programs cannot. For example, humans can read the distorted text in Figure 9.1, but simple computer programs cannot.
FIGURE 9.1 Example of CAPTCHA CAPTCHA is used to distinguish humans from automated bots. C
ou rt es y of
Ca rn eg ie M el lo n U ni ve rs ity
Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act: An act that states that it is legal to spam, provided the messages meet a few basic requirements.
CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart): Software that generates and grades tests that humans can pass all but the most sophisticated computer programs cannot.
410 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Distributed Denial-of-Service Attacks A distributed denial-of-service (DDoS) attack is one in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks. A distributed denial- of-service attack does not involve infiltration of the targeted system. Instead, it keeps the target so busy responding to a stream of automated requests that legitimate users cannot get in—the Internet equivalent of dialing a telephone number repeatedly so that all other callers hear a busy signal (see Figure 9.2). The targeted machine essentially holds the line open while waiting for a reply that never comes; eventually, the requests exhaust all resources of the target.
The software to initiate a denial-of-service attack is simple to use, and many DDoS tools are readily available at a variety of hacker sites. In a DDoS attack, a tiny program is downloaded surreptitiously from the attacker’s com- puter to dozens, hundreds, or even thousands of computers all over the world. The term botnet is used to describe a large group of such computers, which are controlled from one or more remote locations by hackers, without the knowledge or consent of their owners. The collective processing capacity of some botnets exceeds that of the world’s most powerful supercomputers. Based on a command by the attacker or at a preset time, the botnet compu- ters (called zombies) go into action, each sending a simple request for access to the target site again and again—dozens of times per second. The target computers become so overwhelmed by requests for service that legitimate users are unable to get through to the target computer.
Software company Arbor Networks follows DDoS attacks closely and believes that such attacks are getting more sophisticated and are targeting an increasing number of organizations. The company estimates that over 200 of
Computer A
Computer B
Computer C
Computer D
Computer E
Request Response
Request Response
Request Response
Request Response
Request Response
Server
Waiting for reply from A
Waiting for reply from B
Waiting for reply from C
Waiting for reply from D
Waiting for reply from E
FIGURE 9.2 Distributed denial-of-service attack A DDoS attack floods a target site with demands for data and other small tasks.
distributed denial-of-service (DDoS) attack: An attack in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks.
botnet: A term used to describe a large group of computers, that are controlled from one or more remote locations by hackers, without the knowledge or consent of their owners.
zombie: A computer that has been taken over by a hacker to be used as part of a botnet.
CHAPTER 9 • Cybercrime and Information System Security 411
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
the reported attacks in 2015 generated 100 gigabits per second (Gbps) of traf- fic, with the largest attack generating traffic at a rate of 500 Gbps—enough to disrupt the entire network of an Internet service provider.16
Botnets are also frequently used to distribute spam and malicious code. The Grum botnet was first detected in 2008 and operated until 2012 when it was brought down by cybercrime fighters. Grum infected several hundred thousand computers around the world. It generated prodigious amounts of spam advertising cheap pharmaceutical products. At its peak, Grum is esti- mated to have been responsible for 35 percent of the world’s spam.17
Rootkit A rootkit is a set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge. Once installed, the attacker can gain full control of the system and even obscure the presence of the rootkit from legitimate system administrators. Attackers can use the rootkit to execute files, access logs, monitor user activity, and change the computer’s configuration. Rootkits are one part of a type of blended threat that consists of a dropper, a loader, and a rootkit. The dropper code gets the rootkit installation started and can be activated by clicking on a link to a malicious Web site in an email or opening an infected PDF file. The dropper launches the loader program and then deletes itself. The loader loads the rootkit into memory; at that point, the computer has been compromised. Rootkits are designed so cleverly that it is difficult even to discover if they are installed on a computer. The fundamental problem with trying to detect a rootkit is that the operating system currently running cannot be trusted to provide valid test results. The following are some symptoms of rootkit infections:
● The computer locks up or fails to respond to input from the keyboard or mouse.
● The screen saver changes without any action on the part of the user. ● The taskbar disappears. ● Network activities function extremely slowly.
When it is determined that a computer has been infected with a rootkit, there is little to do but reformat the disk; reinstall the operating system and all applications; and reconfigure the user’s settings, such as mapped drives. This can take hours, and the user may be left with a basic working machine, but all locally held data and settings may be lost.
The “2012 rootkit virus” is a nasty piece of malware that deletes informa- tion from a computer and makes it impossible to run some applications, such as Microsoft Word. The longer the rootkit is present, the more damage it causes. The virus asks users to install what appears to be a legitimate update to their antivirus software or some other application. By the time the user sees the prompt to install the software, it is too late, the computer has already been infected by the rootkit.18
Advanced Persistent Threat An advanced persistent threat (APT) is a network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time. Attackers in an APT must continuously rewrite code and employ sophisticated evasion techniques to avoid discovery. APT attacks target organizations with high-value informa- tion, such as banks and financial institutions, government agencies, and insur- ance companies with the goal of stealing data rather than disrupting services.19 An APT attack advances through the following five phases:
1. Reconnaissance—The intruder begins by conducting reconnaissance on the network to gain useful information about the target (security software
rootkit: A set of programs that enables its user to gain administrator- level access to a computer without the end user’s consent or knowledge.
advanced persistent threat (APT): A network attack in which an intruder gains access to a network and stays there—undetected—with the intention of stealing data over a long period of time.
412 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
installed, computing resources connected to the network, number of users).
2. Incursion—The attacker next gains incursion to the network at a low level to avoid setting off any alarms or suspicion. Some form of spear-fishing may be employed in this phase. Once incursion to the target has been gained, the attacker establishes a back door, or a means of accessing a computer program that bypasses security mechanisms.
3. Discovery—The intruder now begins a discovery process to gather valid user credentials (especially administrative ones) and move laterally across the network, installing more back doors. These back doors enable the attacker to install bogus utilities for distributing malware that remains hidden in plain sight.
4. Capture—The attacker is now ready to access unprotected or compro- mised systems and capture information over a long period of time.
5. Export—Captured data is then exported back to the attacker’s home base for analysis and/or used to commit fraud and other crimes.20
Although APT attacks are difficult to identify, the theft of data can never be completely invisible. Detecting anomalies in outbound data is perhaps the best way for an administrator to discover that the network has been the target of an APT attack.
The hacker group Carbanak is thought to have stolen over $1 billion from banks in China, Russia, the Ukraine, and the United States. The group’s modus operandi includes use of an APT that initially hooks its victims using spear- fishing emails imitating legitimate banking communications. The gang performs a reconnaissance phase to gather data about system administrators and uses this information to navigate through various bank systems, including ATMs, financial accounts, and money processing services. Once access to these sys- tems is gained, the hackers steal money by transferring funds to accounts in China and the United States. They have even programmed ATM machines to dispense money at specific times for collection by money mules.21
Phishing Phishing is the act of fraudulently using email to try to get the recipient to reveal personal data. In a phishing scam, con artists send legitimate-looking emails urging the recipient to take action to avoid a negative consequence or to receive a reward. The requested action may involve clicking on a link to a Web site or opening an email attachment. These emails, such as the one shown in Figure 9.3, lead consumers to counterfeit Web sites designed to trick them into divulging personal data or to download malware onto their computers.
The volume of global phishing attacks is alarming. It is estimated that about 156 million phishing emails are sent each day, with 16 million of those successfully evading email filters. Of those, roughly 50 percent (or 8 million) are opened, and 800,000 recipients per day click on malicious URL links con- tained in the emails.22
Savvy users often become suspicious and refuse to enter data into the fake Web sites; however, sometimes just accessing the Web site can trigger an automatic and unnoticeable download of malicious software to a com- puter. Indeed, the percentage of malicious URLs in unsolicited emails surged to an average of 10 per cent in 2014.23 As one might guess, financial institu- tions such as Bank of America, Citibank, Chase, MasterCard, Visa, and Wells Fargo are among the Web sites that phishers spoof most frequently.
The University of Connecticut was recently hit by two phishing attacks over a period on five weeks. The first phishing attack appeared to come from Support—University Information Technology Services. The subject line was “email quota,” and the message informed recipients that their email quota
phishing: The act of fraudulently using email to try to get the recipient to reveal personal data.
CHAPTER 9 • Cybercrime and Information System Security 413
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
had been exceeded and asked them to click on a link to revalidate their email account.24 The second phishing attack had the subject line “UCONN.EDU ACCOUNT LOCK WARNING.” The message indicated that the recipient’s email account was being used to send bulk email by spammers, and it asked recipients to click on a link to change their password.25 Victims who clicked on either link were asked to enter their user logon id and password, and if they did so, they provided the necessary information to compromise their email account.
Spear-phishing is a variation of phishing in which the phisher sends fraudulent emails to a certain organization’s employees. It is known as spear- phishing because the attack is much more precise and narrow, like the tip of a spear. The phony emails are designed to look like they came from high- level executives within the organization. Employees are directed to a fake Web site and then asked to enter personal information, such as name, Social Security number, and network passwords. Botnets have become the primary means for distributing phishing scams.
In early 2016, more than three dozen large and small organizations were victimized by spear-phishing attacks that were designed to obtain data from employee tax records. Many of these attacks spoofed the email address of the CEO, CFO, or someone else of authority within the organization, prompting many employees to comply with the request.26
Smishing and Vishing Smishing is another variation of phishing that involves the use of texting. In a smishing scam, people receive a legitimate-looking text message telling them to call a specific phone number or log on to a Web site. This is often done under the guise that there is a problem with their bank account or credit card that requires immediate attention. However, the phone number or Web site is phony and is used to trick unsuspecting victims into providing personal information such as a bank account number, personal identification number, or credit card number, which can then be used to steal money from victims’
FIGURE 9.3 Example of phishing email Phishing attacks attempt to get the recipient to reveal personal data.
spear-phishing: A variation of phishing in which the phisher sends fraudulent emails to a certain organi- zation’s employees.
smishing: Another variation of phishing that involves the use of Short Message Service (SMS) texting.
414 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
bank accounts, charge purchases on their credit cards, or open new accounts. In some cases, if victims log on to a Web site, malicious software is down- loaded onto their smartphones, providing criminals with access to information stored on the phones. The number of smishing scams typically increases around the holidays as more people use their smartphones to make online purchases.
Vishing is similar to smishing except that the victims receive a voice mail message telling them to call a phone number or access a Web site. One recent vishing campaign captured the payment card information of an estimated 250 Americans per day. In the attack, users were sent a message that their ATM card had been deactivated. The users were prompted to call a phone number to reactivate the card by entering their card number and their PIN—data that, of course, is recorded and then used by the criminals to withdraw money from the accounts.27
Financial institutions, credit card companies, and other organizations whose customers may be targeted by criminals in this manner should be on the alert for phishing, smishing, and vishing scams. They must be prepared to act quickly and decisively, without alarming their customers if such a scam is detected. Recommended action steps for institutions and organizations include the following:
● Companies should educate their customers about the dangers of phishing, smishing, and vishing through letters, recorded messages for those calling into the company’s call center, and articles on the company’s Web site.
● Call center service employees should be trained to detect customer complaints that indicate a scam is being perpetrated. They should attempt to capture key pieces of information, such as the callback number the customer was directed to use, details of the phone message or text message, and the type of information requested.
● Customers should be notified immediately if a scam occurs. This can be done via a recorded message for customers phoning the call center, working with local media to place a news article in papers serving the area of the attack, placing a banner on the institution’s Web page, and even displaying posters in bank drive-through and lobby areas.
● If it is determined that the calls are originating from within the United States, companies should report the scam to the Federal Bureau of Investigation (FBI).
● Institutions can also try to notify the telecommunications carrier for the particular numbers to request that they shut down the phone numbers victims are requested to call.28
Identity Theft Identity theft is the theft of personal information, which is then used without the owner’s permission. Often, stolen personal identification information, such as a person’s name, Social Security number, or credit card number, is used to commit fraud or other crimes. Thieves may use a consumer’s credit card number to charge items to that person’s account, use identification infor- mation to apply for a new credit card or a loan in a consumer’s name, or use a consumer’s name and Social Security number to receive government benefits. Thieves also often sell personal identification information on the black market.29
A data breach is the unintended release of sensitive data or the access of sensitive data by unauthorized individuals, often resulting in identify theft. Table 9.3 lists the five largest U.S. data breaches, all of which involved per- sonal identification information.30
Some 37 million customer records of Ashley Madison (a Web site for mar- ried people seeking other married people with whom to have affairs) were
vishing: Similar to smishing except that the victims receive a voice mail message telling them to call a phone number or access a Web site.
identity theft: The theft of personal information, which is then used without the owner’s permission, often to commit fraud or other crimes.
data breach: The unintended release of sensitive data or the access of sensitive data by unauthorized individuals.
CHAPTER 9 • Cybercrime and Information System Security 415
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
compromised in an attack in 2015. Names and addresses were posted pub- licly, resulting in several lawsuits against the company for failing to safeguard the personal information of the plaintiffs.31
To reduce the potential for online credit card fraud, most e-commerce Web sites use some form of encryption technology to protect information as it comes in from the consumer. Some sites also verify the address submitted online against the one the issuing bank has on file, although the merchant may inadvertently throw out legitimate orders as a result—for example, a con- sumer might place a legitimate order but request shipment to a different address because it is a gift. Another security technique is to ask for a card ver- ification value (CVV), the three-digit number above the signature panel on the back of a credit card. This technique makes it impossible to make purchases with a credit card number stolen online. An additional security option is transaction-risk scoring software, which keeps track of a customer’s historical shopping patterns and notes deviations from the norm. For example, say that you have never been to a casino and your credit card information is being used at Caesar’s Palace at 2 am. The transaction-risk score would go up dra- matically, so much so that the transaction would likely be declined.
Cyberespionage Cyberespionage involves the deployment of malware that secretly steals data in the computer systems of organizations, such as government agencies, mili- tary contractors, political organizations, and manufacturing firms. The type of data most frequently targeted includes data that can provide an unfair com- petitive advantage to the perpetrator. This data is typically not public knowl- edge and may even be protected via patent, copyright, or trade secret. High- value data includes the following:
● Sales, marketing, and new product development plans, schedules, and budgets
● Details about product designs and innovative processes ● Employee personal information ● Customer and client data ● Sensitive information about partners and partner agreements ● Emails containing personal or confidential information
Tensions have long simmered between the China and the United States over alleged cyberattacks. United States experts claim cyberespionage has helped China to accelerate the research and development process and cut years off the time for that country to acquire new technology in a variety of industries. Alleged targets have included aluminum and steel producers, a company that designs nuclear power plants, a solar panel manufacturer, and
TABLE 9.3 Five largest data breaches in the United States Organization Year Number of Records Compromised Data Stolen
Yahoo 2013 1 billion Names, telephone numbers, email addresses, passwords
Yahoo 2014 500 million Names, telephone numbers, email addresses, passwords
Heartland Payment Systems
2008 130 million Credit and debit card data
Target 2013 110 million Credit and debit card data
Anthem 2015 80 million Names, addresses, dates of birth, Social Security numbers, health insurance ID numbers
cyberespionage: The deployment of malware that secretly steals data in the computer systems of organizations, such as government agencies, military contractors, political organizations, and manufacturing firms.
416 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
an aircraft manufacturer. Meanwhile, China’s Foreign Ministry portrays the United States as a hypocrite that engages in cyberespionage by conducting cybertheft, wiretapping, and surveillance activities against Chinese govern- ment departments, companies, and universities. After years of discussion and behind the scenes efforts, President Obama and Chinese President Xi announced in 2015 that the two nations had agreed to initial norms of cyber- activities with the two nations pledging each will avoid conducting cybertheft of intellectual property for commercial gain. It remains to be seen how much of an impact this agreement will have.32,33
Cyberterrorism Cyberterrorism is the intimidation of government or civilian population by using information technology to disable critical national infrastructure (e.g., energy, transportation, financial, law enforcement, emergency response) to achieve political, religious, or ideological goals. Cyberterrorism is an increas- ing concern for countries and organizations around the globe. Indeed in a statement released by the White House in early 2015, President Obama said, “Cyberthreats pose one the gravest national security dangers that the United States faces.”34
The Department of Homeland Security (DHS) is a large federal agency with more than 240,000 employees and a budget of almost $65 billion whose goal is to provide for a “safer, more secure America, which is resilient against terrorism and other potential threats.” The agency was formed in 2002 when 22 different federal departments and agencies were combined into a unified, integrated cabinet agency.35 The agency’s Office of Cybersecurity and Com- munications resides within the National Protection and Programs Directorate and is responsible for enhancing the security, resilience, and reliability of U.S. cyber and communications infrastructure. It works to prevent or minimize dis- ruptions to critical information infrastructure in order to protect the public, the economy, and government services.36 The Department of Homeland Secu- rity Web site (www.dhs.gov) provides a link that enables users to report cyber incidents. Incident reports go to the US-CERT Incident Reporting System, which assists analysts at the U.S. Computer Emergency Readiness Team (US-CERT) (a partnership between the Department of Homeland Security and the public and private sectors) in providing timely handling of security incidents as well as in conducting improved analysis of such incidents.37
Established in 2003 to protect the nation’s Internet infrastructure against cyberattacks, US-CERT serves as a clearinghouse for information on new viruses, worms, and other computer security topics.
Cyberterrorists try on a daily basis to gain unauthorized access to a number of important and sensitive sites, such as the computers at the British, French, Israeli, and U.S. foreign intelligence agencies; North American Aerospace Defense Command (NORAD); and numerous government ministries and pri- vate companies around the world. In particular, companies in the oil and gas industry are seen as high-value targets. Some cyberterrorists are interested in taking control over the flow of oil and natural gas in computer-controlled refin- eries and the movement of oil through pipelines. This could result in devastat- ing consequences—with oil and gas being cut off from freezing populations in the dead of winter or skyrocketing prices at the gasoline pumps.
In late 2015, cyberterrorists attacked the two electric utility companies in western Ukraine, causing a three-hour power outage affecting some 80,000 customers. Not only did the hackers cut the power, they also froze the data displayed on the screens of plant operators so they could not view the chang- ing plant conditions; thus, fooling the operators into believing power was still flowing. To prolong the outage, the attackers also launched a telephone denial-of-service attack against the utility’s call center to prevent customers from reporting the outage—the center’s phone system was flooded with
cyberterrorism: The intimidation of government or civilian population by using information technology to disable critical national infrastructure (e.g., energy, transportation, financial, law enforcement, emergency response) to achieve political, religious, or ideologi- cal goals.
Department of Homeland Security (DHS): A large federal agency with more than 240,000 employees and a budget of almost $65 billion whose goal is to provide for a “safer, more secure America, which is resilient against terrorism and other potential threats.”
U.S. Computer Emergency Readiness Team (US-CERT): A partnership between the Department of Homeland Security and the public and private sectors; established to provide timely handling of security incidents as well as conducting improved analysis of such incidents.
CHAPTER 9 • Cybercrime and Information System Security 417
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
bogus calls to prevent legitimate callers from getting through. Once operators became aware of the outage, the attackers activated KillDisk malware that rendered infected servers and systems unusable. The operators’ machines were completely destroyed by the malware.38
Federal Laws for Prosecuting Computer Attacks Over the years, several laws have been enacted to help prosecute those responsible for computer-related crime; these are summarized in Table 9.4. For example, Section 814 of the USA Patriot Act defines cyberterrorism as any hacking attempts designed to gain unauthorized access to a protected com- puter, which, if successful, would cause a person an aggregate loss greater than $5,000; adversely affect someone’s medical examination, diagnosis, or treatment; cause a person to be injured; cause a threat to public health or safety; or cause damage to a governmental computer that is used as a tool to administer justice, national defense, or national security.39 Those convicted of cyberterrorism are subject to a prison term of 5 to 20 years. (The $5,000 threshold is quite easy to exceed, and, as a result, many young people who have been involved in what they consider to be minor computer pranks have found themselves meeting the criteria to be tried as cyberterrorists.)
Hiring a Black Hat Hacker You are a member of the Human Resources Department of a software manufac- turer that has several products and annual revenue in excess of $500 million. You’re on the phone with the manager of software development who has made a request to hire a notorious black hat hacker to probe your company’s software products in an attempt to identify any vulnerabilities. The reasoning is that if any- one can find a vulnerability in your software, she can. This will give your firm a head start on developing patches to fix the problems before anyone can exploit them. You feel uneasy about hiring people with criminal records and connections to unsavory members of the hacker/cracker community and are unsure if you should approve the hire.
TABLE 9.4 Federal laws that address computer crime Federal Law Subject Area
Computer Fraud and Abuse Act (U.S. Code Title 18, Section 1030)
Addresses fraud and related activities in association with computers, including the following: ● Accessing a computer without authorization or
exceeding authorized access ● Transmitting a program, code, or command that causes
harm to a computer ● Trafficking of computer passwords ● Threatening to cause damage to a protected computer
Fraud and Related Activity in Connection with Access Devices Statute (U.S. Code Title 18, Section 1029)
Covers false claims regarding unauthorized use of credit cards
Identity Theft and Assumption Deterrence Act (U.S. Code Title 18, Section 1028)
Makes identity theft a federal crime, with penalties of up to 15 years’ of imprisonment and a maximum fine of $250,000
Stored Wire and Electronic Communications and Transac- tional Records Access Statutes (U.S. Code Title 18, Chapter 121)
Focuses on unlawful access to stored communications to obtain, alter, or prevent authorized access to a wire or electronic communication while it is in electronic storage
USA Patriot Act Defines cyberterrorism and associated penalties
418 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Review Questions 1. What is the difference between a black hat hacker and a regular employee of
your organization’s information security group? 2. What potential harm could this hacker do to your software products?
Critical Thinking Questions 1. Provide three good reasons to hire this individual. Provide three good reasons
not to hire this individual. 2. How would you respond to this request? Why?
Now that we have discussed various types of computer exploits, the people who perpetrate these exploits, and the laws under which they can be prose- cuted, we will discuss how organizations can take steps to implement a trust- worthy computing environment to defend against such attacks.
Implementing Secure, Private, Reliable Computing
Organizations worldwide are increasingly demanding methods of computing that deliver secure, private, and reliable computing experiences based on sound business practices. Software and hardware manufacturers, consultants, and system designers and developers all understand that this is a priority for their customers.
A strong security program begins by assessing threats to the organization’s computers and network, identifying actions that address the most serious vulner- abilities, and educating end users about the risks involved and the actions they must take to prevent a security incident. An organization’s IS security group must lead the effort to prevent security breaches by implementing security poli- cies and procedures, as well as effectively employing available hardware and software tools. However, no security system is perfect, so systems and proce- dures must be monitored to detect a possible intrusion. If an intrusion occurs, there must be a clear reaction plan that addresses notification, evidence protec- tion, activity log maintenance, containment, eradication, and recovery.
Risk Assessment Risk assessment is the process of assessing security-related risks to an orga- nization’s computers and networks from both internal and external threats. Such threats can prevent an organization from meeting its key business objec- tives. The goal of risk assessment is to identify which investments of time and resources will best protect the organization from its most likely and serious threats. In the context of an IS risk assessment, an asset is any hardware, soft- ware, information system, network, or database that is used by the organiza- tion to achieve its business objectives. A loss event is any occurrence that has a negative impact on an asset, such as a computer contracting a virus or a Web site undergoing a distributed denial-of-service attack. The steps in a gen- eral security risk assessment process are as follows:
● Step 1. Identify the set of IS assets about which the organization is most concerned. Priority is typically given to those assets that support the organization’s mission and the meeting of its primary business goals.
● Step 2. Identify the loss events or the risks or threats that could occur, such as a distributed denial-of-service attack or insider fraud.
● Step 3. Assess the frequency of events or the likelihood of each potential threat; some threats, such as insider fraud, are more likely to occur than others.
risk assessment: The process of assessing security-related risks to an organization’s computers and networks from both internal and external threats.
CHAPTER 9 • Cybercrime and Information System Security 419
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
● Step 4. Determine the impact of each threat occurring. Would the threat have a minor impact on the organization, or could it keep the organiza- tion from carrying out its mission for a lengthy period of time?
● Step 5. Determine how each threat can be mitigated so that it becomes much less likely to occur or, if it does occur, has less of an impact on the organization. For example, installing virus protection on all computers makes it much less likely for a computer to contract a virus. Due to time and resource limitations, most organizations choose to focus on just those threats that have a high (relative to all other threats) probability of occur- rence and a high (relative to all other threats) impact. In other words, first address those threats that are likely to occur and that would have a high negative impact on the organization.
● Step 6. Assess the feasibility of implementing the mitigation options. ● Step 7. Perform a cost-benefit analysis to ensure that your efforts will be
cost effective. No amount of resources can guarantee a perfect security system, so organizations must balance the risk of a security breach with the cost of preventing one. The concept of reasonable assurance in con- nection with IS security recognizes that managers must use their judgment to ensure that the cost of control does not exceed the system’s benefits or the risks involved.
● Step 8. Make the decision on whether or not to implement a particular countermeasure. If you decide against implementing a particular counter- measure, you need to reassess if the threat is truly serious and, if so, identify a less costly countermeasure.
The general security risk assessment process—and the results of that process—will vary by organization. Table 9.5 illustrates a risk assessment for a hypothetical organization.
A completed risk assessment identifies the most dangerous threats to a company and helps focus security efforts on the areas of highest payoff.
TABLE 9.5 Risk assessment for a hypothetical company
Adverse Event
Business Objective Threatened
Threat (Estimated Frequency of Event)
Vulnerability (Likelihood of Success of This Threat)
Estimated Cost of a Successful Attack
Risk ¼ Threat � Vulnerability � Estimated Cost
Relative Priority to Be Fixed
Distributed denial-of-service attack
24/7 operation of a retail Web site
3 per year 25% $500,000 $375,000 1
Email attachment with harmful worm
Rapid and reliable communica- tions among employees and suppliers
1,000 per year
0.05% $200,000 $100,000 2
Harmful virus Employees’ use of per- sonal produc- tivity software
2,000 per year
0.04% $50,000 $40,000 3
Invoice and payment fraud
Reliable cash flow
1 per year 10% $200,000 $20,000 4
reasonable assurance: The IS security concept that recognizes that managers must use their judgment to ensure that the cost of control does not exceed the system’s benefits or the risks involved.
420 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Establishing a Security Policy A security policy defines an organization’s security requirements, as well as the controls and sanctions needed to meet those requirements. A good secu- rity policy delineates responsibilities and the behavior expected of members of the organization. A security policy outlines what needs to be done but not how to do it. The details of how to accomplish the goals of the policy are typi- cally provided in separate documents and procedure guidelines.
The SANS (SysAdmin, Audit, Network, Security) Institute’s Web site (www.sans.org) offers a number of security-related policy templates that can help an organization to quickly develop effective security policies. The tem- plates and other security policy information, which can be found at www. sans.org/security-resources/policies, provide guidelines for creating various policies, including acceptable use policy, email policy, password protection policy, remote access policy, and software installation policy.
Whenever possible, automated system rules should mirror an organization’s written policies. Automated system rules can often be put into practice using the configuration options in a software program. For example, if a written pol- icy states that passwords must be changed every 30 days, then all systems should be configured to enforce this policy automatically. However, users will often attempt to circumvent security policies or simply ignore them altogether.
Many times system administrators believe that the default username and passwords for specific network devices are generally not known. This is not true, in fact, there are Web sites that provide the default username and pass- word combinations for many vendors’ products. Default usernames and pass- words should always be changed.
A growing area of concern for security experts is the use of wireless devices to access corporate email; store confidential data; and run critical applications, such as inventory management and sales force automation. Mobile devices such as smartphones can be susceptible to viruses and worms. However, the primary security threat for mobile devices continues to be loss or theft of the device. Wary companies have begun to include special security requirements for mobile devices as part of their security policies. In some cases, users of laptops and mobile devices must use a virtual private network (a method employing encryption to provide secure access to a remote com- puter over the Internet) to gain access to their corporate network.
Educating Employees and Contract Workers Creating and enhancing user awareness of security policies is an ongoing security priority for companies. Employees and contract workers must be edu- cated about the importance of security so that they will be motivated to understand and follow security policies. This can often be accomplished by discussing recent security incidents that affected the organization. Users must understand that they are a key part of the security system and that they have certain responsibilities. For example, users must help protect an organiza- tion’s information systems and data by doing the following:
● Guarding their passwords to protect against unauthorized access to their accounts
● Prohibiting others from using their passwords ● Applying strict access controls (file and directory permissions) to protect
data from disclosure or destruction ● Reporting all unusual activity to the organization’s IT security group ● Taking care to ensure that portable computing and data storage devices are
protected (hundreds of thousands of laptops are lost or stolen per year)
Table 9.6 provides a simple self-assessment security test that employees and contractors alike should be asked to complete.
security policy: A statement that defines an organization’s security requirements, as well as the controls and sanctions needed to meet those requirements.
CHAPTER 9 • Cybercrime and Information System Security 421
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Prevention No organization can ever be completely secure from attack. The key is to implement a layered security solution to make computer break-ins so difficult that an attacker eventually gives up. In a layered solution, if an attacker breaks through one layer of security, another layer must then be overcome. These layers of protective measures are explained in more detail in the fol- lowing sections.
Implementing a Corporate Firewall Installation of a corporate firewall is the most common security precaution taken by businesses. A firewall is a system of software, hardware, or a combi- nation of both that stands guard between an organization’s internal network and the Internet and limits network access based on the organization’s access policy.
Any Internet traffic that is not explicitly permitted into the internal net- work is denied entry through a firewall. Similarly, most firewalls can be con- figured so that internal network users can be blocked from gaining access to certain Web sites based on content such as sex and violence. Most firewalls can also be configured to block instant messaging, access to newsgroups, and other Internet activities.
Software vendors Agnitum, Check Point, Comodo, Kaspersky, and Total Defense provide some of the top-rated firewall software used to protect per- sonal computers. Their software provide antivirus, firewall, antispam, parental control, and phishing protection capabilities and sell for $30 to $80 per single user license.
A next-generation firewall (NGFW) is a hardware- or software-based network security system that is able to detect and block sophisticated attacks
TABLE 9.6 Self-assessment security test Security Assessment Question
Do you have the most current version of your operating system installed?
Do you have the most current version of firewall, antivirus, and malware software installed?
Do you install updates to all your software when you receive notice that a new update is available?
Do you use different, strong passwords for each of your accounts and applications—a minimum of 10 characters with a mix of capital and lower case letters, numbers, and special characters?
Are you familiar with and do you follow your organization’s policies in regard to accessing corporate Web sites and applications from your home or remote locations (typically involves use of VPN)?
Have you set the encryption method to WPA2 and changed the default name and password on your home wireless router?
When using a free, public wireless network, do you avoid checking your email or accessing Web sites requiring a user- name and password?
Do you refrain from clicking on a URL in an email from someone you do not know?
Do you back up critical files to a separate device at least once a week?
Are you familiar with and do you follow your organization’s policies in regard to storing personal or confidential data on your device?
Does your device have a security passcode that must be entered before it accepts further input?
Have you installed Locate My Device or similar software in case your device is lost or stolen?
Do you make sure not to leave your device unattended in a public place where it can be easily stolen?
Have you reviewed and do you understand the privacy settings that control who can see or read what you do on Face- book and other social media sites?
firewall: A system of software, hardware, or a combination of both that stands guard between an organiza- tion’s internal network and the Internet and limits network access based on the organization’s access policy.
next-generation firewall (NGFW): A hardware- or software- based network security system that is able to detect and block sophisticated attacks by filtering network traffic dependent on the packet contents.
422 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
by filtering network traffic dependent on the packet contents. Compared to first- and second-generation firewalls, a NGFW goes deeper to inspect the payload of packets and match sequences of bytes for harmful activities, such as known vulnerabilities, exploit attacks, viruses, and malware.
Utilizing a Security Dashboard Many organizations use security dashboard software to provide a comprehen- sive display of all vital data related to an organization’s security defenses, including threats, exposures, policy compliance, and incident alerts. The pur- pose of a security dashboard is to reduce the effort required to monitor and identify threats in time to take action. Data that appears in a security dash- board can come from a variety of sources, including security audits, firewalls, applications, servers, and other hardware and software devices. Figure 9.4 is a screenshot showing an example of a security dashboard.
Algoma Central Corporation is a leading Canadian shipping company, owning and operating the largest Canadian flag fleet of dry-bulk carriers and product tankers operating on the Great Lakes—St. Lawrence Seaway system. The firm recently implemented a security dashboard from Avaap, Inc., to improve access to security information and alleviate the complexity of manag- ing security data for its shipping operations.40
Installing Antivirus Software on Personal Computers Antivirus software should be installed on each user’s personal computer to scan a computer’s memory and disk drives regularly for viruses. Antivirus software scans for a specific sequence of bytes, known as a virus signature, that indicates the presence of a specific virus. If it finds a virus, the antivirus software informs the user, and it may clean, delete, or quarantine any files, directories, or disks affected by the malicious code. Good antivirus software checks vital system files when the system is booted up, monitors the system continuously for virus-like activity, scans disks, scans memory when a program is run, checks programs when they are downloaded, and scans email attachments before they are opened. Two of the most widely used antivirus software products are Norton AntiVirus from Symantec and Personal Firewall from McAfee.
No
1
2
3
4
5
6
7
8
9
10
11
Number of violations of segregation of duties
Number of users who do not comply with password standards
Percentage of suspected and actual violations
Pecentage of critical assets covered by internal/external penetration tests
Number of computers with patches behind agreed-upon SLA
Number of outdated policies, procedures, standards and guidelines
Number of internal audits scheduled
Number of penetration tests not performed as required for the quarter
Percentage of agents/employees trained on information security policies and procedures as part of induction
Number of corrective/preventive actions taken based on analysis of logs
Percentage of changes carried out as per change control procedure
0
Max. 2
Max. 5
Min. 95
Max. 2
Max. 4
Min. 2
Max. 1
100
Min. 5
100
3
7
4
98
1
5
2
0
90
10
90
Note: Target and actual amounts are hypothetical figures for the purpose of this example. Categorization into green, amber and red is done on a predefined basis.
Control/KPI
Operation-level Scorecard: KPI
Target Actual Status Remarks
FIGURE 9.4 Security dashboard A security dashboard provides a comprehensive display of all vital data related to an organization’s security defenses. Source: ISACA
antivirus software: Software that scans a computer’s memory, disk drives, and USB ports regularly for viruses.
virus signature: A sequence of bytes that indicates the presence of a specific virus.
CHAPTER 9 • Cybercrime and Information System Security 423
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
According to US-CERT, most of the virus and worm attacks use already known malware programs. Thus, it is crucial that antivirus software be contin- ually updated with the latest virus signatures. In most corporations, the net- work administrator is responsible for monitoring network security Web sites frequently and downloading updated antivirus software as needed. Many anti- virus vendors recommend—and provide for—automatic and frequent updates. Unfortunately, antivirus software is not able to identify and block all viruses.
Implementing Safeguards against Attacks by Malicious Insiders User accounts that remain active after employees leave a company are another potential security risk. To reduce the threat of attack by malicious insiders, IS staff must promptly delete the computer accounts, login IDs, and passwords of departing employees and contractors.
Organizations also need to define employee roles carefully and separate key responsibilities properly, so that a single person is not responsible for accomplishing a task that has high security implications. For example, it would not make sense to allow an employee to initiate as well as approve purchase orders. That would allow an employee to input large invoices on behalf of a dishonest vendor, approve the invoices for payment, and then dis- appear from the company to split the money with that vendor. In addition to separating duties, many organizations frequently rotate people in sensitive positions to prevent potential insider crimes.
Another important safeguard is to create roles and user accounts so that users have the authority to perform their responsibilities and nothing more. For example, members of the Finance Department should have different authorizations from members of the Human Resources Department. An accountant should not be able to review the pay and attendance records of an employee, and a member of the Human Resources Department should not know how much was spent to modernize a piece of equipment. Even within one department, not all members should be given the same capabilities. Within the Finance Department, for example, some users may be able to approve invoices for payment, but others may only be able to enter them. An effective system administrator will identify the similarities among users and create profiles associated with these groups.
Addressing the Most Critical Internet Security Threats The overwhelming majority of successful computer attacks take advantage of well-known vulnerabilities. Computer attackers know that many organizations are slow to fix problems, which makes scanning the Internet for vulnerable systems an effective attack strategy. The rampant and destructive spread of worms, such as Blaster, Slammer, and Code Red, was made possible by the exploitation of known but unpatched vulnerabilities. US-CERT regularly updates a summary of the most frequent, high-impact vulnerabilities being reported to them. You can read this summary at www.us-cert.gov/current. The actions required to address these issues include installing a known patch to the software and keeping applications and operating systems up-to-date. Those responsible for computer security must make it a priority to prevent attacks using these vulnerabilities.
Conducting Periodic IT Security Audits Another important prevention tool is a security audit that evaluates whether an organization has a well-considered security policy in place and if it is being followed. For example, if a policy says that all users must change their passwords every 30 days, the audit must check how well that policy is being implemented. The audit should also review who has access to particular sys- tems and data and what level of authority each user has. It is not unusual for an audit to reveal that too many people have access to critical data and that
security audit: A careful and thor- ough analysis that evaluates whether an organization has a well-considered security policy in place and if it is being followed.
424 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
many people have capabilities beyond those needed to perform their jobs. One result of a good audit is a list of items that needs to be addressed in order to ensure that the security policy is being met.
A thorough security audit should also test system safeguards to ensure that they are operating as intended. Such tests might include trying the default system passwords that are active when software is first received from the ven- dor. The goal of such a test is to ensure that all such known passwords have been changed.
Some organizations will also perform a penetration test of their defenses. This entails assigning individuals to try to break through the measures and identify vulnerabilities that still need to be addressed. The individuals used for this test are knowledgeable and are likely to take unique approaches in testing the security measures.
Detection Even when preventive measures are implemented, no organization is completely secure from a determined attack. Thus, organizations should implement detection systems to catch intruders in the act. Organizations often employ an intrusion detection system to minimize the impact of intruders.
An intrusion detection system (IDS) is software and/or hardware that monitors system and network resources and activities and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment (see Figure 9.5). Such activities usually signal an attempt to breach the integrity of the system or to limit the availability of network resources.
Knowledge-based approaches and behavior-based approaches are two fundamentally different approaches to intrusion detection. Knowledge-based intrusion detection systems contain information about specific attacks and sys- tem vulnerabilities and watch for attempts to exploit these vulnerabilities, such as repeated failed login attempts or recurring attempts to download a program to a server. When such an attempt is detected, an alarm is triggered.
Messages from IDS routed to network security team
Organization’s intrusion detection system
Organization’s network router sends network traffic to both IDS and firewall
Internet traffic
Organization’s internal network
Organization’s firewall
IDS warns firewall of suspicious traffic. Network security team and logic in firewall decide what action to take, such as block all traffic from the source IP address of the suspicious traffic.
Internet
Internet
FIGURE 9.5 Intrusion detection system An IDS notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment.
Da ni el Ko rz en ie ws ki /S hu tte rs to ck .c om
intrusion detection system (IDS): Software and/or hardware that monitors system and network resources and activities and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment.
CHAPTER 9 • Cybercrime and Information System Security 425
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
A behavior-based intrusion detection system models normal behavior of a system and its users from reference information collected by various means. The intrusion detection system compares current activity to this model and generates an alarm if it finds a deviation. Examples include unusual traffic at odd hours or a user in the Human Resources Department who accesses an accounting program that she has never before used.
Response An organization should be prepared for the worst—a successful attack that defeats all or some of a system’s defenses and damages data and information systems. A response plan should be developed well in advance of any inci- dent and be approved by both the organization’s legal department and senior management. A well-developed response plan helps keep an incident under technical and emotional control.
In a security incident, the primary goal must be to regain control and limit damage, not to attempt to monitor or catch an intruder. Sometimes system administrators take the discovery of an intruder as a personal challenge and lose valuable time that should be used to restore data and information systems to normal.
Incident Notification A key element of any response plan is to define who to notify and who not to notify in the event of a computer security incident. Questions to cover include the following: Within the company, who needs to be notified, and what infor- mation does each person need to have? Under what conditions should the company contact major customers and suppliers? How does the company inform them of a disruption in business without unnecessarily alarming them? When should local authorities or the FBI be contacted?
Most security experts recommend against giving out specific information about a compromise in public forums, such as news reports, conferences, pro- fessional meetings, and online discussion groups. All parties working on the problem must be kept informed and up-to-date without using systems con- nected to the compromised system. The intruder may be monitoring these systems and emails to learn what is known about the security breach.
A critical ethical decision that must be made is what to tell customers and others whose personal data may have been compromised by a computer inci- dent. Many organizations are tempted to conceal such information for fear of bad publicity and loss of customers. Because such inaction is perceived by many to be unethical and harmful, a number of state and federal laws have been passed to force organizations to reveal when customer data has been breached.
Protection of Evidence and Activity Logs An organization should document all details of a security incident as it works to resolve the incident. Documentation captures valuable evidence for a future prosecution and provides data to help during the incident eradication and follow-up phases. It is especially important to capture all system events, the specific actions taken (what, when, and who), and all external conversations (what, when, and who) in a logbook. Because this may become court evi- dence, an organization should establish a set of document-handling proce- dures using the legal department as a resource.
Incident Containment Often, it is necessary to act quickly to contain an attack and to keep a bad sit- uation from becoming even worse. The incident response plan should clearly define the process for deciding if an attack is dangerous enough to warrant
426 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
shutting down or disconnecting critical systems from the network. How such decisions are made, how fast they are made, and who makes them are all elements of an effective response plan.
Eradication Before the IT security group begins the eradication effort, it must collect and log all possible criminal evidence from the system and then verify that all nec- essary backups are current, complete, and free of any malware. Creating a forensic disk image of each compromised system on write-only media both for later study and as evidence can be very useful. After virus eradication, a new backup must be created. Throughout this process, a log should be kept of all actions taken. This will prove helpful during the incident follow-up phase and ensure that the problem does not recur. It is imperative to back up critical applications and data regularly. Many organizations, however, have implemented inadequate backup processes and found that they could not fully restore original data after a security incident. All backups should be cre- ated with enough frequency to enable a full and quick restoration of data if an attack destroys the original, and this process must be tested to confirm that it works.
Incident Follow-Up Of course, an essential part of follow-up is to determine how the organiza- tion’s security was compromised so that it does not happen again. Often the fix is as simple as getting a software patch from a product vendor. However, it is important to look deeper than the immediate fix to discover why the inci- dent occurred. If a simple software fix could have prevented the incident, then why wasn’t the fix installed before the incident occurred?
A review should be conducted after an incident to determine exactly what happened and to evaluate how the organization responded. One approach is to write a formal incident report that includes a detailed chronology of events and the impact of the incident. This report should identify any mistakes so that they are not repeated in the future. The experience from this incident should be used to update and revise the security incident response plan. The key elements of a formal incident report should include the following:
● IP address and name of host computer(s) involved ● The date and time when the incident was discovered ● The length of the incident ● How the incident was discovered ● The method used to gain access to the host computer ● A detailed discussion of vulnerabilities that were exploited ● A determination of whether or not the host was compromised as a result
of the attack ● The nature of the data stored on the computer (customer, employee,
financial, etc.) ● A determination of whether the accessed data is considered personal,
private, or confidential ● The number of hours the system was down ● The overall impact on the business ● An estimate of total monetary damage from the incident ● A detailed chronology of all events associated with the incident
Creating a detailed chronology of all events will also document the inci- dent for possible later prosecution. To this end, it is critical to develop an esti- mate of the monetary damage. Potential costs include loss of revenue, loss in productivity, and the salaries of people working to address the incident, along with the cost to replace data, software, and hardware.
CHAPTER 9 • Cybercrime and Information System Security 427
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Another important issue is the amount of effort that should be put into capturing the perpetrator. If a Web site was simply defaced, it is easy to fix or restore the site’s HTML (Hypertext Markup Language—the code that describes to your browser how a Web page should look). However, what if the intruders inflicted more serious damage, such as erasing proprietary pro- gram source code or the contents of key corporate databases? What if they stole company trade secrets? Expert crackers can conceal their identity, and tracking them down can take a long time as well as a tremendous amount of corporate resources.
The potential for negative publicity must also be considered. Discussing security attacks through public trials and the associated publicity has not only enormous potential costs in public relations but real monetary costs as well. For example, a bank or a brokerage firm might lose customers who learn of an attack and think their money or records aren’t secure. Even if a company decides that the negative publicity risk is worth it and goes after the perpetra- tor, documents containing proprietary information that must be provided to the court could cause even greater security threats in the future. On the other hand, an organization must consider whether it has an ethical or a legal duty to inform customers or clients of a cyberattack that may have put their per- sonal data or financial resources at risk.
Using a Managed Security Service Provider (MSSP) Keeping up with computer criminals—and with new laws and regulations— can be daunting for organizations. Criminal hackers are constantly poking and prodding, trying to breach the security defenses of organizations. Also, laws such as HIPAA, Sarbanes-Oxley, and the USA Patriot Act require busi- nesses to prove that they are securing their data. For most small and midsized organizations, the level of in-house network security expertise needed to pro- tect their business operations can be too costly to acquire and maintain. As a result, many organizations outsource their network security operations to a managed security service provider (MSSP), which is a company that monitors, manages, and maintains computer and network security for other organizations. MSSPs include such companies as AT&T, Computer Sciences Corporation, Dell SecureWorks, IBM, Symantec, and Verizon. MSSPs provide a valuable service for IS departments drowning in reams of alerts and false alarms coming from virtual private networks (VPNs); antivirus, firewall, and intrusion detection systems; and other security-monitoring sys- tems. In addition, some MSSPs provide vulnerability scanning and Web blocking and filtering capabilities.
Computer Forensics Computer forensics is a discipline that combines elements of law and com- puter science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that preserves the integ- rity of the data gathered so that it is admissible as evidence in a court of law. A computer forensics investigation may be opened in response to a criminal investigation or civil litigation. It may also be launched for a variety of other reasons, for example, to retrace steps taken when data has been lost, assess damage following a computer incident, investigate the unauthorized disclo- sure of personal or corporate confidential data, or to confirm or evaluate the impact of industrial espionage.
Computer forensics investigators work as a team to investigate an incident and conduct the forensic analysis using various methodologies and tools to ensure the computer network system is secure in an organization. For exam- ple, accounting, tax, and advisory company Grant Thornton International has a number of IS labs around the world that employ numerous forensic experts
managed security service provider (MSSP): A company that monitors, manages, and maintains computer and network security for other organizations.
computer forensics: A discipline that combines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that preserves the integrity of the data gathered so that it is admissible as evidence in a court of law.
428 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
who examine digital evidence for use in legal cases. Grant Thornton employs forensic software called Summation (a Web-based legal document, electronic data, and transcript review platform that supports litigation teams) and Foren- sic Toolkit (used to scan a hard drive to find a variety of information, includ- ing deleted emails and text strings to crack encryption). The software from AccessData provides a combination of mobile forensics, computer forensics, and functions for encoding and reviewing multilingual documents.41
Proper handling of a computer forensics investigation is the key to fight- ing computer crime successfully in a court of law. In addition, extensive train- ing and certification increases the stature of a computer forensics investigator in a court of law. Numerous certifications relate to computer forensics, includ- ing the CCE (Certified Computer Examiner), CISSP (Certified Information Systems Security Professional), CSFA (CyberSecurity Forensic Analyst), and GCFA (Global Information Assurance Certification Certified Forensics Analyst). The EnCE Certified Examiner program certifies professionals who have mas- tered computer investigation methods as well as the use of Guidance Soft- ware’s EnCase computer forensic software. Numerous universities (both online and traditional) offer degrees specializing in computer forensics. Such degree programs should include training in accounting, particularly auditing, as this is very useful in the investigation of cases involving fraud.
Table 9.7 provides a list of questions that should be asked when an orga- nization is evaluating its readiness for a security incident.
TABLE 9.7 Questions to be considered when evaluating an organization’s readiness for a security incident
Question
Has a risk assessment been performed to identify investments in time and resources that can protect the organization from its most likely and most serious threats?
Have senior management and employees involved in implementing security measures been educated about the concept of reasonable assurance?
Has a security policy been formulated and broadly shared throughout the organization?
Have automated systems policies been implemented that mirror written policies?
Does the security policy address the following:
● Email with executable file attachments? ● Wireless networks and devices? ● Use of smartphones deployed as part of corporate rollouts as well as those purchased by end users?
Is there an effective security education program for employees and contract workers?
Has a layered security solution been implemented to prevent break-ins?
Has a firewall been installed?
Is antivirus software installed on all personal computers?
Is the antivirus software frequently updated?
Have precautions been taken to limit the impact of malicious insiders?
Are the accounts, passwords, and login IDs of former employees promptly deleted?
Are employee responsibilities adequately defined and separated?
Are individual roles defined so that users have authority to perform their responsibilities and nothing more?
Is it a requirement to review at least quarterly the most critical Internet security threats and implement safeguards against them?
Has it been verified that backup processes for critical software and databases work correctly?
Has an intrusion detection system been implemented to catch intruders in the act—both in the network and on critical computers on the network?
CHAPTER 9 • Cybercrime and Information System Security 429
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
Spear-Phishing Attack! It appears that someone is using your firm’s corporate directory—which includes job titles and email addresses—to contact senior managers and directors via email. The email requests that the recipient click on a URL, which leads to a Web site that looks as if it were designed by your Human Resources organization. Once at this phony Web site, the employees are asked to confirm the bank and account number to be used for electronic deposit of their annual bonus check.
Review Questions 1. How is this attack different from an ordinary phishing attack? 2. Craft a communications that might be sent out to employees to thwart this
attack.
Critical Thinking Questions 1. Should this communications come from Human Resources, the corporate
information systems security organization, or some other entity? 2. What actions can be taken to lessen the potential impact of future such
attacks?
TABLE 9.7 Questions to be considered when evaluating an organization’s readiness for a security incident (continued)
Question
Are periodic IT security audits conducted?
Has a comprehensive incident response plan been developed?
Has the security plan been reviewed and approved by legal and senior management?
Does the plan address all of the following areas:
● Incident notification? ● Protection of evidence and activity logs? ● Incident containment? ● Eradication? ● Incident follow-up?
Summary
Principle: Computer crime is a serious and rapidly growing area of concern requir- ing management attention.
The number of cybercrimes being committed against individuals, organiza- tions, and governments continues to increase, and the destructive impact of these crimes is also intensifying.
The security of data and information systems used in business is of the utmost importance, but it must be balanced against other business needs.
Increasing computing complexity, higher computer user expectations, expanding and changing systems, an increase in the prevalence of bring your own device (BYOD) policies, a growing reliance on software with known vul- nerabilities, and the increasing sophistication of those who would do harm have caused a dramatic increase in the number, variety, and severity of security incidents.
430 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Many different types of people launch computer attacks, including the hacker, cracker, malicious insider, industrial spy, cybercriminal, hacktivist, and cyberterrorist. Each type has a different motivation.
Ransomware, viruses, worms, Trojan horses, logic bombs, blended threats, spam, distributed denial-of-service attacks, rootkits, advanced persis- tent threats, phishing, spear-phishing, smishing, vishing, identity theft, cyberespionage, and cyberterrorism are among the most common computer exploits.
The Department of Homeland Security (DHS) has the responsibility to provide for a “safer, more secure America, which is resilient against terrorism and other potential threats.” The agency’s Office of Cybersecurity and Com- munications is responsible for enhancing the security, resilience, and reliabil- ity of U.S. cyber and communications infrastructure.
The U.S. Computer Emergency Readiness Team (US-CERT) is a partner- ship between DHS and the public and private sectors that was established to protect the nation’s Internet infrastructure against cyberattacks by serving as a clearinghouse for information on new viruses, worms, and other computer security topics.
Over the years, several laws have been enacted to prosecute those responsible for computer-related crime, including the Computer Fraud and Abuse Act, the Fraud and Related Activity in Connection with Access Devices Statute, the Identity Theft and Assumption Deterrence Act, the Stored Wire and Electronic Communications and Transactional Records Access Statutes, and the USA Patriot Act.
Principle: Organizations must take strong measures to ensure secure, private, and reliable computing experiences for their employees, customers, and busi- ness partners.
A strong security program begins by assessing threats to the organiza- tion’s computers and network, identifying actions that address the most seri- ous vulnerabilities, and educating users about the risks involved and the actions they must take to prevent a security incident.
The IS security group must lead the effort to implement security policies and procedures, as well as effectively employing available hardware and soft- ware tools to help prevent security breaches.
Risk assessment is the process of assessing security-related risks to an organization’s computers and networks from both internal and external threats.
The concept of reasonable assurance in connection with IS security recog- nizes that managers must use their judgment to ensure that the cost of control does not exceed the system’s benefits or the risks involved.
No organization can ever be completely secure from attack. The key to prevention of a computer security incident is to implement a layered security solution to make computer break-ins so difficult that an attacker eventually gives up. Protective measures include implementing a corporate firewall, installing an intrusion detection system, utilizing a security dashboard, instal- ling antivirus software on personal computers, implementing safeguards against attacks by malicious insiders, addressing the most critical security threats, and conducting periodic IT security audits.
No security system is perfect, so systems and procedures must be moni- tored to detect a possible intrusion.
If an intrusion occurs, there must be a clear reaction plan that addresses notification, evidence protection, activity log maintenance, containment, eradi- cation, and follow-up.
CHAPTER 9 • Cybercrime and Information System Security 431
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Special measures must be taken to implement safeguards against attacks by malicious insiders and to defend against cyberterrorism.
Organizations must implement fixes against well-known vulnerabilities and conduct periodic IT security audits.
Many organizations outsource their network security operations to a man- aged security service provider (MSSP), which is a company that monitors, man- ages, and maintains computer and network security for other organizations.
Organizations must be knowledgeable of and have access to trained experts in computer forensics to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that pre- serves the integrity of the data gathered so that it is admissible as evidence in a court of law.
Key Terms
advanced persistent threat (APT)
antivirus software
blended threat
botnet
bring your own device (BYOD)
CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart)
computer forensics
Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act
cyberespionage
cyberterrorism
data breach
Department of Homeland Security (DHS)
distributed denial-of-service (DDoS) attack
exploit
firewall
identity theft
intrusion detection system (IDS)
logic bomb
managed security service provider (MSSP)
next-generation firewall (NGFW)
phishing
ransomware
reasonable assurance
risk assessment
rootkit
security audit
security policy
smishing
spam
spear-phishing
Trojan horse
U.S. Computer Emergency Readiness Team (US-CERT)
virus
virus signature
vishing
worm
zero-day attack
zombie
Chapter 9: Self-Assessment Test
Computer crime is a serious and rapidly growing area of concern requiring management attention.
1. The number, variety, and severity of computer security incidents is slowly on the decline. True or False?
2. is a business policy that permits, and in some cases encourages, employ- ees to use their own mobile devices to access company computing resources and applications.
3. A(n) is an attack on an information system that takes advantage of a particular system vulnerability. a. virus b. worm c. Trojan horse d. exploit
4. U.S. organizations increasingly rely on commer- cial software with known vulnerabilities. True or False?
432 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
5. A is someone who attacks a com- puter system or network for financial gain. a. hacker b. cracker c. malicious insider d. cybercriminal
6. A is a form of malware that fools its victims into thinking that it is useful software from a legitimate source. a. virus b. worm c. Trojan horse d. ransomware
7. A is a set of programs that enables a user to gain administrative access to the com- puter without the end user’s consent or knowledge. a. zombie b. rootkit c. botnet d. blended threat
8. is an exploit in which victims receive a voice mail message telling them to call a phone number or access a Web site.
9. involves secretly stealing data in the computer systems of organizations. a. Cyberterrorism b. Cyberespionage c. Data breach d. Smishing
Organizations must take strong measures to ensure secure, private, and reliable computing experiences
for their employees, customers, and business partners.
10. is the process of assessing security- related risks to an organization’s computers and networks from both internal and external threats.
11. The concept of recognizes that managers must use their judgment to ensure that the cost of control does not exceed the system’s benefits or the risks involved. a. risk assessment b. reasonable assurance c. security policy d. security versus privacy
12. A(n) stands guard between an organization’s internal network and the Internet and it limits network access based on the organi- zation’s access policy. a. router b. worm hole c. intrusion detection system d. firewall
13. A(n) instruction detection system contains information about specific attacks and system vulnerabilities and watches for attempts to exploit these vulnerabilities.
14. is a discipline that combines ele- ments of law and computer science to identify, collect, examine, and preserve data from com- puter system, networks, and storage devices in a manner that preserves the integrity of data gath- ered so that it is admissible as evidence in a court of law.
Chapter 9: Self-Assessment Test Answers
1. False 2. bring your own device (BYOD) 3. d 4. True 5. d 6. c 7. b
8. Vishing 9. c 10. Risk assessment 11. b 12. d 13. knowledge-based 14. Computer forensics
Review Questions
1. Provide six reasons why computer incidents are so prevalent.
2. What is BYOD? What security issues does it raise?
3. Discuss the importance of installing computer patches and fixes.
4. What is a zero-day attack? 5. What is the difference between a black hat hacker
and a cracker?
6. What is the difference between a virus, worm, a Trojan horse, and a blended threat?
7. What is the CAN-SPAM Act? What is CAPTCHA? 8. Explain how a distributed denial-of-service attack
works. 9. Is a rootkit a blended threat? Explain.
10. What is the difference between phishing, smish- ing, and vishing?
11. What is the role of the US-CERT organization?
CHAPTER 9 • Cybercrime and Information System Security 433
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
12. Outline the steps necessary to conduct an effective computer security risk assessment.
13. What is meant by reasonable assurance? Give a hypothetical example of a security measure that fails the reasonable assurance test.
14. What is the intent of a security policy? What are some of the earmarks of a good security policy?
15. What is meant by a layered security solution? Identify several layers of protective measures commonly employed in many organizations.
16. What is a managed security service provider (MSSP)? What sort of services does such an organization provide?
Discussion Questions
1. A successful distributed denial-of-service attack requires the downloading of software that turns unprotected computers into zombies under the control of the malicious hacker. Should the owners of the zombie computers be fined or otherwise punished as a means of encouraging people to better safeguard their computers? Why or why not?
2. Document a real-world example of a legitimate organization using spam in an effective and nonintrusive manner to promote a product or service.
3. Some IT security personnel believe that their organizations should employ former computer criminals who now claim to be white hat hackers to identify weaknesses in their organizations’ security defenses. Do you agree? Why or why not?
4. You are a computer security trainer for your firm’s 200 employees and contract workers. What
are the key topics you would cover in your initial half-hour basic training program on security for non-IT personnel? What sort of additional security-related training might be appropriate once people have the basics covered?
5. Hundreds of a bank’s customers have called the customer service call center to complain that they are receiving text messages on their phone telling them to log on to a Web site and enter personal information to resolve an issue with their account. What action should the bank take?
6. How would you distinguish between a hacktivist and a cyberterrorist? Should the use of hacktivists by a country against enemy organizations be considered an act of war? Why or why not? How about the use of cyberterrorists?
7. What is the difference between a risk assessment and an IT security audit?
Problem-Solving Exercises
1. Identify three commonly used antivirus software packages. Develop a spreadsheet that compares the cost and fundamental features of each pack- age. Which antivirus solution would you choose and why?
2. Draft a legitimate-looking phishing email that would strongly tempt its recipients to click on a link to a Web site or open an email attachment.
3. Use the data breach statistics found at http://www .idtheftcenter.org/images/breach/2005to2015mul tiyear.pdf to develop a bar chart showing the number of data breaches year-by-year by entity (business, educational, government/ military, medical/health, and banking/credit/financial) from 2005 to 2015. In which entity is the number of data breaches increasing fastest? What other conclusions can you draw from your graph?
Team Activities
1. You and your team have been hired to assess the computer security of a small retailer. Where would you begin your assessment? What would you look for?
2. Your team is assigned responsibility to identify an appropriate MSSP provider for a small, rural hospital. What criteria will you use to select an appropriate provider? Do research online to
identify three MSSP providers. Use the criteria to rate each of the three and choose the one that would be best for the hospital.
3. Imagine that your team must obtain the email logon and password to as many email accounts as possible. Brainstorm ideas that might enable you to obtain these credentials.
434 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Web Exercises
1. Do research on the effectiveness of the Control- ling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act. Would you recommend any changes to this act? If so, what changes would you like to see implemented and why?
2. Do research to gain an understanding of why policies regarding BYOD are necessary for organizations that must abide by HIPAA
regulations. Do you believe that employees of a large healthcare provider should be able to bring their own device to work? Why or why not?
3. Do research to find out more about DEF CON, one of the world’s largest hacker conventions, held annually in Las Vegas, Nevada. Who attends this conference, and what sort of topics are covered? Is there value in IS security professionals attending this conference? Why or why not?
Career Exercises
1. Do research to determine typical starting salaries for someone with a four-year degree in computer forensics. What is the future demand for indivi- duals trained in computer forensics? Do further research to find three universities that offer four-year degrees specializing in computer foren- sics. Compare the three programs, and choose the best one. Why did you choose this university?
2. You are one of the top students in your univer- sity’s computer science program of 100 students, and you have agreed to meet with a recruiter from the Department of Homeland Security. Over dinner, he talks to you about the increasing threat of cyberterrorist attacks launched on the United
States by foreign countries and the need to counter those attacks. The agency has a strong need for people that can both develop and defend against zero-day exploits that could be used to plant malware in the software used by the government and military computers. At the end of the dinner, the recruiter turns to you and asks: “Would such a role be of interest to you?” How do you respond?
3. Do research to learn more about the role of an information system security auditor. What is the role of an auditor, what sort of tasks does one perform, and what skills and training are necessary?
Case Studies
Case One
Fairplay Turns to a Managed Security Service Provider Fairplay Finer Foods is an independent grocery retailer that operates in the greater Chicago area. From its beginning, Fairplay’s mission has been to provide quality foods at an affordable price along with exceptional customer service. Starting with a single store in 1975, Fairplay has since grown to seven locations. The opening of each new store led to increased sales and attracted new customers; however, expansion also raised new information system needs as well as information security risks.
Due to its size, it was not practical for Fairplay to create and run its own information systems organization, so it contracted with KCS Computer Technology, Inc., to provide these services along with the necessary computer hardware and systems. One of KCS’s key accomplishments for Fairplay was to implement and manage a corporate network that the grocery chain uses to run applications and communicate across all of its stores.
Another important area of focus for KCS involved helping Fairplay manage issues related to the Payment Card Industry Data Security Standard (PCI DSS). Retailers accepting credit cards and other forms of electronic payment
are required to comply with the PCI DSS. The PCI DSS standard ensures that businesses follow best practices for protecting their customers’ payment card information. A strong desire to ensure compliance with the PCI DSS standard and concern over potential network security issues led Fairplay and KCS to seek out a managed security service provider (MSSP).
After a thorough investigation, Fairplay and KCS selected ControlScan, an MSSP headquartered in Atlanta, based on its simple pricing model, stable of certified security experts, advanced technology, and solid reputation. As part of its contract with Fairplay, ControlScan agreed to serve as an extension of KCS, delivering cloud-based security technologies and related security support services, including:
● Installing, configuring, and monitoring a system of next-generation firewalls
● Investigating, responding to, and reporting on security-related events
● Providing network usage reports for insights into company resource utilization
● Upgrading the network on an ongoing basis by implementing the latest security enhancements
● Providing expertise to reduce network complexity and contain network-related costs
CHAPTER 9 • Cybercrime and Information System Security 435
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
ControlScan’s initial action was to install next-generation firewall appliances to protect each of Fairplay’s locations. This work was completed overnight in a single night to minimize business disruption. ControlScan then conducted a thorough PCI gap analysis to compare current Fairplay security controls with those required by the PCI DSS. ControlScan developed a detailed set of recommendations and options for eliminating the gaps; thus, giving Fairplay management a roadmap to achieve full PCI DSS compliance. Finally, ControlScan did a full review of all of Fairplay’s existing information systems and security policies, working with the chain’s IS staff to tweak and customize policies where necessary.
Critical Thinking Questions 1. What advantages does use of an MSSP offer a small
retailer like Fairplay? Can you think of any potential drawbacks of this approach? Is there a danger in placing too much trust in the use of an MSSP? Explain?
2. Data breaches at major retailers, such as Neiman Marcus, Target, and others, in recent years have shown that compliance with the Payment Card Industry Data Security Standard (PCI DSS) is no guarantee against an intrusion (see Vijayan, Jaikumar, “After Target, Neiman Marcus Breaches, Does PCI Compliance Mean Anything?,” ComputerWorld, January 24, 2014). If you were a member of Fairplay’s management team, what additional actions would you take to ensure your customer’s credit card data is not stolen?
3. Do research on the Web to gain insight into the evolution of the PCI DSS standard. What major changes were made in moving from PCI 2.0 to PCI 3.0? What changes are being suggested for future versions of the PCI standard?
SOURCES: “About Fairplay,” Fairplay, www.fairplayfoods.com/about, accessed April 12, 2016; “KCS Computer Technology,” KCS Computer Technology, Inc., www.kcstech.com, accessed March 12, 2016; “Fairplay Finer Foods Secures Chain Stores with ControlScan Managed Security Services,” ControlScan, www.controlscan.com/fairplay-finer-foods -secures-chain-stores-with-controlscan-managed-security-services, accessed April 12, 2016; “PCI Facts,” PCI Compliance Guide, www .pcicomplianceguide.org/pci-faqs-2/#1, April 12, 2016.
Case Two
Sony’s Response to North Korea’s Cyberattack On November 24, 2014, employees of Sony Pictures Entertainment booted up their computers to find an image of a skull along with a message from a group calling itself the Guardians of Peace. The message read: “We’ve already warned you and this is just the beginning. We’ve obtained all your internal data including your secrets and top secrets [which will be released] if you don’t obey us.”
As Sony would eventually discover, the hackers had stolen reams of sensitive data, including the Social Security numbers of 47,000 current and former employees, system passwords, salary lists, contracts, and even copies of some Sony employees’ passports. The hackers accessed hundreds of Outlook mailboxes as well as Sony IT audit documents. They also stole media files and placed pirated copies of five
of Sony’s movies on illegal file-sharing servers. Sony was forced to completely shut down its information systems in an attempt to stem the data breach. Ultimately, Sony would determine that the damage done by the hackers was far more extensive than it first believed. Not only had data been stolen, but 75 percent of the company’s servers had been destroyed and several internal data centers had been wiped clean.
Contacted within hours of the event, the FBI soon identified the culprit. In June, several months before the hack, North Korea’s Ministry of Foreign Affairs had declared that it would take “a decisive and merciless countermeasure” if the U.S. government did not prevent the planned release of Sony’s motion picture The Interview, which features two reporters who venture to North Korea to interview and assassinate the country’s dictator, Kim Jong-un. In the film, the main character, initially won over by the dictator’s apparent kindness, discovers that the tyrant is lying about the country’s prosperity and freedoms. The plot, along with the movie’s unflattering portrayal of the dictator as ruthless and childish, had caught the attention of the North Korean government.
The U.S. government disclosed that it had proof that the North Koreans had made good on their threat. The U.S. National Security Agency (NSA) had reportedly penetrated the North Korean cyberwarfare unit four years prior to the attack and had been monitoring its capabilities since then. After Sony alerted the FBI of the attack, the NSA was able to trace the attack back to North Korea, using a digital fingerprint the hackers had left in the malware. Several weeks after the attack, FBI Director James Comey, revealed in a speech that the Sony hackers had been sloppy. “We could see that the IP [Internet protocol] addresses that were being used to post and to send the emails were coming from IPs that were exclusively used by the North Koreans.”
The hackers warned Sony not to release The Interview, and then on December 16, the group issued a message threatening large terrorist attacks on theaters that showed the film. The National Organization of Theatre Owners contacted the Department of Homeland Security for information and advice. The FBI and NSA released a bulletin explaining that they had no credible information about a plan to attack theaters, but they could neither confirm nor deny whether the hackers had the ability to launch such an attack. Shortly after the bulletin was released, the four largest U.S. theater chains withdrew their requests to show the movie—Carmike Cinemas first, followed by Regal Entertainment, AMC Entertainment, and Cinemark. Within hours, Sony announced that it had canceled the film’s release. White House officials, Hollywood personalities, and the media were aghast. Comedian Jimmy Kimmel tweeted that the decision by the major theater chains to refuse to screen The Interview was “an un-American act of cowardice that validates terrorist actions and sets a terrifying precedent.”
On December 19, President Obama addressed the issue publicly: “Sony is a corporation. It suffered significant damage. There were threats against its employees. I’m sympathetic to the concerns that they faced. Having said all that, yes, I think they made a mistake.” Obama explained, “We cannot have a society in which some dictator in some place can start imposing censorship in the United States.” The president’s remarks highlighted the seriousness of the
436 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
incident to the American public, many of whom came to view the incident as an attack on the freedom of expression.
In response to Obama’s comments, Sony officials released a statement later the same day: “Let us be clear—the only decision that we have made with respect to release of the film was not to release it on Christmas Day in theaters, after the theater owners declined to show it.... After that decision, we immediately began actively surveying alternatives to enable us to release the movie on a different platform. It is still our hope that anyone who wants to see this movie will get the opportunity to do so.”
In fact, on Christmas Day, the planned release day in the theater, The Interview became available through video- on-demand outlets such as Amazon.com, and within less than a month, the movie had brought in over $40 million in revenue. Approximately 6 million viewers had rented or purchased the movie in this way. Several hundred movie theaters that opted to screen the movie generated another $6 million. Over the next two months, Sony also released the movie on Netflix, on DVD and Blu-Ray, and in theaters in other countries.
Meanwhile, Sony has worked to recover from the damage done to the company itself by the hack. Sony Pictures’ parent company, which is based in Japan, asked regulators there for an extension to file its third-quarter financial results. It also fired executive Amy Pascal whose leaked emails contained derogatory remarks about Hollywood producers and the U.S. president’s movie preferences. The company also provided one year of free credit protection services to current and former employees.
In February 2015, President Obama held the first-ever White House summit on cybersecurity issues in Silicon Valley. The summit was billed as an attempt to deal with the increasing vulnerability of U.S. companies to cyberattacks— including those backed by foreign governments. However, the chief executives of Microsoft, Google, Facebook, and Yahoo all refused to attend the summit. Those companies have long advocated for the government to stop its practice of collecting and using private data to track terrorist and criminal activities and have worked to find better ways to encrypt the data of their customers. However, U.S. security agencies have continually pressured the IT giants to keep the data as unencrypted as possible to facilitate the government’s law enforcement work. Ultimately, both the government and private businesses will need to find a way to work together to meet two contradictory needs—the country’s need to make itself less vulnerable to cyberattacks while at the same time protecting itself from potential real-world violence.
Critical Thinking Questions 1. Do you think that Sony’s response to the attack was
appropriate? Why or why not? 2. What might Sony and the U.S. government done
differently to discourage future such attacks on other U.S. organizations?
3. Are there measures that organizations and the U.S. government can take together to prevent both real-world terrorist violence and cyberattacks?
SOURCES: Barrett, Devlin and Danny Yadron, “Sony, U.S. Agencies Fumbled After Cyberattack,” Wall Street Journal, February 22, 2015, www.wsj.com/articles/sony-u-s-agencies-fumbled-after-cyberattack -1424641424; Mitchell, Andrea, “Sony Hack: N. Korean Intel Gleaned by NSA during Incursion,” NBC News, January 18, 2015, www.nbcnews. com/storyline/sony-hack/sony-hack-n-korean-intel-gleaned-nsa-during -incursion-n288761; Schatz, Amy, “Obama Acknowledges Strains with SiliconValley,” SFGate, February 14, 2015, http://blog.sfgate.com/tech chron/2015/02/14/obama-acknowledges-strains-with-silicon-valley/; Dwyer, Devin and Mary Bruce, “Sony Hacking: President Obama Says Company Made ?Mistake’ in Canceling ‘The Interview,’” ABC News, December 19, 2014, http://abcnews.go.com/Politics/obama-sony-made -mistake-canceling-film-release/story?id=27720800; Pallotta, Frank, “Sony’s ‘The Interview’ Coming to Netflix,” CNN Money, January 20, 2015, http://money.cnn.com/2015/01/20/media/the-interview-makes -40-million/; Pepitone, Julianne, “Sony Hack: ‘Critical’ Systems Won’t Be Back Online until February,” NBC News, January 23, 2015, www. nbcnews.com/storyline/sony-hack/sony-hack-critical-systems-wont-be -back-online-until-february-n292126; Cieply, Michael and Brooks Barnes, “Sony Cyberattack, First a Nuisance, Swiftly Grew into a Firestorm,” New York Times, December 30, 2014, www.nytimes.com /2014/12/31/business/media/sony-attack-first-a-nuisance-swiftly-grew -into-a-firestorm-.html; “The Interview: A Guide to the Cyber Attack on Hollywood,” BBC, December 29, 2014, www.bbc.com/news/entertain ment-arts-30512032; Whittaker, Zack, “FBI Says North Korea Is ‘Responsible’ for Sony Hack, as White House Mulls Response,” ZDNet, December 19, 2014, www.zdnet.com/article/us-government-officially -blames-north-korea-for-sony-hack/; Osborne, Charlie, “Sony Pictures Corporate Files Stolen and Released in Cyberattack,” ZDNet, November 28, 2014, www.zdnet.com/article/sony-pictures-corporate-files-stolen -and-released-in-cyberattack; Osborne, Charlie, “Sony Hack Exposed Social Security Numbers of Hollywood Celebrities,” ZDNet, December 5, 2015, www.zdnet.com/article/sony-hack-exposed-social-security -numbers-of-hollywood-celebrities/; Sanger, David E. and Nicole Perlroth, “Obama Heads to Tech Security Talks amid Tensions,” New York Times, February 12, 2015, www.nytimes.com/2015/02/13/business /obama-heads-to-security-talks-amid-tensions.html; Whitney, Lance, “Sony Seeks to Delay Filing Earnings in Wake of Cyberattack,” CNET, January 23, 2015, www.cnet.com/news/sony-asks-to-delay-filing-earn ings-due-to-cyberattack.
Notes
1. “Big Data and Predictive Analytics: On the Cybersecurity Frontline,” International Data Corporation, February 2015.
2. “The Global State of Information Security Survey 2016,” PwC, www.pwc.com/gx/en/issues/cyber-security/informa tion-security-survey/industry.html, accessed April 16, 2016.
3. “The Global State of Information Security Survey 2016,” PwC, www.pwc.com/gx/en/issues/cyber-security/informa tion-security-survey/industry.html, accessed April 16, 2016.
4. “Secunia Vulnerability Review—The Highlights,” Secu- nia, http://secunia.com/vulnerability-review/vulnerabil ity_update_all.html, accessed February 14, 2015.
5. “Flexera Software Vulnerability Review 2016,” Flexera, March 16, 2016, http://learn.flexerasoftware.com/SVM -WP-Vulnerability-Review-2016.
6. Perlroth, Nicole and Sanger, David E., “Nations Buying as Hackers Sell Flaws in Computer Code.” July 13, 2013, New York Times, www.nytimes.com/2013/07/14/world
CHAPTER 9 • Cybercrime and Information System Security 437
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
/europe/nations-buying-as-hackers-sell-computer-flaws. html?_r=0.
7. Markert, Jennifer, “How Zero-Day Exploits Are Bought and Sold in a Murky, Unregulated Market,” Curious- matic, February 23, 2015, https://curiousmatic.com/zero -day-exploits.
8. Khandelwal, Swati, “MAC OS X Zero-Day Exploit Can Bypass Apple’s Latest Protection Feature,” Hacker News, March 24, 2016, http://thehackernews.com/2016/03 /system-integrity-protection.html.
9. Ashford, Warick, “US Hospital Pays •12,000 to Ransom- ware Attackers,” Computer Weekly, February 18, 2016, www.computerweekly.com/news/4500273343/US-hospi tal-pays-12000-to-ransomware-attackers.
10. Danchev, Dancho, “Cornficker’s Estimated Economic Cost? $9.1 Billion,” ZDNet, April 23, 2009, www.zdnet. com/blog/security/confickers-estimated-economic-cost -9-1-billion/3207.
11. Aksoy, Pelin Aksoy and Denardis, Laura, Information Technology in Theory (Boston: Cengage Learning, ©2007), pp. 299–301.
12. Cloherty, Jack and Thomas, Pierre, “‘Trojan Horse’ Bug Lurking in Vital US Computers since 2011,” ABC News, November 6, 2014, http://abcnews.go.com/US/trojan -horse-bug-lurking-vital-us-computers-2011/story? id=26737476.
13. Schwartz, Matthew, J., “How South Korean Bank Mal- ware Spread,” InformationWeek, March 25, 2013, www .darkreading.com/attacks-and-breaches/how-south- korean-bank-malware-spread/d/d-id/1109239?.
14. Johnston, Nick, “Short, Sharp Spam Attacks Aiming to Spread Dyre Financial Malware,” Symantec, January 28, 2015, www.symantec.com/connect/blogs/short-sharp -spam-attacks-aiming-spread-dyre-financial-malware.
15. “Spam Statistics for the Week Ending January 18, 2015,” Trustwave, www3.trustwave.com/support/labs/spam _statistics.asp.
16. Baraniuk, Chris, “DDoS: Website-Crippling Cyber- Attacks to Rise in 2016,” BBC News, January 27, 2016, www.bbc.com/news/technology-35376327.
17. Cowly, Stacy, “Grum Takedown: ‘50 Percent of World- wide Spam Is Gone’,” CNN Money, July 19, 2012, http:// money.cnn.com/2012/07/19/technology/grum-spam-bot net/index.htm.
18. Kalunian, Kim, “2012 Rootkit Computer Virus ‘Worst in Years’,” Warwick Beacon, December 20, 2011, www. warwickonline.com/stories/2012-rootkit-computer-virus -worst-in-years,65964.
19. Rouse, Margaret, “Advanced Persistent Threat,” Tech- Target, http://searchsecurity.techtarget.com/definition /advanced-persistent-threat-APT, accessed February 17, 2015.
20. “Advanced Persistent Threats: How They Work,” Symantec, www.symantec.com/theme.jsp?themeid=apt- infographic-1, accessed February 17, 2015.
21. “International Hacking Ring Steal up to $1 Billion from Banks,” Economic Times, February 16, 2015, http://eco nomictimes.indiatimes.com/articleshow/46256846.cms? utm_source=contentofinterest&utm_medium=text&utm _campaign=cppst.
22. “Fraud Alert: New Phishing Tactics—and How They Impact Your Business,” Thawte, https://community
.thawte.com/system/files/download-attachments/Phish ing%20WP_D2.pdf, accessed March 11, 2015.
23. Raywood, Dan, “Anthem Breach Victims Hit with Yet another Phishing Scam,” Security News, February 16, 2015, www.itproportal.com/2015/02/16/anthem-breach -victims-hit-yet-another-phishing-scam.
24. “3/2/2016 Phishing Attack,” UITS Help Center, March 2, 2016, http://helpcenter.uconn.edu/2016/03/15/322016 -phishing-attack.
25. “4/7/2016 Phishing Attack,” Information Security Office, University of Connecticut, April 7, 2016, http://security .uconn.edu/2016/04/07/472016-phishing-attack.
26. Ragan, Steve, “Phishing Attacks Targeting W-2 Data Hit 41 Organizations in Q1 2016,” CSO, March 24, 2016, www.csoonline.com/article/3048263/security/phishing -attacks-targeting-w-2-data-hit-41-organizations-in-q1 -2016.html.
27. Brook, Chris, “Vishing Attacks Are Targeting Dozens of Banks,” Threat Post, April 29, 2014, https://threatpost .com/vishing-attacks-targeting-dozens-of-banks/105774.
28. McGlasson, Linda, “How to Respond to Vishing Attacks: Bank, State Associations Share Tips for Incident Response Plan,” BankInfoSecurity.com, April 26, 2010, www.bankinfosecurity.com/p_print.php?t=a &id=2457.
29. Greene, Tim, “Anthem Hack: Personal Data Stolen Sells for 10× Price of Stolen Credit Card Numbers,” Network World, February 6, 2015, www.networkworld.com/arti cle/2880366/security0/anthem-hack-personal-data-sto len-sells-for-10x-price-of-stolen-credit-card-numbers. html.
30. Palermo, Elizabeth, “10 Worst Data Breaches of All Time,” Tom’s Guide, February 6, 2015, www.tomsguide. com/us/biggest-data-breaches,news-19083.html.
31. Greene, Tim, “The Biggest Data Breaches of 2015,” Net- work World, December 2, 2015, www.networkworld. com/article/3011103/security/biggest-data-breaches-of -2015.html.
32. Kan, Michael, “China Counters US Claims with Own Charges of Cyber-Espionage,” PC World, May 19, 2014, www.pcworld.com/article/2157080/china-counters-us- claims-with-own-charges-of-cyberespionage.html.
33. Yan, Sophia, “Chinese Man Admits to Cyber Spying on Boeing and Other U.S. Firms,” CNN Money, March 24, 2016, http://money.cnn.com/2016/03/24/technology /china-cyber-espionage-military/index.html.
34. Pellerin, Cheryl, “White House Announces Voluntary Cybersecurity Framework,” U.S. Department of Defense, February 13, 2015, http://archive.defense.gov/news/news article.aspx?id=121660.
35. “About DHS,” Department of Homeland Security, www. dhs.gov/about-dhs, accessed April 7, 2016.
36. “Office of Cybersecurity and Communications,” Depart- ment of Homeland Security, http://www.dhs.gov/office -cybersecurity-and-communications, accessed April 7, 2016.
37. “About DHS,” Department of Homeland Security, www .dhs.gov/about-dhs, accessed April 8, 2016.
38. Zetter, Kim, “Everything We Know about Ukraine’s Power Plant Hack,” Wired, January 20, 2016, http://www .wired.com/2016/01/everything-we-know-about-ukraines -power-plant-hack.
438 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
39. H. R. 3162, 107th Cong. (2001), www.gpo.gov/fdsys/pkg /BILLS-107hr3162enr/pdf/BILLS-107hr3162enr.pdf, accessed April 8, 2016.
40. “AVAAP Case Studies: Algoma Central Corporation,” AVAAP, www.avaap.com/case-studies, accessed April 12, 2016.
41. “Case Study: Grant Thornton, Global Accounting, Tax And Advisory Company Puts Its Trust in AccessData for Computer Forensics and E-Discovery Solutions,” Access- Data, http://accessdata.com/resources/digital-forensics /case-study-grant-thornton-global-accounting-tax -and-advisory-company-puts-i, accessed April 9, 2016.
CHAPTER 9 • Cybercrime and Information System Security 439
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
CHAPTER
10 Ethical, Legal, and Social Issues of Information Systems
phoenixman/Shutterstock.com
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Know?Did Yo u
• The Government Accounting Office (GAO) conducted a check of the three federal departments with the largest IS budgets—the Defense Department, Department of Homeland Security, and Department of Health and Human Services. It uncovered a total of $321 million spent in the six-year period from 2008 to 2013 on pro- jects that duplicated other efforts within those same agencies.
• A study conducted by researchers at the University of Nevada estimated that wasting time online (or “cyber- loafing,” as it is sometime called) costs U.S. businesses more than $85 billion annually.
• Over the course of 12 years, a problem with the soft- ware used by the Washington State Department of Corrections to calculate prison sentences caused the early release of 3,200 inmates—approximately 3 per- cent of all inmates released during that time period.
• The city of Houston was forced to switch providers for its online wellness program after many city employees balked at providing private information to a company whose authorization form indicated that it might pass the data to other third-party vendors and that the data might be subject to “re-disclosure,” could be posted in areas reviewable by the public, and might no longer protected by privacy law.
Principles Learning Objectives
• Policies and procedures must be established to avoid waste and mistakes associated with com- puter usage.
• Describe some examples of waste and mistakes in an IS environment, their causes, and possible solutions.
• Identify policies and procedures useful in elimi- nating waste and mistakes.
• The use of technology requires balancing the needs of those who use the information that is collected against the rights of those whose infor- mation is being used.
• Discuss the principles and limits of an individual’s right to privacy.
• Discuss the tradeoffs between security and privacy.
• Jobs, equipment, and working conditions must be designed to avoid negative health effects from computers.
• List the important negative effects of computers on the work environment.
• Identify specific actions that must be taken to ensure the health and safety of employees.
• Practitioners in many professions subscribe to a code of ethics that states the principles and core values that are essential to their work.
• Outline a process for including ethical considera- tions in decision making.
• Define the intent and key elements of an effective code of ethics.
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Why Learn about the Personal and Social Impact of Information Systems? Both opportunities and threats surround a wide range of nontechnical issues associated with the use of information systems and the Internet. The issues span the full spectrum—from preventing computer waste and mistakes and avoiding violations of privacy to complying with laws on collecting data about customers and monitoring employees. If you become a member of the human resources, information systems, or legal department within an organization, you will likely be challenged with leading your organization in dealing with these and other issues covered in this chapter. Also, as a user of information systems and the Internet, it is in your own self-interest to become well versed on these issues. Developing a better understanding of the topics covered in this chapter will help you to manage in an ethical manner and avoid technology-related problems.
As you read this chapter, consider the following:
• How can the use of technology affect you and your organization?
• How can you include ethical factors in your decision-making process?
Earlier chapters detailed the significant benefits of computer-based informa- tion systems in business, including increased profits, superior goods and ser- vices, and higher quality of work life. Computers have become such valuable tools that most businesspeople today have difficulty imagining how they would accomplish their work without them. Yet, the information age has also brought the potential for cybercrime as well as the following potential pro- blems for workers, companies, and society in general:
● Computer waste and mistakes ● Trade-offs between privacy and security ● Work environment problems ● Ethical issues
This chapter discusses these important social and ethical issues, which underlie the design, building, and use of computer-based information sys- tems. No business organization, and hence, no information system, operates in a vacuum. All IS professionals, business managers, and users have a responsibility to see that the potential consequences of IS use are fully con- sidered. Even entrepreneurs, especially those who use computers and the Internet, must be aware of the potential personal and social impact of com- puters. We’ll begin with a discussion of preventing computer waste and mistakes.
Computer Waste and Mistakes
Computer-related waste and mistakes are major causes of computer problems, contributing to unnecessarily high costs and lost profits. Examples of computer- related waste include organizations operating unintegrated information systems, acquiring redundant systems, and wasting information system resources. Computer-related mistakes refer to errors, failures, and other computer problems that make computer output incorrect or not useful; most of these are caused by human error. This section explores the damage that can be done as a result of computer waste and mistakes.
Computer Waste Some organizations continue to operate their businesses using unintegrated information systems, which makes it difficult for decisions makers to
442 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
collaborate and share information. This practice leads to missed opportunities, increased costs, and lost sales. For example, most local health departments use a combination of state-provided and locally implemented information sys- tems for patient data collection, management, and reporting. In a recent study of the use of such information systems, many public health workers reported system inefficiencies, difficulties in generating reports, and limited data acces- sibility, necessitating the need for system workarounds. In addition, the use of a “shadow system” to maintain a duplicate—and more easily accessible—set of information is common.1 Such inefficient systems add to the growth in healthcare costs.
Many organizations unknowingly waste money to acquire systems in dif- ferent organizational units that perform nearly the same functions. Implemen- tation of such duplicate systems unnecessarily increases hardware and software costs. The U.S. government spends billions of dollars on information systems each year, with almost $90 billion spent in fiscal year 2015 alone.2
Some of this spending goes toward providing information systems that pro- vide similar functions across the various branches and agencies of the govern- ment. The Government Accounting Office (GAO) conducted a check of the three federal departments with the largest IS budgets—the Defense Depart- ment, Department of Homeland Security, and Department of Health and Human Services. It uncovered a total of $321 million spent in the six-year period from 2008 to 2013 on projects that duplicated other efforts within those same agencies.3 In 2015, the GAO released a follow-up report urging government agencies to increase the use of strategic sourcing contracts as one way to cut down on duplicative IS spending. Strategic sourcing is the structured and collaborative process of analyzing an organization’s spending patterns to better leverage its purchasing power, eliminate contract duplica- tion, reduce costs, and improve overall performance.4
A less dramatic, yet still relevant, example of waste is the amount of com- pany time, money, and IS resources that some employees misuse through text- ing, sending personal email, playing computer games, surfing the Web, shopping online, and checking for updates on Instagram or Facebook. In fact, in a recent survey of more than 2,100 human resource professionals, cell phones/texting (52 percent) and the Internet (44 percent) were listed as the big- gest productivity killers in the workplace.5 A study conducted by researchers at the University of Nevada estimated that wasting time online (or “cyberloafing,” as it is sometime called) costs U.S. businesses more than $85 billion annually.6
As a result, many companies are exploring new tools to help improve workers’ productivity, such as using an open space layout instead of cubicles, banning personal calls/cell phones, monitoring emails and Internet usage, and blocking certain Internet sites entirely.7 A team of researchers from the Uni- versity of Arizona has developed software that is designed to reduce cyber- loafing by dividing the Internet into sites that employees can always visit, sometimes visit, and never visit (the software completely blocks certain Web sites, such as pornography sites and video-streaming sites that use up too much company bandwidth). The software includes on-screen reminders that alert employees when they are visiting sites that are likely not work-related, and after a total of 90 minutes spent browsing leisure sites in any given day, an employee loses access to those sites unless they get approval from their manager.8
Computer-Related Mistakes Despite many people’s distrust of them, computers rarely make mistakes. If users do not follow proper procedures, however, even the most sophisticated hardware cannot produce meaningful output. Mistakes can be caused by unclear expectations coupled with inadequate training and a lack of feedback.
CHAPTER 10 • Ethical, Legal, and Social Issues of Information Systems 443
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
A programmer might also develop a program that contains errors, or a data- entry clerk might enter the wrong data. Unless errors are caught early and corrected, the speed of computers can intensify mistakes.
Some of the most common computer-related mistakes include the following:
● Data-entry or data-capture errors ● Programming errors ● Errors in handling files, including formatting a disk by mistake, copying
an old file over a newer one, and deleting a file by mistake ● Mishandling of computer output ● Inadequate planning for and control of equipment malfunctions ● Inadequate planning for and control of environmental difficulties (e.g.,
electrical and humidity problems) ● Inadequate planning for hardware and software upgrades ● Installing computing capacity inadequate for the level of activity ● Failure to provide access to the most current information either by not
adding new Web links or not deleting old links
As information technology becomes faster, more complex, and more pow- erful, organizations and computer users face increased risks of experiencing the results of computer-related mistakes. Consider these recent examples of computer-related mistakes:
● In late 2015, the Treasury Inspector General for Tax Administration (TIGTA) released an audit showing that due to a programming error, the IRS issued over $27 million in refunds on more than 13,000 tax returns that had initially been flagged as potentially fraudulent for the 2013 tax year. The computer glitch overrode the fraud warning flags, causing the returns to be processed rather than set aside for review. The inspector general’s report warned that if the programming error was not fixed, it could allow the IRS to issue more than $135 million in potentially errone- ous refunds over the next five years.9
● Over the course of 12 years, a problem with the software used by the Washington State Department of Corrections to calculate prison sentences caused the early release of 3,200 inmates—approximately 3 percent of all inmates released during that time period. The problem first came to light when the family of a crime victim was notified of the impending release of the inmate involved in the crime. After doing its own calculations, the family contacted the Department of Corrections, pointing out that the inmate was being released earlier than had been ordered by the court; however, the department delayed fixing the software for another three years. During that time, two inmates who were mistakenly released early were each charged with killing someone in separate incidents.10
● The New York Stock Exchange (NYSE) was forced to cancel all open orders and suspend trading for almost four hours in July 2015 due to “technical issues” tied to the phased roll-out of a new software release to one trading unit. According to the exchange, which handles approxi- mately 10 percent of all stock trading worldwide, the update caused com- munications problems between the new software and the exchange’s gateways, which are the access points used by traders and other exchanges to connect with the NYSE—ultimately requiring the temporary shutdown of all trading operations.11,12
● In April 2016, an error with its payment processing software caused American Honda Finance Corporation (AHFC) to double-charge many customers for their monthly vehicle payments, resulting in some custo- mers also being hit with overdraft fees from their banks. Because of the number of customers affected, AHFC’s customer service team became overwhelmed, and customer hold times exceeded 20 to 30 minutes. AHFC
444 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
issued refunds to most customers within two to three days, but the com- pany’s reputation took a hit as many affected consumers took to social media to criticize the company’s handling of the software glitch.13,14
Preventing Computer-Related Waste and Mistakes To remain profitable in a competitive environment, organizations must use their resources wisely. To employ IS resources efficiently and effectively, employees and managers alike should strive to minimize waste and mistakes. This effort involves establishing, implementing, monitoring, and reviewing effective policies and procedures.
Establishing Policies and Procedures The first step in preventing computer-related waste and mistakes is to estab- lish policies and procedures regarding efficient acquisition, use, and disposal of systems and devices. Computers permeate organizations today, and it is critical for organizations to ensure that systems are used to their full potential. As a result, most companies have implemented stringent policies on the acquisition of computer systems and equipment, including requiring a formal justification statement before computer equipment is purchased, defining standard computing platforms (operating system, type of computer chip, min- imum amount of RAM, etc.), and mandating the use of preferred vendors for all acquisitions. Most organizations have also established strong policies to prevent employees from wasting time using computers inappropriately at work.
Training programs for individuals and work groups as well as manuals and documents covering the use and maintenance of information systems can also help prevent computer waste and mistakes. The Error Prevention Insti- tute offers online training on preventing human errors that explains the underlying reasons that humans make mistakes and how these mistakes can be prevented.15 Additional preventive measures include the requirement that all new applications be approved through an established process before they are rolled out in order to ensure cost effectiveness and compatibility with other systems and hardware. Some organizations also require that documenta- tion and descriptions of certain applications, including all cell formulas for spreadsheets and a description of all data elements and relationships in a database system, be filed or submitted to a central office. Such standardization can ease access and use for all personnel. Examples of other useful policies to minimize waste and mistakes include the following:
● Changes to critical tables, HTML, and URLs should be tightly controlled, with all changes documented and authorized by responsible owners.
● A user manual should be available covering operating procedures and documenting the management and control of the application.
● Each system report should indicate its general content in its title and specify the time period covered.
● The system should have controls to prevent invalid and unreasonable data entry.
● Controls should exist to ensure that data input, HTML, and URLs are valid, applicable, and posted in the right time frame.
● Users should implement proper procedures to ensure correct input data.
After companies plan and develop policies and procedures, they must consider how best to implement them.
Implementing Policies and Procedures The process of implementing policies and procedures to minimize waste and mistakes varies by organization. Most companies develop such policies and
CHAPTER 10 • Ethical, Legal, and Social Issues of Information Systems 445
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
procedures with advice from the firm’s internal auditing group or its external auditing firm. The policies often focus on the implementation of source data automation, the use of data editing to ensure data accuracy and completeness, and the assignment of clear responsibility for data accuracy within each infor- mation system.
Training and communication are the keys to the successful acceptance and implementation of policies and procedures. Because more and more peo- ple use computers in their daily work, they must understand how to use them. See Figure 10.1. Many users are not properly trained in using applica- tions, and their mistakes can be very costly. Others do not have a good under- standing of the policies and procedures they are expected to follow as part of their job due to inadequate training. Importantly, employees should be edu- cated on the rationale behind the IS policies and procedures they are expected to follow, including how the policies and procedures tie into the organization’s overall strategy.16
Monitoring Policies and Procedures To ensure that users throughout an organization are following established procedures, routine practices must be monitored and corrective action must be taken when necessary. By understanding what is happening in day-to-day activities, organizations can make adjustments or develop new procedures. Many organizations perform audits to measure actual results against estab- lished goals, such as percentage of end-user reports produced on time, per- centage of data-input errors detected, and number of input transactions entered per eight-hour shift. Audits can also be used to track the amount of time employees spend on non-work-related Web sites and to determine if spe- cific system policies and procedures are being followed consistently.
An audit at the U.S. Department of Veterans Affairs found that while the agency has recently made improvements in its efforts to develop and distrib- ute policies and procedures related to its information security and risk man- agement programs, it continues to struggle with the implementation of such policies and procedures. For example, by monitoring the permissions settings related to system ID management and access controls, the auditors found mul- tiple instances of “unnecessary system privileges, excessive and unauthorized user accounts, accounts without formal access authorizations, and active
FIGURE 10.1 Computer training Training helps to ensure acceptance and implementation of policies and procedures. G
oo dl uz /S hu tt er st oc k. co m
446 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
accounts for terminated personnel.” The auditors’ report included recommen- dations that all VA locations implement periodic access reviews, enable audit logs, and enforce password policies on all operating systems, databases, appli- cations, and network devices.17
Reviewing Policies and Procedures The final step in preventing computer-related waste and mistakes is to review existing policies and procedures to determine whether they are adequate. During the review, people should ask the following questions:
● Do current policies cover existing practices adequately? Were any pro- blems or opportunities uncovered during monitoring?
● Does the organization plan any new activities in the future? If so, does it need new policies or procedures addressing who will handle them and what must be done?
● Are contingencies and disasters covered?
This review and planning allows companies to take a proactive approach to problem solving, which can enhance a company’s performance by increas- ing productivity and improving customer service. During such a review, com- panies can take into account upcoming changes in information systems that could have a profound effect on many business activities.
The results of failing to review and plan changes in policies and proce- dures can lead to disastrous consequences. For example, an internal review at Boston-based State Street Corporation revealed that the financial services giant had been overcharging its customers for a variety of administrative ser- vices for more than 18 years—to the tune of $200 million. Although State Street had assured its clients, who are primarily large institutions, such as pension funds and mutual funds, that it was only passing along actual costs, it was in fact significantly overcharging those customers for postage and for services such as printing and sending secure emails (State Street allegedly charged $5 per email message, even though the actual cost was only 25 cents). When the company announced its findings, it did not reveal the cause of the systemic overcharging, indicate how it had been detected, nor explain why earlier policy and systems reviews did not highlight the problem—key questions as the Massachusetts Securities Division has since found evidence that State Street employees were questioning the charges as far back as 2004. The company is now faced with reimbursing its clients— with interest—as well as with responding to a civil complaint filed by the Massachusetts’s Secretary of State, which could result in a censure and administrative fines.18,19
Information systems professionals and users need to be aware of the mis- use of resources throughout an organization. Preventing errors and mistakes is one way to do so.
Cutting Down on Cyberloafing You are a member of the Human Resources organization of a small tech training development company with some 50 full and part-time workers. A casual check of how workers spend their time indicates that there is a large amount of time spent sending and receiving personal texts and emails, shopping online, and checking of social media Web sites. Especially alarming is the casual viewing of “soft porn” which could open the firm to an expensive lawsuit if an employee sees a coworker viewing porn at work and complains that the company has created a hostile work environment. While the company has made it clear that it can monitor workers’ use of information system resources, no guidelines have been set that clearly indi- cate acceptable and unacceptable use of information system resources.
CHAPTER 10 • Ethical, Legal, and Social Issues of Information Systems 447
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Review Questions 1. What is the harm in nonproductive use of information system resources, isn’t
everybody doing it? 2. What are the keys to successful acceptance and implementation of new poli-
cies and procedures to reduce cyberloafing?
Critical Thinking Questions 1. Do you think that it would help to involve a small group of employees in
defining appropriate use guidelines or should this be done strictly by mem- bers of the Human Resources organization (you and one other person)? Why do you feel this way?
2. Should some sort of penalty be defined for violation of the guidelines or will this simply come across as “too heavy handed” and cause a worker rebellion?
Privacy Issues
Privacy is an important social issue related to the use of information systems. In 1890, U.S. Supreme Court Justice Louis Brandeis stated that the “right to be left alone” is one of the most “comprehensive of rights and the most val- ued by civilized man.” Basically, the issue of privacy deals with this right to be left alone or to be withdrawn from public view. In terms of information systems, issues of privacy relate to the collection and use or misuse of data. Data is constantly being collected and stored on each of us. This data is often distributed over easily accessed networks and without our knowledge or con- sent. Concerns of privacy regarding this data raise difficult questions, includ- ing “Who owns this information and knowledge?” If a public or private organization spends time and resources to obtain data on you, does the orga- nization own the data, and should it be allowed to use the data in any way it desires? To some extent, laws and regulations answer these questions for fed- eral agencies, but many questions remain unanswered for private organiza- tions. Today, many businesses rely on collected personal data to enhance their sales and marketing efforts, and for some organizations, buying and sell- ing personal data is their business. In addition, businesses are sometimes required to respond to requests from law enforcement agencies for informa- tion about its employees, customers, and suppliers. Indeed, some phone and Internet companies have employees whose full-time role it is to deal with information requests from local, state, and federal law enforcement agencies. These and other aspects of privacy create opportunities and challenges for organizations and individuals.
Privacy and the Federal Government Over the last several decades, Congress has approved, and the federal govern- ment has implemented, many laws addressing personal privacy—some of which have been challenged in court cases that have made their way all the way up to the Supreme Court. Some of these laws are renewed periodically, and others have been revised and updated via new legislative action. Some of the most important federal laws relating to privacy are summarized in Table 10.1.
A number of recent revelations—many of which came as a result of the public release of a vast collection of previously classified documents by for- mer NSA contractor, Edward Snowden—regarding previously clandestine fed- eral government data-collection programs have raised concerns and debate between those who favor data collection as a means to increased security and those who view such programs as a violation of rights guaranteed by the
448 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Constitution and Bill of Rights.20 The following examples highlight details of just some of the known federal data-collection programs:
● The NSA began the collection of metadata (the phone numbers of the parties involved in the call, call duration, call location, time and date of the call, and other data) from millions of telephone calls soon after the September 11, 2001, attacks on the United States. The data enables the
TABLE 10.1 Key federal privacy laws and their provisions Law Provisions
Fair Credit Reporting Act of 1970 (FCRA)
Regulates operations of credit-reporting bureaus, including how they collect, store, and use credit information
Family Education Privacy Act of 1974
Restricts the collection and use of data by federally funded educational institutions, including specifications for the type of data collected, access by parents and stu- dents to the data, and limitations on disclosure
Tax Reform Act of 1976 Restricts collection and use of certain information by the Internal Revenue Service
Right to Financial Privacy Act of 1978
Restricts government access to certain records held by financial institutions
Foreign Intelligence Surveillance Act of 1978
Defines procedures to request judicial authorization for electronic surveillance of persons engaged in espionage or international terrorism against the United States on behalf of a foreign power
Electronic Communications Pri- vacy Act of 1986
Defines provisions for the access, use, disclosure, interception, and privacy protec- tions of electronic communications
Computer Matching and Privacy Act of 1988
Regulates cross-references between federal agencies’ computer files (e.g., to verify eligibility for federal programs)
Cable Act of 1992 Regulates companies and organizations that provide wireless communications ser- vices, including cellular phones
Gramm-Leach-Bliley Act of 1999 Requires all financial institutions to protect and secure customers’ nonpublic data from unauthorized access or use
USA Patriot Act of 2001 Requires Internet service providers and telephone companies to turn over customer information, including numbers called, without a court order, if the FBI claims that the records are relevant to a terrorism investigation; Section 215 allowed for the bulk collection of domestic telecommunications metadata (phone numbers, time stamps, call duration, etc.); some provisions of this act were extended by President Barack Obama in 2011, and some provisions (most significantly, the Section 215 provisions allowing for the bulk collection of metadata) briefly expired in June 2015 before being restored in somewhat modified form under the USA Freedom Act
E-Government Act of 2002 Requires federal agencies to post machine-readable privacy policies on their Web sites and to perform privacy impact assessments on all new collections of data of 10 or more people
Fair and Accurate Credit Transactions Act of 2003
Combats the growing crime of identity theft by allowing consumers to get free credit reports from each of the three major consumer credit-reporting agencies every 12 months and to place alerts on their credit histories under certain circumstances
Foreign Intelligence Surveillance Act (FISA) Amendments Act of 2008
Renews the U.S. government’s authority to monitor electronic communications of foreigners abroad and authorizes foreign surveillance programs by the NSA, such as PRISM and some earlier data-collection activities
USA Freedom Act (2015) Imposes limitations on the bulk collection of the telecommunications metadata of U.S. citizens; prohibits large-scale indiscriminate data collection (such as all records from an entire zip code); requires the NSA to obtain permission from the Foreign Intelligence Surveillance Court (FISC) to access the metadata records, which are now held by telecommunication companies rather than by the government; restored in a modified form some other provisions of the USA Patriot Act that lapsed in June 2015, including authorization for roving wiretaps and for tracking so-called lone- wolf terrorists; and allows challenges of national security letter gag orders
CHAPTER 10 • Ethical, Legal, and Social Issues of Information Systems 449
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
NSA to create a network of associations for every caller. A provision known as Section 215 of the Patriot Act provided the legal justification needed for many proponents of data gathering. That the data was being used to help the government “connect the dots” between overseas terror- ists and co-conspirators within the United States offered additional justifi- cation for many. However, in June 2015, the NSA’s authority to collect bulk data under Section 215 expired.21 Under the USA Freedom Act, which was passed within days of the expiration of that authority, the NSA must request permission from the Foreign Intelligence Surveillance Court (FISC) before obtaining records—which are now held by the telecommu- nications companies rather than by the NSA—pertaining to a specific phone number.22,23,24 On December 31, 2015, the FISC issued its first order approving a request from the NSA for access to “the ongoing daily production of detailed call records relating to an authorized international terrorism investigation.”25,26 See Figure 10.2.
● PRISM is a tool used by the NSA and the FBI to collect private electronic data belonging to users of major Internet services such as AOL, Apple, Facebook, Google, Microsoft, Skype, Yahoo!, YouTube, and others. PRISM enables the NSA to access the servers of these organizations to col- lect material, including search history, the content of email messages, videos, photos, file transfers, and live chats. Unlike the collection of tele- phone call records, this surveillance includes the content of communica- tions and not just the metadata. With PRISM, the NSA can obtain targeted communications without having to request them from the service provi- ders and without having to obtain individual court orders. Under the pro- gram, the NSA is also allowed to share the data with other U.S. intelligence agencies for the purposes of a domestic criminal investigation—not just a national security investigation.27,28
● Another NSA program called MYSTIC has been used to intercept and record all telephone conversations in certain countries, including Afghani- stan, the Bahamas, Mexico, Kenya, and the Philippines.29,30 Because there is no practical way to exclude them, the conversations include those of Americans who make calls to or from the targeted countries. 31 In 2014, public revelations about MYSTIC resulted in the government of Afghanistan shutting down the program in that country.32
FIGURE 10.2 The NSA’s Utah Data Center This data center, code-named Bum- blehive, is billed by the NSA as the first Intelligence Community Com- prehensive National Cybersecurity Initiative (IC CNCI) data center designed to support the intelligence community’s efforts to monitor, strengthen, and protect the nation. The data center was designed to handle the vast increases in digital data that have accompanied the rise of the global network and the NSA data-collection programs. A
P Im ag es /R ic k Bo w m er
450 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
● In February 2016, the administration of Barack Obama revealed that it was on the verge of allowing the NSA to provide analysts at other U.S. intelli- gence agencies direct access to raw data from the NSA’s surveillance pro- grams, without first applying any privacy protections to the data. Prior to the rule change, which had been in the works since President George W. Bush was in office, the NSA filtered the surveillance data, evaluating and passing along only the portions of email or phone calls it deemed pertinent to other U.S. intelligence agencies—masking names and any irrelevant information about innocent American citizens before releasing the data.33
In addition to data-collection activities that are designed to capture a broad range of potentially useful data, the federal government uses other techniques to obtain data in relation to specific cases and individual targets; some of these activities have raised privacy concerns for some Americans. In a highly publicized case involving the cell phone of one of the alleged perpetrators of a mass shooting in San Bernardino, California, in December 2015, the FBI used a variety of techniques to access the data on the phone—including attempting to legally compel the phone’s manufacturer, Apple, to develop a new version of its OS that would allow the FBI to use a “brute-force” attack on the phone to break through its password.34 This case is covered in greater detail in a Case Study at the end of this chapter.
Privacy at Work The right to privacy at work is also an important issue. Employers are using technology and corporate policies to manage worker productivity and protect the use of IS resources. Employers are mostly concerned about inappropriate Web surfing, with over half of employers monitoring the Web activity of their employees. Organizations also monitor employees’ email, with more than half retaining and reviewing messages. Statistics such as these have raised employee privacy concerns. In many cases, workers claim their right to pri- vacy trumps their companies’ rights to monitor employee use of IS resources. However, most employers today have a policy that explicitly eliminates any expectation of privacy when an employee uses any company-owned com- puter, server, or email system. The Fourth Amendment protects individuals against unreasonable searches and seizures and requires that warrants be issued only upon probable cause and specifying the place to be searched and the persons or things to be seized. However, the courts have ruled that, with- out a reasonable expectation of privacy, there is no Fourth Amendment protection for the employee.
A California appeals court ruled in Holmes v Petrovich Development Com- pany that emails sent by an employee to her attorney on the employer’s com- puter were not “confidential communications between a client and lawyer.” An Ohio federal district court in Moore v University Hospital Cleveland Medi- cal Center ruled that an employee could be terminated for showing coworkers sexually explicit photos on his employer’s computer. The court stated that the employee could have no expectation of privacy when accessing a hospital computer situated in the middle of a hospital floor within easy view of both patients and staff.35
The proliferation of health and wellness programs at many U.S. compa- nies has prompted some privacy advocates to call for updated regulations regarding the use of data collected in connection with such programs. For instance, some programs require employees to provide health and medical details to a third-party provider in return for lower insurance premiums. And not all programs clearly state what data is protected, what data will be shared with third parties, and what data will be shared with the employer (and whether that information will include individually identifiable data). Privacy advocates note that workplace wellness programs offered separately from an
Fourth Amendment: This amend- ment to the U.S. constitution protects individuals against unreasonable searches and seizures and requires that warrants be issued only upon probable cause and specifying the place to be searched and the persons or things to be seized.
CHAPTER 10 • Ethical, Legal, and Social Issues of Information Systems 451
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
employer’s group health insurance plan are not covered under HIPAA and, so, are not bound by the same privacy constraints.36
The city of Houston was forced to switch providers for its online wellness program after many city employees balked at providing private information to a company whose authorization form indicated that it might pass the data to other third-party vendors and that the data might be subject to “re- disclosure,” could be posted in areas reviewable by the public, and might no longer be protected by privacy law.37
New questions regarding employee data privacy have also arisen as more employers are encouraging—or requiring—the use of wearable technology that monitors not only employees’ health but also their locations. As more companies make use of such technology, experts are encouraging them to develop and distribute policies that outline the job-related rationale for col- lecting such data as well as the limits on its use.38,39
The European Union (EU) has developed strict regulations to enforce data privacy standards across all members of the organization. Under these regula- tions, personal data can only be gathered legally under strict conditions and only for reasonable purposes. Furthermore, persons or organizations that col- lect and manage individuals’ personal information must protect it from misuse and must respect certain rights of the data owners, which are guaranteed by EU law. These regulations, which were strengthened by the passage of the General Data Protection Regulation in 2016, affect virtually any company doing business in Europe.40
The Safe Harbor Framework is an agreement that had been in place since 2000 between the United States and the European Union (EU), allowing the transfer of personal data from the EU to the United States, despite the more limited scope of U.S. data privacy protections. However, in late 2015, the European Court of Justice found that the Safe Harbor Framework did not ade- quately protect the personal data of citizens residing in EU countries—a deci- sion based, in part, on concerns over the data-collection programs of the NSA.41,42 In early 2016, EU and U.S. negotiators agreed on a revised frame- work, termed “Privacy Shield” that would allow transborder data transfer to continue based on written guarantees, which must be renewed annually, that U.S. intelligence agencies would not have unlimited access to such data.43
The next step for that agreement, which still faces opposition in Europe, is adoption by the European Commission, the executive body of the EU—an action that is not guaranteed after an EU data advisory group issued an opin- ion in April 2016 critical of the agreement.44
Privacy and Email The use of email also raises some interesting issues about privacy. Sending an email message is like having an open conversation in a large room—many people can listen to your messages, especially if they are not encrypted. In addition, federal law permits employers to monitor email sent and received by employees. Another important aspect that should be considered when using email is that even email messages that have been erased from hard disks can be retrieved; in some cases, such emails must be retrieved as part of the discovery process in a lawsuit because the laws of discovery demand that companies produce all relevant business documents. On the other hand, the use of email among public officials might violate “open meeting” laws. These laws, which apply to many local, state, and federal agencies, pre- vent public officials from meeting in private about matters that affect the state or local area.
In Freeman, Massachusetts, the Board of Selectman, which serves as the executive branch of the city government, was hit with a $1,000 penalty by the state’s attorney general’s office in connection with a string of email
452 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
messages between members of the board and the city administrator about the employment status of a city employee. Massachusetts’ Open Meeting Law lim- its the content of email to items such as scheduling information or the distri- bution of a meeting agenda or other documents that are to be discussed at a public meeting. The law prohibits the expression of any opinions by public officials via email, as that constitutes an improper deliberation outside of a public meeting. Some of the emails in question contained opinions about the board’s impending decision to place the employee on administrative leave. The Freeman board also violated the law by attempting to use a third party, city administrator, to relay messages.45,46
Privacy and Instant Messaging Using texting and instant messaging (IM) apps to send and receive messages, files, and images introduces the same privacy issues associated with email. As with email, federal law permits employers to monitor instant messages sent and received by employees. Employers’ major concern involves text and IMs sent by employees over their employer’s IM network or using employer- provided phones. To protect your privacy and your employer’s property, do not send personal or private messages at work.
Even outside of work, users of texting and instant messaging apps should be aware of the potential privacy issues associated with such technology. The following are some tips to keep in mind:
● Select a texting or instant messaging app that receives high security rat- ings, and consider using a service that encrypts texts.
● Disable text previews (which include the name of the sender and a por- tion of the incoming message) that appear in a pop-up window on the lock screen by default.
● Do not open files or click links in messages from people you do not know.
● Never send sensitive personal data such as credit card numbers, bank account numbers, or passwords via text or IM.
● Choose a nonrevealing, nongender-specific, unprovocative IM screen name (Sweet Sixteen, 2hot4u, UCLAMBA, all fail this test).
● Don’t send messages you would be embarrassed to have your family members, colleagues, or friends read.
Privacy issues have come into play in some recent cases involving sexting—the sending of sexually explicit texts and/or photos. Some older teenagers who have engaged in consensual sexting have found that those texts are not considered private if the sexting involves someone who is still a minor. Currently, only 20 states have sexting laws with provisions that pro- vide for leniency for adolescents in cases where the sexting was consensual. Statutes in many states can result in teenagers who are prosecuted in cases involving underage texting being charged with possessing child pornography, resulting in a mandatory, lifetime sex offender designation.47
Privacy and Personal Sensing Devices RFID tags, essentially microchips with antenna, are embedded in many of the products we buy, from medicine containers, clothing, and library books to computer printers, car keys, and tires. RFID tags generate radio transmissions that, if appropriate measures are not taken, can lead to potential privacy con- cerns. Once these tags are associated with the individual who purchased the item, someone can potentially track individuals by the unique identifier asso- ciated with the RFID chip.
A handful of states have reacted to the potential for abuse of RFID tags by passing legislation prohibiting the implantation of RFID chips under people’s
CHAPTER 10 • Ethical, Legal, and Social Issues of Information Systems 453
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
skin without their approval. Still, advocates for RFID chip implantation argue their potential value in tracking children or criminals and their value in carry- ing an individual’s medical records.
Mobile crowd sensing (MCS) is a means of acquiring data (i.e., location, noise level, traffic conditions, and pollution levels) through sensor-enhanced mobile devices and then sharing this data with individuals, healthcare provi- ders, utility firms, and local, state, and federal government agencies for deci- sion making. While such data can be potentially useful in a variety of fields, the technology carries with it some privacy risks if people are unaware (or forget) that their personal mobile data is being shared.
Privacy and the Internet Some people approach the Internet with the assumption that there is no pri- vacy online and that people who choose to use the Internet do so at their own risk. Others believe that companies with Web sites should have strict pri- vacy procedures and be held accountable for privacy invasion. Regardless of your view, the potential for privacy invasion on the Internet is huge. People and organizations looking to invade your privacy could be anyone from crimi- nal hackers to marketing companies to corporate bosses. Your personal and professional information can be seized on the Internet without your knowl- edge or consent. Email is a prime target, as discussed previously. When you visit a Web site on the Internet, information about you and your computer can be captured. If this information is combined with other personal informa- tion, companies can find out what you read, where you shop, what products you buy, and what your interests are.
Most people who buy products on the Web say it’s very important for a site to have a policy explaining how personal information is used, and that the policy statement must make people feel comfortable and be extremely clear about what information is collected and what will and will not be done with it. However, many Web sites still do not prominently display their pri- vacy policy or implement practices completely consistent with that policy. Ultimately, the issue of most concern to many Internet users is what do con- tent providers want to do with the personal information they gather online? If a site requests that you provide your name and address, you have every right to know why and what will be done with it. If you buy something and pro- vide a shipping address, will it be sold to other retailers? Will your email address be sold on a list of active Internet shoppers? Consumers have the right to be taken off any mailing list, whether it is for traditional mail or email.
The Children’s Online Privacy Protection Act (COPPA) was passed by Congress in October 1998. This act, directed at Web sites catering to children, requires site owners to post comprehensive privacy policies and to obtain parental consent before they collect any personal information from children under 13 years of age. Web site operators who violate the rule could be liable for civil penalties of up to $11,000 per violation. Web sites and creators of apps directed at children are also prohibited by COPPA from using “persistent identifiers,” which are pieces of data tied to a particular user or device, to serve advertising to children. In December 2015, the Federal Trade Commis- sion settled cases with two different companies who were accused of allowing third-party advertisers to collect personal information (in the form of persis- tent identifiers) from children who used their apps. The FTC issued a total of $360,000 in fines in connection with these two cases.48
Popular social media apps and sites such as Facebook, Twitter, LinkedIn, Pinterest, Google Plus, Tumblr, and Instagram—all of which have over 100 million unique monthly visitors—allow users to easily create a user profile that provides personal details, photos, and even videos that can be viewed by
Children’s Online Privacy Pro- tection Act (COPPA): An act, directed at Web sites catering to chil- dren, that requires site owners to post comprehensive privacy policies and to obtain parental consent before they collect any personal information from children under 13 years of age.
454 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
other visitors.49 Some of the sites have age restrictions or require that a parent register his or her preteen by providing a credit card to validate the parent’s identity. Others simply require users to verify that they are over the site’s age limit—a restriction that is easily overcome. Once on social media, children and teens often provide information about where they live, go to school, their favorite music, and their interests in hopes of meeting new friends. Unfortunately, they can also meet ill-intentioned strangers at these sites. There have been documented encounters involving adults masquerading as teens attempting to meet young people for illicit purposes. Experts advise par- ents to discuss the potential dangers of social media with their children, check their children’s profiles, and monitor their social media activities.
Privacy concerns related to the use of social media are not limited to min- ors. The privacy rights of adults are also often at risk because of their social media habits. Facebook, in particular, holds a startling amount of information about its more than 1 billion users.50 In addition to the information they pro- vide when setting up an account, many Facebook users are not discrete and reveal such information as their health conditions and treatments; where they will be on a certain day (helpful to potential burglars); personal details of members of their family; their sexual, racial, religious, and political affiliations and preferences; and other personal information about their friends and fam- ily. Facebook receives a notice every time you visit a Web site with a “Like” button whether or not you click the “Like” button, log on to Facebook, or are a Facebook user. Users and observers have raised concerns about how Face- book treats this sometimes very personal information. For example, if law enforcement officials filed a subpoena for your Facebook information, they could obtain all these details as well as records of your postings, photos you have uploaded, photos in which you have been tagged, and a list of all your Facebook friends. Many privacy advocates have raised concerns about the ways in which Facebook provides this information to third parties for market- ing or other purposes.
Privacy and Internet Libel Concerns Libel involves publishing an intentionally false written statement that is damag- ing to a person’s or organization’s reputation. Examples of Internet libel include an ex-husband posting lies about his former wife on a blog, a disgruntled for- mer employee posting lies about a company on a message board, and a jilted girlfriend posting false statements to her former boyfriend’s Facebook account. In Brooklyn, New York, residents of two co-op apartment buildings have become entangled in defamation lawsuits that grew out of online comments crit- icizing co-op board members and building management.51 A Hong Kong court even ruled that a local billionaire can sue Google for libel over its autocomplete search results, which suggest that he is connected to organized crime. The tycoon filed the lawsuit after Google refused to remove autocomplete sugges- tions, such as “triad” (in China, this is another name for an organized crime gang), which appear with searches on his name. The billionaire maintains that his reputation has been “gravely injured” and wants recompense.52
Individuals can post information on the Internet using anonymous email accounts or screen names. This anonymity makes it more difficult, but not impossible, to identify the libeler. The offended party can file what is known as a John Doe lawsuit and use the subpoena power it grants to force the ISP to provide whatever information it has about the anonymous poster, including IP address, name, and street address. (Under Section 230 of the Communica- tions Decency Act, ISPs are not usually held accountable for the bad behavior of their subscribers.)
Brian Burke, the current general manager (GM) and president of the National Hockey League’s (NHL) Calgary Flames, and former GM of several
CHAPTER 10 • Ethical, Legal, and Social Issues of Information Systems 455
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
other NHL teams filed a lawsuit in the Supreme Court of British Columbia against 18 individuals who allegedly made defamatory statements regarding Burke on various Internet message boards and blogs.53
Privacy and Fairness in Information Use Selling information to other companies can be so lucrative that many compa- nies store and sell the data they collect on customers, employees, and others. When is this information storage and use fair and reasonable to the people whose data is stored and sold? Do people have a right to know about data stored about them and to decide what data is stored and used? As shown in Table 10.2, these questions can be broken down into four issues that should be addressed: knowledge, control, notice, and consent.
Privacy and Filtering and Classifying Internet Content To help parents control what their children see on the Internet, some compa- nies provide filtering software to screen Internet content. Many of these screening programs also prevent children from sending personal information over email, in chat groups, or through instant messaging apps. These pro- grams stop children from broadcasting their name, address, phone number, or other personal information over the Internet. The 2016 top-rated Internet filtering software for both Windows and Mac systems is presented in Table 10.3.54,55
Organizations also implement filtering software to prevent employees from visiting Web sites not related to work, particularly those involving gam- bling and those containing pornographic or other offensive material. Before an organization implements Web site blocking, it should educate employees about the company’s Internet policies and why they exist. To increase compli- ance, it is best if the organization’s Internet users, management, and IS
TABLE 10.2 The right to know and the ability to decide federal privacy laws and regulations Fairness Issues Database Storage Database Usage
The right to know Knowledge Notice
The ability to decide Control Consent
Knowledge. Should people know what data is stored about them? In some cases, people are informed that information about them is stored in a corporate database. In others, they are unaware that their personal information is being stored.
Control. Should people be able to correct errors in corporate database systems? This ability is possible with most orga- nizations, although it can be difficult in some cases.
Notice. Should an organization that uses personal data for a purpose other than the original designated purpose be required to notify individuals in advance? Most companies don’t do this.
Consent. If information on people is to be used for other purposes, should these people be asked to give their consent before data on them is used? Many companies do not give people the ability to decide if such information will be sold or used for other purposes.
TABLE 10.3 Top-rated Internet filtering software Windows Systems Mac Systems
NetNanny ($28.99) Net Nanny ($28.99)
SpyAgent ($69.95) Safe Eyes ($49.95)
Qustodio ($44.95) Spector Pro ($99.95)
filtering software: Software used to help protect personal data and screen objectionable Internet content.
456 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
organization work together to define the policy to be implemented. The pol- icy should be clear about the repercussions to employees who attempt to cir- cumvent the blocking measures.
The U.S. Congress has made several attempts to limit children’s exposure to online pornography, including the Communications Decency Act (enacted 1996) and the Child Online Protection Act (enacted 1998). Within two years of being enacted, the U.S. Supreme Court found that both these acts violated the First Amendment (freedom of speech) and ruled them to be unconstitu- tional. The Children’s Internet Protection Act (CIPA) was signed into law in 2000 and later upheld by the Supreme Court in 2003. Under CIPA, schools and libraries subject to CIPA do not receive the discounts offered by the E-Rate program unless they certify that they have certain Internet safety mea- sures in place to block or filter “visual depictions that are obscene, child por- nography, or are harmful to minors.” (The E-Rate program provides many schools and libraries support to purchase Internet access and computers.)
Corporate Privacy Policies Even though privacy laws for private organizations are not very restrictive, most organizations are sensitive to privacy issues and fairness. They realize that invasions of privacy can damage their reputation, turn away customers, and dramatically reduce revenues and profits. Consider a major international credit card company. If the company sold confidential financial information on millions of customers to other companies, the results could be disastrous. In a matter of days, the firm’s business and revenues could be reduced dra- matically. Therefore, most organizations maintain privacy policies, even though they are not required by law to do so. Some companies even have a privacy bill of rights that specifies how the privacy of employees, clients, and customers will be protected. Corporate privacy policies should address a cus- tomer’s knowledge, control, notice, and consent over the storage and use of information. They can also cover who has access to private data and when it can be used.
The United States does not have a specific federal regulation requiring implementation of privacy policies except in specific circumstances, such as:
● Health Insurance Portability and Accountability Act (HIPAA) privacy rules require notice in writing of the privacy practices of health care services.
● Children’s Online Privacy Protection Act (COPPA) requires Web sites that collect information about children under the age of 13 to post a privacy policy and adhere to certain information-sharing restrictions.
● Gramm–Leach–Bliley Act requires financial institutions to provide “clear, conspicuous, and accurate statements” of their information-sharing practices.
The Federal Trade Commission (FTC) enforces federal consumer protec- tion laws (e.g., Federal Trade Commission Act, Telemarketing Sale Rule, Iden- tity Theft Act, and Fair Credit Reporting Act) that prevent fraud, deception, and unfair business practices. This gives it the power to enforce the terms of privacy policies as promises made to consumers. So in cases where an organi- zation does not follow the terms of its privacy policy, consumers may file law- suits which can result in settlements or judgments. However, such lawsuits are often not an option, due to arbitration clauses in the privacy policies or other terms of service agreements.
The BBB Code of Business Practices (BBB Accreditation Standards) requires that BBB-accredited businesses have some sort of privacy notice on their Web site. See Figure 10.3. BBB recommends that an organization’s pri- vacy notice include the following elements:56
CHAPTER 10 • Ethical, Legal, and Social Issues of Information Systems 457
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
● Policy. What personal information is being collected on the site ● Choice. What options the customer has about how/whether his or her
data is collected and used ● Access. How a customer can see what data has been collected and
change/correct it if necessary ● Security. State how any data that is collected is stored/protected ● Redress. What a customer can do if the privacy policy is not met ● Updates. How policy changes will be communicated
Multinational companies face an extremely difficult challenge in imple- menting data collection and dissemination processes and policies because of the multitude of differing country or regional statutes. For example, Australia
This privacy notice discloses the privacy practices for (Web site address). This privacy notice applies solely to information collected by this web site. It will notify you of the following: 1. What personally identifiable information is collected from you through the web site, how it is used and with whom it may be shared. 2. What choices are available to you regarding the use of your data. 3. The security procedures in place to protect the misuse of your information. 4. How you can correct any inaccuracies in the information.
Information Collection, Use, and Sharing We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone. We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to ship an order. Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy. Your Access to and Control Over Information You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our Web site: • See what data we have about you, if any. • Change/correct any data we have about you. • Have us delete any data we have about you. • Express any concern you have about our use of your data. Security We take precautions to protect your information. When you submit sensitive information via the Web site, your information is protected both online and offline. Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for "https" at the beginning of the address of the web page. While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment. If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at XXX YYY-ZZZZ or via email.
Privacy Notice
FIGURE 10.3 Sample privacy notice The BBB provides this sample privacy notice as a guide to businesses to post on their Web sites. Source: The Better Business Bureau
458 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
requires companies to destroy customer data (including backup files) or make it anonymous after it’s no longer needed. As discussed earlier in the chapter, firms that transfer customer and personnel data out of Europe must comply with European privacy laws that allow customers and employees to access data about themselves and determine how that information can be used.
Links to some sample corporate privacy policies are provided in Table 10.4.
A good database design practice is to assign a single unique identifier to each customer so each has a single record describing all relationships with the company across all its business units. That way, the organization can apply customer privacy preferences consistently throughout all databases. Failure to do so can expose the organization to legal risks—in addition to upsetting customers who opted out of some collection practices. The 1999 Gramm–Leach–Bliley Financial Services Modernization Act requires all finan- cial service institutions to communicate their data privacy rules and honor customer preferences.
Individual Efforts to Protect Privacy Although numerous state and federal laws deal with privacy, the laws do not completely protect individual privacy. In addition, not all companies have pri- vacy policies. As a result, many people are taking steps to increase their own privacy protection. Some of the steps that you can take to protect your per- sonal privacy include the following:
● Find out what is stored about you in existing databases. Call the major credit bureaus to get a copy of your credit report. You are entitled to a free credit report every 12 months from each of the three major consumer reporting agencies (Equifax, Experian, and TransUnion). You can also obtain a free report if you have been denied credit in the last 60 days. Note that the only Web site authorized by federal law to provide the free credit reports is AnnualCreditReport.com. Other Web sites claim to offer free credit reports but actually charge consumers, sometimes on an ongo- ing basis, for access to their credit report.57 The major companies are Equifax (www.equifax.com), TransUnion (www.transunion.com), and Experian (www.experian.com). You can also submit a Freedom of Infor- mation Act request to a federal agency that you suspect might have infor- mation stored on you.
● Be careful when you share information about yourself. Don’t share information unless it is absolutely necessary. Every time you give infor- mation about yourself through an 800, 888, or 900 call, your privacy is at risk. Be vigilant in insisting that your doctor, bank, or financial institution not share information about you with others without your written consent.
TABLE 10.4 Links to sample corporate privacy policies Company URL
Intel www.intel.com/content/www/us/en/privacy/intel-privacy-notice.html
Starwood Hotels & Resorts www.starwoodhotels.com/corporate/privacy_policy.html
TransUnion www.transunion.com/corporate/privacyPolicy.page
United Parcel Service www.ups.com/content/corp/privacy_policy.html
Visa http://usa.visa.com/legal/privacy-policy/index.jsp
Walt Disney Company https://disneyprivacycenter.com/
CHAPTER 10 • Ethical, Legal, and Social Issues of Information Systems 459
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
● Be proactive in protecting your privacy. You can get an unlisted phone number and ask the phone company to block caller ID systems from reading your phone number. If you change your address, don’t fill out a change-of-address form with the U.S. Postal Service; you can notify the people and companies that you want to have your new address. Destroy copies of your charge card bills and shred monthly statements before dis- posing of them in the garbage. Be careful about sending personal email messages over a corporate email system. You can also cut down on the junk mail and telemarketing calls you receive by visiting the Direct Mar- keting Association Web site (www.thedma.org). Go to the site and look under Consumer Help-Remove Name from Lists.
● Take extra care when purchasing anything from a Web site. Make sure that you safeguard your credit card numbers, passwords, and personal information. Do not do business with a site unless you know that it handles credit card information securely. (Look for a seal of approval from organiza- tions such as the Better Business Bureau Online or TRUSTe. When you open the Web page where you enter credit card information or other per- sonal data, make sure that the Web address begins with https and check to see if a locked padlock icon appears in the Address bar or status bar.) Do not provide personal information without reviewing the site’s data privacy policy. Many credit card companies will issue single-use credit card numbers on request. Charges appear on your usual bill, but the number is destroyed after a single use, eliminating the risk of stolen credit card numbers.
Seeking Greater Customer Acceptance Your organization has been in business over 10 years selling consumer home pro- ducts over the Internet. A year ago, the firm gained much negative publicity when it was uncovered that the personal data it gathered was being sold, unknown to its customers, to third parties. The result was over a 15 percent drop in sales. At this time, the firm has no privacy policy and is debating whether to create such a policy, and if so, what terms it should include.
Review Questions 1. What is the purpose and intent of a privacy policy? 2. What are the key elements that need to be included in an effective privacy
policy?
Critical Thinking Questions 1. What obligations and potential issues are raised by creating a privacy policy? 2. What measures should be taken to avoid potential litigation over any new pri-
vacy policy?
Work Environment
The use of computer-based information systems has changed the makeup of the workforce. Jobs that require IS literacy have increased, and many less- skilled positions have been eliminated. Corporate programs, such as those focused on reengineering and continuous improvement, bring with them the concern that, as business processes are restructured and information systems are integrated within them, the people involved in these processes will be removed. Even the simplest tasks have been aided by computers, making cus- tomer checkout faster, streamlining order processing, and allowing people with disabilities to participate more actively in the workforce. As computers
460 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
and other IS components drop in cost and become easier to use, more work- ers will benefit from the increased productivity and efficiency provided by computers. Yet, despite these increases in productivity and efficiency, the use of information systems can raise other concerns.
Health Concerns Organizations can increase employee productivity by paying attention to the health concerns in today’s work environment. For some people, working with computers can cause occupational stress. Anxieties about job insecurity, loss of control, incompetence, and demotion are just a few of the fears workers might experience. In some cases, the stress can become so severe that work- ers avoid taking training to learn how to use new computer systems and equipment. Monitoring employee stress can alert companies to potential pro- blems. Training and counseling can often help the employee and deter pro- blems. Although they can cause negative health consequences, information systems can also be used to provide a wealth of information on health topics through the Internet and other sources.
Heavy computer use can affect one’s physical health as well. A job that requires sitting at a desk and using a computer for many hours a day qualifies as a sedentary job. Such work can double the risk of seated immobility throm- boembolism (SIT), the formation of blood clots in the legs or lungs. People leading a sedentary lifestyle are also likely to experience an undesirable weight gain, which can lead to increased fatigue and greater risk of type 2 diabetes, heart problems, and other serious ailments.
Repetitive strain injury (RSI) is an injury or disorder of the muscles, nerves, tendons, ligaments, or joints caused by repetitive motion. RSI is a very common job-related injury. Tendonitis is inflammation of a tendon due to repetitive motion on that tendon. Carpal tunnel syndrome (CTS) is an inflammation of the nerve that connects the forearm to the palm of the wrist. CTS involves wrist pain, a feeling of tingling and numbness, and difficulty grasping and holding objects.
Avoiding Health and Environmental Problems Two primary causes of computer-related health problems are a poorly designed work environment and failure to take regular breaks to stretch the muscles and rest the eyes. Computer screens can be hard to read because of glare and poor contrast. Desks and chairs can also be uncomfortable. Key- boards and computer screens might be fixed in an awkward position or diffi- cult to move. The hazardous activities associated with these unfavorable conditions are collectively referred to as work stressors. Although these pro- blems might not be of major concern to casual users of computer systems, continued stressors such as repetitive motion, awkward posture, and eye strain can cause more serious and long-term injuries. If nothing else, these problems can severely limit productivity and performance.
The science of designing machines, products, and systems to maximize the safety, comfort, and efficiency of the people who use them, called ergo- nomics, has suggested some approaches to reducing these health problems. Ergonomic experts carefully study the slope of the keyboard, the positioning and design of display screens, and the placement and design of computer tables and chairs. Flexibility is a major component of ergonomics and an important consideration in the design of computer devices. People come in many sizes, have differing preferences, and require different positioning of equipment for best results. Some people, for example, want to place the key- board in their laps; others prefer it on a solid table. Because of these individ- ual differences, computer designers are attempting to develop systems that provide a great deal of flexibility. See Figure 10.4.
ergonomics: The science of design- ing machines, products, and systems to maximize the safety, comfort, and effi- ciency of the people who use them.
CHAPTER 10 • Ethical, Legal, and Social Issues of Information Systems 461
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
It is never too soon to stop unhealthy computer work habits. Prolonged computer use under poor working conditions can lead to carpal tunnel syn- drome, bursitis, headaches, and permanent eye damage. Strain and poor office conditions should not be left unchecked. Unfortunately, at times, we are all distracted by pressing issues such as the organization’s need to raise productivity, improve quality, meet deadlines, and cut costs. We become com- placent and fail to pay attention to the importance of healthy working condi- tions. Table 10.5 lists some common remedies for heavy computer users.
The following is a useful checklist to help you determine if you are prop- erly seated at a correctly positioned keyboard:58
● Your elbows are near your body in an open angle to allow circulation to the lower arms and hands.
FIGURE 10.4 Ergonomics Developing certain ergonomically correct habits can reduce the risk of adverse health effects when using a computer.
TABLE 10.5 Avoiding common discomforts associated with heavy use of computers Common Discomforts Associated with Heavy Use of Computers Preventative Action
Red, dry, itchy eyes Change your focus away from the screen every 20 or 30 minutes by looking into the distance and focusing on an object for 20 to 30 seconds.
Make a conscious effort to blink more often.
Consider the use of artificial tears.
Use an LCD screen, which provides a better viewing experience for your eyes by eliminating most screen flicker while still being bright without harsh incandescence.
Neck and shoulder pain Use proper posture when working at the computer.
Stand up, stretch, and walk around for a few minutes every hour.
Shrug and rotate your shoulders occasionally.
Pain, numbness, or tingling sensation in hands
Use proper posture when working at the computer.
Do not rest your elbows on hard surfaces.
Place a wrist rest between your computer keyboard and the edge of your desk.
Take an occasional break and spread fingers apart while keeping your wrists straight.Taken an occasional break with your arms resting at your sides and gently shake your hands.
Source: Pekker, Michael, “Long Hours at Computer: Health Risks and Prevention Tips,” http://webfreebies4u.blogspot.com/2011/01/long-hours-at-computer -health-risks-and.html, January 4, 2011.
462 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
● Your arms are nearly perpendicular to the floor. ● Your wrists are nearly straight. ● The height of the surface holding your keyboard and mouse is 1 or 2
inches above your thighs. ● The keyboard is centered in front of your body. ● The monitor is about one arm’s length (20 to 26 inches) away. ● The top of your monitor is at eye level. ● Your chair has a backrest that supports the curve of your lower (lumbar)
back.
Demanding Role of the Care Manager You are a member of a healthcare company that offers a variety of services designed to provide an integrated approach to lifelong well-being. One of the most effective programs is the case management program where members are assigned a care manager who supports them by phone. The care manager is an experienced RN whose goal is to anticipate the member’s needs and problems, encourage pre- ventive care, and prevent costly interventions. Services frequently include:
● Facilitating conference calls between the member, the physician, and the care manager as needed to clarify treatment plans, medication regimens, or other urgent issues
● Monitoring medication adherence ● Assessing the member’s daily living activities and cognitive, behavioral, and
social abilities ● Assessing the member’s risk for falls and providing fall-prevention education ● Connecting members and their families with professionals who can help them
address medical, legal, housing, insurance and financial issues facing older adults
● Arranging access to transportation ● Assisting members in obtaining home health and durable medical equipment ● Referring members to meal-delivery programs and advance directive prepara-
tion services
The role of care manager is a demanding one and, in your company, requires that the worker be on the phone and in front of a computer 100 percent of their work day talking with members, other health professionals, and logging key pieces of information into the computer. The care manager does have the benefits of being able to work at home with flexible work hours—as long as the care man- ager interacts with 15 members a day between 8 am and 8 pm. Care givers must provide their own computer and office equipment but all Internet connection and phone bills are paid by the company. The turnover rate for care managers is extremely high with few lasting more than nine months. Many of the care man- agers cite stress and health issues as reasons for quitting.
Review Questions 1. What sort of health issues would you expect are common among care
managers? 2. What immediate measures might be taken to relieve the stress and health
issues from which the care managers suffer?
Critical Thinking Questions 1. Management is considering fundamental changes to the role of the care man-
agers, their goals, compensation, and their work environment? Should the care managers be involved in such discussions? What suggestions would you make?
2. Can you identify other jobs that have similar working conditions and issues?
CHAPTER 10 • Ethical, Legal, and Social Issues of Information Systems 463
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Ethical Issues in Information Systems
Ethical issues deal with what is generally considered right or wrong. People are continually faced with ethical issues in a wide range of settings, and the use of information systems brings with it some new and challenging ethical considerations for end users and for society as a whole. Ethical information system users define acceptable practices more strictly than just refraining from committing crimes; they also consider the effects of their IS activities, including Internet usage, on other people and organizations.
IS professionals are often faced with their own unique set of ethical chal- lenges in their work developing, implementing, and maintaining information systems. As a result, some IS professional organizations have developed codes of ethics to guide people working in IS professions. The next few sec- tions provide an overview of ethics and ethical decision making before mov- ing on to a discussion of code of ethics, including a review of a sample code of ethics.
What Is Ethics? As previously defined, ethics is a set of beliefs about right and wrong behav- ior. Ethical behavior conforms to generally accepted social norms—many of which are almost universally accepted. Doing what is ethical can be difficult in certain situations. For example, although nearly everyone would agree that lying and cheating are unethical, some people might consider it acceptable to tell a lie to protect someone’s feelings or to keep a friend from getting into trouble.
Morals are one’s personal beliefs about right and wrong, whereas the term “ethics” describes standards or codes of behavior expected of an individ- ual by a group (nation, organization, and profession) to which an individual belongs. For example, the ethics of the law profession demand that defense attorneys defend an accused client to the best of their ability, even if they know that the client is guilty of the most heinous and morally objectionable crime one could imagine.
Law is a system of rules that tells us what we can and cannot do. Laws are enforced by a set of institutions (the police, courts, law-making bodies). Legal acts are acts that conform to the law. Moral acts conform to what an individual believes to be the right thing to do. Laws can proclaim an act as legal, although some people may consider the act immoral—for example, abortion.
Including Ethical Considerations in Decision Making We are all faced with difficult decisions in our work and in our personal life, and most of us have developed a decision-making process that we execute almost automatically, without thinking about the steps we go through. For many of us, the process generally follows these steps: (1) gather information, (2) develop a problem statement, (3) consult those involved as well as other appropriate resources, (4) identify options, (5) weigh options, (6) choose an option, (7) implement a solution, and (8) review results (see Figure 10.5).
Often the decision on what course of action to take in a given situation is further complicated because it involves significant value conflicts among the various stakeholders as to what is the fairest option to pursue. Such a deci- sion represents an ethical dilemma, and all parties involved can benefit when ethical considerations are introduced into the decision-making process by answering the questions outlined in Table 10.6. There are many factors to be considered, and reaching a good, ethical decision can be difficult, as illus- trated in Figure 10.6.
morals: One’s personal beliefs about right and wrong.
law: A system of rules that tells us what we can and cannot do.
464 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
FIGURE 10.5 Steps involved in the decision-making process Most of us have developed a decision-making process that we execute almost automatically, with- out thinking about the steps we go through.
Gather information Develop
problem statement
Consult those involved
and appropriate resources
Identify options
Weigh options
Choose option
Implement solution
Review results
Decision-making process
TABLE 10.6 Key questions to ask at each step in the decision-making process Questions to Consider
Step 1: Gather information
● Have you spoken to everyone directly involved and gathered all the facts necessary to define the problem? ● Have you avoided assuming facts, motivations, or actions for which there is no evidence?
Step 2: Develop a problem statement
● Do you know the answers to the following questions: ● What do people observe that causes them to think there is a problem? ● Who is directly affected by the problem? ● Is anyone else affected? ● How often does the problem occur? ● What is the impact of the problem? ● How serious is the problem? ● What are the ethical issues involved? ● When is a solution needed?
● Have you shared the problem statement with the stakeholders, and do they concur?
Step 3: Consult those involved as well as other appropriate resources
● Have you discussed this issue with your manager? ● Have you sought input from human resources, legal, or other appropriate subject matter experts?
Step 4: Identify options
● Have you identified the success criteria for a “good solution”? ● Have the stakeholders had an opportunity to offer solutions?
Step 5: Weigh options
● How does each alternative fit with your organization’s code of ethics, policies, regulations, and organizational norms? ● Is each alternative legal and consistent with industry standards? ● Does each alternative have possible unintended consequences? If so, how will you deal with those?
CHAPTER 10 • Ethical, Legal, and Social Issues of Information Systems 465
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Codes of Ethics Laws do not provide a complete guide to ethical behavior. Just because an activity is defined as legal does not mean that it is ethical (see Figure 10.7). As a result, practitioners in many professions subscribe to a code of ethics that states the principles and core values that are essential to their work and, therefore, govern their behavior. The code can become a reference point for weighing what is legal and what is ethical. For example, doctors adhere to varying versions of the 2,000-year-old Hippocratic Oath, which medical schools offer as an affirmation to their graduating classes.
Some IS professionals believe that their field offers many opportunities for unethical behavior. They also believe that unethical behavior can be reduced by top-level managers developing, discussing, and enforcing codes of ethics. Various IS-related organizations and associations promote ethically responsible use of information systems and have developed useful codes of ethics. Founded in 1947, the Association for Computing Machinery (ACM) is
TABLE 10.6 Key questions to ask at each step in the decision-making process (continued) Questions to Consider
Step 6: Choose an option
● Have you considered how choice of this option might appear to others? ● Would you be comfortable explaining your decision and describing your decision-making process to others? ● Is your decision grounded in a basic sense of fairness to all affected parties?
Step 7: Implement a solution
● Have you provided to all stakeholders answers to the following questions: ● Why are we doing this? ● What is wrong with the current way we do things? ● What are the benefits of the new way for you?
● Do you have a clear transition plan that explains to people how they will move from the old way of doing things to the new way?
Step 8: Review results
● Were the success criteria fully met? ● Were there any unintended consequences? ● Is there a need for further refinements?
FIGURE 10.6 There are many factors to weigh in decision making
Personal beliefs, values, and morals?
Industry and corporate standards?
Organizational code of ethics?
Organizational norms and reward system?
Laws and regulations?
Personal goals?
Code of professional conduct?
D ea m le s fo r Sa le /S hu tt er st oc .c om
code of ethics: A code that states the principles and core values that are essential to a set of people and that, therefore, govern these people’s behavior.
466 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Critical Thinking Exercise
the oldest computing society and boasts more than 100,000 members in more than 100 countries.59 The ACM has a code of ethics and professional conduct that includes eight general moral imperatives that can be used to help guide the actions of IS professionals. These guidelines can also be used for those who employ or hire IS professionals to monitor and guide their work. These imperatives are outlined in the following list:60 As an ACM member I will
1. contribute to society and human well-being. 2. avoid harm to others. 3. be honest and trustworthy. 4. be fair and take action not to discriminate. 5. honor property rights including copyrights and patents. 6. give proper credit for intellectual property. 7. respect the privacy of others. 8. honor confidentiality.
The mishandling of the social issues discussed in this chapter—including waste and mistakes, crime, privacy, health, and ethics—can devastate an orga- nization. The prevention of these problems and recovery from them are important aspects of managing information and information systems as critical corporate assets. More organizations are recognizing that people are the most important component of a computer-based information system and that long- term competitive advantage can be found in a well-trained, motivated, and knowledgeable workforce that adheres to a set of principles and core values that help guide that workforce’s actions.
Code of Ethics You have been asked to lead an effort to develop a code of ethics for a student professional organization in your career field.
Review Questions 1. What is a code of ethics and what is its intent? 2. What are some of the key elements in almost every code of ethics?
Critical Thinking Questions 1. Are there some unique issues that need to be addressed for people entering
your career? 2. What sort of process and who would you involve in establishing a code of
ethics for this professional organization?
FIGURE 10.7 Legal versus ethical Just because an activity is defined as legal does not mean that it is ethical.
Ethical
Unethical
Illegal Legal
Ethical and
illegal
Unethical and
illegal
Ethical and
legal
Unethical and
legal
CHAPTER 10 • Ethical, Legal, and Social Issues of Information Systems 467
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Summary
Principle: Policies and procedures must be established to avoid waste and mistakes associated with computer usage.
Computer-related waste and mistakes are major causes of computer pro- blems, contributing to unnecessarily high costs and lost profits. Computer waste is the inappropriate use of computer technology and resources in both the public and private sectors. Computer mistakes relate to errors, failures, and other problems that result in output that is incorrect and without value. Waste often results from poor integration of IS components, leading to duplication of efforts and overcapacity. Inefficient procedures also waste IS resources, as do thoughtless disposal of useful resources and misuse of computer time and resources for personal use. Inappropriate processing instructions, inaccurate data entry, mishandling of IS output, and poor systems design all cause com- puter mistakes.
Preventing waste and mistakes involves establishing, implementing, moni- toring, and reviewing effective policies and procedures. Companies should develop manuals and training programs to avoid waste and mistakes. Training programs for individuals and work groups as well as manuals and documents covering the use and maintenance of computer systems can also help prevent computer waste and mistakes. Training and communication are also the keys to the successful acceptance and implementation of policies and procedures implementation. To ensure that users throughout an organization are following established procedures, routine practices must be monitored and corrective action taken when necessary. The final step in preventing computer-related waste and mistakes is to review existing policies and procedures to determine whether they are adequate.
Principle: The use of technology requires balancing the needs of those who use the information that is collected against the rights of those whose informa- tion is being used.
Privacy is an important social issue related to the use of information sys- tems. Balancing the right to privacy versus the need for additional monitoring to protect against terrorism and cyberattacks is an especially challenging problem.
Privacy issues are a concern with email, instant messaging, and personal sensing devices.
The federal government has implemented many laws addressing personal privacy; however, data-collection programs have raised concerns and debate between those who favor data collection as a means to increased security and those who view such programs as a violation of their rights.
Employers use technology and corporate policies to manage worker pro- ductivity and protect the use of IS resources. This activity includes monitoring of employees’ Web surfing, email, and instant messaging. Most employers today have a policy that explicitly eliminates any expectation of privacy when an employee uses any company-owned computer, server, or email system.
The proliferation of health and wellness programs at many U.S. companies has prompted some privacy advocates to call for updated regulations regarding the use of data collected in connection with such programs. New questions regarding employee data privacy have also arisen as more employers are encouraging—or requiring—the use of wearable technology that monitors not only employees’ health but also their locations.
468 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Some people approach the Internet with the assumption that there is no privacy online and that people who choose to use the Internet do so at their own risk. Others believe that companies with Web sites should have strict privacy procedures and be held accountable for privacy invasion. Regardless of your view, the potential for privacy invasion on the Internet is huge.
Selling information to other companies can be so lucrative that many com- panies store and sell the data they collect on customers, employees, and others. Fairness in information use for privacy rights emphasizes knowledge, control, notice, and consent for people profiled in databases. People should know about the data that is stored about them and be able to correct errors in corpo- rate database systems. If information on people is to be used for other pur- poses, individuals should be asked to give their consent beforehand. Each person has the right to know and to decide how their data can be used.
To help parents control what their children see on the Internet, some com- panies provide filtering software to help screen Internet content.
A business should develop a clear and thorough policy about privacy rights for customers, including database access. That policy should also address the rights of employees, including electronic monitoring systems and email.
Principle: Jobs, equipment, and working conditions must be designed to avoid neg- ative health effects from computers.
Jobs that involve heavy use of computers contribute to a sedentary lifestyle, which increases the risk of health problems.
The study of designing and positioning computer equipment, called “ergonomics,” has suggested some approaches to reducing these health pro- blems. Ergonomic design principles help to reduce harmful effects and increase the efficiency of an information system. RSI (repetitive strain injury) prevention measures include keeping good posture, not ignoring pain or problems, performing stretching and strengthening exercises, and seeking proper treatment.
Principle: Practitioners in many professions subscribe to a code of ethics that states the principles and core values that are essential to their work.
Ethical issues deal with what is generally considered right or wrong. Ethics is a set of beliefs about right and wrong behavior.
Ethical computer users define acceptable practices more strictly than just refraining from committing crimes; they also consider the effects of their IS activities, including Internet usage, on other people and organizations.
Often the decision on what course of action to take in a given situation is further complicated because it involves significant value conflicts among the various stakeholders as to what is the fairest option to pursue. Such a decision represents an ethical dilemma, and all parties involved can benefit when ethical considerations are introduced into the decision-making process.
Laws do not provide a complete guide to ethical behavior. Just because an activity is defined as legal does not mean that it is ethical. As a result, practi- tioners in many professions subscribe to a code of ethics that states the princi- ples and core values that are essential to the members of a profession or organization. The Association for Computing Machinery developed guidelines and a code of ethics. Many IS professionals join computer-related associations and agree to abide by detailed ethical codes.
CHAPTER 10 • Ethical, Legal, and Social Issues of Information Systems 469
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Key Terms
Children’s Online Privacy Protection Act (COPPA)
code of ethics
ergonomics
filtering software
Fourth Amendment
law
morals
Chapter 10: Self-Assessment Test
Policies and procedures must be established to avoid waste and mistakes associated with computer usage.
1. Wasting time online costs U.S. businesses more than annually. a. $385 billion b. $285 billion c. $185 million d. $85 billion
2. Which of the following is not a common computer-related mistake? a. Programming errors b. Shopping online while at work c. Data-entry or data-capture errors d. Errors in handling files
3. The Government Accounting Office uncovered a total of $321 million spent in the six-year period 2008 to 2013 on projects that duplicated other efforts within the Defense Department, Department of Homeland Security, and the Department of Health and Human Services. True or False?
4. Preventing waste and mistakes involves estab- lishing, implementing, monitoring, and policies and procedures.
5. Few companies have found it necessary to limit employee access to non-work-related Web sites. True or False?
The use of technology requires balancing the needs of those who use the information that is collected against the rights of those whose information is being used.
6. The United States has implemented few laws addressing personal privacy. True or False?
7. The imposes limitations on the bulk collection of the telecommunications meta- data of U.S. citizens; prohibits large-scale indis- criminate data collection (such as all records from an entire zip code); and requires the NSA to obtain permission from the Foreign Intelli- gence Surveillance Court (FISC) to access the metadata records, which are now held by tele- communication companies rather than by the government.
8. is a tool used by the NSA and FBI to access the servers of major Internet services such as Facebook, Google, YouTube, and others to collect the content of emails, video, photos, file transfers, and live chats.
9. In 2015, the European Court of Justice found that the Safe Harbor Framework (an agreement that had been in place since 2000 between the United States and the European Union (EU), allowing the transfer of personal data from the EU to the United States) did not adequately protect the personal data of citizens residing in EU countries. True or False?
10. The Children’s Online Privacy Protection Act (COPPA) was passed by Congress in October 1998. This act, directed at Web sites catering to children, requires site owners to post compre- hensive privacy policies and to obtain parental consent before they collect any personal infor- mation from children under years of age. a. 10 b. 13 c. 18 d. 21
Jobs, equipment, and working conditions must be designed to avoid negative health effects from computers.
11. Heavy computer use can negatively affect one’s physical health. True or False?
12. Two primary causes of computer-related health problems are a poorly designed and failure to take regular breaks to stretch the muscles and rest the eyes.
13. The study of designing and positioning computer equipment is called .
Practitioners in many professions subscribe to a code of ethics that states the principles and core values that are essential to their work.
14. Morals are one’s personal beliefs about right and wrong, whereas the term describes standards or codes of behavior expected of an individual by a group (nation, organization, and profession) to which an individual belongs.
470 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
15. Just because an activity is defined as legal does not mean that it is ethical. True or False?
16. Founded in 1977, the Association for Computing Machinery (ACM) is the oldest computing society
and boasts more than 200,000 members in more than 120 countries. True or False?
Chapter 10: Self-Assessment Test Answers
1. d 2. b 3. True 4. reviewing 5. False 6. False 7. USA Freedom Act (2015) 8. PRISM
9. True 10. b 11. True 12. work environment 13. ergonomics 14. ethics 15. True 16. False
Review Questions
1. What issues and problems are raised by the use of unintegrated information systems?
2. What is ergonomics? How can it be applied to office workers?
3. Provide a few examples of actions organizations are taking to help eliminate workers’ nonpro- ductive computer-related activity.
4. What is the First Amendment? What is the Fourth Amendment? What rights do they guarantee?
5. What is meant by “reasonable expectation of pri- vacy”? How does this impact the application of the Fourth Amendment?
6. What is the purpose of the Safe Harbor Frame- work and Privacy Shield?
7. What is sexting? What issues can arise from sexting?
8. What is mobile crowd sensing? How might it be used?
9. Provide a brief summary of the various attempts by Congress to limit children’s exposure to online pornography,
10. In collecting telephone call data, what is meta- data? How might it be used?
11. What changes did the USA Freedom Act make in the collection and viewing of telephone call data?
12. What is a code of ethics? Give an example.
Discussion Questions
1. Identify recent examples of information system snafus causing disruptions. Do research to iden- tify the root cause of the problem.
2. Identify and briefly discuss the most common examples you observe of coworkers wasting time in nonproductive use of information system resources. Do you believe your organization should take action to limit or end to these practices? What actions could be taken?
3. Do you feel that the measures in place to protect your personal data you provide to health care organizations are sufficient? Why or why not? What would you like to see changed?
4. How do you feel about the data you provide your bank being shared with other financial institutions who can use that data to tailor special offers and promotions for you to refinance your home, obtain an auto loan, buy additional insurance, and so
forth? Should such sharing of data be prohibited or does it sometimes provide a useful service?
5. What are your feelings about the PRISM tool used the FBI and NSA to collect private electronic data belonging to users of major Internet services without having to request this data from the service providers and without having to obtain individual court orders?
6. Imagine that you are starting a dating Web site to help match compatible couples. What sort of personal data might you need to gather? What measures would need to be taken to protect this sensitive data? What key statements would potential users likely want to see in the privacy statement of this Web site?
7. Your 13-year-old nephew shows you a half-dozen or so innocent photos of himself and a brief biography, including address and cell phone number that he plans to post on a social network
CHAPTER 10 • Ethical, Legal, and Social Issues of Information Systems 471
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
for teens. What advice might you offer him about posting personal information and photos?
8. Identify and briefly discuss a difficult decision you had to make that had some ethical consid- erations. How do you feel about your decision- making process in reaching a decision in this case? With 20–20 hindsight, is there anything you would have done differently?
9. Do you think that there is a difference between acting ethically and acting legally? Explain.
10. Should employers be able to monitor the email, text, and phone calls of employees? Is there any degree of “monitoring” that you find acceptable/ unacceptable?
Problem-Solving Exercises
1. Do research to identify the latest findings on the negative effects of sitting for long hours working at a computer. Find recommendations on how to arrange your desk and computer to avoid health problems. Prepare a brief pre- sentation that summarizes your findings and identifies what can be done to offset these negative effects.
2. Organizational network analysis is a method for studying communication among individuals. Read the article: Making the Invisible Visible: SNA of the NSA by Joseph A.E. Shaheen at https:// www.josephshaheen.com/nsa-sna-xkeyscore/370. The NSA uses the techniques described there to analyze communications among individuals. Use graphics software to create an organizational network analysis that depicts your email and text communications for a week. If someone were to
study this network analysis, what conclusions might they draw about you?
3. Create an algorithm that rates how well indivi- duals protect their privacy based on the data they reveal in their user profile and postings to social networks. The algorithm should generate a score of 0 for anyone who is completely oblivious of the need to protect their privacy and identity and 100 for someone who does an excellent job at this. Factors to consider include how discrete they are in revealing personal information such as sexual orientation, health conditions, addic- tions, income data, and personal details about friends. Now test your algorithm using data from two of your contacts. Based on the results, adjust the algorithm as you see fit. Now test the revised algorithm with two other contacts. Summarize your findings from this exercise.
Team Activities
1. Your team has been asked to develop your school’s first student code of ethics. How might you approach this task? Who might you try to involve? What might be some key tenants of such a code of ethics?
2. Imagine that your team has been hired to conduct a review of the information system policies and procedures employed in the student registration department at your school or university. Develop a list of at least 10 specific questions that your
team would use to assess the effectiveness of these policies and procedures in reducing mis- takes, waste, and costs.
3. Have each member of your team access six dif- ferent Web sites and summarize their findings in terms of the existence of data privacy policy statements. Did each site have such a policy? Was it easy to find? Did it seem complete and easy to understand? Does it adequately cover any con- cerns you might have as a visitor to that site?
Web Exercises
1. Do research on Edward Snowden the U.S. computer professional, former Central Intelli- gence Agency employee, and former contrac- tor for the United States government who copied and leaked classified information from the National Security Agency in 2013 without prior authorization. Do you consider him to be a traitor, patriot, or something else? Why?
2. Do research to determine the current status of the Privacy Shield as a framework for governing transborder data flow. Write a brief report sum- marizing your findings.
3. Request a current copy of your free credit report through the AnnualCreditReport.com Web site. Review the report carefully for any inaccuracies. Follow the necessary steps to remove these inaccuracies.
472 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Career Exercises
1. You have been offered an entry-level manage- ment position with a military aircraft manufac- turer. Due to national security concerns, the organization has very strong policies against the personal use of computers and smartphones while you are at ework. They have also made it clear that all forms of employee communications are closely monitored to avoid the intentional or unintentional leak of classified material. How might these policies affect your decision to accept a position with this firm?
2. You have been approached by the NSA to work in an information systems group that will use high-powered computers and advanced analytic techniques to study phone call metadata and
other data that has been obtained through For- eign Intelligence Surveillance Court (FISC) orders in an attempt to identify terrorists and stop impending terrorist acts. Obviously, you will not be able to talk to anyone about your work; how- ever, your total compensation will be more than 10 percent greater than any position for which you have applied. Would you accept this posi- tion? Why or why not?
3. Do research to find any professional organization or code of ethics associated with your current or desired future career. What might be the benefits of joining such a professional organization? How might a code of ethics help guide you in career- related decision making?
Case Studies
Case One
FBI Orders Apple to Unlock iPhone On December 2, 2015, Syed Rizwan Farook and Tashfeen Malik burst into a holiday gathering of county employees at the Inland Regional Center in San Bernardino, California, and began shooting—ultimately killing 14 people and wounding another 21. In the hours after the attack, the couple became involved in a shootout with police, and both were killed.
With their deaths, the investigation into the deadliest terrorist attack in the United States since September 11, 2001, entered a new phase, as hundreds of FBI agents in California and around the world began investigating the attackers’ online and offline activities in the hours, weeks, and months leading up to the shootings. In addition to the stockpile of weapons and homemade pipe bombs found in the home of Farook and Malik, investigators found multiple electronic devices. While attempts had been made by the couple to delete data and damage some of the devices, FBI Director James Comey reported two weeks after the attack that investigators had found private messages between the two that showed their “joint commitment to jihad and to martyrdom.” In addition, Malik posted a note on Facebook shortly after the shootings, pledging the couple’s allegiance to the leader of ISIS, a terrorist network also known as the Islamic State.
In order to further investigate possible connections to extremist groups, the FBI attempted to access the data on an iPhone used by Farook. The phone, which belonged to Farook’s employer, the San Bernardino County Health Department, was locked by a passcode, and neither the county nor the FBI were able to unlock the phone. The iOS software installed on Apple’s phones allows only 10 unsuccessful passcode attempts before it wipes the phone’s memory clean. This security feature prevented the FBI from attempting a “brute-force” attack, which is essentially a trial- and-error method in which all possible passcodes are tried systematically until the correct one is uncovered.
In the weeks following the shootings, Apple representatives cooperated with the FBI’s investigation, providing some older data backups from the phone as well as suggesting possible methods the agency could use to access the data on the phone itself. The company balked, however, when the FBI demanded that the company develop new software that would disable the functionality that wipes the phone’s memory when too many wrong passcodes are entered in a row. The FBI also wanted Apple to eliminate the built-in delay between passcode attempts, which, by Apple’s estimates, meant that a brute-force attack on a phone with a six-digit passcode could take more than five years to complete.
The FBI’s demand that Apple develop new software that would allow it to unlock the phone in this case is an extension of an ongoing debate about whether tech companies should be compelled to build a “backdoor” into their software that would allow the government to access data even when secure encryption has been used to protect it. Without it, some law enforcement experts warn, the United States could be faced with the prospect of what has been dubbed the “Going Dark” problem, which some experts fear would lead to the inability of law enforcement to access electronic data even with a warrant. That concern was heightened for some when Apple announced in 2014 that it had altered its software so that it was no longer “technically feasible for us to respond to government warrants for the extraction of data from devices” running iOS 8 or later versions of that software.
On February 16, 2016, a U.S. magistrate in California ordered Apple to assist the government by creating a custom version of iOS that would run only on the iPhone in question and that would provide the functionality demanded by the FBI. In its motion requesting the order, the Department of Justice cited the All Writs Act, a law signed by President George Washington, which, among other things, gives federal judges the power to issue court orders compelling people to do things within the limits of the law and which has frequently been used as the basis for court orders compelling telecommunications companies to install and
CHAPTER 10 • Ethical, Legal, and Social Issues of Information Systems 473
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
operate call-tracking devices. In its filing, the DOJ alleged that Apple “deliberately raised technological barriers that now stand between a lawful warrant and an iPhone containing evidence related to the terrorist mass murder of 14 Americans.”
Apple challenged the judge’s order, arguing that it would set dangerous legal precedent. The company also issued a statement on its Web site that said, in part, “The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.” According to Apple, “Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.”
The case took another turn before the scheduled court hearing on the issue in March 2016, when the Justice Department announced that it had successfully accessed the contents of the phone using a tool provided the government by an unnamed third party. After its announcement, the Justice Department withdrew its motion to compel Apple to develop the requested software; however, according to a Justice Department spokeswoman, “It remains a priority for the government to ensure that law enforcement can obtain crucial digital information to protect national security and public safety, either with cooperation from relevant parties, or through the court system when cooperation fails.”
Critical Thinking Questions 1. Why did Apple object to the court order in this case?
What was the government’s rationale for compelling Apply to comply with the order?
2. Do you think Americans should be willing to surrender some of their privacy for increased security by allow- ing backdoors that enable law enforcement access to smartphones and other devices after a search warrant has been issued? Why or why not?
3. The FBI and Apple are involved in similar disputes in other cases, including one in New York involving an alleged drug conspiracy. Shortly before the govern- ment dropped its legal action against Apple in the San Bernardino case, the judge in the New York case ruled against the government, rejecting the argument that the All Writs Act gave prosecutors the authority to compel Apple to bypass the lock on the seized phone. Do your opinions about the issues involved in the San Bernardino case change when they arise in connection with a case that does not have national security impli- cations? Why or why not?
SOURCES: Almasy, Steve, “FBI Asks for Help Filling in San Bernardino Terrorist Attack Timeline,” CNN, January 5, 2016, www.cnn.com/2016 /01/05/us/san-bernardino-terrorist-attack; Nelson, Joe, “Investigation into San Bernardino Mass Shooting Will Be ‘Expansive and Expensive’,” San Bernardino County Sun, www.sbsun.com/general-news/20151220 /investigation-into-san-bernardino-mass-shooting-will-be-expansive -and-expensive; Medina, Jennifer, Richard Perez-Pena, Michael S. Schmidt, and Laurie Goldstein, “San Bernardino Suspects Left Trail of
Clues, but No Clear Motive,” New York Times, December 3, 2015, www .nytimes.com/2015/12/04/us/san-bernardino-shooting.html?_r=0; Gold- man, Adam and Mark Berman, “FBI: San Bernardino Attackers Didn’t Show Public Support for Jihad On Social Media,” Washington Post, December 16, 2015, www.washingtonpost.com/news/post-nation/wp /2015/12/16/fbi-san-bernardino-attackers-didnt-show-public-support -for-jihad-on-social-media; Green, Chloe, “Brute Force Attacks: How You Can Stop Hackers Breaking Your Door In,” Information Age, May 11, 2016, www.information-age.com/technology/security/123461414/brute -force-attacks-how-you-can-stop-hackers-breaking-your-door; “Opera- tional Technology: Going Dark Issue,” Federal Bureau of Investigation, www.fbi.gov/about-us/otd/going-dark-issue, accessed May 9, 2016; Panzarino, Matthew, “No, Apple Has Not Unlocked 70 iPhones for Law Enforcement,” TechCrunch, February 18, 2016, http://techcrunch.com /2016/02/18/no-apple-has-not-unlocked-70-iphones-for-law-enforce ment; Palazzolo, Joe and Devlin Barrett, “Roots of Apple-FBI Standoff Reach Back to 2008 Case,” Wall Street Journal, www.wsj.com/articles /roots-of-apple-fbi-standoff-reach-back-to-2008-case-1460052008? mg=id-wsj; Timberg, Craig, “Apple Will No Longer Unlock Most iPhones, iPads for Police, Even with Search Warrants,” Washington Post, September 18, 2014, www.washingtonpost.com/business/technology /2014/09/17/2612af58-3ed2-11e4-b03f-de718edeb92f_story.html; Lewis, Danny, “What the All Writs Act of 1789 Has to Do with the iPhone,” Smithsonian, February 24, 2016, www.smithsonianmag.com /smart-news/what-all-writs-act-1789-has-do-iphone-180958188/?no-ist; Hollister, Sean and Connie Guglielmo, “How an iPhone Became the FBI’s Public Enemy No. 1 (FAQ),” CNET, February 25, 2016, www.cnet.com /news/apple-versus-the-fbi-why-the-lowest-priced-iphone-has-the-us-in- a-tizzy-faq; “A Message to Our Customers,” Apple, February 16, 2016, www.apple.com/customer-letter; Barrett, Devlin, “FBI Paid More than $1 Million to Hack San Bernardino iPhone,” Wall Street Journal, April 21, 2016, www.wsj.com/articles/comey-fbi-paid-more-than-1-million-to -hack-san-bernardino-iphone-1461266641; Zetter, Kim, “Apple’s FBI Battle Is Complicated. Here’s What’s Really Going On,” Wired, February 18, 2016, www.wired.com/2016/02/apples-fbi-battle-is-complicated -heres-whats-really-going-on; Barrett, Devlin, “Judge Sides with Apple in N.Y. Drug Case Involving Locked Phone,” Wall Street Journal, March 1, 2016, www.wsj.com/articles/judge-sides-with-apple-in-drug-case-invol ving-locked-phone-1456785910.
Case Two Protecting Health Care Privacy The U.S. Health Insurance Portability and Accountability Act (HIPAA) addresses (among other things) the privacy of health information. Title 2 of the act regulates the use and disclosure of protected health information (PHI), such as billing for patient services by healthcare providers, insurance carriers, employers, and business associates.
Email is often the best way for a hospital to communicate with off-site specialists and insurance carriers about a patient. Unfortunately, standard email is insecure. It allows eavesdropping, later retrieval of messages from unprotected backups, message modification before it is received, potential invasion of the sender’s privacy by providing access to information about the identity and location of the sending computer, and more. Since healthcare provider email often includes PHI, healthcare facilities must be sure their email systems meet HIPAA privacy and security requirements.
Children’s National Medical Center (CNMC) of Washington, D.C., “The Nation’s Children’s Hospital,” is especially aware of privacy concerns because its patients are children. CNMC did what many organizations do when faced with a specialized problem: rather than try to become specialists or hire specialists for whom the hospital has no long-term full-time need, it turned to a specialist firm.
474 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
CNMC chose Proofpoint of Sunnyvale, California, for its security as a service (SaaS) email privacy protection service. Matt Johnston, senior security analyst at CNMC, says that children are “the highest target for identity theft. A small kid’s record is worth its weight in gold on the black market. It’s not the doctor’s job to protect that information. It’s my job.”
Johnston explains that he likes several things about the Proofpoint service:
● “I don’t have to worry about backups.” Proofpoint han- dles those.
● “I don’t have to worry about if a server goes down. [If it was a CNMC server, I would have to] get my staff ramped up and bring up another server. Proofpoint does that for us. It’s one less headache.”
● “We had a product in-house before. It required several servers which took a full FTE [full-time employee] just to manage this product. It took out too much time.”
● “Spam has been on the rise. Since Proofpoint came in, we’ve seen a dramatic decrease in spam. It takes care of itself. The end user is given a digest daily.”
● Email can be encrypted or not, according to rules that the end user need not be personally concerned with.
● “Their tech support has been great.”
Proofpoint is not the only company that provides healthcare providers with email security services. LuxSci of Cambridge, Massachusetts, also offers HIPAA-compliant email hosting services, as do several other firms. They all provide the same basic features: user authentication, transmission security (encryption), logging, and audit. Software that runs on the provider’s computers can also deliver media control and backup. Software that runs on a
user organization’s server necessarily relies on that organization to manage storage; for example, deleting messages from the server after four weeks as HIPAA requires.
As people become more aware of the privacy risks associated with standard email, the use of more secure solutions such as these will undoubtedly become more common in the future.
Critical Thinking Questions 1. What requirement does HIPAA institute to safeguard
patient privacy? 2. Universities use email to communicate private
information. For example, an instructor might send you an email explaining what you must do to raise your grade. The regulations about protecting that information under the Family Educational Rights and Privacy Act (FERPA) are not as strict as those under HIPAA. Do you think they should be as strict as HIPAA’s requirements? Why or why not?
3. How does Proofpoint safeguard patient privacy? Could Proofpoint do the same for university and corporate emails? Why or why not?
SOURCES: Children’s National Medical Center Web site, www.children snational.org, accessed August 28, 2014; LuxSci Web site, www.luxsci .com, accessed August 28, 2014; Proofpoint Web site, www.proofpoint .com, accessed August 28, 2014; Staff, “HIPAA Email Security Case Study: Children’s National Medical Center,” Proofpoint, www.youtube.com /watch?v=RVaBaNvwkQE, accessed August 7, 2014.
Notes
1.1. Vest, Joshua R., Issel, L. Michele, and Lee, Sean, “Expe- rience of Using Information Systems in Public Health Practice: Findings from a Qualitative Study,” February 5, 2014, www.ncbi.nlm.nih.gov/pmc/articles/PMC 3959909/.
2. Thibodeau, Patrick, “Government Wants to Increase IT Spending 1.3% in Proposed Budget,” Computerworld, February 9, 2016, www.computerworld.com/article /3031664/it-management/government-wants-to-increase -it-spending-13-in-proposed-budget.html.
3. Gallagher, Sean, “De-Dupe Time: GAO Finds $321 Million in Redundant Government IT Spending,” Ars Technica, September 17, 2013, http://arstechnica.com /information-technology/2013/09/de-dupe-time -gao-finds-321-million-in-redundant-government-it -spending.
4. “Federal Strategic Sourcing Initiative (FSSI),” General Services Administration, accessed May 6, 2016, www.gsa .gov/portal/content/105156.
5. “New CareerBuilder Survey Reveals the Most Common and Strangest Productivity Killers at Work,” Career- Builder, June 11, 2015, www.careerbuilder.com/share /aboutus/pressreleasesdetail.aspx?sd=6%2F11% 2F2015&id=pr898&ed=12%2F31%2F2015.
6. Zakrzewski, Cat, “The Key to Getting Workers to Stop Wasting Time Online,” Wall Street Journal, March 13,
2016, www.wsj.com/articles/the-key-to-getting-workers -to-stop-wasting-time-online-1457921545?mg=id-wsj.
7. “New CareerBuilder Survey,” CareerBuilder. 8. Zakrzewski, “Stop Wasting Time Online.” 9. Rein, Lisa,” Watchdog: IRS Sent Out $46M in Tax
Refunds Flagged as Potentially Fraudulent,” Chicago Tribune, December 23, 2015, www.chicagotribune .com/news/nationworld/ct-irs-tax-refunds-flagged -fraudulent-20151223-story.html.
10. Kaste, Martin, “2 Prisoners Mistakenly Released Early Now Charged in Killings,” NPR, January 1, 2016, www .npr.org/2016/01/01/461700642/computer-glitch-leads -to-mistaken-early-release-of-prisoners-in-washington.
11. Lorenzetti, Laura, “NYSE Explains Why It Went Down Wednesday,” Fortune, July 9, 2015, http://fortune.com /2015/07/09/nyse-explains-why-it-went-down- wednesday.
12. Gandel, Stephen, “This Is Why the NYSE Shut Down Today,” Fortune, July 8, 2015, http://fortune.com/2015 /07/08/nyse-halt.
13. Golson, Jordan, “Honda Accidentally Charges Many Customers Twice for Single Car Payment,” Verge, April 6, 2016, www.theverge.com/2016/4/6/11380448/honda- car-payment-overcharge-double-price-error-mistake.
14. Lutz, Hannah, “Honda ’Working Feverishly’ to Fix Cus- tomer Billing Glitch,” Automotive News, April 6, 2016,
CHAPTER 10 • Ethical, Legal, and Social Issues of Information Systems 475
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
www.autonews.com/article/20160406/OEM/160409849 /honda-working-feverishly-to-fix-customer-billing-glitch.
15. “Corporate E-Learning,” Error Prevention Training Insti- tute, smartpeopledumbthings.com/e-learning /corporate-training/, accessed July 21, 2014.
16. McCormick, Jonathan, “How to Manage IT in a Growing Business: Implementing IT Policies,” NetworkWorld, April 11, 2016, www.networkworld.com/article /3054601/careers/how-to-manage-it-in-a-growing -business-implementing-it-policies.html.
17. Kanowitz, Stephanie, “VA’s Information Security Still Lacking, Audit Shows,” FierceGovernmentIT, March 17, 2016, www.fiercegovernmentit.com/story/vas-information -security-still-lacking-audit-shows/2016-03-17.
18. Healy, Beth, “State Street Overbilled Customers $200M over 18 Years,” Boston Globe, December 17, 2015, www .bostonglobe.com/business/2015/12/17/state-street-says -overbilled-customers-million-over-years/eiHpkMswIB9 glkZO9z06VO/story.html.
19. Healy, Beth, “State Street Hit by Galvin for Overbilling Clients,” Boston Globe, April 20, 1016, www.bostonglobe .com/business/2016/04/20/state-street-hit-galvin-for -overbilling-clients/8j3n0XMwUOLddJQcijtMRK/story.html.
20. “Edward Snowden, Whistle-Blower,” New York Times, January 1, 2014, www.nytimes.com/2014/01/02/opinion /edward-snowden-whistle-blower.html.
21. Diamond, Jeremy, “Thought Bulk Data Collection Was Gone? Think Again,” CNN, June 2, 2015, www.cnn.com /2015/06/02/politics/bulk-data-collection-coming-back -usa-freedom-act.
22. Kelly, Erin, “Senate Approves USA Freedom Act,” USA Today, June 2, 2015, www.usatoday.com/story/news /politics/2015/06/02/patriot-act-usa-freedom-act-senate -vote/28345747.
23. Rampton, Rebecca, “Obama to Propose Ending NSA Bulk Collection of Phone Records: Official,” Reuters, March 24, 2014, www.reuters.com/article/2014/03/25 /us-usa-security-obama-nsa-idUSBREA2O03O20140325.
24. Walker, Laura, “NSA to Destroy Data Collected from Mass Phone Surveillance,” Newsweek, July 27, 2015, www.newsweek.com/nsa-destroy-data-collected-mass -phone-surveillance-357500.
25. Sutton, James, “NSA Obtains Permission to Collect Metadata under New Law,” The Hill Talk, April 24, 2016, http://thehilltalk.com/2016/04/24/17121.
26. Hosenball, Mark, “Secret U.S. Court Issues First Order for Phone Data under New Law,” Reuters, April 19, 2016, www.reuters.com/article/usa-surveillance-court- idUSL2N17M26C.
27. “NSA Prism Program Taps into User Data of Apple, Goo- gle and Others,” Guardian, June 6, 2013, www.theguar dian.com/world/2013/jun/06/us-tech-giants-nsa-data.
28. Nakashima, Ellen, “Public Advocate: FBI’s Use of PRISM Surveillance Data Is Unconstitutional,” Washington Post, April 20, 2016, www.washingtonpost.com/world /national-security/public-advocate-fbis-use-of-prism -surveillance-data-is-unconstitutional/2016/04/20 /0282ed52-0693-11e6-b283-e79d81c63c1b_story.html.
29. “NSA Reportedly Recording All Phone Calls in a Foreign Country,” Associated Press, March 19, 2014, www .foxnews.com/politics/2014/03/19/nsa-reportedly-recording -all-phone-calls-in-foreign-country/.
30. Makarechi, Kia, “Julian Assange Goes Where Glenn Greenwald Wouldn’t,” Vanity Fair, May 19, 2014, www .vanityfair.com/online/daily/2014/05/julian-assange -glenn-greenwald-nsa-afghanistan.
31. “NSA Recording All Phone Calls,” Associated Press. 32. Nakashima, Ellen, “Top Spy Bemoans Loss of Key
Information-Gathering Program,” Washington Post, September 9, 2015, www.washingtonpost.com/world /national-security/top-spy-bemoans-loss-of-key-intelli gence-program/2015/09/09/a214bda4-5717-11e5 -abe9-27d53f250b11_story.html.
33. Savage, Charlie, “Obama Administration Set to Expand Sharing of Data That N.S.A. Intercepts,” New York Times, www.nytimes.com/2016/02/26/us/politics/obama -administration-set-to-expand-sharing-of-data-that -nsa-intercepts.html.
34. Grossman, Lev, “Inside Apple CEO Tim Cook’s Fight with the FBI,” Time, March 17, 2016, http://time.com /4262480/tim-cook-apple-fbi-2.
35. Miller, Ron, “Employees Have No Reasonable Expecta- tion to Privacy for Material Viewed or Stored on Employer-Owned Computers or Servers,” Wolters Kluwer, November 24, 2011, www.employmentlawdaily .com/index.php/2011/11/24/employees-have-no-reason able-expectation-to-privacy-for-materials-viewed-or -stored-on-employer-owned-computers-or-servers, access August 28, 2014.
36. Hancock, Jay and Julie Appleby, “7 Questions to Ask Your Employer about Wellness Privacy,” Kaiser Health News, September 30, 2015, http://khn.org/news /7-questions-to-ask-your-employer-about-wellness-privacy.
37. Hancock, Jay, “Workplace Wellness Programs Put Employee Privacy at Risk,” CNN, October 2, 2015, www .cnn.com/2015/09/28/health/workplace-wellness-privacy -risk-exclusive.
38. Haggin, Patience, “As Wearables in Workplace Spread, So Do Legal Concerns,” Wall Street Journal, March 13, 2016, www.wsj.com/articles/as-wearables-in-workplace -spread-so-do-legal-concerns-1457921550.
39. Thiel, Scott, “Wearables at Work: Data Privacy and Employment Law Implications,” DLA Piper, April 22, 2016, www.dlapiper.com/en/us/insights/publications /2016/04/wearables-at-work.
40. “Protection of Personal Data,” European Commission, http://ec.europa.eu/justice/data-protection, accessed August 17, 2014.
41. Meltzer, Joshua, “Examining the EU Safe Harbor Deci- sion and Impacts for Transatlantic Data Flows,” The Brookings Institute, November 3, 2015, www.brookings. edu/research/testimony/2015/11/03-eu-safe-harbor -decision-transatlantic-data-flows-meltzer.
42. Cline, Jay, “Five Predictions for the EU-U.S. Safe Harbor Showdown,” Computerworld, October 27, 2015, www .computerworld.com/article/2997882/data-privacy/five -predictions-for-the-eu-u-s-safe-harbor-showdown .html.
43. Scott, Mark, “U.S. and Europe in ‘Safe Harbor’ Data Deal, but Legal Fight May Await,” New York Times, www. nytimes.com/2016/02/03/technology/us-europe-safe -harbor-data-deal.html.
44. Gibbs, Samuel, “Data Regulators Reject EU-US Privacy Shield Safe Harbour Deal,” Guardian, April 14, 2016,
476 PART 5 • Information Systems in Business and Society
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
www.theguardian.com/technology/2016/apr/14/data -regulators-reject-eu-us-privacy-shield-safe-harbour-deal.
45. Urbon, Steve, “Freetown Selectmen Hit with $1,000 Civil Penalty in Open Meeting Law Violation,” SouthCoast Today, March 10, 2016, www.southcoasttoday.com /article/20160310/NEWS/160319911.
46. “The Commonwealth of Massachusetts Open Meeting Law, G.L. c. 30A, §§ 18-25,” Commonwealth of Massa- chusetts, www.mass.gov/ago/docs/government/oml /open-meeting-law-gl-c-30a-18-25.pdf, accessed May 9, 2016.
47. Botelho, Greg and Michael Martinez, “DA: No Charges against Colorado Students in Sexting Scandal,” CNN, December 9, 2015, www.cnn.com/2015/12/09/us /colorado-sexting-scandal-canon-city.
48. “Two App Developers Settle FTC Charges They Violated Children’s Online Privacy Protection Act,” Federal Trade Commission, December 17, 2015, www.ftc.gov/news -events/press-releases/2015/12/two-app-developers-settle -ftc-charges-they-violated-childrens.
49. “Top 15 Most Popular Social Networking Sites,” Ebizma, May 2016,” http://www.ebizmba.com/articles/social -networking-websites.
50. “Number of Monthly Active Facebook Users Worldwide as of 1st Quarter 2016 (in Millions),” Statista, http://www .statista.com/statistics/264810/number-of-monthly -active-facebook-users-worldwide, accessed May 9, 2016.
51. Kaysen, Ronda, “When Neighbors Tangle Online,” New York Times, November 6, 2016, www.nytimes.com/2015 /11/08/realestate/when-neighbors-tangle-online.html?_r=0.
52. Worstall, Tim, “Now Google Autocomplete Could Be Found Guilty of Libel in Hong Kong,” Forbes, August 6, 2014, www.forbes.com/sites/timworstall/2014/08/06 /now-google-autocomplete-could-be-found-guilty-of -libel-in-hong-kong.
53. Matthew, Lee, “Defamation, Celebrities, and the Inter- net,” Harvard Journal on Sports and Entertainment Law, April 17, 2014, http://harvardjsel.com/2014/04 /defamation-internet/.
54. “2016 Best Internet Filter Software Reviews,” TopTen- Reviews, http://internet-filter-review.toptenreviews.com, accessed May 9, 2016.
55. “2016 Best Mac Internet Filter Software Reviews,” http://internet-filter-review.toptenreviews.com/mac -internet-filter-software, accessed May 10, 2016.
56. “BBB Sample Privacy Policy,” www.bbb.org/dallas /for-businesses/bbb-sample-privacy-policy1, accessed August 14, 2014.
57. “Can I Review My Credit Report?,” Consumer Financial Protection Bureau, www.consumerfinance.gov/askcfpb /5/can-i-review-my-credit-report.html, accessed May 8, 2016.
58. “How to Sit at a Computer,” American Academy of Orthopedic Surgeons, http://orthoinfo.aaos.org/topic .cfm?topic=a00261, accessed May 10, 2016.
59. “What Is ACM?” www.acm.org/about, accessed May 14, 2016.
60. “ACM Code of Ethics and Professional Conduct,” www .acm.org/about/code-of-ethics, accessed August 14, 2014.
CHAPTER 10 • Ethical, Legal, and Social Issues of Information Systems 477
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Glossary
A
ACID properties Properties (atomicity, consistency, isolation, durability) that guar- antee relational database transactions are processed reliably and ensure the integrity of data in the database.
advanced persistent threat (APT) A network attack in which an intruder gains access to a network and stays there— undetected—with the intention of stealing data over a long period of time.
agile development An iterative system development process that develops the system in “sprint” increments lasting from two weeks to two months.
antivirus software Software that scans a computer’s memory, disk drives, and USB ports regularly for viruses.
application programming interface (API) A set of programming instructions and standards that enables one software program to access and use the services of another software program.
application software Programs that help users solve particular computing problems.
artificial intelligence system The people, procedures, hardware, software, data, and knowledge needed to develop computer sys- tems and machines that can simulate human intelligence processes, including learning (the acquisition of information and rules for using the information), reasoning (using rules to reach conclusions), and self-correction (using the outcome from one scenario to improve its performance on future scenarios).
artificial intelligence The ability to mimic or duplicate the functions of the human brain.
assistive technology system An assistive, adaptive, or rehabilitative device designed to help people with disabilities perform tasks that they were formerly unable to accomplish or had great difficulty accomplishing.
attribute A characteristic of an entity.
autonomic computing The ability of IT systems to manage themselves and adapt to changes in the computing environment, business policies, and operating objectives.
B
batch processing system A form of data processing whereby business transactions are
accumulated over a period of time and pre- pared for processing as a single unit or batch.
best practices The most efficient and effective ways to complete a business process.
bioprinting The use of 3D printers to build human parts and organs from actual human cells.
bit A binary digit (i.e., 0 or 1) that repre- sents a circuit that is either on or off.
blended threat A sophisticated threat that combines the features of a virus, worm, Trojan horse, and other malicious code into a single payload.
Bluetooth A wireless communications spec- ification that describes how cell phones, com- puters, faxes, printers, and other electronic devices can be interconnected over distances of 10 to 30 feet at a rate of about 2 Mbps.
botnet A term used to describe a large group of computers, that are controlled from one or more remote locations by hackers, without the knowledge or consent of their owners.
bring your own device (BYOD) A busi- ness policy that permits, and in some cases encourages, employees to use their own mobile devices (smartphones, tablets, or laptops) to access company computing resources and applications, including email, corporate databases, the corporate intranet, and the Internet.
broadband communications High-speed Internet access that is always on and that is faster than traditional dial-up access.
bus network A network in which all net- work devices are connected to a common backbone that serves as a shared communi- cations medium.
bus A set of electronic circuits used to route data and instructions to and from the various components of a computer.
business intelligence (BI) A wide range of applications, practices, and technologies for the extraction, transformation, integration, visualization, analysis, interpretation, and presentation of data to support improved decision making.
business rule management system (BRMS) Software used to define, execute, monitor, and maintain the decision logic that is used by the operational systems and pro- cesses that run the organization.
business-to-business (B2B) e-commerce A subset of e-commerce in which all the participants are organizations.
business-to-consumer (B2C) e-commerce A form of e-commerce in which customers deal directly with an organization and avoid intermediaries.
byte (B) Eight bits that together represent a single character of data.
C
CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) Software that generates and grades tests that humans can pass but all but the most sophisticated computer pro- grams cannot.
Cascading Style Sheet (CSS) A markup language for defining the visual design of a Web page or group of pages.
central processing unit (CPU) The part of a computer that sequences and executes instructions.
certificate authority (CA) A trusted third- party organization or company that issues digital certificates.
certification A process for testing skills and knowledge; successful completion of a cer- tification exam results in a statement by the certifying authority that confirms an indi- vidual is capable of performing particular tasks.
change management model A description of the phases an individual or organization goes through in making a change and out- lining principles for successful implementa- tion of change.
channel bandwidth The rate at which data is exchanged, usually measured in bits per second (bps).
character A basic building block of most information, consisting of uppercase letters, lowercase letters, numeric digits, or special symbols.
Children’s Online Privacy Protection Act (COPPA) An act, directed at Web sites catering to children, that requires site own- ers to post comprehensive privacy policies and to obtain parental consent before they collect any personal information from chil- dren under 13 years of age.
client/server architecture An approach to computing wherein multiple computer
478 Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
platforms are dedicated to special functions, such as database management, printing, communications, and program execution.
clock speed A series of electronic pulses produced at a predetermined rate that affects machine cycle time.
cloud computing A computing environ- ment where software and storage are pro- vided as an Internet service and are accessed with a Web browser.
code of ethics A code that states the prin- ciples and core values that are essential to a set of people and that, therefore, govern these people’s behavior.
cold site A computer environment that includes rooms, electrical service, telecom- munications links, data storage devices, and the like.
command-based user interface A user interface that requires you to give text com- mands to the computer to perform basic activities.
communications medium Any material substance that carries an electronic signal to support communications between a sending and a receiving device.
community of practice (CoP) A group whose members share a common set of goals and interests and regularly engage in sharing and learning as they strive to meet those goals.
computer forensics A discipline that com- bines elements of law and computer science to identify, collect, examine, and preserve data from computer systems, networks, and storage devices in a manner that preserves the integrity of the data gathered so that it is admissible as evidence in a court of law.
computer network The communications media, devices, and software connecting two or more computer systems or devices.
computer-aided design (CAD) The use of software to assist in the creation, analysis, and modification of the design of a compo- nent or product.
computer-aided engineering (CAE) The use of software to analyze the robustness and performance of components and assemblies.
computer-aided manufacturing (CAM) The use of software to control machine tools and related machinery in the manufacture of components and products.
computer-based information system (CBIS) A single set of hardware, software, databases, networks, people, and proce- dures that are configured to collect, manip- ulate, store, and process data into information.
concurrency control A method of dealing with a situation in which two or more users or applications need to access the same record at the same time.
consumer-to-consumer (C2C) e-commerce A subset of e-commerce that involves elec- tronic transactions between consumers using a third party to facilitate the process.
content streaming A method for transfer- ring large media files over the Internet so that the data stream of voice and pictures plays more or less continuously as the file is being downloaded.
continuous improvement Constantly seeking ways to improve business processes and add value to products and services.
Controlling the Assault of Non-Solicited Pornography and Marketing (CAN- SPAM) Act An act that states that it is legal to spam, provided the messages meet a few basic requirements.
conversion funnel A graphical representa- tion that summarizes the steps a consumer takes in making the decision to buy your product and become a customer.
coprocessor The part of the computer that speeds processing by executing specific types of instructions while the CPU works on another processing activity.
Cross-Industry Process for Data Mining (CRISP-DM) A six-phase structured approach for the planning and execution of a data mining project.
customer relationship management (CRM) system A system that helps a com- pany manage all aspects of customer encounters, including marketing, sales, dis- tribution, accounting, and customer service.
cutover The process of switching from an old information system to a replacement system.
cyberespionage The deployment of mal- ware that secretly steals data in the com- puter systems of organizations, such as government agencies, military contractors, political organizations, and manufacturing firms.
cyberterrorism The intimidation of gov- ernment or civilian population by using information technology to disable critical national infrastructure (e.g., energy, trans- portation, financial, law enforcement, emer- gency response) to achieve political, religious, or ideological goals.
D
dashboard A presentation of a set of KPIs about the state of a process at a specific point in time.
data administrator An individual respon- sible for defining and implementing consis- tent principles for a variety of data issues.
data breach The unintended release of sensitive data or the access of sensitive data by unauthorized individuals.
data center A climate-and-access-controlled building or a set of buildings that houses the
computer hardware that delivers an organi- zation’s data and information services.
data cleansing The process of detecting and then correcting or deleting incomplete, incorrect, inaccurate, or irrelevant records that reside in a database.
data collection Capturing and gathering all data necessary to complete the processing of transactions.
data correction Reentering data that was not typed or scanned properly.
data cube A collection of data that contains numeric facts called measures, which are categorized by dimensions, such as time and geography.
data definition language (DDL) A collec- tion of instructions and commands used to define and describe data and relationships in a specific database.
data dictionary A detailed description of all the data used in the database.
data editing Checking data for validity and completeness to detect any problems.
data governance The core component of data management; it defines the roles, responsibilities, and processes for ensuring that data can be trusted and used by the entire organization, with people identified and in place who are responsible for fixing and preventing issues with data.
data item The specific value of an attribute.
data lake (enterprise data hub) A “store everything” approach to big data that saves all the data in its raw and unaltered form.
data lifecycle management (DLM) A policy-based approach to managing the flow of an enterprise’s data, from its initial acquisition or creation and storage to the time when it becomes outdated and is deleted.
data management An integrated set of functions that defines the processes by which data is obtained, certified fit for use, stored, secured, and processed in such a way as to ensure that the accessibility, reli- ability, and timeliness of the data meet the needs of the data users within an organization.
data manipulation language (DML) A specific language, provided with a DBMS, which allows users to access and modify the data, to make queries, and to generate reports.
data mart A subset of a data warehouse that is used by small- and medium-sized busi- nesses and departments within large com- panies to support decision making.
data mining A BI analytics tool used to explore large amounts of data for hidden patterns to predict future trends and beha- viors for use in decision making.
data model A diagram of data entities and their relationships.
GLOSSARY 479
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
data processing Performing calculations and other data transformations related to business transactions.
data steward An individual responsible for the management of critical data elements, including identifying and acquiring new data sources; creating and maintaining con- sistent reference data and master data defi- nitions; and analyzing data for quality and reconciling data issues.
data storage Updating one or more data- bases with new transactions.
Data visualization The presentation of data in a pictorial or graphical format.
data Raw facts such as an employee num- ber or total hours worked in a week.
database administrators (DBAs) Skilled and trained IS professionals who hold dis- cussions with business users to define their data needs; apply database programming languages to craft a set of databases to meet those needs; test and evaluate databases; implement changes to improve the perfor- mance of databases; and assure that data is secure from unauthorized access.
database approach to data management An approach to data management where multiple information systems share a pool of related data.
database as a service (DaaS) An arrange- ment where the database is stored on a ser- vice provider’s servers and accessed by the service subscriber over a network, typically the Internet, with the database administra- tion handled by the service provider.
database management system (DBMS) A group of programs used to access and man- age a database as well as provide an inter- face between the database and its users and other application programs.
database A well-designed, organized, and carefully managed collection of data.
data-flow diagram (DFD) A diagram used during both the analysis and design phases to document the processes of the current system or to provide a model of a proposed new system.
Department of Homeland Security (DHS) A large federal agency with more than 240,000 employees and a budget of almost $65 billion whose goal is to provide for a “safer, more secure America, which is resil- ient against terrorism and other potential threats.”
desktop computer A nonportable com- puter that fits on a desktop and provides sufficient computing power, memory, and storage for most business computing tasks.
DevOps The practice of blending the tasks performed by the development and IT operations groups to enable faster and more reliable software releases.
diffusion of innovation theory A theory developed by E.M. Rogers to explain how a
new idea or product gains acceptance and diffuses (or spreads) through a specific population or subset of an organization.
digital certificate An attachment to an email message or data embedded in a Web site that verifies the identity of a sender or Web site.
direct conversion A cutover strategy that involves stopping the old system and start- ing the new system on a given date; also called plunge or direct cutover.
disaster recovery plan A documented process to recover an organization’s busi- ness information system assets including hardware, software, data, networks, and facilities in the event of a disaster.
disintermediation The elimination of intermediate organizations between the producer and the consumer.
distributed denial-of-service (DDoS) attack An attack in which a malicious hacker takes over computers via the Internet and causes them to flood a target site with demands for data and other small tasks.
document production Generating output records, documents, and reports.
domain expert The person or group with the expertise or knowledge the expert sys- tem is trying to capture (domain).
domain The range of allowable values for a data attribute.
drill-down analysis The interactive exami- nation of high-level summary data in increasing detail to gain insight into certain elements—sort of like slowly peeling off the layers of an onion.
driving forces The beliefs, expectations, and cultural norms that tend to encourage a change and give it momentum.
E
economic feasibility The process of deter- mining whether the project makes financial sense and whether predicted benefits offset the cost and time needed to obtain them.
e-government The use of information and communications technology to simplify the sharing of information, speed formerly paper-based processes, and improve the relationship between citizens and government.
electronic cash An amount of money that is computerized, stored, and used as cash for e-commerce transactions.
electronic discovery (e-discovery) Any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case.
electronic exchange An electronic forum where manufacturers, suppliers, and com- petitors buy and sell goods, trade market information, and run back-office operations.
Electronic Product Environmental Assessment Tool (EPEAT) A system that enables purchasers to evaluate, compare, and select electronic products based on a set of environmental criteria.
embedded system A computer system (including some sort of processor) that is implanted in and dedicated to the control of another device.
enterprise application integration (EAI) The systematic tying together of disparate applications so that they can communicate.
enterprise data model A data model that provides a roadmap for building database and information systems by creating a single definition and format for data that can ensure data compatibility and the ability to exchange and integrate data among systems.
enterprise IS An information system that an organization uses to define structured interactions among its own employees and/ or with external customers, suppliers, gov- ernment agencies, and other business partners.
enterprise search software Software that matches a user’s query to many sources of information in an attempt to identify the most important content and the most reli- able and relevant source.
enterprise search The application of search technology to find information within an organization.
enterprise sphere of influence The sphere of influence that serves the needs of an organization in its interactions with its environment.
enterprise system A system central to the organization that ensures information can be shared with authorized users across all business functions and at all levels of man- agement to support the running and man- aging of a business.
entity A person, place, or thing for which data is collected, stored, and maintained.
entity-relationship (ER) diagram A data model that uses basic graphical symbols to show the organization of and relationships between data.
ergonomics The science of designing machines, products, and systems to maxi- mize the safety, comfort, and efficiency of the people who use them.
expert system A system that consists of hardware and software that stores knowl- edge and makes inferences, enabling a novice to perform at the level of an expert.
explanation facility Component of an expert system that allows a user or decision maker to understand how the expert system arrived at certain conclusions or results.
explicit knowledge Knowledge that is documented, stored, and codified—such as standard procedures, product formulas,
480 GLOSSARY
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
customer contact lists, market research results, and patents.
exploit An attack on an information system that takes advantage of a particular system vulnerability.
Extensible Markup Language (XML) The markup language designed to transport and store data on the Web.
extreme programming (XP) A form of agile software development that promotes incremental development of a system using short development cycles to improve pro- ductivity and to accommodate new customer requirements.
F
feasibility analysis An assessment of the technical, economic, legal, operational, and schedule feasibility of a project.
field Typically a name, a number, or a combination of characters that describes an aspect of a business object or activity.
file A collection of related records.
filtering software Software used to help protect personal data and screen objection- able Internet content.
firewall A system of software, hardware, or a combination of both that stands guard between an organization’s internal network and the Internet and limits network access based on the organization’s access policy.
force field analysis An approach to iden- tifying both the driving (positive) and restraining (negative) forces that influence whether change can occur.
Fourth Amendment This amendment to the U.S. constitution protects individuals against unreasonable searches and seizures and requires that warrants be issued only upon probable cause and specifying the place to be searched and the persons or things to be seized.
G
game theory A mathematical theory for developing strategies that maximize gains and minimize losses while adhering to a given set of rules and constraints.
genetic algorithm An approach to solving problems based on the theory of evolution; uses the concept of survival of the fittest as a problem-solving strategy.
gigahertz (GHz) A unit of frequency that is equal to one billion cycles per second; a measure of clock speed.
graphical user interface (GUI) An inter- face that displays pictures (icons) and menus that people use to send commands to the computer system.
green computing A program concerned with the efficient and environmentally responsible design, manufacture, operation, and disposal of IS-related products.
grid computing The use of a collection of computers, often owned by multiple indivi- duals or organizations, that work in a coor- dinated manner to solve a common problem.
group IS An information system that improves communications and supports collaboration among members of a workgroup.
H
Hadoop Distributed File System (HDFS) A system used for data storage that divides the data into subsets and distributes the subsets onto different servers for processing.
Hadoop An open-source software frame- work including several software modules that provide a means for storing and pro- cessing extremely large data sets.
hard disk drive (HDD) A direct access storage device used to store and retrieve data from rapidly rotating disks coated with magnetic material.
hardware Computer equipment used to perform input, processing, storage, and output activities.
hierarchy of data Bits, characters, fields, records, files, and databases.
hot site A duplicate, operational hardware system that is ready for use (or is ready for immediate access to one through a special- ized vendor).
hybrid cloud A cloud computing environ- ment composed of both private and public clouds integrated through networking.
hyperlink Highlighted text or graphics in a Web document that, when clicked, opens a new Web page containing related content.
Hypertext Markup Language (HTML) The standard page description language for Web pages.
I
identity theft The theft of personal infor- mation, which is then used without the owner’s permission, often to commit fraud or other crimes.
IF-THEN statement A rule that suggests certain conclusions.
inference engine Part of the expert system that seeks information and relationships from the knowledge base and provides answers, predictions, and suggestions simi- lar to the way a human expert would.
informatics The combination of informa- tion technology with traditional disciplines, such as medicine or science, while consid- ering the impact on individuals, organiza- tions, and society.
information system (IS) A set of interre- lated components that collect, process, store, and disseminate data and information; an information system provides a feedback
mechanism to monitor and control its oper- ation to make sure it continues to meet its goals and objectives.
information A collection of data organized and processed so that it has additional value beyond the value of the individual facts.
infrastructure as a service (IaaS) An information systems strategy in which an organization outsources the equipment used to support its data processing operations, including servers, storage devices, and net- working components.
in-memory database (IMDB) A database management system that stores the entire database in random access memory (RAM).
innovation The application of new ideas to the products, processes, and activities of a firm, leading to increased value.
input/output device A computer compo- nent that provides data and instructions to the computer and receives results from it.
installation The process of physically placing the computer equipment on the site and making it operational.
instant messaging The online, real-time communication between two or more peo- ple who are connected via the Internet.
integration testing Testing that involves linking all of the individual components together and testing them as a group to uncover any defects in the interfaces between individual components.
intelligent agent Programs and a knowl- edge base used to perform a specific task for a person, a process, or another program; also called an intelligent robot or bot.
intelligent behavior The ability to learn from experiences and apply knowledge acquired from those experiences; to handle complex situations; to solve problems when important information is missing; to deter- mine what is important and to react quickly and correctly to a new situation; to under- stand visual images, process and manipulate symbols, and be creative and imaginative; and to use heuristics.
Internet backbone One of the Internet’s high-speed, long-distance communications links.
Internet Protocol (IP) A communication standard that enables computers to route communications traffic from one network to another as needed.
Internet service provider (ISP) Any organization that provides Internet access to people.
intrusion detection system (IDS) Software and/or hardware that monitors system and network resources and activities and notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked com- puter environment.
GLOSSARY 481
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
IP address A 64-bit number that identifies a computer on the Internet.
J
joining Manipulating data to combine two or more tables.
joint application development (JAD) A structured meeting process that can acceler- ate and improve the efficiency and effec- tiveness of the investigation, analysis, and design phases of a system development project.
joint problem solving A process used to capture tacit knowledge where the novice and the expert work side by side to solve a problem so that the expert’s approach is slowly revealed to the observant novice.
K
kernel The heart of the operating system that controls the most critical processes of the OS.
key performance indicator (KPI) A metric that tracks progress in executing chosen strategies to attain organizational objectives and goals and consists of a direction, mea- sure, target, and time frame.
knowledge acquisition facility Part of the expert system that provides a convenient and efficient means of capturing and storing all the components of the knowledge base.
knowledge engineer A person who has training or experience in the design, devel- opment, implementation, and maintenance of an expert system.
knowledge management (KM) A range of practices concerned with increasing aware- ness, fostering learning, speeding collabora- tion and innovation, and exchanging insights.
knowledge user The person or group who uses and benefits from the expert system.
knowledge The awareness and under- standing of a set of information and the ways that information can be made useful to support a specific task or reach a decision.
L
laptop A personal computer designed for use by mobile users, being small and light enough to sit comfortably on a user’s lap.
law A system of rules that tells us what we can and cannot do.
learning system A combination of software and hardware that allows a computer to change how it functions or how it reacts to situations based on feedback it receives.
Leavitt’s diamond An organizational change model that proposes that every organizational system is made up of four main components—people, tasks, structure, and technology—that all interact; any change in one of these elements will neces- sitate a change in the other three elements.
legal feasibility The process of determin- ing whether laws or regulations may prevent or limit a system development project.
Lewin’s change model A three-stage approach for implementing change that involves unfreezing, moving, and refreezing.
linear regression A mathematical procedure to predict the value of a dependent variable based on a single independent variable and the linear relationship between the two.
linking The ability to combine two or more tables through common data attributes to form a new table with only the unique data attributes.
local area network (LAN) A network that connects computer systems and devices within a small area, such as an office, home, or several floors in a building.
logic bomb A form of Trojan horse mal- ware that executes when it is triggered by a specific event.
Long Term Evolution (LTE) A standard for wireless communications for mobile phones based on packet switching.
M
magnetic stripe card A type of card that stores a limited amount of data by modifying the magnetism of tiny iron-based particles contained in a band on the card.
magnetic tape A type of sequential sec- ondary storage medium, now used primarily for storing backups of critical organizational data in the event of a disaster.
main memory The component of a com- puter that provides the CPU with a working storage area for program instructions and data.
mainframe computer A large, powerful computer often shared by hundreds of con- current users connected to the machine over a network.
managed security service provider (MSSP) A company that monitors, man- ages, and maintains computer and network security for other organizations.
MapReduce program A composite pro- gram that consists of a Map procedure that performs filtering and sorting and a Reduce method that performs a summary operation.
market segmentation The identification of specific markets to target them with tailored advertising messages.
massively parallel processing system A system that speeds processing by linking hundreds or thousands of processors to operate at the same time, or in parallel, with each processor having its own bus, memory, disks, copy of the operating system, and applications.
memory A component of the computer that provides the processor with a working storage area to hold program instructions and data.
mesh network A network that uses multi- ple access points to link a series of devices that communicate with each other to form a network connection across a large area.
metadata Data that describes other data.
metropolitan area network (MAN) A net- work that connects users and their compu- ters in a geographical area that spans a campus or city.
middleware Software that allows various systems to communicate and exchange data.
mission-critical process A process that plays a pivotal role in an organization’s continued operations and goal attainment.
mobile computers A computer small enough to carry easily.
mobile device management (MDM) soft- ware Software that manages and trouble- shoots mobile devices remotely, pushing out applications, data, patches, and settings while enforcing group policies for security.
monitoring The process of measuring sys- tem performance by tracking the number of errors encountered, the amount of memory required, the amount of processing or CPU time needed, and other performance indicators.
morals One’s personal beliefs about right and wrong.
multicore processor A microprocessor that has two or more independent processing units, called cores, which are capable of sequencing and executing instructions.
multimedia Content that uses more than one form of communication—such as text, graphics, video, animation, audio, and other media.
multiprocessing The simultaneous execu- tion of two or more instructions at the same time.
N
natural language processing An aspect of artificial intelligence that involves technol- ogy that allows computers to understand, analyze, manipulate, and/or generate “natural” languages, such as English.
near field communication (NFC) A very short-range wireless connectivity technology that enables two devices placed within a few inches of each other to exchange data.
nettop computer A very small, inexpensive desktop computer typically used for Internet access, email, accessing Web-based applica- tions, document processing, and audio/ video playback.
network operating system (NOS) Systems software that controls the computer systems and devices on a network and allows them to communicate with each other.
network topology The shape or structure of a network, including the arrangement of
482 GLOSSARY
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
the communication links and hardware devices on the network.
network-management software Software that enables a manager on a networked computer to monitor the use of individual computers and shared hardware (such as printers), scan for viruses, and ensure com- pliance with software licenses.
neural network A computer system that can recognize and act on patterns or trends that it detects in large sets of data.
next-generation firewall (NGFW) A hardware- or software-based network secu- rity system that is able to detect and block sophisticated attacks by filtering network traffic dependent on the packet contents.
NoSQL database A way to store and retrieve data that is modeled using some means other than the simple two- dimensional tabular relations used in rela- tional databases.
O
off-the-shelf software Software produced by software vendors to address needs that are common across businesses, organiza- tions, or individuals.
online analytical processing (OLAP) A method to analyze multidimensional data from many different perspectives, enabling users to identify issues and opportunities as well as perform trend analysis.
online transaction processing (OLTP) A form of data processing where each trans- action is processed immediately without the delay of accumulating transactions into a batch.
operating system (OS) A set of computer programs that controls the computer hard- ware and acts as an interface to application software.
operational feasibility The process of determining how a system will be accepted by people and how well it will meet various system performance expectations.
organization A group of people that is structured and managed to meet its mission or set of group goals.
organizational complement A key com- ponent that must be in place to ensure suc- cessful implementation and use of an information system.
organizational network analysis (ONA) A technique used for documenting and mea- suring flows of information among indivi- duals, workgroups, organizations, computers, Web sites, and other information sources.
P
parallel computing The simultaneous execution of the same task on multiple pro- cessors to obtain results faster.
parallel start-up A cutover strategy that involves running both the old and new sys- tems for a period of time and closely com- paring the output of the new system with the output of the old system; any differences are reconciled. When users are comfortable that the new system is working correctly, the old system is eliminated.
Pareto principle (80–20 rule) An obser- vation that for many events, roughly 80 percent of the effects come from 20 percent of the causes.
patch A minor system change to correct a problem or make a small enhancement; it is usually an addition to an existing program.
perceptive system A system that approxi- mates the way a person sees, hears, and feels objects.
performance evaluation test A compari- son of vendor options conducted in a com- puting environment (e.g., computing hardware, operating system software, data- base management system) and with a workload (e.g., number of concurrent users, database size, and number of transactions) that matches its intended operating conditions.
personal area network (PAN) A wireless network that supports the interconnection of information technology devices close to one person.
personal IS An information system that improves the productivity of individual users in performing stand-alone tasks.
personal productivity software Software that enables users to improve their personal effectiveness, increasing the amount of work and quality of work they can do.
personal sphere of influence The sphere of influence that serves the needs of an individual user.
personalization The process of tailoring Web pages to specifically target individual consumers.
phase-in approach A cutover strategy that involves slowly replacing components of the old system with those of the new one; this process is repeated for each component until the new system is running every com- ponent and performing as expected; also called a piecemeal approach.
phishing The act of fraudulently using email to try to get the recipient to reveal personal data.
pilot start-up A cutover strategy that involves running the complete new system for one group of users rather than for all users.
platform as a service (PaaS) An approach that provides users with a computing plat- form, typically including operating system, programming language execution environ- ment, database services, and Web server.
podcast An audio broadcast you can listen to over the Internet.
point-of-sale (POS) devices A device used to enter data associated with a customer purchase into a computer system.
primary key A field or set of fields that uniquely identifies the record.
private cloud environment A single tenant cloud.
procedure A set of steps that need to be followed to achieve a specific end result, such as enter a customer order, pay a sup- plier invoice, or request a current inventory report.
process A set of logically related tasks performed to achieve a defined outcome.
product lifecycle management (PLM) software Software that provides a means for managing the data and processes asso- ciated with the various phases of the prod- uct life cycle, including sales and marketing, research and development, concept devel- opment, product design, prototyping and testing, process design, production and assembly, delivery and product installation, service and support, and product retirement and replacement.
product lifecycle management (PLM) An enterprise business strategy that creates a common repository of product information and processes to support the collaborative creation, management, dissemination, and use of product and packaging definition information.
product owner A person who represents the project stakeholders and is responsible for communicating and aligning project pri- orities between the stakeholders and devel- opment team.
programming languages Sets of key- words, commands, symbols, and rules for constructing statements by which humans can communicate instructions to a computer.
projecting Manipulating data to eliminate columns in a table.
proprietary software One-of- a-kind soft- ware designed for a specific application and owned by the company, organization, or person that uses it.
R
radio frequency identification (RFID) A technology that employs a microchip with an antenna to broadcast its unique identifier and location to receivers.
random access memory (RAM) A form of memory in which instructions or data can be temporarily stored.
ransomware Malware that stops you from using your computer or accessing your data until you meet certain demands such as paying a ransom or sending photos to the attacker.
read-only memory (ROM) A nonvolatile form of memory.
GLOSSARY 483
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
reasonable assurance The IS security concept that recognizes that managers must use their judgment to ensure that the cost of control does not exceed the system’s bene- fits or the risks involved.
record A collection of data fields all related to one object, activity, or individual.
reengineering The radical redesign of business processes, organizational struc- tures, information systems, and values of the organization to achieve a breakthrough in business results.
relational database model A simple but highly useful way to organize data into col- lections of two-dimensional tables called relations.
release A significant program change that often requires changes in the documentation of the software.
request for information (RFI) A document that outlines an organization’s hardware or software needs and requests vendors to provide information about if and how they can meet those needs and the time and resources required.
restraining forces Forces that make it dif- ficult to accept a change or to work to implement a change.
risk assessment The process of assessing security-related risks to an organization’s computers and networks from both internal and external threats.
robotics A branch of engineering that involves the development and manufacture of mechanical or computer devices that can per- form tasks requiring a high degree of precision or that are tedious or hazardous for humans.
rootkit A set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge.
rule A conditional statement that links conditions to actions or outcomes.
S
scalability The ability to increase the pro- cessing capability of a computer system so that it can handle more users, more data, or more transactions in a given period.
schedule feasibility The process of deter- mining whether the project can be com- pleted within a desired time frame.
schema A description that defines the log- ical and physical structure of the database by identifying the tables, the fields in each table, and the relationships between fields and tables.
scrum master The person who coordinates all the scrum activities of a team.
scrum An agile development framework that emphasizes a team-based approach in order to keep the development effort focused and moving quickly.
search engine optimization (SEO) A pro- cess for driving traffic to a Web site by using techniques that improve the site’s ranking in search results.
search engine A valuable tool that enables you to find information on the Web by specifying words that are key to a topic of interest, known as keywords.
secondary storage A device that stores large amounts of data, instructions, and information more permanently than allowed with main memory.
security audit A careful and thorough analysis that evaluates whether an organi- zation has a well-considered security policy in place and if it is being followed.
security policy A statement that defines an organization’s security requirements, as well as the controls and sanctions needed to meet those requirements.
selecting Manipulating data to eliminate rows according to certain criteria.
self-service analytics Training, techniques, and processes that empower end users to work independently to access data from approved sources to perform their own analyses using an endorsed set of tools.
server farm A facility that houses a large number of servers in the same room, where access to the machines can be controlled and authorized support personnel can more easily manage and maintain the servers.
server A computer employed by many users to perform a specific task, such as running network or Internet applications.
service-oriented architecture (SOA) A software design approach based on the use of discrete pieces of software (modules) to provide specific functions as services to other applications.
shadow IT The information systems and solutions built and deployed by departments other than the information systems depart- ment. In many cases, the information sys- tems department may not even be aware of these efforts.
shadowing A process used to capture tacit knowledge that involves a novice observing an expert executing her job to learn how she performs.
single-user license A software license that permits you to install the software on one or more computers, used by one person.
site preparation Preparation of the loca- tion of a new system.
slipstream upgrade A minor system upgrade, typically a code adjustment or minor bug fix; it usually requires recompil- ing all the code, and in so doing, it can cre- ate entirely new bugs.
smishing Another variation of phishing that involves the use of Short Message Ser- vice (SMS) texting.
soft side of implementing change The work designed to help employees embrace a new information system and way of working.
Software as a service (SaaS) A service that allows businesses to subscribe to Web- delivered application software.
software suite A collection of programs packaged together and sold in a bundle.
software-defined networking (SDN) An emerging approach to networking that allows network administrators to have pro- grammable central control of the network via a controller without requiring physical access to all the network devices.
solid state storage device (SSD) A storage device that stores data in memory chips rather than on hard disk drives or optical media.
source data automation Capturing data at its source and recording it accurately in a timely fashion, with minimal manual effort and in an electronic or digital form so that it can be directly entered into the computer.
spam The use of email systems to send unsolicited email to large numbers of people.
spear-phishing A variation of phishing in which the phisher sends fraudulent emails to a certain organization’s employees.
speech-recognition technology Input devices that recognize human speech.
sphere of influence The scope of the pro- blems and opportunities that the software addresses.
SQL A special-purpose programming lan- guage for accessing and manipulating data stored in a relational database.
star network A network in which all net- work devices connect to one another through a single central device called the hub node.
storage area network (SAN) A high-speed, special-purpose network that integrates dif- ferent types of data storage devices (e.g., hard disk drives, magnetic tape, solid state secondary storage devices) into a single storage system and connects that to com- puting resources across an entire organization.
storage as a service A data storage model where a data storage service provider rents space to individuals and organizations.
supercomputer The most powerful com- puter system with the fastest processing speeds.
supply chain A key value chain whose primary activities include inbound logistics, operations, outbound logistics, marketing and sales, and service.
supply chain management (SCM) The management of all the activities required to get the right product into the right
484 GLOSSARY
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
consumer’s hands in the right quantity at the right time and at the right cost—from the identification of suppliers and the acquisi- tion of raw materials through manufacture and customer delivery.
supply chain management (SCM) system A system that includes planning, executing, and controlling all activities involved in raw material sourcing and procurement, the conversion of raw materials to finished pro- ducts, and the warehousing and delivery of finished products to customers.
syntax A set of rules associated with a programming language.
system analysis The phase of system development that focuses on gathering data on the existing system, determining the requirements for the new system, consider- ing alternatives within identified constraints, and investigating the feasibility of alterna- tive solutions.
system construction The phase of system development that converts the system design into an operational system by acquiring and installing hardware and soft- ware, coding and testing software pro- grams, creating and loading data into databases, and performing initial program testing.
system design The stage of system devel- opment that answers the question, “How will the information system solve this problem?”
system disposal A stage of system devel- opment that involves those activities that ensure the orderly dissolution of the system, including disposing of all equipment in an environmentally friendly manner, closing out contracts, and safely migrating informa- tion from the system to another system or archiving it in accordance with applicable records management policies.
system investigation The initial phase in the development of a new or modified business information system whose purpose is to gain a clear understanding of the spe- cifics of the problem to solve or the oppor- tunity to address.
system investigation report A summary of the results of the system investigation, with a recommendation of a course of action.
system maintenance A stage of system development that involves changing and enhancing the system to make it more use- ful in achieving user and organizational goals.
system on a chip A combination chipset which includes processor cores, RAM and ROM memory, interface controllers, and voltage regulators.
system operation Involves the use of a new or modified system under all kinds of operating conditions.
system review The process of analyzing a system to make sure it is operating as intended.
system software Software that includes operating systems, utilities, and middleware that coordinate the activities and functions of the hardware and other programs throughout the computer system.
system testing Testing the complete, inte- grated system (hardware, software, data- bases, people, and procedures) to validate that the information system meets all speci- fied requirements.
T
tablets A portable, lightweight computer with no keyboard that allows you to roam the office, home, or factory floor carrying the device like a clipboard.
tacit knowledge The know-how that some- one has developed as a result of personal experience; it involves intangible factors such as beliefs, perspective, and a value system.
tag A code that tells the Web browser how to format text—as a heading, as a list, or as body text—and whether images, sound, and other elements should be inserted.
technical documentation Written details used by computer operators to execute the program and by analysts and programmers to solve problems or modify the program.
technical feasibility The process of deter- mining whether a project is feasible within the current limits of available technology.
technology acceptance model (TAM) A model that specifies the factors that can lead to better attitudes about an information system, along with higher acceptance and usage of it.
technology infrastructure All the hard- ware, software, databases, networks, peo- ple, and procedures that are configured to collect, manipulate, store, and process data into information.
thin client A low-cost, centrally managed computer with no internal or external attached drives for data storage.
transaction processing cycle The process of data collection, data editing, data correc- tion, data processing, data storage, and document production.
Transport Layer Security (TLS) A com- munications protocol or system of rules that ensures privacy between communicating applications and their users on the Internet.
Trojan horse A seemingly harmless pro- gram in which malicious code is hidden.
U
U.S. Computer Emergency Readiness Team (US-CERT) A partnership between the Department of Homeland Security and the public and private sectors; established to provide timely handling of security incidents as well as conducting improved analysis of such incidents.
Uniform Resource Locator (URL) A Web address that specifies the exact location of a
Web page using letters and words that map to an IP address and a location on the host.
unit testing Testing of individual compo- nents of code (subroutines, modules, and programs) to verify that each unit performs as designed.
user acceptance document A formal agreement that the organization signs stat- ing that a phase of the installation or the complete system is approved.
user acceptance testing (UAT) Testing performed by trained system users to verify that the system can complete required tasks in a real-world operating environment and perform according to the system design specifications.
user documentation Written descriptions developed for people who use a program; in easy-to-understand language, it shows how the program can and should be used to meet the needs of its various users.
user interface The element of the operating system that allows people to access and interact with the computer system.
user preparation The process of readying managers, decision makers, employees, other users, and stakeholders to accept and use the new system.
utility program A program that helps to perform maintenance or correct problems with a computer system.
V
value chain A series (chain) of activities that an organization performs to transform inputs into outputs in such a way that the value of the input is increased.
version A major program change, typically encompassing many new features.
virtual private network (VPN) A secure connection between two points on the Internet; VPNs transfer information by encapsulating traffic in IP packets and sending the packets over the Internet.
virtual reality system A system that enables one or more users to move and react in a computer-simulated environment.
virtual server A method of logically divid- ing the resources of a single physical server to create multiple logical servers, each acting as its own dedicated machine.
virtual tape A storage device for less fre- quently needed data. With virtual tape sys- tems, data appears to be stored entirely on tape cartridges, although some parts of it might actually be located on faster hard disks.
virtual team A group of individuals whose members are distributed geographically, but who collaborate and complete work through the use of information systems technology.
virus signature A sequence of bytes that indicates the presence of a specific virus.
GLOSSARY 485
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
virus A piece of programming code, usually disguised as something else, that causes a computer to behave in an unexpected and usually undesirable manner.
vishing Similar to smishing except that the victims receive a voice mail message telling them to call a phone number or access a Web site.
vision system The hardware and software that permit computers to capture, store, and manipulate visual images.
volume testing Testing to evaluate the performance of the information system under varying yet realistic work volume and operating conditions to determine the work load at which system performance begins to degrade and to identify and eliminate any issues that prevent the system from reaching its required service-level performance.
W
waterfall system development process A sequential, multistage system development process in which work on the next stage
cannot begin until the results of the current stage are reviewed and approved or modi- fied as necessary.
Web 2.0 The Web as a computing plat- form that supports software applications and the sharing of information among users.
Web browser Web client software—such as Chrome, Edge, Firefox, Internet Explorer, and Safari—used to view Web pages.
Web log (blog) A Web site that people and businesses use to share their observations, experiences, and opinions on a wide range of topics.
wide area network (WAN) A network that connects large geographic regions.
Wi-Fi A medium-range wireless communi- cations technology brand owned by the Wi- Fi Alliance.
wireless communication The transfer of information between two or more points that are not connected by an electrical conductor.
word cloud A visual depiction of a set of words that have been grouped together
because of the frequency of their occurrence.
workgroup application software Software that supports teamwork, whether team members are in the same location or dis- persed around the world.
workgroup sphere of influence The sphere of influence that helps workgroup members attain their common goals
workstations A more powerful personal computer used for mathematical computing, computer-assisted design, and other high- end processing but still small enough to fit on a desktop.
worm A harmful program that resides in the active memory of the computer and duplicates itself.
Z
zero-day attack An attack that takes place before the security community and/or soft- ware developers become aware of and fix a security vulnerability.
zombie A computer that has been taken over by a hacker to be used as part of a botnet.
486 GLOSSARY
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Subject Index
Note: A boldface page number indicates a key term and the location of its definition in the text.
A AAC (Advanced Audio Coding), 321 Access, 121–122 accounting systems, 239 AccuFund, 240 ACID properties, 124 ACM (Association for Computing
Machinery0), 466–467 ACS (American Cancer Society), 320 Address Verification System, 232 Adobe Audition, 322–323 Adobe ColdFusion, 181 Adobe Digital Publishing Suite, 306 Adobe Dreamweaver, 180 Adobe Flash, 177, 322 Adobe Illustrator, 321 Adobe InDesign, 321 Adobe Photoshop, 321 Adobe Premiere, 323 Adobe Premium, 323 ADP (Automatic Data Processing), 237 Advanced Audio Coding (AAC), 321 advanced persistent threat (APT), 412–413 Advanced Research Projects Agency (ARPA),
172 advertising, 225–226 After Effects, 322 agile development, 381–384 AHFC (American Honda Finance
Corporation), 444–445 AI (artificial intelligence). See artificial
intelligence (AI) AIFF (Audio Interchange File Format), 321 aircraft manufacturer, 417 AI Trilogy, 318 AIX, 79 ALAC (Apple Lossless Audio Codec), 321 alphanumeric data, 4 Alpha testing, 372 Amazon, 347 Amazon DynamoDB, 144 AmazonFresh Web site, 12 Amazon Web Services (AWS), 52, 180 public data sets, 135
American Cancer Society (ACS), 320 American Honda Finance Corporation
(AHFC), 444–445 analog-to-digital conversion, 323 analysis, 251 analytics tools, Business Intelligence (BI),
276–288 dashboards, 283–285 data mining, 282–283 data visualization, 277–279 drill-down analysis, 280–281 linear regression, 281–282
Online analytical processing (OLAP), 279–280
reporting and querying tools, 277 self-service analytics, 285–288 spreadsheets, 276–277
Android operating system, 80, 92 Android smartphones, 318 animation, 322–323 software, 321
AnnualCreditReport.com, website, 459 antivirus software, 423 Apache HTTP Server, 231 Apache Spark, 145 Apache Storm, 145 APIs (application programming interfaces),
74 Apple computer operating systems (OSs), 77 Apple Lossless Audio Codec (ALAC), 321 Apple’s 3D Touch, 57 Apple’s iPhoto, 321 Apple software products, 364 applets, 179 application programming interfaces (APIs),
74 application software, 69, 83–93. See also
software Advanced Research Projects Agency (ARPA), 172
enterprise, 91–92 mobile, 90 off-the-shelf software, 84 personal, 85–90 programming languages, 92–93 proprietary software, 84 software as a service (SaaS), 85 workgroup, 91
application testing, 371 APT (advanced persistent threat), 412–413 Arizona court system, 369 ARPA (Advanced Research Projects Agency),
172 ARPANET, 172–173 artificial intelligence (AI), 309–320, 331 applications, 319–320 brain-computer interface (BCI), 312 conceptual model, 313 expert system, 312–316 genetic algorithm, 319–320 intelligent agents, 320 learning systems, 318 natural language processing, 317–318 nature, 310–312 neural networks, 318–319 perspective, 310 robotics, 316–317 vision systems, 317 voice recognition, 317–318
artificial intelligence systems, 310 ASP, 181
assistive technology systems, 327–328 association analysis, 282 Association for Computing Machinery
(ACM), 466–467 ATM (automated teller machine)
devices, 55 attributes, 114–115, 120, 131, 253 audio, 4, 183, 321–322 Audio Interchange File Format (AIFF), 321 audio recording devices, 322 Audio Video Interleave (AVI) files, 322 auditing, 445–446 audits, 446 augmented reality, 325 authentication technologies, 232 automated teller machine (ATM)
devices, 55 Automatic Data Processing (ADP), 237 automation, 306 autonomic computing, 201 Avatar, 322 AVI (Audio Video Interleave) files, 322 Avon Products, 20 AWS (Amazon Web Services), 52, 180 AWS Certified SysOps Administrator-
Associate (Cloud), 31
B back-end applications, 132 banking, 228–229 Bank Secrecy Act, 136 bar-code scanners, 55–56 bartering, 226–227 Bartering Tax Center Web site, 227 Basel II Accord, 136 batch processing systems, 236–237 BBB (Better Business Bureau), 457–458, 460 BBB Code of Business Practices, 457–549 B2B (business-to-business) e-commerce,
217, 219 B (byte), 48, 113 B2C (business-to-consumer) e-commerce,
217–219 BCI (brain-computer interface), 312 BEDES (Building Energy Data Exchange
Specification), 127 behavior-based intrusion detection system,
425–426 Berners-Lee, Tim, 177 best-fitting line, 281 best practices, 247 beta testing, 371 Better Business Bureau (BBB), 457–458, 460 BI (business intelligence), 273 Bidz.com, 219
487 Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
big data, 133–140, 274 challenges, 136–137 characteristics, 134 data lake, 142 data management, 137–139 data mart, 142 data warehouse, 140–142 enterprise data hub, 142 NoSQL database, 142–144 sources, 134–135 technologies used to process, 140–146 uses, 135–136
Big Iron, 79 binary digits (bits), 113 Bing, 183–184 Maps, 191–200
bioinformatics, 329–330 biomedical informatics, 329 bioprinting, 59 bit (binary digits), 113 bits per second (bps), 162–163 Blackboard, 183 black box testing, 371 Black Hat Hacker, 418 blended threat, 409, 412 blog, 187 bloggers, 187 blogosphere, 187 BLS (Bureau of Labor Statistics), 135 bluetooth, 165–166 Blu-ray high-definition video disc, 50–51 BMC (Boston Medical Center), 329 booting up computer systems, 72 Boston Medical Center (BMC), 329 botnet, 411–412 bots, 320 BPR (business process reengineering), 14,
33 bps (bits per second), 162–163 Braille embossers, 327 brain-computer interface (BCI), 312 brain interfaces, 74 brain-machine interface, 313 branchout.com Web site, 30 Brandeis, Louis, 448 BreEZe project, 16 bridges, 169 bring your own device (BYOD), 404–405 BRMS (business rule management system),
305–307 broadband communications, 163 brute-force attack, 451 BTO (Business Technology Optimization),
377 Building Energy Data Exchange
Specification (BEDES), 127 Bureau of Labor Statistics (BLS), 135 bursitis, 462 bus, 46–47, 51, 159–160 business shopping online, 191 social networks, 182 technology infrastructure, 7 virtual reality, 326–327
business continuity plan, 365 business intelligence (BI), 273 business intelligence (BI) and analytics benefits, 273–274 dashboards, 283–285 data mining, 282–283
data scientist role in, 274–275 data visualization, 277–279 drill-down analysis, 280–281 linear regression, 281–282 online analytical processing (OLAP), 279–280
reporting and querying, 277 required components for effective, 275 self-service analytics, 285–288 spreadsheets, 276–277 tools, 276–288
Business knowledge, 350 Business Objects, 286 business process reengineering (BPR), 14,
33 business rule engine, 305 business rule management system (BRMS),
305–307 Business Technology Optimization (BTO),
377 business-to-business (B2B) e-commerce,
217, 219 business-to-consumer (B2C) e-commerce,
217–219 bus network, 159–160 Butterfleye, 13 buying versus building software, 346–348 BYOD (bring your own device), 404–405 bytes (B), 48–49, 113
C C, 92 Cþþ, 92, 179 Cable Act (1992), 449 cable modem connections, 176 CA (certificate authority), 232 CAD (computer-aided design), 253, 326 CAE (computer-aided engineering),
253–254 California Department of Consumer Affairs,
16 California Senate Bill 1386, 136 CAM (computer-aided manufacturing),
253–254 Cameron, James, 322 CAN-SPAM (Controlling the Assault of
Non-Solicited Pornography and Marketing) Act, 410
Capek, Karel, 316 CAPTCHA (Completely Automated Public
Turing Test to Tell Computers and Humans Apart), 410
Carbanak, hacker group, 412–413 Card Verification Number technique, 232 card verification value (CVV), 416 careerbuilder.com Web site, 186 careers, 21–31 actively searching for employees, 30 certification, 30 chief information officer (CIO), 24 chief technology officer (CTO), 24 finding job, 29–30 Internet, 29–30 manager of information systems, 24 professional organizations and user groups, 30
résumés, 30 social networking, 30 system operators, 24
systems analysts, 25 vice president of information systems, 24
care manager, 463 carpal tunnel syndrome (CTS), 461 cartridges, 68 Cascading Style Sheet (CSS), 178 case-based reasoning, 282 case-based system, 314 Cassandra, 143 cathode-ray tubes (CRTs), 57–58 CAVE2, 324 Cave Automatic Virtual Environment
(CAVE), 324 CBIS (computer-based information system).
See computer-based information system (CBIS)
C2C (consumer-to-consumer) e-commerce, 219
CCE (Certified Computer Examiner), 31, 429 CCSP (Cisco Certified Security Professional),
30 cell phone carriers, 176 central processing unit (CPU), 46 central server, 48 certificate authority (CA), 232 certification, 30–31, 172, 203, 253, 377 Certified Computer Examiner (CCE), 31, 429 Certified Information Systems Security Pro-
fessional (CISSP), 30, 429 change management model, 16 channel bandwidth, 162–163 character, 113 charge cards, 234 Chatroulette Web site, 186 chief information officer (CIO), 8, 24 chief information security officer (CISO),
404 chief technology officer (CTO), 24 Child Online Protection Act (1998), 457 Children’s Internet Protection Act (CIPA),
457 Children’s National Medical Center (CNMC),
485 Children’s Online Privacy Protection Act
(COPPA), 454, 457 chip cards, 55 Christensen, Clayton, 13 Chromebook, 63, 85 Chrome OS, 78 Chromium OS, 78 CIA World Factbook, 135 CIO (chief information officer), 8, 24 CIPA (Children’s Internet Protection Act),
457 Cisco Certified Design Associate, 31 Cisco Certified Security Professional (CCSP),
30 CISO (chief information security officer),
404 CISSP (Certified Information Systems
Security Professional), 30, 429 citizen science, 303 Citrix Certified Enterprise Engineer, 31 cleansing weather data, 123 client/server architecture, 162 client/server systems, 162 clip art, 88 clock speed, 47
488 SUBJECT INDEX
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
cloud-based accounting system, 380 cloud-based knowledge management
system, 302 cloud-based Watson system, 310 cloud computing, 100, 197–202, 367, 387 autonomic computing, 201 hybrid, 201 private, 201 public, 199–200
cloud service provider, 367 CNMC (Children’s National Medical Center),
485 COBOL, 92 Code For America (CFA) organization, 94–95 code of ethics, 466 Code Red, 408 CodeSmith Generator, 369 cold site, 366 collaborative software, 91 Collins, Jim, 8 column NoSQL databases, 143 command-based user interface, 73 commerce, virtual reality, 326 commercial off-the-shelf (COTS) software,
384 common personal computer input devices,
53 Communications Decency Act (1996), 455,
457 communications medium, 159, 163–169 guided transmission media types, 163–164 5G wireless communications, 169 4G wireless communications, 168–169 microwave transmission, 167–168 wireless technologies, 164–167
communications satellites, 168 community of practice (CoP), 303, 330 compact disc read-only memory (CD-ROM),
51 Completely Automated Public Turing Test to
Tell Computers and Humans Apart (CAPTCHA), 410
complex situations, 311 Comp TIA Securityþ, 31 computed fields, 113 computer-aided design (CAD), 253, 326 computer-aided engineering (CAE),
253–254 computer-aided manufacturing (CAM),
253–254 computer anatomy, 46–64 desktop computers, 63 enterprise storage options, 51–52 input devices, 52–57 memory, 48–49 mobile computers, 61–62 nettop computer, 63 output devices, 57–59 processor, 46–48 secondary data storage devices, 49–51 servers, mainframes, and supercomputers, 64–65
thin client, 62–63 workstations, 64
computer attacks, federal laws, 418–419 computer-based information system (CBIS),
7–8, 21, 442, 460, 467 computer crime cyberterrorism, 417–418 digital rights management (DRM), 188 fraud, 415
identity theft, 415 phishing, 413–414 vishing, 415
computer forensics, 428–430 Computer Fraud and Abuse Act (1986), 418 computer incidents, 404–407 Computer Matching and Privacy Act (1988),
449 computer network, 159 computer programmers, 23 computer programs, 46–47, 56, 69, 93 computer-related mistakes, 443–445 prevention, 445–448
computer screens, 461. See also display screens
computer storage units, 49 computer systems boot up, 72 desktop, 63 grid computing, 48 hardware components, 46–47 input devices, 52–57 mainframe, 64–65 memory, 48–49 mobile, 61–62 multiple-user, 60 multiprocessing, 47 nettop, 63 output devices, 57–59 parallel processing, 47–48 server, 64 supercomputers, 65 thin client, 62–63 types, 60–65 workstations, 64
computer training, 446 computer waste, 442–443 prevention, 445–448
concurrency control, 128–129 conferencing, 186–187 construction, 368–371 code software components, 369 create and load data, 370 perform unit testing, 371
consulting firms, 26 consumer-to-consumer (C2C) e-commerce,
219 contact data, 251 contact management, 251 content streaming, 188 continuous improvement, 15 Controlling the Assault of Non-Solicited
Pornography and Marketing (CAN-SPAM) Act, 410
Control Program for Microcomputers (CP/M), 76
conversion funnel, 278, 278 convertible tablet PC, 61 CoP (community of practice), 303, 330 COPPA (Children’s Online Privacy
Protection Act), 454, 457 coprocessor, 47 copyrights, 94 CorelDraw, 321 Corel PaintShop Pro, 321 Corel WordPerfect Office, 89 cores, 47 corporate app store, 70–71 corporate privacy policies, 457–459 COTS (commercial off-the-shelf) software,
384
CouchDB, 132 couponing, 228 coupon printers, 242 C programming language, 179 CPU (central processing unit), 46 crackers, 407 Craigslist, 191, 219 creativity, 312 credit cards, 234 fraud, 54
credit reports, 459 crime prevention identity theft, 415 intrusion detection systems (IDS), 425 managed security service providers
(MSSPs), 428 security dashboard, 423
CRISP-DM (Cross-Industry Process for Data Mining), 282
Critical analysis, 362 critical success factor (CSF), 358 CRM (customer relationship management)
system, 249–252, 305 Cross-Industry Process for Data Mining
(CRISP-DM), 282 crowdsourcing, 303 CRTs (cathode-ray tubes), 57–58 CSFA (CyberSecurity Forensic Analyst),
429 CSF (critical success factor), 358 CSS (Cascading Style Sheet), 178 CTO (chief technology officer), 24 CTS (carpal tunnel syndrome), 461 cultural challenges, 477 Customer Experience Community of
Practice (CX-COP), 303 customer relationship management (CRM) implementing, 258
customer relationship management (CRM) system, 249–252, 305
customer support, 251 cutover, 374–376 CVV (card verification value), 416 CX-COP (Customer Experience Community
of Practice), 303 cyberespionage, 416–417 cyberloafing, 447 CyberSecurity Forensic Analyst (CSFA),
429 cyberterrorism, 417–418 cyberterrorists, 417
D DaaS (database as a service), 132–133 DAMA (Data Management Association)
International, 137 dashboard, 284–285, 423 data, 4–5, 112–117, 285, 423 attributes, 114 capturing, 241 cleansing, 122–124 entities, 113 hierarchy of, 113 improved access to, 245 manipulating, 129–130 modeling, 117–119 transaction processing cycle, 241
data administrator, 131
SUBJECT INDEX 489
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
database activities, 125–130 creating and modifying database, 126–128 manipulating data and generating reports, 129–130
providing user view, 126 storing and retrieving data, 128–129
database administrators (DBAs), 26, 130–131 database applications, 87–88 big data, 133–146
database approach to data management, 115–116
database as a service (DaaS), 132–133 database management system (DBMS), 112,
124, 147, 367. See also relational data- base management system (DBMS)
database models, 117–122 databases, 112, 359–360 administration, 130–131 building, 67 concurrency control, 128–129 content of, 131 creation, 180–181 database management system (DBMS), 112 data dictionary, 126–128 data lakes, 142 data marts, 142 data warehouses, 140–142 failure, 131 field, 113 files, 113 modifying, 126–128 performance, 131 Query by Example (QBE), 129 records, 113 research, 183–185 schemas, 367 storing and retrieving data, 128–129
data breach, 415–416 data centers, 67, 450 manager, 24
data cleaning/scrubbing, 122–123 data collection, 241–242, 443–445, 458 data correction, 241, 243 data cubes, 279–280 data definition language (DDL), 126, 367 data dictionary, 126–127, 367 data editing, 243 data-flow diagram (DFD), 358–359 data-flow line, 358 data fundamentals, 112–116 Data.gov, 135 data governance, 137–138, 275 data items, 114, 118 data lake, 142 data lifecycle management (DLM), 139 data management, 137–139, 275 Data Management Association (DAMA)
International, 137 data manipulation language (DML), 129 data marts, 142 data mining, 282–283 algorithm, 283
data modeling, 117–122 data models, 117 data processing, 243 data recovery program, 380 data redundancy, 121 data scrubbing, 122 data steward, 138 data storage, 243 data store, 359
data visualization, 277 tools, 277–279
data warehouses, 140–142, 273, 280, 316 DBAs (database administrators), 26,
130–131 DBMS (database management system). See
database management system (DBMS) DBS (Development Bank of Singapore), 306 DDL (data definition language), 126, 367 DDoS (distributed denial-of-service) attack,
411–412 DDR SDRAM (double data rate synchronous
dynamic random access memory), 49 DealTime.com Web site, 190 debit cards, 234 improved access to data, 245–246 uncertainty, 311
decision logic, 305 decision-making process, 298, 305 ethical considerations in, 464–466
DeepFace, 317 Department of Homeland Security (DHS),
409, 417 desktop computers, 63, 77–78, 79, 166 detection, 425–426 Development Bank of Singapore (DBS), 306 development team of IS, 25–26 DevOps, 382–383 DFD (data-flow diagram), 358–359 DHS (Department of Homeland Security),
409, 417 dial-up Internet connection, 176 diffusion of innovation theory, 20–21 digital cameras, 7, 72, 80–81, 161 digital certificates, 232–233 digital offspring, 319 digital rights management (DRM), 188 digital video discs (DVDs), 51 direct conversion, 375 direct-mail campaigns, 409 Direct Marketing Association Web site, 460 disaster recovery plan, 365–367 disintermediation, 217 disk mirroring, 51 display monitors, 58 display screens, 57–58 disruptive innovation, 14 distance learning, 183 distintermediation, 217 distributed denial-of-service (DDoS) attack,
411–412 DLM (data lifecycle management), 139 DML (data manipulation language), 129 DNS (Domain Name System), 174 document NoSQL databases, 143 document production, 235, 241, 243 domain, 120 domain expert, 315 domain names, 174–175 Domain Name System (DNS), 174 double data rate synchronous dynamic ran-
dom access memory (DDR SDRAM), 49 Downstream, 375 Dragon Systems, 317 DRAM (dynamic random access memory),
49 drill down, 140 drill-down analysis, 280–281
driving forces, 17 DRM (digital rights management), 188 DSL connections, 176 DVDs (digital video discs), 51 dynamic programming, 318 dynamic random access memory (DRAM),
49
E EAI (enterprise application integration), 81 eBay shopping.com, 217 eBay Web site, 190 eBid, 219 e-books (electronic books), 81, 188 e-business (electronic business), 229 EC-Council Certified Security Analyst, 31 e-commerce (electronic commerce). See
electronic commerce (e-commerce) economic feasibility, 353 e-discovery (Electronic discovery), 308 education distance learning, 183 online information sources, 183 virtual reality, 326–327
education and training, 326 e-government, 219–220 E-Government Act (2002), 449 EHR (electronic health record), 53, 153, 293,
388–389 EIA (Energy Information Administration),
349 80-20 rule (Pareto principle), 362 Elastic Compute Cloud (EC2), 52, 85 electromagnetic spectrum, 165 electronic books (e-books), 81, 188 electronic business (e-business), 229 electronic cash, 231, 233–234 electronic commerce (e-commerce),
216–229 advantages, 221–222 advertising, 225–226 applications, 224–229 banking, 228–229 bartering, 226–227 business-to-business (B2B), 217 business-to-consumer (B2C), 217–219 challenges, 222–224 consumer-to-consumer (C2C), 219 couponing, 228 e-government, 219–220 electronic payment systems, 231–235 finance, 228 hardware, 230–231 investment, 228 manufacturing, 224–225 manufacturing, repair, and operations
(MRO) goods and services, 217 marketing, 225 and m-commerce technology
infrastructure, 229–235 mobile commerce (m-commerce), 220 price comparison, 228 retailing, 224 retargeting, 227 software, 231 technology infrastructure to, 229–235 Web server software, 231 wholesaling, 224
electronic communications, 304
490 SUBJECT INDEX
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Electronic Communications Privacy Act (1986), 449
electronic discovery (e-discovery), 308 electronic exchanges, 191, 224–225 electronic health record (EHR), 53, 153, 293,
388–389 electronic payment systems, 231–235 charge card, 234 credit card, 234 debit card, 234 electronic cash, 233–234 smart card, 234 Transport Layer Security (TLS), 233
electronic pointing devices, 327 Electronic Product Environmental Assess-
ment Tool (EPEAT), 68–69 Electronic Visualization Laboratory (EVL),
324 electronic wallet, 231 email, 304 campaigns, 409 privacy, 452–453 quota, 413–414 security, 475
embedded operating systems (OSs), 80–81 proprietary Linux-based systems, 81 Windows Embedded, 81
embedded systems, 80–81 EMC, 367 Encapsulated PostScript (EPS), 321 EnCE Certified Examiner program, 429 encryption, 231 end-user testing, 371 Energy Information Administration (EIA),
349 Enterprise 2.0, 182 enterprise application integration (EAI), 81 enterprise application software, 91–92 enterprise data model, 117 enterprise IS, 8–9 enterprise operating systems (OSs), 79–80 enterprise resource planning (ERP),
245–249 advantages, 245–247 systems, 247–249
enterprise resource planning (ERP) software, 260
enterprise search, 307 enterprise search software, 301, 307–308 enterprise servers, 64 enterprise software, 91–92 enterprise sphere of influence, 70 enterprise storage options, 51–52 storage area network (SAN), 51–52 storage as a service, 52
enterprise system, 244–258 customer relationship management (CRM) system, 249–252
enterprise resource planning (ERP), 245–247
failing, 257 hosted software model, 257–258 leading ERP systems, 247–249 overcoming challenges in implementing, 256–257
product lifecycle management (PLM), 252–256
technology infrastructure upgrade, 247 work processes improvement, 247
entertainment, 187–190 entities, 113–115, 171
entity-relationship (ER) diagrams, 118, 359–360
entity symbol, 359 entrepreneurs, 442 EPEAT (Electronic Product Environmental
Assessment Tool), 68–69 EPROM (erasable programmable read-only
memory), 56 EPS (Encapsulated PostScript), 321 eradication, 427 erasable programmable read-only memory
(EPROM), 56 E-Rate program, 457 ER (entity-relationship) diagrams, 118,
359–360 ergonomics, 461–462 ERP (enterprise resource planning). See
enterprise resource planning (ERP) ERP (enterprise resource planning) soft-
ware, 260 Error Prevention Institute, 445 ER series robots, 316–317 Ethernet, 163–164 ethical issues, 464–467 ETL (extract-transform-load) tool, 275 EU (European Union), 452 European Union (EU), 452 European Union Data Protection Directive,
136 event-driven approach, 377 EVL (Electronic Visualization Laboratory),
324 Excel, 86–87 Exchange Server, 91 Excite, 217 expedia Web site, 191 expert systems, 312–317, 331 explanation facility, 315 inference engine, 315 knowledge acquisition facility, 315 knowledge base, 314–315 participants in, 315–316 shells and products, 316 user interface, 315
expert system shells, 316 explanation facility, 315 explicit knowledge, 298–299 exploits, 405, 407–418 advanced persistent threat (APT), 412–413
blended threat, 409 cyberespionage, 416–417 cyberterrorism, 417–418 distributed denial-of-service (DDoS) attack, 411–412
identity theft, 415–416 phishing, 413–414 ransomware, 407–408 rootkit, 412 smishing, 414–415 spam, 409–410 trojan horse, 408–409 viruses, 408 vishing, 415 worms, 408
Extensible Markup Language (XML), 178, 180
extract-transform-load (ETL) tool, 275 extranets, 193–194, 273 to craft brewers, 193–194
extreme programming (XP), 382, 391 eye damage, 462
F Facebook, 30, 135, 186, 317, 324, 443,
454–455 Facebook Graph, 135 Facebook Messenger, 210 FaceTime, 186 facial-recognition software, 317 Failover software, 367 Fair and Accurate Credit Transactions Act
(2003), 449 Fair Credit Reporting Act (1970) (FCRA), 449 FairPlay, 435–436 Family Education Privacy Act (1974), 449 Farmville, 132, 189 fax modems, 169 FBI (Federal Bureau of Investigation), 415 FBI Uniform Crime Reports, 135 FCRA (Fair Credit Reporting Act of 1970),
449 FDNY (Fire Department of the City of
New York), 287 feasibility analysis, 352–354, 362 Federal Bureau of Investigation (FBI), 415 federal government and privacy, 448–451 Federal Trade Commission (FTC), 454, 457 feedback, 318, 351, 443 Fever Smart, 181 fiber-optic cable, 163 FICO Blaze Advisor system, 314 fields, 113, 249, 310, 312, 325 file conversion and compression, 323 file management, 75 files, 113, 177–178, 444, 453 file servers, 4 filtering software, 456–457 Final Cut Pro, 322 finance, 228 Financial Anti-Terrorism Act, 137 financial institutions, 361 finding jobs, 29–30 Fire Department of the City of New York
(FDNY), 287 Firefox, 177 firewall, 422 FISA (Foreign Intelligence Surveillance Act)
Amendments Act of 2008, 449 FISC (Foreign Intelligence Surveillance
Court), 449–450 5G wireless communications, 169 FLAC (Free Lossless Audio Codec), 321 flat-panel display screens, 57 FLV/FV4 (Flash Video), 322 force field analysis, 17 forecasting, 31, 65, 168, 250, 319 Foreign Account Tax Compliance Act, 136 Foreign Corrupt Practices Act, 137 Foreign Intelligence Surveillance Act (FISA)
Amendments Act of 2008, 449 Foreign Intelligence Surveillance Court
(FISC), 449–450 Forensic Toolkit, 429 formal CoP, 303 Fourth Amendment, 451 4G wireless communications, 168–169
SUBJECT INDEX 491
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
fraud, 191, 234, 273 freelancer.com Website, 26 Free Lossless Audio Codec (FLAC), 321 Freeman board, 453 front-end applications, 132 front-end processors, 169 FTC (Federal Trade Commission), 454, 457 functional decomposition, 351–352, 358
G Galaxy Note, 62 Galaxy Tab, 62 game theory, 328–329 GAO (Government Accounting Office), 443 Gapminder, 135 gateways, 328–329 G2B (government-to-business) e-commerce,
219–220 Gbps (gigabits per second), 412 GCFA (Global Information Assurance
Certification Certified Forensics Analyst), 429
G2C (government-to-citizen) e-commerce, 219–220
GCSD (Government Communications Systems Division), 307
GDAS (Global Data Assimilation System), 123
Geek Squad Website, 378 GeneHunter, 318 General Electric, 14 general manager (GM), 455–456 General Services Administration (GSA), 303 genetic algorithm, 319–320 geographic information system (GIS), 192 geolocation, 191–192 Geostationary Operational Environmental
Satellite program, 168 geostationary satellite, 167 geo-tagging, 192 G2G (government-to-government)
e-commerce, 219–220 GHz (gigahertz), 47 GIAC Certified Windows System
Administrator, 31 GIF (Graphic Interchange Format), 321 gigabits per second (Gbps), 412 gigahertz (GHz), 47 GIS (geographic information system), 192 global companies software support, 95–96 Global Data Assimilation System (GDAS),
123 Global Information Assurance Certification
Certified Forensics Analyst (GCFA), 429 global supply management (GSM), 191 Global Terrorism Database (GTD), 114 GM (general manager), 455–456 GNU General Public License, 77 GoAnimate, 321 Google Chrome, 78 Google Docs, 78, 182 Google Finance, 135 Google Maps, 181, 192 Google Plus, 454 GoToMeeting, 186 Government Accounting Office (GAO), 443
Government Communications Systems Division (GCSD), 307
government-to-business (G2B) e-commerce, 219–220
government-to-citizen (G2C) e-commerce, 219–220
government-to-government (G2G) e-commerce, 219–220
Government to Government Services Online (GSO), 220
GPS maps, 325 Gramm–Leach–Bliley Act (1999), 137, 361,
449, 457 Gramm–Leach–Bliley Financial Services
Modernization Act, 459 graphical user interface (GUI), 73, 78 Graphic Interchange Format (GIF), 321 graphics, 321 graphics programs, 88, 321 graph NoSQL databases, 143 Grass Valley, 323 green computing, 67–69 grid computing, 48 grocery list, 5 group decision support systems, 351 group IS, 8–9 group videoconference, 29 groupware, 91 Grum botnet, 412 GSA Auctions Web site, 219 GSA (General Services Administration), 303 GSM (global supply management), 191 GSO (Government to Government Services
Online), 220 GTD (Global Terrorism Database), 114 guided transmission media, 163–164 GUI (graphical user interface), 73, 78
H hackers, 85, 411 Hadoop, 144–145, 274 Hadoop Distributed File System (HDFS),
144 handheld cell phone, 14 handheld computers, 14 handheld scanners, 54 haptic interface, 325 hard-copy, 243 hard disk drive (HDD), 50 hardware, 46 central processing unit (CPU), 46 communications, 169 computer anatomy, 46–59 data center, 67 electronic commerce (e-commerce), 230–231
green computing, 67–69 mobile commerce (m-commerce), 231 server farms, 66–67
hardware drivers, 73 hardware independence, 74 Harvard Business Review, 11 Hawking, Stephen, 327 H-1B visa program, 22–23 HDD (hard disk drive), 50 HDFS (Hadoop Distributed File System),
144
headaches, 462 head-mounted display (HMD), 324 heads-up display, 325 head-tracking system, 324 health and environmental problems,
461–463 Healthcare Informatics, 329 health concerns, 461 Healthdata.gov, 135 Health Insurance Portability and
Accountability Act (HIPAA), 27, 137, 201, 339, 428, 457
Helen Ross McNabb Center, 235–236 help desk, 376 Helse Vest analysts, 273 heuristics, 310, 312 hierarchy of data, 113 high-speed Internet services, 176 HIPAA (Health Insurance Portability and
Accountability Act), 27, 137, 201, 339, 428, 457
Hive, 274 HMD (head-mounted display), 324 Holmes v Petrovich Development Company,
451 hosted software model, 257–258 hosts, 173, 203 host server, 66 hot site, 366 “How Information Gives You Competitive
Advantage,” 11 HP-UX, 75, 79 HTML (Hypertext Markup Language),
177–178, 428 Human Resources Department, 424 hybrid cloud, 201 hybrid cloud computing, 201 hyperlinks, 177, 180 Hypertext Markup Language (HTML),
177–178, 428 Hypertext Preprocessor (PHP), 93 Hypertext Transfer Protocol, 177
I IaaS (infrastructure as a service), 199 Ibidfree, 219 IBM, 320, 374 IBM Cognos, 286 IBM Healthcare Provider Data Model, 118 IBM Notes, 70 IBM personal computer (PC), 76 IBM Tivoli OMEGAMON XE, 377 IBM Watson, 309 ICANN (Internet Corporation for Assigned
Names and Numbers), 174, 220 iCloud, 198 identity theft, 415–416 online shoppers, 233
Identity Theft and Assumption Deterrence Act (1998), 418
IDS (intrusion detection system), 425–426 IEI (Immersive Education Initiative), 326 IF-THEN statements, 314–315 iHealth, 13 image data, 4 imagination, 312 IMDB (in-memory database), 145–146
492 SUBJECT INDEX
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
IM (instant messaging), 185, 453 Immersive Education Initiative (IEI), 326 immersive virtual reality, 323, 325 implementation cutover, 374–376 installation, 374 off-the-shelf software, 388 site preparation, 374 user preparation, 372–374 waterfall system development process, 372–376
incident containment, 426–427 incident follow-up, 427–428 incident notification, 426 incremental backup, 367 individual users, 70, 186 inference engine, 315–316 informal CoP, 303 informatics, 329–330 information, 4–5 data into, 5 fairness, 457 managing resources, 23 privacy, 456 quality, 6–7 value of, 4, 6, 31
information center, 57 information system (IS), 7–8, 442, 464–467 careers, 4, 21–29 enterprise, 8–9 enterprise sphere of influence, 70 ethical issues, 464–467 function, 23 geographic, 192 group, 8 job finding in, 29–30 opportunities in, 22 organizations, 10–31 personal, 8 personal sphere of influence, 70 personnel, 8, 26, 346 policies and procedures, 445–448 privacy, 448 security analyst, 24 successful workers, 21, 33 technology acceptance model (TAM), 19, 373
titles and functions, 24–26 types, 8–10 workgroup sphere of influence, 70
information system (IS) department, 23 information systems, careers in, 21–29 finding job, 29–30 roles, functions and, 23 titles and functions, 24–26 working in teams, 28–29
infrastructure as a service (IaaS), 199 inkjet printers, 58 in-memory database (IMDB), 145–146 innovation, 13–14 adopters, 21 disruptive, 14 sustaining, 13–14
input, 52–57, 235–236, 446 input devices, 52–57 automated teller machine (ATM), 55 bar-code scanner, 55–56 chip cards, 55 common personal computer, 53 magnetic ink character recognition (MICR) devices, 54
magnetic stripe card, 54–55 motion-sensing, 53
optical data readers, 54 pen, 56 point-of-sale (POS) devices, 55 radio frequency identification (RFID), 56 scanning devices, 54 speech-recognition technology, 53 touch screens, 57
input/output devices, 46 Instagram, 182, 210, 443, 454 installation, 374 instant messaging (IM), 185, 453 privacy, 453
integrated transaction processing systems, 240
integration and testing off-the-shelf software, 388 waterfall system development process, 371–372
integration testing, 371 intelligent agents, 320 intelligent behavior, 310–312 intelligent robots, 320 Intel processors, 77 interface devices, 324–325 internal auditing firm/group, 446 internal rate of return (IRR), 87, 353 internal review, 447 Internet, 171–194, 442 accessing, 175–176 cloud computing, 85, 197–202 conferencing, 186–187 domain names, 174 Domain Name System (DNS), 174 entertainment, 187–190 filtering and classifying content, 456–457 growth, 171–172 high-speed connections, 176 hosts, 173 instant messaging, 185, 453 Internet Protocol (IP), 173 IP addresses, 173 libel concerns, privacy, 455–456 music, 188 network service providers (NSPs), 173 online media, 187–190 operation, 173–175 packets, 173 privacy, 454–455 Uniform Resource Locators (URLs), 174 Wi-Fi, 176 World Wide Web (WWW), 177
Internet applications, 181–192 Internet backbone, 173 Internet career, 30 Internet censorship, 172 Internet Corporation for Assigned Names
and Numbers (ICANN), 174, 220 Internet Explore, 177 Internet filter software, 456 Internet of Things (IoT), 194–197 Internet Protocol (IP), 173 Internet Relay Chat (IRC), 409 Internet service providers (ISPs), 175–176,
181, 410 intranets, 192–194 intrusion detection system (IDS), 425–426 Intuit QuickBooks, 240 inventory control, 128, 224, 239, 246, 259,
376 investment, 228 IoT (Internet of Things), 194–197
iPad, 20, 55, 61–62, 74, 77, 145, 152, 165, 242
IP address, 173 iPhone, 26, 57, 61, 74, 77, 90, 145, 152, 165,
232–233, 242, 473–474 iPhone apps, 57 IP (Internet Protocol), 173 iPod, 74, 187 iPod Touch, 61, 77, 242 IP protocol, 173 IRC (Internet Relay Chat), 409 IRR (internal rate of return), 87, 353 IS (information system). See information
system (IS) ISPs (Internet service providers), 175–176,
181, 410, 455 iTunes, 132, 187–188
J JAD (Joint application development),
350–351 JasperSoft, 285 Java, 92, 179, 274 Java applets, 322 JavaScript, 92, 179 JavaServer Pages, 181 Jef Raskin, 364 Jeopardy, 309, 328 job online information sources, 183 John Doe lawsuit, 455 Johnston, Matt, 475 joining, 120 joint application development (JAD),
350–351 Joint Photographic Experts Group format
(JPEG), 321 joint problem solving, 299 JPEG (Joint Photographic Experts Group
format), 321 Justia Federal District Court Opinions and
Orders database, 135
K Kaboodle Web site, 4 Kaizen, 15 kernel, 72 key performance indicators (KPIs), 283 key–value NoSQL databases, 143 KIK, 210 KillDisk malware, 418 kiosks, 55 KM (Knowledge management). See
Knowledge management (KM) knowledge, 5 knowledge acquisition facility, 315 knowledge base, 314–315 Knowledge-based intrusion detection
systems, 425 knowledge engineer, 315 Knowledge management (KM), 298 applications, 300–301 benefits, 300–301 business rule management system
(BRMS), 305–307 community of practice (CoP), 303 enterprise search software, 307–308
SUBJECT INDEX 493
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Knowledge management (KM) (continued) organizational network analysis (ONA), 303–305
selling and implementing, 301–303 technologies, 303–309 Web 2.0 technologies, 305
knowledge management system, 298 knowledge user, 315–316 KPIs (key performance indicators), 283 Kroger’s QueVision System, 8
L labor-intensive process, 306 Lanier, Jaron, 323 LANs (local area networks). See local area
networks (LANs) LAPD (Los Angeles Police Department), 356 laptop, 61 laptop computers, 161, 231 laser printers, 58 law, 464 law enforcement, 455 LEADS Online, 114–115 learning from experience, 311 learning systems, 318 Leavitt’s diamond, 18–19, 373 legacy systems, 246, 378 legal feasibility, 353 LEO (low earth orbit) satellite, 168 Lewin and Schein three-stage model, 373 Lewin, Kurt, 16 Lewin’s change model, 16 Lewin’s force field analysis, 17–18 LexisNexis, 185 LexisNexis Academic Universe, 185 libel and privacy, 455–456 libraries and research databases, 185 licenses, 94 LifeSavers, 312 linear regression, 281–282 LinkedIn, 454 linkedin.com Web site, 30, 183 linking, 47, 120 Linux, 72, 77–78 Linux kernel, 77–78 Linx Software, 369 LiveMotion, 322 local area networks (LANs), 161, 166, 175 administrators, 24–25 connecting to Internet, 175
Locked-in Syndrome, 312 Loebner Prize, 310 logical access path (LAP), 128 logic bombs, 409 Long Term Evolution (LTE) standard,
168–169 Los Angeles Police Department (LAPD), 356 Lotus Notes, 143 low earth orbit (LEO) satellite, 168 LTE (Long Term Evolution) standard, 168–169 L-1 visa program, 22
M Mac OS X, 71, 77 Mac OS X Server, 71, 79 macro viruses, 408
Mac systems, 456 magnetic ink character recognition (MICR)
devices, 54 magnetic secondary storage devices, 50 magnetic stripe cards, 54–55 magnetic tape, 50 mainframe computer, 64–65, 79, 405 mainframes, 60, 64, 79 main memory, 48 make-versus-buy decision, 385 malware, 407, 409 managed security service providers (MSSPs),
428 manager of information systems, 24 MANs (metropolitan area networks), 162 manufacturing, 224–225 many-to-one relationships, 119 MapQuest, 191 MapReduce program, 145 marketing, 225, 244, 249, 252 marketing automation, 251 market intelligence data, 6 marketplaces, 190 market segmentation, 225, 259 mark sense form, 54 mashup, 181 Massachusetts’ Open Meeting Law, 453 massively parallel processing system, 47 McCarthy, John, 309 McKinsey Global Institute, 275 m-commerce (mobile commerce). See
mobile commerce (m-commerce) MCS (Mobile crowd sensing), 454 MDM (mobile device management) soft-
ware, 170 media device, 409 medical expert system, 315 medicine and virtual reality, 325 Medscape MedPulse, 145 Melissa worm, 408 memory, 46, 48–49 memory management, 74 Menu-creation software, 369 menu-driven system, 364 mesh networks, 160 metadata, 304 metropolitan area networks (MANs), 162 MICR (magnetic ink character recognition)
devices, 54 microblogging, 186 microblogging service, 186 microblogging sites, 182 Microsoft, 326, 372 Microsoft ASP.NET architecture, 369 Microsoft Certified Solution Developer:
Applications Lifecycle Management, 31 Microsoft Certified Systems Engineer, 30 Microsoft Disk Operating System (MS-DOS),
76 Microsoft Internet Information Services, 231 Microsoft PC operating systems (OSs), 76–77 Microsoft Power BI for Office 365, 276 Microsoft PowerPoint, 321 Microsoft Visual Studio, 376 Microsoft Windows XP operating system,
379 microwave transmission, 167–168 middleware, 81–82
MIDI instruments, 322 MIDI (Musical Instrument Digital Interface),
321–322 MILNET, 173 mission-critical process, 366 mobile ad networks, 225 mobile application software, 90 mobile commerce (m-commerce), 220,
258–259 advantages, 221–222 advertising, 225–226 applications, 224–229 banking, 228–229 bartering, 226–227 couponing, 228 devices, 226 handheld devices, 231 hardware, 231 investment and finance, 228 manufacturing, 224–225 market, 220 marketing, 225 price comparison, 228 retargeting, 227 security, 231 software, 231
mobile computers, 61–62 laptop, 61 smartphones, 61 tablets, 61–62
mobile crowd sensing (MCS), 454 mobile device, 273 mobile device management (MDM) soft-
ware, 170 mobile devices, 405, 421 mobile government, 303 modems, 169 money laundering, 136–137 Mongo DB Certified DBA, 31 monitoring, 376 monster.com Web site, 183 Moore v University Hospital Cleveland
Medical Center, 451 morals, 464 Motion Picture Experts Group Audio Layer 3
(MP3), 321–322 Motion Picture Experts Group format
(MPEG) files, 322 motion-sensing input devices, 53 mouse, 53 movies on World Wide Web (WWW),
188–189 MOV (QuickTime format) files, 322 MPEG (Motion Picture Experts Group
format) files, 322 MP3 (Motion Picture Experts Group Audio
Layer 3), 321–322 MP3 player, 80, 187 MRO (manufacturing, repair, and
operations) goods and services, 217 MS-DOS (Microsoft Disk Operating System),
76 MSSPs (managed security service providers),
428 multicore microprocessor, 47 multicore processor, 47 multimedia, 321–323 application, 323 audio, 321–322 file conversion and compression, 323
494 SUBJECT INDEX
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
text and graphics, 321 video and animation, 322–323
multinational companies and privacy, 458 multiple-user computer systems, 60 multiplexers, 169 multiprocessing, 47–48, 74, 99 multitasking capabilities, 74 multitouch interface, 73 music, 188 Musical Instrument Digital Interface (MIDI),
321 mySimon.com Web site, 190 MySQL, 122, 132 MYSTIC, 450
N National Centers for Environmental
Information, 135 National Football League (NFL), 326 National Hockey League’s (NHL), 455–456 National Westminster Bank (NatWest), 378 natural disasters, 168 natural language processing, 317–318 natural user interface (NUI), 73 NatWest (National Westminster Bank), 378 navigation, 191–192 near field communication (NFC), 164–165,
203 “need-to-know” basis, 307 .NET, 181 NetSuite, 248, 257 nettop computers, 63 network fundamentals, 159–171 bridges, 169 channel bandwidth, 162–163 client/server systems, 162 communications hardware, 169 communications medium, 163–169 communications software, 169–171 fax modems, 169 4G wireless communications, 168–169 front-end processors, 169 gateways, 169 hardware, 169 modems, 169 multiplexers, 169 network topology, 159–160 network types, 160–162 organizations, 158–159 PBX, 169 routers, 169 software, 169–170 switches, 169 3G wireless communications, 168 wireless technologies, 164–169
network-management software, 170 network nodes, 159 network operating system (NOS), 169–170,
203 networks, 159–171 network service providers (NSPs), 173 network topology, 159–160, 202 neural computing, 282 neural networks, 318–319, 331 NeuralTools, 318–319 NeuroMetrix, 13 NeuroShell classifier, 318 news, 183 news feeds, 186
New York Stock Exchange (NYSE), 444 New York Times, 135 NexTag.com Web site, 190 next-generation firewall (NGFW), 422–423 NFC (near field communication), 164–165,
203 NFL (National Football League), 326 NGFW (next-generation firewall), 422–423 NHL (National Hockey League’s ), 455–456 Ning, 182 Nintendo 3DS, 321 nonmobile single-user computers, 62 non-zero-sum games, 328 North American Aerospace Defense
Command (NORAD), 417 NOS (network operating system), 169–170,
203 NoSQL (Not only SQL), 142–144 notebook computers, 61 Not only SQL (NoSQL), 142–144 NSA, 448–451 NSPs (network service providers), 173 nuclear power plants, 416 NUI (natural user interface), 73 Nvu, 180 NYSE (New York Stock Exchange), 444
O Obama, Barack, 172 OCR (optical character recognition), 54 Oculus Rift, 327 Office 365, 89, 198, 276 Offshore Leaks Database, 114 off-the-shelf expert system, 316 off-the-shelf software, 84, 100, 347, 384–389 implementation, 388 integration and testing, 388 package evaluation phase, 385–387
OLAP (online analytical processing), 278–280
OLEDs (organic light-emitting diodes), 57 OLTP (online transaction processing), 140,
237–238, 260 OMR (optical mark recognition), 54 ONA (organizational network analysis),
303–305 one-to-many relationships, 118 one-to-one relationships, 119 online analytical processing (OLAP),
278–280 online clearinghouses, 190 online conferencing, 186–187 online games, 189–190 online media and entertainment, 187–190 movies, video, and television, 188–189 music, 188 online games and entertainment, 189–190
online shopping, 190–191 identity theft, 233
online transaction processing (OLTP), 140, 237–238, 260
on-screen reminders, 443 OpenPro, 240 open-source database management system
(DBMS), 132 open-source software, 94–95 OpenSUSE, 78
Opera, 83, 177 operating systems (OSs), 71–81 Android operating system, 80 Apple computer, 77 Chrome OS, 78 common hardware functions, 72–73 current, 75 embedded, 80–81 enterprise, 79–80 file management, 75 functions, 72–75 hardware independence, 74 Linux, 77–78 Mac OS X Server, 79 memory management, 74 Microsoft PCs, 76–77 multitasking, 74 networking, 75 personal computing, 76–78 Red Hat Linux, 79 role of, 72 smartphone, 80 system resources security, 75 UNIX, 79 user interfaces, 73–74 Windows Server, 79 workgroup, 78–79
operational dashboards, 284 operational feasibility, 353 operations group, IS, 24 operations roles, 34 optical character recognition (OCR), 54 optical data readers, 54 optical disc device, 50 optical mark recognition (OMR), 54 optical secondary storage devices, 50–51 optimization, 87 Oracle Certified Professional, 30 order processing systems, 238–239, 366 organic light-emitting diodes (OLEDs), 57 organizational change, 18–19, 33, 373 organizational complement, 9 organizational culture, 33 organizational learning, 33 organizational network analysis (ONA),
303–305 organizations, 10–15 achieving goals, 7 general model of, 11 innovation, 13–14 networks, 158 organizational change, 18–19 reengineering and continuous improve-
ment, 14–15 sphere of influence, 70 stakeholders, 11 supply chain management (SCM), 11 value chain, 11–13
organizations and information systems, 10–31
careers in IS, 21–29 certification, 30–31 change in organization, 13–15 innovation, 13–14 IS-related roles outside, 27–28 job in IS, 29–30 model of organization, 11 organizational change, 18–19 soft side of implementing change, 15–21 supply chain, 11 value chain, 11–13
OSs (operating systems). See operating systems (OSs)
SUBJECT INDEX 495
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
OS X 10.11 El Capitan, 77 Outlook, 94 output devices, 57–59 display screens, 57–58 3D printers, 58–59 printers and plotters, 58
P PaaS (platform as a service), 200 package evaluation phase, 385–387 finalize contract, 387–388 identify potential solutions, 385–386 make selection, 387 research top contenders, 386–387 select top contenders, 386
packets, 173 page scanners, 54 paging, 74 PANs (personal area networks), 161 parallel computing, 47–48 parallel processing, 47 parallel start-up, 376 Pareto principle (80–20 rule), 362 patch, 378 The Patriot Act, 450 Payment Card Industry (PCI) Data Security
Standard, 137 Payment Card Industry (PCI) security
standard, 232 PayPal service, 191 PBX, 169 p-card, 260 PCI (Payment Card Industry) security
standard, 232 PC Pinpoint, website, 378 PCs (personal computers), 52–53, 405 PDF (Portable Document Format), 321, 412 pen input devices, 56 Pentaho, 285 people, 8 perceived ease of use, 20 perceived usefulness, 19–20 perceptive system, 312 performance evaluation test, 387 permanent storage, 49 persistent identifiers, 454 personal application software, 85–90 database applications, 87–88 mobile application software, 90 presentation graphics program, 88 software suites and integrated software packages, 88–89
spreadsheet analysis, 87 word processing, 86–87
personal area networks (PANs), 161 personal assistive listening devices, 327 personal computers (PCs), 52–53, 405 personal computing operating system,
76–78 Apple, 77 Google Chrome, 78 Linux, 77–78 Microsoft, 76–77
Personal Information Protection and Electronic Documents Act (Canada), 137
personal IS, 8–9 personalization, 218 personal productivity software, 70, 85
personal sensing devices, 453–454 personal sphere of influence, 70 Petro to aid analysts, 274 phase-in approach, 376 PHI (protected health information), 474 phishing, 413–414, 431 PHP (Hypertext Preprocessor), 93 physical access path (PAP), 128 piecemeal approach, 376 pilot start-up, 376 pins, 52 Pinterest, 52, 454 Pixelmator, 321 pixels, 58 platform as a service (PaaS), 200 PlayStation, 190 PLM (product lifecycle management)
software, 252–256 plotters, 58 plug-ins, 177 PNG (Portable Network Graphics), 321 podcasts, 187–188, 305 point-of-sale (POS) device, 55, 241 scanners, 242
policies, 445–448 Popcorn Time, 189 portable computers, 49, 59, 76 Portable Document Format (PDF), 321, 412 Portable Network Graphics (PNG), 321 Porter, Michael, 11 Port Resiliency for Operational/Tactical
Enforcement to Combat Terrorism (PROTECT), 329
PostgreSQL, 132 Power BI, 286 PowerPoint, 186 predictive coding, 308 Premiere, 322 presentation graphics program, 88 presentations, 88 prevention and information system security,
421–425 Price Check, 228 price comparison, 228 price-elasticity model, 273–274 PriceGrabber.com Web site, 190, 217 PriceSCAN.com Web site, 190 primary keys, 115, 146 primary storage (main memory; memory),
50, 72 printers, 58–59 PRISM, 450 privacy, 448–460 corporate policies, 457–459 credit reports, 459 Electronic Communications Privacy Act (1986), 449
email, 452–453 fairness in information use, 456 federal government, 448–451 filtering and classifying Internet content, 456–457
Gramm-Leach-Bliley Act (1999), 449 individuals, 459–461 information, 456 information system (IS), 448 instant messaging (IM), 453 Internet, 454–456 libel, 455–456
multinational companies, 458 notice, 457–458 personal sensing devices, 453–454 protecting health care, 474–475 RFID (radio frequency identification) tags,
453 sharing information, 459 social networks, 454 work, 451–452
Privacy Shield, 452 private cloud environment, 201 private clouds, 198 proactive approach, 447 problem solving, 319, 447 procedures, 8, 445–447 processes, 5 processing speed, 65, 97–98 processor, 46–48 multiprocessing, 47 parallel computing, 47–48
process redesign, 14 process symbol, 359 product backlog, 381 product lifecycle management (PLM),
252–256 product lifecycle management (PLM)
software, 252, 261 product owner, 381, 391 professional sports team, 308 programmable read-only memory (PROM),
50 programmers, 23, 25, 131, 444 programming languages, 92–93, 179, 315,
369, 378 programs, 69 projecting, 120 project schedule, 381 PROM (programmable read-only memory),
50 proprietary software, 84 protected health information (PHI), 474 PROTECT (Port Resiliency for Operational/
Tactical Enforcement to Combat Terrorism), 329
public cloud computing, 199–200 purchasing systems, 239 Python, 93, 274
Q QBE (Query by Example), 129 Qlik, 286 QlikView query, 277 QTFF (QuickTime File Format), 322 quantitative analysis, 272, 288 Quell, 13 Query by Example (QBE), 129 Quick and Dirty Operating System (QDOS),
76 QuickBooks, 83, 240 QuickTime File Format (QTFF), 322 QuickTime format (MOV) files, 322
R Radio Frequency Identification (RFID)
system, 56, 97 tags, 242, 453
496 SUBJECT INDEX
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
random access memory (RAM), 48–49, 145, 148
ransomware, 407–408 RBS (Royal Bank of Scotland), 378 read-only memory (ROM), 49 Real Player, 177 reasonable assurance, 420 reconnaissance phase, 412–413 records, 113–115 Red Hat Enterprise Virtualization (RHEV)
software, 79 Red Hat Linux, 79, 80, 99 reengineering, 14–15 regression line, 281 reinforcement learning, 318 relational database management system
(DBMS), 112, 116, 124–133 ACID properties, 124 database activities, 125–130 database administrators (DBAs), 130–131 database as a service (DaaS), 132 open-source, 131–132 popular database management systems, 131–132
SQL databases, 124–125 storing and retrieving data, 128–129 user view, 126 using databases with other software, 132–133
relational database model, 119–122 relations, 119 release, 378 RenderMan software, 323 repetitive strain injury (RSI), 461, 469 report generator software, 369 request for information (RFI), 385–386 research databases, 185 response, 426–428 eradication, 427 evidence and activity logs protection, 426 incident containment, 426–427 incident follow-up, 427–428 incident notification, 426
restraining forces, 17 résumés, 30 retailing, 196 retargeting, 227 RFID (radio frequency identification), 56, 97 tags, 242, 453
RFI (request for information), 385–386 RHEV (Red Hat Enterprise Virtualization)
software, 79 Right to Financial Privacy Act (1978), 449 Rio Tinto v. Vale, S.A., 308 risk assessment, 419–420 robotics, 316–317, 331 robots, 316–317 Rogers’ diffusion, 374 Rogers, E.M., 20 roll up, 140 ROM (read-only memory), 49 rootkits, 412, 431 routers, 169, 173 Royal Bank of Scotland (RBS), 378 RSI (repetitive strain injury), 461, 469 Ruby, 93 rule, 314 rule of thumb, 362
S SaaS (software as a service), 85, 199–200,
387 SaaS (Security as a Service) email privacy
protection service, 475 Safari, 177 Safe Harbor Framework, 452 Salesforce.com, 198 SANS (SysAdmin, Audit, Network, Security),
421 SAN (storage area network), 51–52, 97 SAP, 146, 286 Contact Manager, 251
SAP-based software, 375 SAPI (Speech Application Program
Interface), 74 Sarbanes-Oxley Act, 27, 137, 428 SAS Analytics, 286 satellite communications, 167–168 Savvy Web site, 184, 413 scalability, 64, 74, 99 scalable information system, 361 scanning devices, 54 schedule feasibility, 353 Schein, Edgar, 16 schemas, 126, 367 SCM (supply chain management). See supply
chain management (SCM) screen painter software, 364, 369 screen readers, 327 scrum, 381 scrum master, 381, 391 SDN (software-defined networking), 171 search engine, 183–184, 307 search engine optimization (SEO), 184 search engines, 183–185 seated immobility thromboembolism (SIT),
461 secondary data storage devices, 49–51 digital video discs (DVDs), 51 hard disk drive (HDD), 50 magnetic, 50 magnetic tapes, 50 optical, 50–51 solid state storage devices (SSDs), 51 storage area network (SAN), 51–52 storage as a service, 52 virtual tape, 50
secondary storage, 49 Section 215 of Patriot Act, 450 Section 814 of USA Patriot Act, 418 Secure Sockets Layer (SSL), 233 security and control, 360–361 data centers, 67 email, 474 extranets, 192–193 mobile commerce (m-commerce), 231
security audit, 424–425 security dashboard, 423 security policy, 421 selecting, 120 self-assessment security test, 421–422 self-service analytics, 285–288 self-steering robotic tractor, 353 senior IS manager, 24 sensor, 194 SEO (search engine optimization), 184 Serif DrawPlus, 321
server, 64 server farms, 66–67 servers, 60, 64, 162 service-oriented architecture (SOA), 82 shadowing, 299 shadow IT, 27 pros and cons, 28
shadow system, 443 SharePoint, 307 shopper, 227–228 shopping online, 190–191 Shopzilla, 217 sight interfaces, 74 single-user computer systems, 60 single-user license, 94 SIP (System Integrity Protection), 406 SirCam, 408 site preparation, 374 SIT (seated immobility thromboembolism),
461 SIU (special investigations unit), 273 Skype, 186, 210 slate computers, 61 slipstream upgrade, 378 small- and medium-sized enterprises
(SMEs), 240 smart cards, 234 smartphones, 40, 46, 55, 61, 63, 80–81, 90,
164–165, 181, 220, 228, 232–233, 407 access by, 251 applications, 63 couponing, 228 operating systems, 80 price comparison, 228
SMEs (small- and medium-sized enter- prises), 240
smishing, 414–415, 431 Snapchat, 210 SOA (service-oriented architecture), 82 Social Institutions and Gender Index, 135 social media, 304, 454–455 social networking, 251 careers, 30 Web sites, 182
social networks businesses, 182 privacy, 455–456 Twitter-like news feeds, 186
Social Security number, 415 social Web sites, 181–185 soft copy, 243 soft side of implementing change, 15–21 diffusion of innovation theory, 20–21 Leavitt’s diamond, 18–19 Lewin’s change model, 16 Lewin’s force field analysis, 17–18 user satisfaction and technology
acceptance, 19–20 software, 69–70 application, 83–93 bugs, 96–94 communications, 169–171 computer programs, 69 copyrights, 94 database applications, 87–88 e-commerce, 231 electronic commerce (e-commerce), 231 global companies support, 95–96 graphics programs, 88 issues and trends, 93–96 licenses, 94
SUBJECT INDEX 497
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
software (continued) maintenance, 378 middleware, 81–82 mobile commerce (m-commerce), 231 network-management software, 170 network operating system (NOS), 169–170
off-the-shelf, 84 open-source, 94–95 personal productivity software, 70 proprietary, 84 software suites, 88–89 sphere of influence, 69–71 spreadsheet analysis, 87 systems, 71–83 systems software, 69 upgrades, 95 utility programs, 81 Web servers, 231 word processing, 86–87
software as a service (SaaS), 85, 199–200, 387
software-defined networking (SDN), 171 software developer, 25 software sphere of influence, 69–71 software suites, 88–89 Solaris, 79 solar panel manufacturer, 416 solid state storage devices (SSDs), 51 Sound Recorder, 322 source data automation, 242, 446 spam, 409–410 spear-phishing attack, 414, 430 special investigations unit (SIU), 273 specialized business information systems artificial intelligence, 309–320 assistive technology systems, 327–328 expert systems, 312–316 game theory, 328–329 informatics, 329–330 learning systems, 318 neural networks, 318–319 robotics, 316–317 virtual reality and multimedia, 320–327 vision systems, 317
specialized systems, 327–330 special-purpose devices operating systems
(OSs), 71–81 special-purpose machines, 65 Speech Application Program Interface
(SAPI), 74 Speech recognition software, 327 speech-recognition technology, 53 sphere of influence, 70 split keyboard, 53 spreadsheet analysis software, 87 spreadsheets, 276–277 sprint review meeting, 381 spyware, 172 SQL Server, 122 SQL (Structured Query Language), 93,
124–125, 274 Square Stand, 55 SRAM (static random access memory), 49 SSD (solid state storage device), 51 SSL (Secure Sockets Layer), 233 stakeholders, 11, 372, 381 stand-alone computers, 405 Starbucks Mobile app, 234 star network, 159 state, regional, and national laws, 224
static random access memory (SRAM), 49 Status Updates, 186 steering committee, 24 steering team, 350, 355, 362–364, 368 storage area network (SAN), 51–52, 97 storage as a service, 52 Storybooks, 286–287 strategic sourcing, 443 streaming audio, 322 streaming video, 322 Structured Query Language (SQL), 124–125 Summation, 429 supercomputers, 24, 65, 98, 411 supply chain, 4–5 supply chain management (SCM), 12–13,
32–33, 216, 261 enterprise software, 91–92
support group of IS, 26 SuSE, 78 sustaining innovation, 13–14 switches, 169, 200, 203 Sybase, 96, 122 Symbian, 72, 99 symbolic processing and reasoning, 312 syntax, 92 SysAdmin, Audit, Network, Security (SANS),
421 Sysinternals Suite, 81–82 system analysis, 356–363 budget and schedule, 356 databases, 359–360 data-flow diagram (DFD), 358–359 existing system, 356–357 feasibility analysis, 362 prepare draft, 362 process, 358 security and control, 360–361 with steering team, 362–363 system performance, 361 team leader and team members recruitment, 356
system construction, 369 system design, 363–368 design database, 367 disaster recovery plan, 365–367 feasibility analysis, 367 prepare draft, 368 review results, 368 schedule and budget, 364 system security and controls, 365 team leader and team members recruitment, 363
user interface, 364–365 system development, 347 system disposal, 379, 391 System Integrity Protection (SIP), 406 system investigation, 349–356 budget and schedule, 350 draft preparation, 355 functional decomposition, 351–352 joint application development (JAD), 350–351
preliminary feasibility analysis, 352–354 result review with steering team, 355–356 review request, 350 team leader and team members recruitment, 350
system investigation report, 355 system maintenance, 377–379 system on a chip, 61 system operation, 376
system operators, 24 system performance, 361 system requirements, 357–358 system resources, 75 system resources security operating systems
(OSs), 75 system review, 377 systems analysis, 356, 358, 362–363, 365 systems analysts, 25, 346 systems design, 363–368 systems development agile development, 381–384 development team, 355 extreme programming (XP), 382
systems operation, 376–377, 391 application software, 69 embedded operating systems, 80–81 operating systems (OSs), 71–81 Smartphones operating systems, 80
systems software, 69, 71–83 middleware, 81–82 operating system (OS), 71–81 utility program, 81
system support specialist, 26 system testing, 371
T Tableau software, 279, 286 tables, 119–122 tablet computers, 46, 56, 63 Tablet PC, 61 tablets, 52, 61–62 tacit knowledge, 298–299 identify valuable, 302
Tagged Image File Format (TIFF), 321 tags, 178 TAM (technology acceptance model), 19–20,
373 task-management features, 74–75 Tax Reform Act (1976), 449 TCP (Transmission Control Protocol), 173 technical documentation, 369 technical feasibility, 353 technology, 21 technology acceptance model (TAM), 19–20,
373 technology careers, 26–27 technology infrastructure, 7–8, 11, 32, 247 teleconferencing, 28 telepresence, 186 television, 188–189 template-driven code generator, 369 tendonitis, 461 10-Gigabit Ethernet, 163 text, 321 TFS (Toyota Financial Services), 302 TheLadders Web site, 30 thin clients, 62–63 threat landscape, 404–419 computer incidents, 404–407 exploits, 407–418 federal laws for computer attacks,
418–419 3D machine-vision systems, 317 3D printers, 58–59 3G wireless communications, 168 Tianhe-2, 65 TIBCO, 286
498 SUBJECT INDEX
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
TIFF (Tagged Image File Format), 321 TIGTA (Treasury Inspector General for Tax
Administration), 444 Tile, 13 TinyCo, 132 titles and functions, 24–26 certification, 30–31 chief information officer, 24 development roles, 25–26 operations roles, 24 senior managers, 24 support, 26
TLS (Transport Layer Security), 233 Torvalds, Linus, 77 touch screens, 57 Toyota Financial Services (TFS), 302 TPSs (transaction processing systems). See
transaction processing systems (TPSs) training in virtual reality, 325–327 transaction processing activities, 241–243 data collection, 241–242 data correction, 243 data editing, 243 data processing, 243 data storage, 243 document production, 243
transaction processing cycle, 241–244 transaction processing systems (TPSs),
235–244 accounting systems, 239 activities, 241–243 batch processing systems, 236 data-processing activities, 241–244 entrepreneurs, 240–241 inconsistent information, 244 methods and objectives, 236–240 objectives, 238 online transaction processing (OLTP), 237
order processing systems, 238–239 purchasing systems, 239 small- and medium-sized enterprises (SMEs), 240–241
transaction-risk scoring software, 416 transactions, 241 transborder data flow, 162 Transmission Control Protocol (TCP), 173 transmission media, 163–164 Transport Layer Security (TLS), 233 travel, 191–192 travelocity Web site, 191 travel Web sites, 191 Treasury Inspector General for Tax
Administration (TIGTA), 444 trojan horse, 408–409 TRUSTe, 460 Tumblr, 454 tunneling, 193 TurboTax, 89 Turing, Alan, 310 Turing Test, 310 turnaround time, 409 TurningPoint, 240 20 Questions (20Q) Web site, 311 2012 rootkit virus, 412 Twitter, 186, 454
U UAT (user acceptance testing), 371–372 uBid.com Web site, 190, 219
U.K. Ministry of Defence, 353 Uniform Resource Locators (URLs), 174–175 United States Computer Emergency
Readiness Team (US-CERT), 417, 424 unit testing, 371 Univac computer, 50 universal serial bus (USB) flash drive, 51 UNIX, 71, 79 UOFS (Use of Force System), 356 URLs (Uniform Resource Locators), 174–175 U.S. Census Bureau, 135 U.S. Computer Emergency Readiness Team
(US-CERT), 417, 424 U.S. Department of Energy (DOE), 127 U.S. Department of Veterans Affairs, 446 U.S. H-1B and L-1 visa programs, 22–23 U.S. Health Insurance Portability and
Accountability Act (HIPAA), 474 USA Freedom Act (2015), 449–450 USA Patriot Act, 137, 428 USB (universal serial bus) flash drive, 51 Use of Force System (UOFS), 356 user acceptance document, 372 user acceptance testing (UAT), 371–372 user documentation, 369 user interface design, 364–365 user interfaces, 73–74, 315 command-based, 73 expert systems, 315–316
user preparation, 372–374 users in database administrators (DBAs),
130–131 user software, 86 utility programs, 81
V value chain, 11–13, 32 VA (Veterans Affairs), 377 vehicles, specialized systems, 327–330 vehicle theft database, 116 version, 378 Veterans Affairs (VA), 377 vice president of information systems, 24 video, 4, 183, 188–189, 322–323 video conferencing, 351 video games, 189–190 video log, 187 virtualization software, 99 virtual machine, 66 virtual memory, 74 virtual private cloud, 201 virtual private networks (VPNs), 193, 428 virtual reality, 323–327 applications, 325–327 business and commerce, 326–327 education and training, 326 forms, 325 medicine, 325
virtual reality system, 323 virtual server, 66 virtual tape, 50 virtual tape server, 50 virtual team, 28–29 virtual technology, 326 viruses, 408 virus signature, 423 vishing, 415
visible developer, 369 vision systems, 317, 331 visual images, 312 vlog, 187 voice recognition, 317–318 voice recognition software, 317 Volume testing, 371 VPNs (virtual private networks), 193, 428
W Walgreens data assimilation, 139 Walmart’s VMI System, 93 WANs (wide area networks), 162, 193 waterfall process, 348 waterfall system development process,
348–380 construction, 368–371 implementation, 372–376 integration and testing, 371–372 system analysis, 356–363 system design, 363–368 system investigation, 349–356 system operation and maintenance,
376–380 Watson, 309–310 wave format (WAV), 321–322 WCG (World Computing Grid), 48 W3C (World Wide Web Consortium),
177–178 Web, 177. See also World Wide Web (WWW) Web 1.0, 182 Web 2.0, 181–183, 305 Web analytics software, 185 Web applications, 181–192 blogging and podcasting, 187 conferencing, 186–187 education and training, 183 geolocation, 191–192 instant messaging (IM), 185 job information, 183 microblogging, 186 news, 183 News Feeds, 186 online media and entertainment, 187–190 search engines and Web research,
183–185 shopping online, 190–191 Status Updates, 186 Web 2.0 and social Web, 181–183
Web browsers, 83, 177, 192 Webcasts, 183 Web developers, 25–26 WebEx, 186 Web hosting services, 181 Web-influenced sales, 218–219 Web log (blog), 30, 187 Web pages, 177–178 Web programming languages, 179 Web servers, 177, 181 Web server software, 231 Web services, 180 Web sites, 177 bartering, 226–227 blocking, 456–457 blogs, 187–188 hosting, 231 job opportunities, 30 managing, 180 performance measures, 230 privacy, 453–454
SUBJECT INDEX 499
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Web sites (continued) purchasing from, 460 search engine optimization (SEO), 184 social networking, 182 Web services, 180
Web surfing, 451 WeChat, 210 WhatsApp, 210 White & Case, 300–301 wide area networks (WANs), 162, 193 Wi-Fi, 166–167, 176 Wii, 190 wikis, 305 Windows, 71 Windows 7, 76–77 Windows 10, 76 Windows Embedded, 72, 81 Windows Home Server, 79 Windows Media Video (WMV), 322 Windows Server, 79 Windows systems, 456 Windows XP, 379 WinZip, 323 wireless, 163 wireless communication, 164–167 wireless technologies, 164–171 “WM97/Resume.A” virus, 408 WMV (Windows Media Video), 322 Women’s World Banking, 246 Word, 86–87 word cloud, 277–278 Word macro virus, 408 word processing software, 86–87 work environment, 451–452, 460–463
health and environmental problems, 461–463
health concerns, 461 workgroup application software, 91 workgroup operating systems (OSs),
78–79 workgroups, 70 workgroup sphere of influence, 70 work processes improvement, 247 workstations, 64 work stressors, 461 World Computing Grid (WCG), 48 World Wide Web (WWW), 171–194 audio books, 187–188 developing content, 180–181 e-books, 187–188 entertainment, 187–190 Extensible Markup Language (XML), 178
geolocation, 191–192 hyperlinks, 177 microblogging, 186 movies, 188–189 music, 188 navigation, 191–192 news feeds, 186 online games, 189–190 operation, 177–178 plug-ins, 177 programming languages, 179 research, 183–185 search engines, 183–185 services, 180 shopping online, 190–191 status updates, 186 television, 188–189
travel, 191–192 video, 188–189 Web applications, 181–192 Web pages, 177 Web portals, 135
World Wide Web Consortium (W3C), 177–178
worms, 408 WWW (World Wide Web). See World Wide
Web (WWW)
X Xbox, 190 XML (Extensible Markup Language), 178 Xoom, 237 XP (extreme programming), 382
Y Yahoo!, 143–144 Yahoo! Shopping, 217 YourTechOnline.com, website, 378
Z zero-day attack, 406 zero-sum games, 328 Zimmerman, Ken, 221 Zoho, 198 zombies, 411 z/OS, 71, 79–80
500 SUBJECT INDEX
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Company Index
A Ab Initio, 142 ABAS, 248 Accenture, 26, 256 AccuFund, 240 ACM (Association for Computer Machinery),
30, 466–467 Adacel, 74 Adobe, 322–323 Advanced Research Projects Agency (ARPA),
172 Airbnb, 180 AITP (Association of Information of
Technology Professionals), 30 Algoma Central Corporation, 423 Amazon, 52, 62, 132, 144, 180, 188–190,
228, 347 Amazon Prime, 322 Amazon Web Services (AWS), 132, 180 AmazonFresh, 12, 190 Amazon’s Elastic Compute Cloud, 52 American Express, 55, 95, 234, 258 American National Standards Institute
(ANSI), 124 American Red Cross, 250 ANSI (American National Standards
Institute), 124 AOL Video, 189 Apache, 198, 231 Apatar, 142 AppDynamics, 117 Apple, 322, 450 Apple Computer, 77, 79, 197–198 Apple iCloud, 52, 197–198 The Apple Store, 54, 230 Apple User Groups, 30 ApplePay, 233 Applicor, 257 Arbor Networks, 411 Argosy Gaming, 275 Association for Computing Machinery
(ACM), 30, 466–467 Association of Information Technology
Professionals (AITP), 30 ATS Solutions, 26 AT&T, 79, 166, 168, 173, 175–176, 220, 252,
428 Autodesk, 64, 321, 326 Avon Products, 20 AWS (Amazon Web Services), 132, 180
B Baidu, 184 Bank of America, 413 Best Buy, 230
Better Business Bureau Online, 223, 460 BI technologies, 273 Bidz.com, 219 Bing, 183–184, 192 BitTorrent, 161 BLS (U.S. Bureau of Labor Statistics),
21–22 Bluebee Software, 248 BMW, 38–39 Boeing, 15 Boston-based State Street Corporation,
447 Branchout.com, 30 British Telecom (BT), 173, 398 Business Objects, 286 Business-Software.com, 255
C Canonical, 78 Career Builders, 30 Carfax, 252 Casio, 79 Cengage Learning, 174 CERN (European Organization for Nuclear
Research), 177 Chase, 131, 158, 413 Chevron, 274 Chi-X Japan, 163–164 Children’s National Medical Center (CNMC),
474 China’s National University of Defense
Technology, 65 Cincom Systems, 248 Cisco, 30, 183, 186, 199 Citibank, 413 Clark Realty Capital, 91 CNMC (Children’s National Medical Center),
474 Coca-Cola, 258, 274 Cognizant, 66–67 Cognos, 286 Coles, 31 Comcast, 175 Compiere, 248–249 Computer Sciences Corporation, 428 Computerjobs.com, 30 Corel Corporation, 321 Costco, 230 Couchbase, 132 Coursera, 158 The Covell Group, 170 Covisint, 225 Craigslist, 191, 219 credit card company, 457 Criteo, 143
D DaimlerChrysler, 273 DARPA (Defense Advanced Research Project
Agency), 172 Database.com, 132 Defense Advanced Research Project Agency
(DARPA), 172 Dell, 26, 62, 68–69, 166, 190, 252, 380, 428 Dell SecureWorks, 428 DHL, 13 Digg, 183 DoD (U.S. Department of Defense), 172 Dogpile, 184 Dragon, 317 Dropbox, 52 DuPont, 256
E eBay, 115, 145–146, 180, 190–191, 204, 217,
219, 233 eBid, 219 ed2Go, 158 EMC, 52–53, 367 Epicor, 248 Equifax, 459 ESP Technologies, 248 Etsy, 145 European Organization for Nuclear
Research (CERN), 177 evl.uic.edu, 324 eXelate, 225 Expensify, 250 Experian, 6, 459
F Facebook, 30, 135, 144, 186, 188, 317, 324,
437, 450, 455 FBI (U.S. Federal Bureau of Investigation), 415 FedBizOpps, 220 Federal Express (FedEx), 13, 236, 346 Federal Trade Commission (FTC), 454, 457 FedEx, 13, 236, 346 FFF Enterprises, 277 Firefox, 177 Flickr, 181–182, 192, 218 Ford Motor Company, 12, 258 Frontier Software, 248 FTC (Federal Trade Commission), 454, 457
G GAO (Government Accounting Office), 443 Gartner Group, 15, 294
501 Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Geek Squad, 26, 378 Geico, 321 General Electric, 14, 141 General Motors, 67 GoAnimate, 321 Google, 26, 66, 78, 132, 180–181, 183, 198,
318, 324, 410, 450 Google Drive, 52, 91 Google Plus, 277, 454 Google Shopping, 217 Government Accounting Office (GAO), 443 Grainger, 217 Grant Thornton International, 428–429 Groupon, 55, 93, 190, 228 GSA Auctions, 219
H Hadoop, 144 HanseMerkur Krankenversicherung, 306 Healthcare.gov, 219 Heel Swaps, 201–202 Heroku, 132 Hershey, 374–375 Hewlett-Packard (HP), 26, 39, 46, 71, 79, 83,
87, 89, 98, 100–101, 116, 403, 452 Hitachi Data Systems Corporation, 53 H.J. Heinz Company, 89 Honda Motors, 312–313 HTC, 324 Hulu, 169, 188–189, 198, 322 Human Resources organization, 447
I Ibidfree, 219 IBM, 26, 48, 52, 67, 79, 122, 132, 142, 374,
428 IBM Research Center, 124 Indeed, 30 Industrial Control Associates Inc. (ICA), 256 Infobright Inc., 194 Infor, 248, 255 Information Builders, 285 InMobi, 226 Instagram, 182, 185, 192, 443, 454 Institute of Electrical and Electronic
Engineers (IEEE), 166 Intacct, 257 Intel, 30, 77, 459 Intelitek, 317 Internal Revenue Service (IRS), 449 Intuit, 132, 233, 240 iRobot, 316 IRS (Internal Revenue Service), 449
J Jaguar Land Rover, 38 JCPenney, 190 JGC Corporation, 70 Jive Software, 182
K Kayak, 191 KDDI Corporation, 145
Keynote, 89 Kijiji, 219 Kraft Heinz Company, 89 Kroger, 9–10, 273
L Larson & Darby Group, 64 Lawson, 248 Lenovo, 62, 220 LexisNexis, 185 LG, 220 LinkedIn, 30, 135, 185–186, 277, 454 Linux users groups, 30 LoneStar Heart, 257 LuxSci, 475
M M-Pesa, 229 Macintosh, 63 Malaysia Airlines, 316 Marriott, 229 Massachusetts Institute of Technology
(MIT), 158 MasterCard, 234, 413 McAfee, 423 Metacafe, 189 MetLife, 273 Microsoft, 26, 30, 53, 66, 91, 105–106,
121, 131–132, 144, 166, 171, 181, 183, 188, 199, 248, 279, 321, 324, 326, 379, 410, 450
Microsoft SkyDrive, 52 MIT (Massachusetts Institute of Technology),
158 .mobi, 220 Monster.com, 30, 183 Mozilla Firefox, 83, 177 Mozy, 52 M&T Bank, 374 MyOwnDB, 132
N Napster, 188 NASA, 93, 337–338 National Football League (NFL), 326 NBTY, 347 NetApp, 53 Netflix, 82, 169, 188–189, 322, 437 NetSuite, 85, 92, 248, 257 New York Stock Exchange (NYSE), 444 Newsvine, 183 NFL (National Football League), 326 Nielsen, 225–226 Nike, Inc, 218 Nintendo, 53, 321 Nokia, 166 NPower, 183 Nu Skin Enterprises, 252 NYSE (New York Stock Exchange), 444
O Oculus VR, 324, 326–327 Ogilvy & Mather, 29
OpenEars, 74 OpenPro, 240 Opera, 83, 106, 177 Oracle, 26, 30, 79, 85, 122, 126, 132,
142–143, 248 Organovo, 59 Orscheln, 140
P Pampers, 65 Panasonic, 186, 252 Pandora, 188–189, 198 PayPal, 158, 233, 237 PayWare Mobile, 233 PDS, 248 Peapod, 190 Pentaho, 142, 285 Phone Transact iMerchant Pro, 233 Pinterest, 52, 93, 218, 266, 277, 454 Pixar, 323 PlayStation, 190 Plex, 248 Podcast Alley, 188 Polycom, 186 Porsche, 255 PriceGrabber, 190, 217 Priceline, 191 Procter & Gamble (P&G), 13, 31, 83,
255–256 Proofpoint, 475
Q Quad, 62 Qualcomm, 166
R Rackspace, 67 Rakuten, 13 Rdio, 188 Red Hat Software, 79 Redwing, 240 RenderMan, 323 ResumePlanet.com, 190 Revlon, 201 Rhapsody, 188 RoamPay, 233
S Safaricom, 229 Sage, 240 Salesforce.com, Inc., 198 Samsung, 62, 85, 158, 186, 220, 324 SAP, 83, 85, 142, 146, 248, 257, 375 SAS, 90, 279, 286 Saudi Telecom Company (STC), 160 Shipwire, 13 Shoe Carnival, 221 Shopzilla, 217 Shutterfly, 221 Simply Hired, 30 Skype, 144, 169, 185–187, 450 Snagged a Job, 30 Sony, 53, 62, 324, 436–437
502 COMPANY INDEX
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
SourceForge, 322 Speak with a Geek, 26 Spotify, 188, 198 Sprint, 168, 173, 176, 220 Sprint/Nextel, 220 Square, 233 Starbucks, 234, 280 Steinwall, 246 Stripe, 233 Sumerian, 237 Sun Microsystems, 92, 179 Sunkist, 321 SUSE, 78 Sybase, 96, 122, 131 Symantec, 410, 423, 428 Syspro, 248
T T-Mobile, 168, 220 Tableau Software, 279, 286 Talend, 142 Target, 56, 190, 240 Telefonica Brasil, 146 Teradata, 131 Tickets, 54–55, 106, 218 Tide, 13, 65 TinyCo, 132 Tinypass, 225 TMW Systems, 300 Toshiba, 62 Trackvia, 132 TransUnion, 459 TRUSTe, 223 Tumblr, 186, 277, 454 TUMI, 250 Twitter, 30, 135, 145, 181, 186, 277, 454 Tyco, 182
U Ubid, 190, 219 United States Computer Emergency
Response Team (US-CERT), 417, 424 United States Department of Energy (DOE),
127 UPS, 13, 140 U.S. Bureau of Labor Statistics (BLS), 21–22 U.S. Department of Defense (DoD), 172 U.S. Department of Homeland Security, 409,
417 U.S. Federal Bureau of Investigation (FBI),
415, 451 U.S. intelligence agencies, 450–451 U.S. National Weather Service, 168 U.S. Navy, 316 U.S. Supreme Court, 448, 457 US-CERT (United States Computer Emer-
gency Response Team), 417, 424
V Vera Bradley, 218 Verizon, 145, 168–169, 173, 176, 199,
220, 428 Visa, 55, 232, 234, 413 Vodacom, 229 VPL Research, 323 Vudu, 188
W Walgreens, 347 Walmart, 93, 140, 190 Ward Systems Group, 318 W3C (World Wide Web Consortium), 177–178
WebEx, 186, 209 Wells Fargo, 252, 413 WePay, 233 Western Europe, 218 Westwood Professional Services, 304 Wi-Fi Alliance, 166 Wikipedia, 172, 181–182 Women’s World Banking, 246 Workday, 257 World Wide Web (WWW), 171, 174,
177, 192 World Wide Web Consortium (W3C),
177–178 WWW (World Wide Web), 171, 174,
177, 192
X Xfinity, 189 Xiotech, 53 Xipwire, 234
Y Yahoo, 410 Yahoo!, 183–184, 197, 410, 450 Yahoo! Shopping, 217 Yammer, 182, 204 Yelp, 145 YouTube, 144, 152, 169, 181–182, 189,
218, 450
Z Zoho, 198 Zynga, 132, 189
COMPANY INDEX 503
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
This is an electronic version of the print textbook. Due to electronic rights restrictions, some third party content may be suppressed. Editorial review has deemed that any suppressed
content does not materially affect the overall learning experience. The publisher reserves the right to remove content from this title at any time if subsequent rights restrictions require it. For
valuable information on pricing, previous editions, changes to current editions, and alternate formats, please visit www.cengage.com/highered to search by ISBN, author, title, or keyword for
materials in your areas of interest.
Important notice: Media content referenced within the product description or the product text may not be available in the eBook version.
Copyright 2018 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. WCN 02-200-203
- Cover
- Title page
- Copyright page
- Brief Contents
- Contents
- Preface��������������
- Part 1: Information Systems in Perspective
- Chapter 1: An Introduction to Information Systems in Organizations
- An Introduction to Information Systems���������������������������������������������
- Data, Information, and Knowledge���������������������������������������
- The Value of Information�������������������������������
- Characteristics of Quality Information���������������������������������������������
- What Is an Information System������������������������������������
- Three Fundamental Types of Information Systems�����������������������������������������������������
- Information Systems in Organizations�������������������������������������������
- Value Chains�������������������
- Change in the Organization���������������������������������
- Soft Side of Implementing Change���������������������������������������
- Careers in Information Systems�������������������������������������
- Finding a Job in IS��������������������������
- Certification��������������������
- CASE ONE: BMW: Automaker Competes on the Digital Front�������������������������������������������������������������
- CASE TWO: Railroads Struggle to Implement Positive Train Control�����������������������������������������������������������������������
- Part 2: Information Technology Concepts
- Chapter 2: Hardware and Software
- Anatomy of a Computer����������������������������
- Processor����������������
- Memory�������������
- Secondary Data Storage Devices�������������������������������������
- Enterprise Storage Options���������������������������������
- Input and Output Devices�������������������������������
- Output Devices���������������������
- Computer System Types����������������������������
- Mobile Computers�����������������������
- Thin Clients, Desktops, and Workstations�����������������������������������������������
- Servers, Mainframes, and Supercomputers����������������������������������������������
- Server Farms, Data Centers, and Green Computing������������������������������������������������������
- Server Farms�������������������
- Data Center������������������
- Green Computing����������������������
- An Overview of Software������������������������������
- Software Sphere of Influence�����������������������������������
- Systems Software�����������������������
- Operating Systems������������������������
- Utility Programs�����������������������
- Middleware�����������������
- Application Software���������������������������
- Overview of Application Software���������������������������������������
- Personal Application Software������������������������������������
- Workgroup Application Software�������������������������������������
- Enterprise Application Software��������������������������������������
- Programming Languages����������������������������
- Software Issues and Trends���������������������������������
- Software Bugs��������������������
- Copyrights and Licenses������������������������������
- Open-Source Software���������������������������
- Software Upgrades������������������������
- Global Software Support������������������������������
- CASE ONE: Vivobarefoot Upgrades Technology Infrastructure����������������������������������������������������������������
- CASE TWO: Société de transport de Montréal (STM) Implements Innovative Mobile App����������������������������������������������������������������������������������������
- Chapter 3: Database Systems and Big Data
- Data Fundamentals������������������������
- Hierarchy of Data������������������������
- Data Entities, Attributes, and Keys������������������������������������������
- The Database Approach����������������������������
- Data Modeling and Database Characteristics�������������������������������������������������
- Data Modeling��������������������
- Relational Database Model��������������������������������
- Data Cleansing���������������������
- Relational Database Management Systems (DBMSs����������������������������������������������������
- SQL Databases��������������������
- Database Activities��������������������������
- Database Administration������������������������������
- Popular Database Management Systems������������������������������������������
- Using Databases with Other Software������������������������������������������
- Big Data���������������
- Characteristics of Big Data����������������������������������
- Sources of Big Data��������������������������
- Big Data Uses��������������������
- Challenges of Big Data�����������������������������
- Data Management����������������������
- Technologies Used to Process Big Data��������������������������������������������
- Data Warehouses, Data Marts, and Data Lakes��������������������������������������������������
- NoSQL Databases����������������������
- Hadoop�������������
- In-Memory Databases��������������������������
- CASE ONE: WholeWorldBand: Digital Recording Studio���������������������������������������������������������
- CASE TWO: Mercy’s Big Data Project Aims to Boost Operations������������������������������������������������������������������
- Chapter 4: Networks and Cloud Computing
- Network Fundamentals���������������������������
- Network Topology�����������������������
- Network Types��������������������
- Client/Server Systems����������������������������
- Channel Bandwidth������������������������
- Communications Media���������������������������
- Communications Hardware������������������������������
- Communications Software������������������������������
- The Internet and World Wide Web��������������������������������������
- How the Internet Works�����������������������������
- Accessing the Internet�����������������������������
- How the Web Works������������������������
- Web Programming Languages��������������������������������
- Web Services�������������������
- Developing Web Content and Applications����������������������������������������������
- Internet and Web Applications������������������������������������
- Intranets and Extranets������������������������������
- The Internet of Things�����������������������������
- Cloud Computing����������������������
- Public Cloud Computing�����������������������������
- Private Cloud Computing������������������������������
- Hybrid Cloud Computing�����������������������������
- Autonomic Computing��������������������������
- CASE ONE: Cloud Helps Fight Cancer�����������������������������������������
- CASE TWO: Globacom Invests in Its Mobile Network Infrastructure in Africa��������������������������������������������������������������������������������
- Part 3: Business Information Systems
- Chapter 5: Electronic Commerce and Enterprise Systems
- An Introduction to Electronic Commerce���������������������������������������������
- Business-to-Business E-Commerce��������������������������������������
- Business-to-Consumer E-Commerce��������������������������������������
- Consumer-to-Consumer E-Commerce��������������������������������������
- E-Government�������������������
- Mobile Commerce����������������������
- Advantages of Electronic and Mobile Commerce���������������������������������������������������
- E-Commerce Challenges����������������������������
- Electronic and Mobile Commerce Applications��������������������������������������������������
- Manufacturing��������������������
- Marketing����������������
- Advertising������������������
- Bartering����������������
- Retargeting������������������
- Price Comparison�����������������������
- Couponing����������������
- Investment and Finance�����������������������������
- Banking��������������
- Technology Infrastructure Required to Support E-Commerce and M-Commerce������������������������������������������������������������������������������
- Hardware���������������
- Web Server Software��������������������������
- E-Commerce Software��������������������������
- Mobile Commerce Hardware and Software��������������������������������������������
- Electronic Payment Systems���������������������������������
- Transaction Processing Systems�������������������������������������
- Traditional Transaction Processing Methods and Objectives����������������������������������������������������������������
- Transaction Processing Systems for Small- and Medium-Sized Enterprises�����������������������������������������������������������������������������
- Transaction Processing Activities����������������������������������������
- Enterprise Systems�������������������������
- Enterprise Resource Planning�����������������������������������
- Advantages of ERP������������������������
- Leading ERP Systems��������������������������
- Customer Relationship Management���������������������������������������
- Product Lifecycle Management (PLM����������������������������������������
- Overcoming Challenges in Implementing Enterprise Systems���������������������������������������������������������������
- Hosted Software Model for Enterprise Software����������������������������������������������������
- CASE ONE: Facebook Moves into E-Commerce�����������������������������������������������
- CASE TWO: Dunkin’ Donuts Prepares for Rapid Growth���������������������������������������������������������
- Chapter 6: Business Intelligence and Analytics
- What Are Analytics and Business Intelligence���������������������������������������������������
- Benefits Achieved from BI and Analytics����������������������������������������������
- The Role of a Data Scientist�����������������������������������
- Components Required for Effective BI and Analytics���������������������������������������������������������
- Business Intelligence and Analytics Tools������������������������������������������������
- Spreadsheets�������������������
- Reporting and Querying Tools�����������������������������������
- Data Visualization Tools�������������������������������
- Online Analytical Processing�����������������������������������
- Drill-Down Analysis��������������������������
- Linear Regression������������������������
- Data Mining������������������
- Dashboards�����������������
- Self-Service Analytics�����������������������������
- CASE ONE: Analytics Used to Predict Patients Likely to Be Readmitted���������������������������������������������������������������������������
- CASE TWO: Sunny Delight Improves Profitability with a Self-Service BI Solution�������������������������������������������������������������������������������������
- Chapter 7: Knowledge Management and Specialized Information Systems
- What Is Knowledge Management?
- Knowledge Management Applications and Associated Benefits����������������������������������������������������������������
- Best Practices for Selling and Implementing a KM Project���������������������������������������������������������������
- Technologies That Support KM�����������������������������������
- Overview of Artificial Intelligence������������������������������������������
- Artificial Intelligence in Perspective���������������������������������������������
- Nature of Intelligence�����������������������������
- Brain-Computer Interface�������������������������������
- Expert Systems���������������������
- Robotics���������������
- Vision Systems���������������������
- Natural Language Processing����������������������������������
- Learning Systems�����������������������
- Neural Networks����������������������
- Other Artificial Intelligence Applications�������������������������������������������������
- Multimedia and Virtual Reality�������������������������������������
- Overview of Multimedia�����������������������������
- Overview of Virtual Reality����������������������������������
- Interface Devices������������������������
- Forms of Virtual Reality�������������������������������
- Virtual Reality Applications�����������������������������������
- Other Specialized Systems��������������������������������
- Assistive Technology Systems�����������������������������������
- Game Theory������������������
- Informatics������������������
- CASE ONE: The NASA Knowledge Map���������������������������������������
- CASE TWO: Doctor on Demand Enables Physicians to Make House Calls������������������������������������������������������������������������
- Part 4: System Development
- Chapter 8: System Acquisition and Development
- Buy versus Build�����������������������
- Waterfall System Development Process�������������������������������������������
- System Investigation���������������������������
- System Analysis����������������������
- System Design��������������������
- Construction�������������������
- Integration and Testing������������������������������
- Implementation���������������������
- System Operation and Maintenance���������������������������������������
- Agile Development������������������������
- Buying Off-the-Shelf Software������������������������������������
- Package Evaluation Phase�������������������������������
- Finalize Contract������������������������
- Integration and Testing������������������������������
- Implementation���������������������
- CASE ONE: Etsy Uses DevOps for Rapid Deployment������������������������������������������������������
- CASE TWO: British Telecom Spreading Agile Development across the Globe�����������������������������������������������������������������������������
- Part 5: Information Systems in Business and Society
- Chapter 9: Cybercrime and Information System Security
- The Threat Landscape���������������������������
- Why Computer Incidents Are So Prevalent����������������������������������������������
- Types of Exploits������������������������
- Federal Laws for Prosecuting Computer Attacks����������������������������������������������������
- Implementing Secure, Private, Reliable Computing�������������������������������������������������������
- Risk Assessment����������������������
- Establishing a Security Policy�������������������������������������
- Educating Employees and Contract Workers�����������������������������������������������
- Prevention�����������������
- Detection����������������
- Response���������������
- Using a Managed Security Service Provider (MSSP������������������������������������������������������
- Computer Forensics�������������������������
- CASE ONE: Fairplay Turns to a Managed Security Service Provider����������������������������������������������������������������������
- CASE TWO: Sony’s Response to North Korea’s Cyberattack�������������������������������������������������������������
- Chapter 10: Ethical, Legal, and Social Issues of Information Systems
- Computer Waste and Mistakes����������������������������������
- Computer Waste���������������������
- Computer-Related Mistakes��������������������������������
- Preventing Computer-Related Waste and Mistakes�����������������������������������������������������
- Privacy Issues���������������������
- Privacy and the Federal Government�����������������������������������������
- Privacy at Work����������������������
- Privacy and Email������������������������
- Privacy and Instant Messaging������������������������������������
- Privacy and Personal Sensing Devices�������������������������������������������
- Privacy and the Internet�������������������������������
- Privacy and Internet Libel Concerns������������������������������������������
- Privacy and Fairness in Information Use����������������������������������������������
- Privacy and Filtering and Classifying Internet Content�������������������������������������������������������������
- Corporate Privacy Policies���������������������������������
- Individual Efforts to Protect Privacy��������������������������������������������
- Work Environment�����������������������
- Health Concerns����������������������
- Avoiding Health and Environmental Problems�������������������������������������������������
- Ethical Issues in Information Systems��������������������������������������������
- What Is Ethics?
- Codes of Ethics����������������������
- CASE ONE: FBI Orders Apple to Unlock iPhone��������������������������������������������������
- CASE TWO: Protecting Health Care Privacy�����������������������������������������������
- Glossary���������������
- Subject Index��������������������
- Company Index��������������������
<< /ASCII85EncodePages false /AllowTransparency false /AutoPositionEPSFiles true /AutoRotatePages /None /Binding /Left /CalGrayProfile () /CalRGBProfile (sRGB IEC61966-2.1) /CalCMYKProfile (U.S. Web Coated \050SWOP\051 v2) /sRGBProfile (sRGB IEC61966-2.1) /CannotEmbedFontPolicy /Warning /CompatibilityLevel 1.7 /CompressObjects /Off /CompressPages true /ConvertImagesToIndexed true /PassThroughJPEGImages false /CreateJobTicket false /DefaultRenderingIntent /Default /DetectBlends true /DetectCurves 0.1000 /ColorConversionStrategy /LeaveColorUnchanged /DoThumbnails false /EmbedAllFonts true /EmbedOpenType false /ParseICCProfilesInComments true /EmbedJobOptions true /DSCReportingLevel 0 /EmitDSCWarnings false /EndPage -1 /ImageMemory 524288 /LockDistillerParams true /MaxSubsetPct 1 /Optimize false /OPM 1 /ParseDSCComments true /ParseDSCCommentsForDocInfo true /PreserveCopyPage true /PreserveDICMYKValues true /PreserveEPSInfo true /PreserveFlatness false /PreserveHalftoneInfo false /PreserveOPIComments false /PreserveOverprintSettings true /StartPage 1 /SubsetFonts false /TransferFunctionInfo /Preserve /UCRandBGInfo /Preserve /UsePrologue false /ColorSettingsFile () /AlwaysEmbed [ true ] /NeverEmbed [ true ] /AntiAliasColorImages false /CropColorImages false /ColorImageMinResolution 200 /ColorImageMinResolutionPolicy /OK /DownsampleColorImages true /ColorImageDownsampleType /Bicubic /ColorImageResolution 600 /ColorImageDepth -1 /ColorImageMinDownsampleDepth 1 /ColorImageDownsampleThreshold 1.00000 /EncodeColorImages true /ColorImageFilter /DCTEncode /AutoFilterColorImages false /ColorImageAutoFilterStrategy /JPEG /ColorACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /ColorImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000ColorACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000ColorImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasGrayImages false /CropGrayImages false /GrayImageMinResolution 200 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 600 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.00000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages false /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /GrayImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000GrayACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000GrayImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasMonoImages false /CropMonoImages false /MonoImageMinResolution 595 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages false /MonoImageDownsampleType /Average /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict << /K -1 >> /AllowPSXObjects true /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile (U.S. Web Coated \050SWOP\051 v2) /PDFXOutputConditionIdentifier (CGATS TR 001) /PDFXOutputCondition () /PDFXRegistryName (http://www.color.org) /PDFXTrapped /False /CreateJDFFile false /Description << /ENU (Use these settings to create press-ready Adobe PDF documents for Cengage Learning books using Distiller 8.0.x. The resulting PDF will be compatible with Acrobat 8 \(PDF 1.7\) per CL File Preparation and Certification Task Force) >> /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ << /AsReaderSpreads false /CropImagesToFrames true /ErrorControl /WarnAndContinue /FlattenerIgnoreSpreadOverrides false /IncludeGuidesGrids false /IncludeNonPrinting false /IncludeSlug false /Namespace [ (Adobe) (InDesign) (4.0) ] /OmitPlacedBitmaps false /OmitPlacedEPS false /OmitPlacedPDF false /SimulateOverprint /Legacy >> << /AllowImageBreaks true /AllowTableBreaks true /ExpandPage false /HonorBaseURL true /HonorRolloverEffect false /IgnoreHTMLPageBreaks false /IncludeHeaderFooter false /MarginOffset [ 0 0 0 0 ] /MetadataAuthor () /MetadataKeywords () /MetadataSubject () /MetadataTitle () /MetricPageSize [ 0 0 ] /MetricUnit /inch /MobileCompatible 0 /Namespace [ (Adobe) (GoLive) (8.0) ] /OpenZoomToHTMLFontSize false /PageOrientation /Portrait /RemoveBackground false /ShrinkContent true /TreatColorsAs /MainMonitorColors /UseEmbeddedProfiles false /UseHTMLTitleAsMetadata true >> << /AddBleedMarks false /AddColorBars false /AddCropMarks true /AddPageInfo true /AddRegMarks false /BleedOffset [ 18 18 18 18 ] /ConvertColors /NoConversion /DestinationProfileName (U.S. Web Coated \(SWOP\) v2) /DestinationProfileSelector /UseName /Downsample16BitImages true /FlattenerPreset << /PresetSelector /MediumResolution >> /FormElements true /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MarksOffset 18 /MarksWeight 0.250000 /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /UseName /PageMarksFile /RomanDefault /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /LeaveUntagged /UseDocumentBleed false >> ] /SyntheticBoldness 1.000000 >> setdistillerparams << /HWResolution [2400 2400] /PageSize [612.000 792.000] >> setpagedevice
<< /ASCII85EncodePages false /AllowTransparency false /AutoPositionEPSFiles true /AutoRotatePages /None /Binding /Left /CalGrayProfile () /CalRGBProfile (sRGB IEC61966-2.1) /CalCMYKProfile (U.S. Web Coated \050SWOP\051 v2) /sRGBProfile (sRGB IEC61966-2.1) /CannotEmbedFontPolicy /Warning /CompatibilityLevel 1.7 /CompressObjects /Off /CompressPages true /ConvertImagesToIndexed true /PassThroughJPEGImages false /CreateJobTicket false /DefaultRenderingIntent /Default /DetectBlends true /DetectCurves 0.1000 /ColorConversionStrategy /LeaveColorUnchanged /DoThumbnails false /EmbedAllFonts true /EmbedOpenType false /ParseICCProfilesInComments true /EmbedJobOptions true /DSCReportingLevel 0 /EmitDSCWarnings false /EndPage -1 /ImageMemory 524288 /LockDistillerParams true /MaxSubsetPct 1 /Optimize false /OPM 1 /ParseDSCComments true /ParseDSCCommentsForDocInfo true /PreserveCopyPage true /PreserveDICMYKValues true /PreserveEPSInfo true /PreserveFlatness false /PreserveHalftoneInfo false /PreserveOPIComments false /PreserveOverprintSettings true /StartPage 1 /SubsetFonts false /TransferFunctionInfo /Preserve /UCRandBGInfo /Preserve /UsePrologue false /ColorSettingsFile () /AlwaysEmbed [ true ] /NeverEmbed [ true ] /AntiAliasColorImages false /CropColorImages false /ColorImageMinResolution 200 /ColorImageMinResolutionPolicy /OK /DownsampleColorImages true /ColorImageDownsampleType /Bicubic /ColorImageResolution 600 /ColorImageDepth -1 /ColorImageMinDownsampleDepth 1 /ColorImageDownsampleThreshold 1.00000 /EncodeColorImages true /ColorImageFilter /DCTEncode /AutoFilterColorImages false /ColorImageAutoFilterStrategy /JPEG /ColorACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /ColorImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000ColorACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000ColorImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasGrayImages false /CropGrayImages false /GrayImageMinResolution 200 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 600 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.00000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages false /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /GrayImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000GrayACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000GrayImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasMonoImages false /CropMonoImages false /MonoImageMinResolution 595 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages false /MonoImageDownsampleType /Average /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict << /K -1 >> /AllowPSXObjects true /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile (U.S. Web Coated \050SWOP\051 v2) /PDFXOutputConditionIdentifier (CGATS TR 001) /PDFXOutputCondition () /PDFXRegistryName (http://www.color.org) /PDFXTrapped /False /CreateJDFFile false /Description << /ENU (Use these settings to create press-ready Adobe PDF documents for Cengage Learning books using Distiller 8.0.x. The resulting PDF will be compatible with Acrobat 8 \(PDF 1.7\) per CL File Preparation and Certification Task Force) >> /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ << /AsReaderSpreads false /CropImagesToFrames true /ErrorControl /WarnAndContinue /FlattenerIgnoreSpreadOverrides false /IncludeGuidesGrids false /IncludeNonPrinting false /IncludeSlug false /Namespace [ (Adobe) (InDesign) (4.0) ] /OmitPlacedBitmaps false /OmitPlacedEPS false /OmitPlacedPDF false /SimulateOverprint /Legacy >> << /AllowImageBreaks true /AllowTableBreaks true /ExpandPage false /HonorBaseURL true /HonorRolloverEffect false /IgnoreHTMLPageBreaks false /IncludeHeaderFooter false /MarginOffset [ 0 0 0 0 ] /MetadataAuthor () /MetadataKeywords () /MetadataSubject () /MetadataTitle () /MetricPageSize [ 0 0 ] /MetricUnit /inch /MobileCompatible 0 /Namespace [ (Adobe) (GoLive) (8.0) ] /OpenZoomToHTMLFontSize false /PageOrientation /Portrait /RemoveBackground false /ShrinkContent true /TreatColorsAs /MainMonitorColors /UseEmbeddedProfiles false /UseHTMLTitleAsMetadata true >> << /AddBleedMarks false /AddColorBars false /AddCropMarks true /AddPageInfo true /AddRegMarks false /BleedOffset [ 18 18 18 18 ] /ConvertColors /NoConversion /DestinationProfileName (U.S. Web Coated \(SWOP\) v2) /DestinationProfileSelector /UseName /Downsample16BitImages true /FlattenerPreset << /PresetSelector /MediumResolution >> /FormElements true /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MarksOffset 18 /MarksWeight 0.250000 /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /UseName /PageMarksFile /RomanDefault /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /LeaveUntagged /UseDocumentBleed false >> ] /SyntheticBoldness 1.000000 >> setdistillerparams << /HWResolution [2400 2400] /PageSize [612.000 792.000] >> setpagedevice
<< /ASCII85EncodePages false /AllowTransparency false /AutoPositionEPSFiles true /AutoRotatePages /None /Binding /Left /CalGrayProfile () /CalRGBProfile (sRGB IEC61966-2.1) /CalCMYKProfile (U.S. Web Coated \050SWOP\051 v2) /sRGBProfile (sRGB IEC61966-2.1) /CannotEmbedFontPolicy /Warning /CompatibilityLevel 1.7 /CompressObjects /Off /CompressPages true /ConvertImagesToIndexed true /PassThroughJPEGImages false /CreateJobTicket false /DefaultRenderingIntent /Default /DetectBlends true /DetectCurves 0.1000 /ColorConversionStrategy /LeaveColorUnchanged /DoThumbnails false /EmbedAllFonts true /EmbedOpenType false /ParseICCProfilesInComments true /EmbedJobOptions true /DSCReportingLevel 0 /EmitDSCWarnings false /EndPage -1 /ImageMemory 524288 /LockDistillerParams true /MaxSubsetPct 1 /Optimize false /OPM 1 /ParseDSCComments true /ParseDSCCommentsForDocInfo true /PreserveCopyPage true /PreserveDICMYKValues true /PreserveEPSInfo true /PreserveFlatness false /PreserveHalftoneInfo false /PreserveOPIComments false /PreserveOverprintSettings true /StartPage 1 /SubsetFonts false /TransferFunctionInfo /Preserve /UCRandBGInfo /Preserve /UsePrologue false /ColorSettingsFile () /AlwaysEmbed [ true ] /NeverEmbed [ true ] /AntiAliasColorImages false /CropColorImages false /ColorImageMinResolution 200 /ColorImageMinResolutionPolicy /OK /DownsampleColorImages true /ColorImageDownsampleType /Bicubic /ColorImageResolution 600 /ColorImageDepth -1 /ColorImageMinDownsampleDepth 1 /ColorImageDownsampleThreshold 1.00000 /EncodeColorImages true /ColorImageFilter /DCTEncode /AutoFilterColorImages false /ColorImageAutoFilterStrategy /JPEG /ColorACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /ColorImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000ColorACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000ColorImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasGrayImages false /CropGrayImages false /GrayImageMinResolution 200 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 600 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.00000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages false /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /GrayImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000GrayACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000GrayImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasMonoImages false /CropMonoImages false /MonoImageMinResolution 595 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages false /MonoImageDownsampleType /Average /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict << /K -1 >> /AllowPSXObjects true /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile (U.S. Web Coated \050SWOP\051 v2) /PDFXOutputConditionIdentifier (CGATS TR 001) /PDFXOutputCondition () /PDFXRegistryName (http://www.color.org) /PDFXTrapped /False /CreateJDFFile false /Description << /ENU (Use these settings to create press-ready Adobe PDF documents for Cengage Learning books using Distiller 8.0.x. The resulting PDF will be compatible with Acrobat 8 \(PDF 1.7\) per CL File Preparation and Certification Task Force) >> /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ << /AsReaderSpreads false /CropImagesToFrames true /ErrorControl /WarnAndContinue /FlattenerIgnoreSpreadOverrides false /IncludeGuidesGrids false /IncludeNonPrinting false /IncludeSlug false /Namespace [ (Adobe) (InDesign) (4.0) ] /OmitPlacedBitmaps false /OmitPlacedEPS false /OmitPlacedPDF false /SimulateOverprint /Legacy >> << /AllowImageBreaks true /AllowTableBreaks true /ExpandPage false /HonorBaseURL true /HonorRolloverEffect false /IgnoreHTMLPageBreaks false /IncludeHeaderFooter false /MarginOffset [ 0 0 0 0 ] /MetadataAuthor () /MetadataKeywords () /MetadataSubject () /MetadataTitle () /MetricPageSize [ 0 0 ] /MetricUnit /inch /MobileCompatible 0 /Namespace [ (Adobe) (GoLive) (8.0) ] /OpenZoomToHTMLFontSize false /PageOrientation /Portrait /RemoveBackground false /ShrinkContent true /TreatColorsAs /MainMonitorColors /UseEmbeddedProfiles false /UseHTMLTitleAsMetadata true >> << /AddBleedMarks false /AddColorBars false /AddCropMarks true /AddPageInfo true /AddRegMarks false /BleedOffset [ 18 18 18 18 ] /ConvertColors /NoConversion /DestinationProfileName (U.S. Web Coated \(SWOP\) v2) /DestinationProfileSelector /UseName /Downsample16BitImages true /FlattenerPreset << /PresetSelector /MediumResolution >> /FormElements true /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MarksOffset 18 /MarksWeight 0.250000 /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /UseName /PageMarksFile /RomanDefault /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /LeaveUntagged /UseDocumentBleed false >> ] /SyntheticBoldness 1.000000 >> setdistillerparams << /HWResolution [2400 2400] /PageSize [612.000 792.000] >> setpagedevice
<< /ASCII85EncodePages false /AllowTransparency false /AutoPositionEPSFiles true /AutoRotatePages /None /Binding /Left /CalGrayProfile () /CalRGBProfile (sRGB IEC61966-2.1) /CalCMYKProfile (U.S. Web Coated \050SWOP\051 v2) /sRGBProfile (sRGB IEC61966-2.1) /CannotEmbedFontPolicy /Warning /CompatibilityLevel 1.7 /CompressObjects /Off /CompressPages true /ConvertImagesToIndexed true /PassThroughJPEGImages false /CreateJobTicket false /DefaultRenderingIntent /Default /DetectBlends true /DetectCurves 0.1000 /ColorConversionStrategy /LeaveColorUnchanged /DoThumbnails false /EmbedAllFonts true /EmbedOpenType false /ParseICCProfilesInComments true /EmbedJobOptions true /DSCReportingLevel 0 /EmitDSCWarnings false /EndPage -1 /ImageMemory 524288 /LockDistillerParams true /MaxSubsetPct 1 /Optimize false /OPM 1 /ParseDSCComments true /ParseDSCCommentsForDocInfo true /PreserveCopyPage true /PreserveDICMYKValues true /PreserveEPSInfo true /PreserveFlatness false /PreserveHalftoneInfo false /PreserveOPIComments false /PreserveOverprintSettings true /StartPage 1 /SubsetFonts false /TransferFunctionInfo /Preserve /UCRandBGInfo /Preserve /UsePrologue false /ColorSettingsFile () /AlwaysEmbed [ true ] /NeverEmbed [ true ] /AntiAliasColorImages false /CropColorImages false /ColorImageMinResolution 200 /ColorImageMinResolutionPolicy /OK /DownsampleColorImages true /ColorImageDownsampleType /Bicubic /ColorImageResolution 600 /ColorImageDepth -1 /ColorImageMinDownsampleDepth 1 /ColorImageDownsampleThreshold 1.00000 /EncodeColorImages true /ColorImageFilter /DCTEncode /AutoFilterColorImages false /ColorImageAutoFilterStrategy /JPEG /ColorACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /ColorImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000ColorACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000ColorImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasGrayImages false /CropGrayImages false /GrayImageMinResolution 200 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 600 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.00000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages false /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /GrayImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000GrayACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000GrayImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasMonoImages false /CropMonoImages false /MonoImageMinResolution 595 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages false /MonoImageDownsampleType /Average /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict << /K -1 >> /AllowPSXObjects true /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile (U.S. Web Coated \050SWOP\051 v2) /PDFXOutputConditionIdentifier (CGATS TR 001) /PDFXOutputCondition () /PDFXRegistryName (http://www.color.org) /PDFXTrapped /False /CreateJDFFile false /Description << /ENU (Use these settings to create press-ready Adobe PDF documents for Cengage Learning books using Distiller 8.0.x. The resulting PDF will be compatible with Acrobat 8 \(PDF 1.7\) per CL File Preparation and Certification Task Force) >> /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ << /AsReaderSpreads false /CropImagesToFrames true /ErrorControl /WarnAndContinue /FlattenerIgnoreSpreadOverrides false /IncludeGuidesGrids false /IncludeNonPrinting false /IncludeSlug false /Namespace [ (Adobe) (InDesign) (4.0) ] /OmitPlacedBitmaps false /OmitPlacedEPS false /OmitPlacedPDF false /SimulateOverprint /Legacy >> << /AllowImageBreaks true /AllowTableBreaks true /ExpandPage false /HonorBaseURL true /HonorRolloverEffect false /IgnoreHTMLPageBreaks false /IncludeHeaderFooter false /MarginOffset [ 0 0 0 0 ] /MetadataAuthor () /MetadataKeywords () /MetadataSubject () /MetadataTitle () /MetricPageSize [ 0 0 ] /MetricUnit /inch /MobileCompatible 0 /Namespace [ (Adobe) (GoLive) (8.0) ] /OpenZoomToHTMLFontSize false /PageOrientation /Portrait /RemoveBackground false /ShrinkContent true /TreatColorsAs /MainMonitorColors /UseEmbeddedProfiles false /UseHTMLTitleAsMetadata true >> << /AddBleedMarks false /AddColorBars false /AddCropMarks true /AddPageInfo true /AddRegMarks false /BleedOffset [ 18 18 18 18 ] /ConvertColors /NoConversion /DestinationProfileName (U.S. Web Coated \(SWOP\) v2) /DestinationProfileSelector /UseName /Downsample16BitImages true /FlattenerPreset << /PresetSelector /MediumResolution >> /FormElements true /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MarksOffset 18 /MarksWeight 0.250000 /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /UseName /PageMarksFile /RomanDefault /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /LeaveUntagged /UseDocumentBleed false >> ] /SyntheticBoldness 1.000000 >> setdistillerparams << /HWResolution [2400 2400] /PageSize [612.000 792.000] >> setpagedevice
<< /ASCII85EncodePages false /AllowTransparency false /AutoPositionEPSFiles true /AutoRotatePages /None /Binding /Left /CalGrayProfile () /CalRGBProfile (sRGB IEC61966-2.1) /CalCMYKProfile (U.S. Web Coated \050SWOP\051 v2) /sRGBProfile (sRGB IEC61966-2.1) /CannotEmbedFontPolicy /Warning /CompatibilityLevel 1.7 /CompressObjects /Off /CompressPages true /ConvertImagesToIndexed true /PassThroughJPEGImages false /CreateJobTicket false /DefaultRenderingIntent /Default /DetectBlends true /DetectCurves 0.1000 /ColorConversionStrategy /LeaveColorUnchanged /DoThumbnails false /EmbedAllFonts true /EmbedOpenType false /ParseICCProfilesInComments true /EmbedJobOptions true /DSCReportingLevel 0 /EmitDSCWarnings false /EndPage -1 /ImageMemory 524288 /LockDistillerParams true /MaxSubsetPct 1 /Optimize false /OPM 1 /ParseDSCComments true /ParseDSCCommentsForDocInfo true /PreserveCopyPage true /PreserveDICMYKValues true /PreserveEPSInfo true /PreserveFlatness false /PreserveHalftoneInfo false /PreserveOPIComments false /PreserveOverprintSettings true /StartPage 1 /SubsetFonts false /TransferFunctionInfo /Preserve /UCRandBGInfo /Preserve /UsePrologue false /ColorSettingsFile () /AlwaysEmbed [ true ] /NeverEmbed [ true ] /AntiAliasColorImages false /CropColorImages false /ColorImageMinResolution 200 /ColorImageMinResolutionPolicy /OK /DownsampleColorImages true /ColorImageDownsampleType /Bicubic /ColorImageResolution 600 /ColorImageDepth -1 /ColorImageMinDownsampleDepth 1 /ColorImageDownsampleThreshold 1.00000 /EncodeColorImages true /ColorImageFilter /DCTEncode /AutoFilterColorImages false /ColorImageAutoFilterStrategy /JPEG /ColorACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /ColorImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000ColorACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000ColorImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasGrayImages false /CropGrayImages false /GrayImageMinResolution 200 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 600 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.00000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages false /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /GrayImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000GrayACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000GrayImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasMonoImages false /CropMonoImages false /MonoImageMinResolution 595 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages false /MonoImageDownsampleType /Average /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict << /K -1 >> /AllowPSXObjects true /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile (U.S. Web Coated \050SWOP\051 v2) /PDFXOutputConditionIdentifier (CGATS TR 001) /PDFXOutputCondition () /PDFXRegistryName (http://www.color.org) /PDFXTrapped /False /CreateJDFFile false /Description << /ENU (Use these settings to create press-ready Adobe PDF documents for Cengage Learning books using Distiller 8.0.x. The resulting PDF will be compatible with Acrobat 8 \(PDF 1.7\) per CL File Preparation and Certification Task Force) >> /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ << /AsReaderSpreads false /CropImagesToFrames true /ErrorControl /WarnAndContinue /FlattenerIgnoreSpreadOverrides false /IncludeGuidesGrids false /IncludeNonPrinting false /IncludeSlug false /Namespace [ (Adobe) (InDesign) (4.0) ] /OmitPlacedBitmaps false /OmitPlacedEPS false /OmitPlacedPDF false /SimulateOverprint /Legacy >> << /AllowImageBreaks true /AllowTableBreaks true /ExpandPage false /HonorBaseURL true /HonorRolloverEffect false /IgnoreHTMLPageBreaks false /IncludeHeaderFooter false /MarginOffset [ 0 0 0 0 ] /MetadataAuthor () /MetadataKeywords () /MetadataSubject () /MetadataTitle () /MetricPageSize [ 0 0 ] /MetricUnit /inch /MobileCompatible 0 /Namespace [ (Adobe) (GoLive) (8.0) ] /OpenZoomToHTMLFontSize false /PageOrientation /Portrait /RemoveBackground false /ShrinkContent true /TreatColorsAs /MainMonitorColors /UseEmbeddedProfiles false /UseHTMLTitleAsMetadata true >> << /AddBleedMarks false /AddColorBars false /AddCropMarks true /AddPageInfo true /AddRegMarks false /BleedOffset [ 18 18 18 18 ] /ConvertColors /NoConversion /DestinationProfileName (U.S. Web Coated \(SWOP\) v2) /DestinationProfileSelector /UseName /Downsample16BitImages true /FlattenerPreset << /PresetSelector /MediumResolution >> /FormElements true /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MarksOffset 18 /MarksWeight 0.250000 /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /UseName /PageMarksFile /RomanDefault /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /LeaveUntagged /UseDocumentBleed false >> ] /SyntheticBoldness 1.000000 >> setdistillerparams << /HWResolution [2400 2400] /PageSize [612.000 792.000] >> setpagedevice
<< /ASCII85EncodePages false /AllowTransparency false /AutoPositionEPSFiles true /AutoRotatePages /None /Binding /Left /CalGrayProfile () /CalRGBProfile (sRGB IEC61966-2.1) /CalCMYKProfile (U.S. Web Coated \050SWOP\051 v2) /sRGBProfile (sRGB IEC61966-2.1) /CannotEmbedFontPolicy /Warning /CompatibilityLevel 1.7 /CompressObjects /Off /CompressPages true /ConvertImagesToIndexed true /PassThroughJPEGImages false /CreateJobTicket false /DefaultRenderingIntent /Default /DetectBlends true /DetectCurves 0.1000 /ColorConversionStrategy /LeaveColorUnchanged /DoThumbnails false /EmbedAllFonts true /EmbedOpenType false /ParseICCProfilesInComments true /EmbedJobOptions true /DSCReportingLevel 0 /EmitDSCWarnings false /EndPage -1 /ImageMemory 524288 /LockDistillerParams true /MaxSubsetPct 1 /Optimize false /OPM 1 /ParseDSCComments true /ParseDSCCommentsForDocInfo true /PreserveCopyPage true /PreserveDICMYKValues true /PreserveEPSInfo true /PreserveFlatness false /PreserveHalftoneInfo false /PreserveOPIComments false /PreserveOverprintSettings true /StartPage 1 /SubsetFonts false /TransferFunctionInfo /Preserve /UCRandBGInfo /Preserve /UsePrologue false /ColorSettingsFile () /AlwaysEmbed [ true ] /NeverEmbed [ true ] /AntiAliasColorImages false /CropColorImages false /ColorImageMinResolution 200 /ColorImageMinResolutionPolicy /OK /DownsampleColorImages true /ColorImageDownsampleType /Bicubic /ColorImageResolution 600 /ColorImageDepth -1 /ColorImageMinDownsampleDepth 1 /ColorImageDownsampleThreshold 1.00000 /EncodeColorImages true /ColorImageFilter /DCTEncode /AutoFilterColorImages false /ColorImageAutoFilterStrategy /JPEG /ColorACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /ColorImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000ColorACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000ColorImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasGrayImages false /CropGrayImages false /GrayImageMinResolution 200 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 600 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.00000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages false /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /GrayImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000GrayACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000GrayImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasMonoImages false /CropMonoImages false /MonoImageMinResolution 595 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages false /MonoImageDownsampleType /Average /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict << /K -1 >> /AllowPSXObjects true /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile (U.S. Web Coated \050SWOP\051 v2) /PDFXOutputConditionIdentifier (CGATS TR 001) /PDFXOutputCondition () /PDFXRegistryName (http://www.color.org) /PDFXTrapped /False /CreateJDFFile false /Description << /ENU (Use these settings to create press-ready Adobe PDF documents for Cengage Learning books using Distiller 8.0.x. The resulting PDF will be compatible with Acrobat 8 \(PDF 1.7\) per CL File Preparation and Certification Task Force) >> /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ << /AsReaderSpreads false /CropImagesToFrames true /ErrorControl /WarnAndContinue /FlattenerIgnoreSpreadOverrides false /IncludeGuidesGrids false /IncludeNonPrinting false /IncludeSlug false /Namespace [ (Adobe) (InDesign) (4.0) ] /OmitPlacedBitmaps false /OmitPlacedEPS false /OmitPlacedPDF false /SimulateOverprint /Legacy >> << /AllowImageBreaks true /AllowTableBreaks true /ExpandPage false /HonorBaseURL true /HonorRolloverEffect false /IgnoreHTMLPageBreaks false /IncludeHeaderFooter false /MarginOffset [ 0 0 0 0 ] /MetadataAuthor () /MetadataKeywords () /MetadataSubject () /MetadataTitle () /MetricPageSize [ 0 0 ] /MetricUnit /inch /MobileCompatible 0 /Namespace [ (Adobe) (GoLive) (8.0) ] /OpenZoomToHTMLFontSize false /PageOrientation /Portrait /RemoveBackground false /ShrinkContent true /TreatColorsAs /MainMonitorColors /UseEmbeddedProfiles false /UseHTMLTitleAsMetadata true >> << /AddBleedMarks false /AddColorBars false /AddCropMarks true /AddPageInfo true /AddRegMarks false /BleedOffset [ 18 18 18 18 ] /ConvertColors /NoConversion /DestinationProfileName (U.S. Web Coated \(SWOP\) v2) /DestinationProfileSelector /UseName /Downsample16BitImages true /FlattenerPreset << /PresetSelector /MediumResolution >> /FormElements true /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MarksOffset 18 /MarksWeight 0.250000 /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /UseName /PageMarksFile /RomanDefault /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /LeaveUntagged /UseDocumentBleed false >> ] /SyntheticBoldness 1.000000 >> setdistillerparams << /HWResolution [2400 2400] /PageSize [612.000 792.000] >> setpagedevice
<< /ASCII85EncodePages false /AllowTransparency false /AutoPositionEPSFiles true /AutoRotatePages /None /Binding /Left /CalGrayProfile () /CalRGBProfile (sRGB IEC61966-2.1) /CalCMYKProfile (U.S. Web Coated \050SWOP\051 v2) /sRGBProfile (sRGB IEC61966-2.1) /CannotEmbedFontPolicy /Warning /CompatibilityLevel 1.7 /CompressObjects /Off /CompressPages true /ConvertImagesToIndexed true /PassThroughJPEGImages false /CreateJobTicket false /DefaultRenderingIntent /Default /DetectBlends true /DetectCurves 0.1000 /ColorConversionStrategy /LeaveColorUnchanged /DoThumbnails false /EmbedAllFonts true /EmbedOpenType false /ParseICCProfilesInComments true /EmbedJobOptions true /DSCReportingLevel 0 /EmitDSCWarnings false /EndPage -1 /ImageMemory 524288 /LockDistillerParams true /MaxSubsetPct 1 /Optimize false /OPM 1 /ParseDSCComments true /ParseDSCCommentsForDocInfo true /PreserveCopyPage true /PreserveDICMYKValues true /PreserveEPSInfo true /PreserveFlatness false /PreserveHalftoneInfo false /PreserveOPIComments false /PreserveOverprintSettings true /StartPage 1 /SubsetFonts false /TransferFunctionInfo /Preserve /UCRandBGInfo /Preserve /UsePrologue false /ColorSettingsFile () /AlwaysEmbed [ true ] /NeverEmbed [ true ] /AntiAliasColorImages false /CropColorImages false /ColorImageMinResolution 200 /ColorImageMinResolutionPolicy /OK /DownsampleColorImages true /ColorImageDownsampleType /Bicubic /ColorImageResolution 600 /ColorImageDepth -1 /ColorImageMinDownsampleDepth 1 /ColorImageDownsampleThreshold 1.00000 /EncodeColorImages true /ColorImageFilter /DCTEncode /AutoFilterColorImages false /ColorImageAutoFilterStrategy /JPEG /ColorACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /ColorImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000ColorACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000ColorImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasGrayImages false /CropGrayImages false /GrayImageMinResolution 200 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 600 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.00000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages false /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /GrayImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000GrayACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000GrayImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasMonoImages false /CropMonoImages false /MonoImageMinResolution 595 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages false /MonoImageDownsampleType /Average /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict << /K -1 >> /AllowPSXObjects true /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile (U.S. Web Coated \050SWOP\051 v2) /PDFXOutputConditionIdentifier (CGATS TR 001) /PDFXOutputCondition () /PDFXRegistryName (http://www.color.org) /PDFXTrapped /False /CreateJDFFile false /Description << /ENU (Use these settings to create press-ready Adobe PDF documents for Cengage Learning books using Distiller 8.0.x. The resulting PDF will be compatible with Acrobat 8 \(PDF 1.7\) per CL File Preparation and Certification Task Force) >> /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ << /AsReaderSpreads false /CropImagesToFrames true /ErrorControl /WarnAndContinue /FlattenerIgnoreSpreadOverrides false /IncludeGuidesGrids false /IncludeNonPrinting false /IncludeSlug false /Namespace [ (Adobe) (InDesign) (4.0) ] /OmitPlacedBitmaps false /OmitPlacedEPS false /OmitPlacedPDF false /SimulateOverprint /Legacy >> << /AllowImageBreaks true /AllowTableBreaks true /ExpandPage false /HonorBaseURL true /HonorRolloverEffect false /IgnoreHTMLPageBreaks false /IncludeHeaderFooter false /MarginOffset [ 0 0 0 0 ] /MetadataAuthor () /MetadataKeywords () /MetadataSubject () /MetadataTitle () /MetricPageSize [ 0 0 ] /MetricUnit /inch /MobileCompatible 0 /Namespace [ (Adobe) (GoLive) (8.0) ] /OpenZoomToHTMLFontSize false /PageOrientation /Portrait /RemoveBackground false /ShrinkContent true /TreatColorsAs /MainMonitorColors /UseEmbeddedProfiles false /UseHTMLTitleAsMetadata true >> << /AddBleedMarks false /AddColorBars false /AddCropMarks true /AddPageInfo true /AddRegMarks false /BleedOffset [ 18 18 18 18 ] /ConvertColors /NoConversion /DestinationProfileName (U.S. Web Coated \(SWOP\) v2) /DestinationProfileSelector /UseName /Downsample16BitImages true /FlattenerPreset << /PresetSelector /MediumResolution >> /FormElements true /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MarksOffset 18 /MarksWeight 0.250000 /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /UseName /PageMarksFile /RomanDefault /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /LeaveUntagged /UseDocumentBleed false >> ] /SyntheticBoldness 1.000000 >> setdistillerparams << /HWResolution [2400 2400] /PageSize [612.000 792.000] >> setpagedevice
<< /ASCII85EncodePages false /AllowTransparency false /AutoPositionEPSFiles true /AutoRotatePages /None /Binding /Left /CalGrayProfile () /CalRGBProfile (sRGB IEC61966-2.1) /CalCMYKProfile (U.S. Web Coated \050SWOP\051 v2) /sRGBProfile (sRGB IEC61966-2.1) /CannotEmbedFontPolicy /Warning /CompatibilityLevel 1.7 /CompressObjects /Off /CompressPages true /ConvertImagesToIndexed true /PassThroughJPEGImages false /CreateJobTicket false /DefaultRenderingIntent /Default /DetectBlends true /DetectCurves 0.1000 /ColorConversionStrategy /LeaveColorUnchanged /DoThumbnails false /EmbedAllFonts true /EmbedOpenType false /ParseICCProfilesInComments true /EmbedJobOptions true /DSCReportingLevel 0 /EmitDSCWarnings false /EndPage -1 /ImageMemory 524288 /LockDistillerParams true /MaxSubsetPct 1 /Optimize false /OPM 1 /ParseDSCComments true /ParseDSCCommentsForDocInfo true /PreserveCopyPage true /PreserveDICMYKValues true /PreserveEPSInfo true /PreserveFlatness false /PreserveHalftoneInfo false /PreserveOPIComments false /PreserveOverprintSettings true /StartPage 1 /SubsetFonts false /TransferFunctionInfo /Preserve /UCRandBGInfo /Preserve /UsePrologue false /ColorSettingsFile () /AlwaysEmbed [ true ] /NeverEmbed [ true ] /AntiAliasColorImages false /CropColorImages false /ColorImageMinResolution 200 /ColorImageMinResolutionPolicy /OK /DownsampleColorImages true /ColorImageDownsampleType /Bicubic /ColorImageResolution 600 /ColorImageDepth -1 /ColorImageMinDownsampleDepth 1 /ColorImageDownsampleThreshold 1.00000 /EncodeColorImages true /ColorImageFilter /DCTEncode /AutoFilterColorImages false /ColorImageAutoFilterStrategy /JPEG /ColorACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /ColorImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000ColorACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000ColorImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasGrayImages false /CropGrayImages false /GrayImageMinResolution 200 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 600 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.00000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages false /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /GrayImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000GrayACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000GrayImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasMonoImages false /CropMonoImages false /MonoImageMinResolution 595 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages false /MonoImageDownsampleType /Average /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict << /K -1 >> /AllowPSXObjects true /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile (U.S. Web Coated \050SWOP\051 v2) /PDFXOutputConditionIdentifier (CGATS TR 001) /PDFXOutputCondition () /PDFXRegistryName (http://www.color.org) /PDFXTrapped /False /CreateJDFFile false /Description << /ENU (Use these settings to create press-ready Adobe PDF documents for Cengage Learning books using Distiller 8.0.x. The resulting PDF will be compatible with Acrobat 8 \(PDF 1.7\) per CL File Preparation and Certification Task Force) >> /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ << /AsReaderSpreads false /CropImagesToFrames true /ErrorControl /WarnAndContinue /FlattenerIgnoreSpreadOverrides false /IncludeGuidesGrids false /IncludeNonPrinting false /IncludeSlug false /Namespace [ (Adobe) (InDesign) (4.0) ] /OmitPlacedBitmaps false /OmitPlacedEPS false /OmitPlacedPDF false /SimulateOverprint /Legacy >> << /AllowImageBreaks true /AllowTableBreaks true /ExpandPage false /HonorBaseURL true /HonorRolloverEffect false /IgnoreHTMLPageBreaks false /IncludeHeaderFooter false /MarginOffset [ 0 0 0 0 ] /MetadataAuthor () /MetadataKeywords () /MetadataSubject () /MetadataTitle () /MetricPageSize [ 0 0 ] /MetricUnit /inch /MobileCompatible 0 /Namespace [ (Adobe) (GoLive) (8.0) ] /OpenZoomToHTMLFontSize false /PageOrientation /Portrait /RemoveBackground false /ShrinkContent true /TreatColorsAs /MainMonitorColors /UseEmbeddedProfiles false /UseHTMLTitleAsMetadata true >> << /AddBleedMarks false /AddColorBars false /AddCropMarks true /AddPageInfo true /AddRegMarks false /BleedOffset [ 18 18 18 18 ] /ConvertColors /NoConversion /DestinationProfileName (U.S. Web Coated \(SWOP\) v2) /DestinationProfileSelector /UseName /Downsample16BitImages true /FlattenerPreset << /PresetSelector /MediumResolution >> /FormElements true /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MarksOffset 18 /MarksWeight 0.250000 /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /UseName /PageMarksFile /RomanDefault /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /LeaveUntagged /UseDocumentBleed false >> ] /SyntheticBoldness 1.000000 >> setdistillerparams << /HWResolution [2400 2400] /PageSize [612.000 792.000] >> setpagedevice
<< /ASCII85EncodePages false /AllowTransparency false /AutoPositionEPSFiles true /AutoRotatePages /None /Binding /Left /CalGrayProfile () /CalRGBProfile (sRGB IEC61966-2.1) /CalCMYKProfile (U.S. Web Coated \050SWOP\051 v2) /sRGBProfile (sRGB IEC61966-2.1) /CannotEmbedFontPolicy /Warning /CompatibilityLevel 1.7 /CompressObjects /Off /CompressPages true /ConvertImagesToIndexed true /PassThroughJPEGImages false /CreateJobTicket false /DefaultRenderingIntent /Default /DetectBlends true /DetectCurves 0.1000 /ColorConversionStrategy /LeaveColorUnchanged /DoThumbnails false /EmbedAllFonts true /EmbedOpenType false /ParseICCProfilesInComments true /EmbedJobOptions true /DSCReportingLevel 0 /EmitDSCWarnings false /EndPage -1 /ImageMemory 524288 /LockDistillerParams true /MaxSubsetPct 1 /Optimize false /OPM 1 /ParseDSCComments true /ParseDSCCommentsForDocInfo true /PreserveCopyPage true /PreserveDICMYKValues true /PreserveEPSInfo true /PreserveFlatness false /PreserveHalftoneInfo false /PreserveOPIComments false /PreserveOverprintSettings true /StartPage 1 /SubsetFonts false /TransferFunctionInfo /Preserve /UCRandBGInfo /Preserve /UsePrologue false /ColorSettingsFile () /AlwaysEmbed [ true ] /NeverEmbed [ true ] /AntiAliasColorImages false /CropColorImages false /ColorImageMinResolution 200 /ColorImageMinResolutionPolicy /OK /DownsampleColorImages true /ColorImageDownsampleType /Bicubic /ColorImageResolution 600 /ColorImageDepth -1 /ColorImageMinDownsampleDepth 1 /ColorImageDownsampleThreshold 1.00000 /EncodeColorImages true /ColorImageFilter /DCTEncode /AutoFilterColorImages false /ColorImageAutoFilterStrategy /JPEG /ColorACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /ColorImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000ColorACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000ColorImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasGrayImages false /CropGrayImages false /GrayImageMinResolution 200 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 600 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.00000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages false /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /GrayImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000GrayACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000GrayImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasMonoImages false /CropMonoImages false /MonoImageMinResolution 595 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages false /MonoImageDownsampleType /Average /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict << /K -1 >> /AllowPSXObjects true /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile (U.S. Web Coated \050SWOP\051 v2) /PDFXOutputConditionIdentifier (CGATS TR 001) /PDFXOutputCondition () /PDFXRegistryName (http://www.color.org) /PDFXTrapped /False /CreateJDFFile false /Description << /ENU (Use these settings to create press-ready Adobe PDF documents for Cengage Learning books using Distiller 8.0.x. The resulting PDF will be compatible with Acrobat 8 \(PDF 1.7\) per CL File Preparation and Certification Task Force) >> /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ << /AsReaderSpreads false /CropImagesToFrames true /ErrorControl /WarnAndContinue /FlattenerIgnoreSpreadOverrides false /IncludeGuidesGrids false /IncludeNonPrinting false /IncludeSlug false /Namespace [ (Adobe) (InDesign) (4.0) ] /OmitPlacedBitmaps false /OmitPlacedEPS false /OmitPlacedPDF false /SimulateOverprint /Legacy >> << /AllowImageBreaks true /AllowTableBreaks true /ExpandPage false /HonorBaseURL true /HonorRolloverEffect false /IgnoreHTMLPageBreaks false /IncludeHeaderFooter false /MarginOffset [ 0 0 0 0 ] /MetadataAuthor () /MetadataKeywords () /MetadataSubject () /MetadataTitle () /MetricPageSize [ 0 0 ] /MetricUnit /inch /MobileCompatible 0 /Namespace [ (Adobe) (GoLive) (8.0) ] /OpenZoomToHTMLFontSize false /PageOrientation /Portrait /RemoveBackground false /ShrinkContent true /TreatColorsAs /MainMonitorColors /UseEmbeddedProfiles false /UseHTMLTitleAsMetadata true >> << /AddBleedMarks false /AddColorBars false /AddCropMarks true /AddPageInfo true /AddRegMarks false /BleedOffset [ 18 18 18 18 ] /ConvertColors /NoConversion /DestinationProfileName (U.S. Web Coated \(SWOP\) v2) /DestinationProfileSelector /UseName /Downsample16BitImages true /FlattenerPreset << /PresetSelector /MediumResolution >> /FormElements true /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MarksOffset 18 /MarksWeight 0.250000 /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /UseName /PageMarksFile /RomanDefault /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /LeaveUntagged /UseDocumentBleed false >> ] /SyntheticBoldness 1.000000 >> setdistillerparams << /HWResolution [2400 2400] /PageSize [612.000 792.000] >> setpagedevice
<< /ASCII85EncodePages false /AllowTransparency false /AutoPositionEPSFiles true /AutoRotatePages /None /Binding /Left /CalGrayProfile () /CalRGBProfile (sRGB IEC61966-2.1) /CalCMYKProfile (U.S. Web Coated \050SWOP\051 v2) /sRGBProfile (sRGB IEC61966-2.1) /CannotEmbedFontPolicy /Warning /CompatibilityLevel 1.7 /CompressObjects /Off /CompressPages true /ConvertImagesToIndexed true /PassThroughJPEGImages false /CreateJobTicket false /DefaultRenderingIntent /Default /DetectBlends true /DetectCurves 0.1000 /ColorConversionStrategy /LeaveColorUnchanged /DoThumbnails false /EmbedAllFonts true /EmbedOpenType false /ParseICCProfilesInComments true /EmbedJobOptions true /DSCReportingLevel 0 /EmitDSCWarnings false /EndPage -1 /ImageMemory 524288 /LockDistillerParams true /MaxSubsetPct 1 /Optimize false /OPM 1 /ParseDSCComments true /ParseDSCCommentsForDocInfo true /PreserveCopyPage true /PreserveDICMYKValues true /PreserveEPSInfo true /PreserveFlatness false /PreserveHalftoneInfo false /PreserveOPIComments false /PreserveOverprintSettings true /StartPage 1 /SubsetFonts false /TransferFunctionInfo /Preserve /UCRandBGInfo /Preserve /UsePrologue false /ColorSettingsFile () /AlwaysEmbed [ true ] /NeverEmbed [ true ] /AntiAliasColorImages false /CropColorImages false /ColorImageMinResolution 200 /ColorImageMinResolutionPolicy /OK /DownsampleColorImages true /ColorImageDownsampleType /Bicubic /ColorImageResolution 600 /ColorImageDepth -1 /ColorImageMinDownsampleDepth 1 /ColorImageDownsampleThreshold 1.00000 /EncodeColorImages true /ColorImageFilter /DCTEncode /AutoFilterColorImages false /ColorImageAutoFilterStrategy /JPEG /ColorACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /ColorImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000ColorACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000ColorImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasGrayImages false /CropGrayImages false /GrayImageMinResolution 200 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 600 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.00000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages false /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /GrayImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000GrayACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000GrayImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasMonoImages false /CropMonoImages false /MonoImageMinResolution 595 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages false /MonoImageDownsampleType /Average /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict << /K -1 >> /AllowPSXObjects true /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile (U.S. Web Coated \050SWOP\051 v2) /PDFXOutputConditionIdentifier (CGATS TR 001) /PDFXOutputCondition () /PDFXRegistryName (http://www.color.org) /PDFXTrapped /False /CreateJDFFile false /Description << /ENU (Use these settings to create press-ready Adobe PDF documents for Cengage Learning books using Distiller 8.0.x. The resulting PDF will be compatible with Acrobat 8 \(PDF 1.7\) per CL File Preparation and Certification Task Force) >> /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ << /AsReaderSpreads false /CropImagesToFrames true /ErrorControl /WarnAndContinue /FlattenerIgnoreSpreadOverrides false /IncludeGuidesGrids false /IncludeNonPrinting false /IncludeSlug false /Namespace [ (Adobe) (InDesign) (4.0) ] /OmitPlacedBitmaps false /OmitPlacedEPS false /OmitPlacedPDF false /SimulateOverprint /Legacy >> << /AllowImageBreaks true /AllowTableBreaks true /ExpandPage false /HonorBaseURL true /HonorRolloverEffect false /IgnoreHTMLPageBreaks false /IncludeHeaderFooter false /MarginOffset [ 0 0 0 0 ] /MetadataAuthor () /MetadataKeywords () /MetadataSubject () /MetadataTitle () /MetricPageSize [ 0 0 ] /MetricUnit /inch /MobileCompatible 0 /Namespace [ (Adobe) (GoLive) (8.0) ] /OpenZoomToHTMLFontSize false /PageOrientation /Portrait /RemoveBackground false /ShrinkContent true /TreatColorsAs /MainMonitorColors /UseEmbeddedProfiles false /UseHTMLTitleAsMetadata true >> << /AddBleedMarks false /AddColorBars false /AddCropMarks true /AddPageInfo true /AddRegMarks false /BleedOffset [ 18 18 18 18 ] /ConvertColors /NoConversion /DestinationProfileName (U.S. Web Coated \(SWOP\) v2) /DestinationProfileSelector /UseName /Downsample16BitImages true /FlattenerPreset << /PresetSelector /MediumResolution >> /FormElements true /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MarksOffset 18 /MarksWeight 0.250000 /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /UseName /PageMarksFile /RomanDefault /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /LeaveUntagged /UseDocumentBleed false >> ] /SyntheticBoldness 1.000000 >> setdistillerparams << /HWResolution [2400 2400] /PageSize [612.000 792.000] >> setpagedevice
<< /ASCII85EncodePages false /AllowTransparency false /AutoPositionEPSFiles true /AutoRotatePages /None /Binding /Left /CalGrayProfile () /CalRGBProfile (sRGB IEC61966-2.1) /CalCMYKProfile (U.S. Web Coated \050SWOP\051 v2) /sRGBProfile (sRGB IEC61966-2.1) /CannotEmbedFontPolicy /Warning /CompatibilityLevel 1.7 /CompressObjects /Off /CompressPages true /ConvertImagesToIndexed true /PassThroughJPEGImages false /CreateJobTicket false /DefaultRenderingIntent /Default /DetectBlends true /DetectCurves 0.1000 /ColorConversionStrategy /LeaveColorUnchanged /DoThumbnails false /EmbedAllFonts true /EmbedOpenType false /ParseICCProfilesInComments true /EmbedJobOptions true /DSCReportingLevel 0 /EmitDSCWarnings false /EndPage -1 /ImageMemory 524288 /LockDistillerParams true /MaxSubsetPct 1 /Optimize false /OPM 1 /ParseDSCComments true /ParseDSCCommentsForDocInfo true /PreserveCopyPage true /PreserveDICMYKValues true /PreserveEPSInfo true /PreserveFlatness false /PreserveHalftoneInfo false /PreserveOPIComments false /PreserveOverprintSettings true /StartPage 1 /SubsetFonts false /TransferFunctionInfo /Preserve /UCRandBGInfo /Preserve /UsePrologue false /ColorSettingsFile () /AlwaysEmbed [ true ] /NeverEmbed [ true ] /AntiAliasColorImages false /CropColorImages false /ColorImageMinResolution 200 /ColorImageMinResolutionPolicy /OK /DownsampleColorImages true /ColorImageDownsampleType /Bicubic /ColorImageResolution 600 /ColorImageDepth -1 /ColorImageMinDownsampleDepth 1 /ColorImageDownsampleThreshold 1.00000 /EncodeColorImages true /ColorImageFilter /DCTEncode /AutoFilterColorImages false /ColorImageAutoFilterStrategy /JPEG /ColorACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /ColorImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000ColorACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000ColorImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasGrayImages false /CropGrayImages false /GrayImageMinResolution 200 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 600 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.00000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages false /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /GrayImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000GrayACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000GrayImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasMonoImages false /CropMonoImages false /MonoImageMinResolution 595 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages false /MonoImageDownsampleType /Average /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict << /K -1 >> /AllowPSXObjects true /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile (U.S. Web Coated \050SWOP\051 v2) /PDFXOutputConditionIdentifier (CGATS TR 001) /PDFXOutputCondition () /PDFXRegistryName (http://www.color.org) /PDFXTrapped /False /CreateJDFFile false /Description << /ENU (Use these settings to create press-ready Adobe PDF documents for Cengage Learning books using Distiller 8.0.x. The resulting PDF will be compatible with Acrobat 8 \(PDF 1.7\) per CL File Preparation and Certification Task Force) >> /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ << /AsReaderSpreads false /CropImagesToFrames true /ErrorControl /WarnAndContinue /FlattenerIgnoreSpreadOverrides false /IncludeGuidesGrids false /IncludeNonPrinting false /IncludeSlug false /Namespace [ (Adobe) (InDesign) (4.0) ] /OmitPlacedBitmaps false /OmitPlacedEPS false /OmitPlacedPDF false /SimulateOverprint /Legacy >> << /AllowImageBreaks true /AllowTableBreaks true /ExpandPage false /HonorBaseURL true /HonorRolloverEffect false /IgnoreHTMLPageBreaks false /IncludeHeaderFooter false /MarginOffset [ 0 0 0 0 ] /MetadataAuthor () /MetadataKeywords () /MetadataSubject () /MetadataTitle () /MetricPageSize [ 0 0 ] /MetricUnit /inch /MobileCompatible 0 /Namespace [ (Adobe) (GoLive) (8.0) ] /OpenZoomToHTMLFontSize false /PageOrientation /Portrait /RemoveBackground false /ShrinkContent true /TreatColorsAs /MainMonitorColors /UseEmbeddedProfiles false /UseHTMLTitleAsMetadata true >> << /AddBleedMarks false /AddColorBars false /AddCropMarks true /AddPageInfo true /AddRegMarks false /BleedOffset [ 18 18 18 18 ] /ConvertColors /NoConversion /DestinationProfileName (U.S. Web Coated \(SWOP\) v2) /DestinationProfileSelector /UseName /Downsample16BitImages true /FlattenerPreset << /PresetSelector /MediumResolution >> /FormElements true /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MarksOffset 18 /MarksWeight 0.250000 /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /UseName /PageMarksFile /RomanDefault /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /LeaveUntagged /UseDocumentBleed false >> ] /SyntheticBoldness 1.000000 >> setdistillerparams << /HWResolution [2400 2400] /PageSize [612.000 792.000] >> setpagedevice
<< /ASCII85EncodePages false /AllowTransparency false /AutoPositionEPSFiles true /AutoRotatePages /None /Binding /Left /CalGrayProfile () /CalRGBProfile (sRGB IEC61966-2.1) /CalCMYKProfile (U.S. Web Coated \050SWOP\051 v2) /sRGBProfile (sRGB IEC61966-2.1) /CannotEmbedFontPolicy /Warning /CompatibilityLevel 1.7 /CompressObjects /Off /CompressPages true /ConvertImagesToIndexed true /PassThroughJPEGImages false /CreateJobTicket false /DefaultRenderingIntent /Default /DetectBlends true /DetectCurves 0.1000 /ColorConversionStrategy /LeaveColorUnchanged /DoThumbnails false /EmbedAllFonts true /EmbedOpenType false /ParseICCProfilesInComments true /EmbedJobOptions true /DSCReportingLevel 0 /EmitDSCWarnings false /EndPage -1 /ImageMemory 524288 /LockDistillerParams true /MaxSubsetPct 1 /Optimize false /OPM 1 /ParseDSCComments true /ParseDSCCommentsForDocInfo true /PreserveCopyPage true /PreserveDICMYKValues true /PreserveEPSInfo true /PreserveFlatness false /PreserveHalftoneInfo false /PreserveOPIComments false /PreserveOverprintSettings true /StartPage 1 /SubsetFonts false /TransferFunctionInfo /Preserve /UCRandBGInfo /Preserve /UsePrologue false /ColorSettingsFile () /AlwaysEmbed [ true ] /NeverEmbed [ true ] /AntiAliasColorImages false /CropColorImages false /ColorImageMinResolution 200 /ColorImageMinResolutionPolicy /OK /DownsampleColorImages true /ColorImageDownsampleType /Bicubic /ColorImageResolution 600 /ColorImageDepth -1 /ColorImageMinDownsampleDepth 1 /ColorImageDownsampleThreshold 1.00000 /EncodeColorImages true /ColorImageFilter /DCTEncode /AutoFilterColorImages false /ColorImageAutoFilterStrategy /JPEG /ColorACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /ColorImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000ColorACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000ColorImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasGrayImages false /CropGrayImages false /GrayImageMinResolution 200 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 600 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.00000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages false /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /GrayImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000GrayACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000GrayImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasMonoImages false /CropMonoImages false /MonoImageMinResolution 595 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages false /MonoImageDownsampleType /Average /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict << /K -1 >> /AllowPSXObjects true /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile (U.S. Web Coated \050SWOP\051 v2) /PDFXOutputConditionIdentifier (CGATS TR 001) /PDFXOutputCondition () /PDFXRegistryName (http://www.color.org) /PDFXTrapped /False /CreateJDFFile false /Description << /ENU (Use these settings to create press-ready Adobe PDF documents for Cengage Learning books using Distiller 8.0.x. The resulting PDF will be compatible with Acrobat 8 \(PDF 1.7\) per CL File Preparation and Certification Task Force) >> /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ << /AsReaderSpreads false /CropImagesToFrames true /ErrorControl /WarnAndContinue /FlattenerIgnoreSpreadOverrides false /IncludeGuidesGrids false /IncludeNonPrinting false /IncludeSlug false /Namespace [ (Adobe) (InDesign) (4.0) ] /OmitPlacedBitmaps false /OmitPlacedEPS false /OmitPlacedPDF false /SimulateOverprint /Legacy >> << /AllowImageBreaks true /AllowTableBreaks true /ExpandPage false /HonorBaseURL true /HonorRolloverEffect false /IgnoreHTMLPageBreaks false /IncludeHeaderFooter false /MarginOffset [ 0 0 0 0 ] /MetadataAuthor () /MetadataKeywords () /MetadataSubject () /MetadataTitle () /MetricPageSize [ 0 0 ] /MetricUnit /inch /MobileCompatible 0 /Namespace [ (Adobe) (GoLive) (8.0) ] /OpenZoomToHTMLFontSize false /PageOrientation /Portrait /RemoveBackground false /ShrinkContent true /TreatColorsAs /MainMonitorColors /UseEmbeddedProfiles false /UseHTMLTitleAsMetadata true >> << /AddBleedMarks false /AddColorBars false /AddCropMarks true /AddPageInfo true /AddRegMarks false /BleedOffset [ 18 18 18 18 ] /ConvertColors /NoConversion /DestinationProfileName (U.S. Web Coated \(SWOP\) v2) /DestinationProfileSelector /UseName /Downsample16BitImages true /FlattenerPreset << /PresetSelector /MediumResolution >> /FormElements true /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MarksOffset 18 /MarksWeight 0.250000 /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /UseName /PageMarksFile /RomanDefault /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /LeaveUntagged /UseDocumentBleed false >> ] /SyntheticBoldness 1.000000 >> setdistillerparams << /HWResolution [2400 2400] /PageSize [612.000 792.000] >> setpagedevice
<< /ASCII85EncodePages false /AllowTransparency false /AutoPositionEPSFiles true /AutoRotatePages /None /Binding /Left /CalGrayProfile () /CalRGBProfile (sRGB IEC61966-2.1) /CalCMYKProfile (U.S. Web Coated \050SWOP\051 v2) /sRGBProfile (sRGB IEC61966-2.1) /CannotEmbedFontPolicy /Warning /CompatibilityLevel 1.7 /CompressObjects /Off /CompressPages true /ConvertImagesToIndexed true /PassThroughJPEGImages false /CreateJobTicket false /DefaultRenderingIntent /Default /DetectBlends true /DetectCurves 0.1000 /ColorConversionStrategy /LeaveColorUnchanged /DoThumbnails false /EmbedAllFonts true /EmbedOpenType false /ParseICCProfilesInComments true /EmbedJobOptions true /DSCReportingLevel 0 /EmitDSCWarnings false /EndPage -1 /ImageMemory 524288 /LockDistillerParams true /MaxSubsetPct 1 /Optimize false /OPM 1 /ParseDSCComments true /ParseDSCCommentsForDocInfo true /PreserveCopyPage true /PreserveDICMYKValues true /PreserveEPSInfo true /PreserveFlatness false /PreserveHalftoneInfo false /PreserveOPIComments false /PreserveOverprintSettings true /StartPage 1 /SubsetFonts false /TransferFunctionInfo /Preserve /UCRandBGInfo /Preserve /UsePrologue false /ColorSettingsFile () /AlwaysEmbed [ true ] /NeverEmbed [ true ] /AntiAliasColorImages false /CropColorImages false /ColorImageMinResolution 200 /ColorImageMinResolutionPolicy /OK /DownsampleColorImages true /ColorImageDownsampleType /Bicubic /ColorImageResolution 600 /ColorImageDepth -1 /ColorImageMinDownsampleDepth 1 /ColorImageDownsampleThreshold 1.00000 /EncodeColorImages true /ColorImageFilter /DCTEncode /AutoFilterColorImages false /ColorImageAutoFilterStrategy /JPEG /ColorACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /ColorImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000ColorACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000ColorImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasGrayImages false /CropGrayImages false /GrayImageMinResolution 200 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 600 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.00000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages false /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /GrayImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000GrayACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000GrayImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasMonoImages false /CropMonoImages false /MonoImageMinResolution 595 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages false /MonoImageDownsampleType /Average /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict << /K -1 >> /AllowPSXObjects true /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile (U.S. Web Coated \050SWOP\051 v2) /PDFXOutputConditionIdentifier (CGATS TR 001) /PDFXOutputCondition () /PDFXRegistryName (http://www.color.org) /PDFXTrapped /False /CreateJDFFile false /Description << /ENU (Use these settings to create press-ready Adobe PDF documents for Cengage Learning books using Distiller 8.0.x. The resulting PDF will be compatible with Acrobat 8 \(PDF 1.7\) per CL File Preparation and Certification Task Force) >> /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ << /AsReaderSpreads false /CropImagesToFrames true /ErrorControl /WarnAndContinue /FlattenerIgnoreSpreadOverrides false /IncludeGuidesGrids false /IncludeNonPrinting false /IncludeSlug false /Namespace [ (Adobe) (InDesign) (4.0) ] /OmitPlacedBitmaps false /OmitPlacedEPS false /OmitPlacedPDF false /SimulateOverprint /Legacy >> << /AllowImageBreaks true /AllowTableBreaks true /ExpandPage false /HonorBaseURL true /HonorRolloverEffect false /IgnoreHTMLPageBreaks false /IncludeHeaderFooter false /MarginOffset [ 0 0 0 0 ] /MetadataAuthor () /MetadataKeywords () /MetadataSubject () /MetadataTitle () /MetricPageSize [ 0 0 ] /MetricUnit /inch /MobileCompatible 0 /Namespace [ (Adobe) (GoLive) (8.0) ] /OpenZoomToHTMLFontSize false /PageOrientation /Portrait /RemoveBackground false /ShrinkContent true /TreatColorsAs /MainMonitorColors /UseEmbeddedProfiles false /UseHTMLTitleAsMetadata true >> << /AddBleedMarks false /AddColorBars false /AddCropMarks true /AddPageInfo true /AddRegMarks false /BleedOffset [ 18 18 18 18 ] /ConvertColors /NoConversion /DestinationProfileName (U.S. Web Coated \(SWOP\) v2) /DestinationProfileSelector /UseName /Downsample16BitImages true /FlattenerPreset << /PresetSelector /MediumResolution >> /FormElements true /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MarksOffset 18 /MarksWeight 0.250000 /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /UseName /PageMarksFile /RomanDefault /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /LeaveUntagged /UseDocumentBleed false >> ] /SyntheticBoldness 1.000000 >> setdistillerparams << /HWResolution [2400 2400] /PageSize [612.000 792.000] >> setpagedevice
<< /ASCII85EncodePages false /AllowTransparency false /AutoPositionEPSFiles true /AutoRotatePages /None /Binding /Left /CalGrayProfile () /CalRGBProfile (sRGB IEC61966-2.1) /CalCMYKProfile (U.S. Web Coated \050SWOP\051 v2) /sRGBProfile (sRGB IEC61966-2.1) /CannotEmbedFontPolicy /Warning /CompatibilityLevel 1.7 /CompressObjects /Off /CompressPages true /ConvertImagesToIndexed true /PassThroughJPEGImages false /CreateJobTicket false /DefaultRenderingIntent /Default /DetectBlends true /DetectCurves 0.1000 /ColorConversionStrategy /LeaveColorUnchanged /DoThumbnails false /EmbedAllFonts true /EmbedOpenType false /ParseICCProfilesInComments true /EmbedJobOptions true /DSCReportingLevel 0 /EmitDSCWarnings false /EndPage -1 /ImageMemory 524288 /LockDistillerParams true /MaxSubsetPct 1 /Optimize false /OPM 1 /ParseDSCComments true /ParseDSCCommentsForDocInfo true /PreserveCopyPage true /PreserveDICMYKValues true /PreserveEPSInfo true /PreserveFlatness false /PreserveHalftoneInfo false /PreserveOPIComments false /PreserveOverprintSettings true /StartPage 1 /SubsetFonts false /TransferFunctionInfo /Preserve /UCRandBGInfo /Preserve /UsePrologue false /ColorSettingsFile () /AlwaysEmbed [ true ] /NeverEmbed [ true ] /AntiAliasColorImages false /CropColorImages false /ColorImageMinResolution 200 /ColorImageMinResolutionPolicy /OK /DownsampleColorImages true /ColorImageDownsampleType /Bicubic /ColorImageResolution 600 /ColorImageDepth -1 /ColorImageMinDownsampleDepth 1 /ColorImageDownsampleThreshold 1.00000 /EncodeColorImages true /ColorImageFilter /DCTEncode /AutoFilterColorImages false /ColorImageAutoFilterStrategy /JPEG /ColorACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /ColorImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000ColorACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000ColorImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasGrayImages false /CropGrayImages false /GrayImageMinResolution 200 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 600 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.00000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages false /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /GrayImageDict << /QFactor 0.15 /HSamples [1 1 1 1] /VSamples [1 1 1 1] >> /JPEG2000GrayACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /JPEG2000GrayImageDict << /TileWidth 256 /TileHeight 256 /Quality 30 >> /AntiAliasMonoImages false /CropMonoImages false /MonoImageMinResolution 595 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages false /MonoImageDownsampleType /Average /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict << /K -1 >> /AllowPSXObjects true /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile (U.S. Web Coated \050SWOP\051 v2) /PDFXOutputConditionIdentifier (CGATS TR 001) /PDFXOutputCondition () /PDFXRegistryName (http://www.color.org) /PDFXTrapped /False /CreateJDFFile false /Description << /ENU (Use these settings to create press-ready Adobe PDF documents for Cengage Learning books using Distiller 8.0.x. The resulting PDF will be compatible with Acrobat 8 \(PDF 1.7\) per CL File Preparation and Certification Task Force) >> /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ << /AsReaderSpreads false /CropImagesToFrames true /ErrorControl /WarnAndContinue /FlattenerIgnoreSpreadOverrides false /IncludeGuidesGrids false /IncludeNonPrinting false /IncludeSlug false /Namespace [ (Adobe) (InDesign) (4.0) ] /OmitPlacedBitmaps false /OmitPlacedEPS false /OmitPlacedPDF false /SimulateOverprint /Legacy >> << /AllowImageBreaks true /AllowTableBreaks true /ExpandPage false /HonorBaseURL true /HonorRolloverEffect false /IgnoreHTMLPageBreaks false /IncludeHeaderFooter false /MarginOffset [ 0 0 0 0 ] /MetadataAuthor () /MetadataKeywords () /MetadataSubject () /MetadataTitle () /MetricPageSize [ 0 0 ] /MetricUnit /inch /MobileCompatible 0 /Namespace [ (Adobe) (GoLive) (8.0) ] /OpenZoomToHTMLFontSize false /PageOrientation /Portrait /RemoveBackground false /ShrinkContent true /TreatColorsAs /MainMonitorColors /UseEmbeddedProfiles false /UseHTMLTitleAsMetadata true >> << /AddBleedMarks false /AddColorBars false /AddCropMarks true /AddPageInfo true /AddRegMarks false /BleedOffset [ 18 18 18 18 ] /ConvertColors /NoConversion /DestinationProfileName (U.S. Web Coated \(SWOP\) v2) /DestinationProfileSelector /UseName /Downsample16BitImages true /FlattenerPreset << /PresetSelector /MediumResolution >> /FormElements true /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MarksOffset 18 /MarksWeight 0.250000 /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /UseName /PageMarksFile /RomanDefault /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /LeaveUntagged /UseDocumentBleed false >> ] /SyntheticBoldness 1.000000 >> setdistillerparams << /HWResolution [2400 2400] /PageSize [612.000 792.000] >> setpagedevice
-
- 2017-03-23T01:55:42+0000
- Preflight Ticket Signature