Organizations- IS, IT and VSM

Information Systems

Information systems (IS) is a set of interrelated components that collect, manipulate and disseminate data and information and provide feedback to meet an objective. It is concerned with the information that computer systems can provide to aid a company, non-profit or governmental organization in defining and achieving its goals. It is also concerned with the processes that an enterprise can implement and improve using information technology. IS professionals must understand both technical and organizational factors, and must be able to help an organization determine how information and technology-enabled business processes can provide a foundation for superior organizational performance. They serve as a bridge between the technical and management communities within an organization.

Information Technology

Information technology (IT) refers to all of the computer based information systems used by organizations and their underlying technologies. It refers to anything related to computing technology, such as networking, hardware, software, the Internet, or the people that work with these technologies. Many companies now have IT departments for managing the computers, networks, and other technical areas of their businesses. IT jobs include computer programming, network administration, computer engineering, Web development, technical support, and many other related occupations. Since we live in the "information age," information technology has become a part of our everyday lives.

Viable Systems Model (VSM)

The VSM is a model created by Stafford Beer that describes what ought to be done for an organization to be viable (i.e. to sustain itself over time). It has been used extensively as a conceptual tool for understanding organizations, redesigning them (where appropriate) and supporting the management of change.

There are three components in it:

·    Environment (left oval on the diagram), obviously out of the System, defined as  Operations + Management

·    Operations (circles in the middle)

·    Management (squares and triangles on the right)

The VSM is an embodiment of Ross Ashby’s law of requisite variety. Variety is loosely defined as “the number of different states a system can be in”. The Law of Requisite Variety states that for a system to effectively control another one, it must feature at least as much variety as the one it wants to control.

Environment

The Environment is what the system wants to control, so the system must bear the requisite variety, either genuinely or through attenuation (which means that different states of the Environment are managed through the same response from the System because, from the point of view of the System, they fall into the same “category”). So, in front of each part of the Environment the System wishes to control, there a corresponding Operations part that interacts with it.

Operations

Operations manage parts of the Environment. As these parts may overlap, different Operations sub-systems need to communicate (represented as the big zig zag line between the two circles on the diagram). The VSM is a recursive model, meaning that every operation is supposed to be a VSM in itself. The different Operations sub-systems have to cooperate which might, sometime, require some external help in the form of Management. In the VSM, Operations is named “System 1″.

Management

The Management sub-systems are Systems 2, 3, 3*, 4 and 5 with the following roles:

• System 2 is in charge of all the signaling between Operations and System 3.

• System 3 manages the relations between different Operations sub-systems and resolves any residual conflicts that may not have been resolved between the System 1 themselves. In VSM speech, it’s said to absorb any residual variety not managed by Operations.

• System 3* (three-star) is an audit system onto Operations.

• System 4 is the foreseeing sub-system in charge of anticipating the future of the Environment as a whole to ensure the VSM will evolve accordingly. Operations are mainly in charge of the present of the Environment parts they’re dealing with and of the Future of their part (since VSM being recursive they have their own sub-system 4).

• System 5 is the ethos of the whole VSM, the policy, what defines the strategy of the whole.

Usage of VSM

Mainly, there are two possible usages:

• To define the structure of an organization, the VSM being a template against which a real organization may be designed.
• To audit model where an existing organization is assessed against the model to see where some sub-systems could be lacking, possibly impeding viability of the whole, or where parts of the organization may not fit the VSM in which case these parts can be candidates for removal.

On a more pragmatic level, the overall structure of VSM shows that a viable organization is one where operational entities are autonomous with respect to what they have to manage in the environment, yet following an overall strategy defined at global System 5 level.

Communications between Operations need to exist to ensure coordination and someone must be in charge of coordinating the whole (System 3). Time is taken into account by keeping an eye on the future (System 4) and informing the strategy and/or the management of Operations (System 3) where deemed necessary.

The other side of the coin showed by VSM is that any central authority trying to control everything from the top to down is doomed to fail because it will violate the law of requisite variety. The Environment won’t be properly matched by the variety of the system and so the overall viability is at risk.

Business, Process and IS/IT Project Management

What is IS project?

An information system is an assembly of resources-be they human, machine, data or procedures--that work collectively to produce quality information. An information system is necessary. Information system project, also called project management information system, is an organizational system. It allows a project to be organized and run so all the parts keep moving.

Key Components of IS Project:

1.    People

2.    Business

3.    Finance

4.    Users

5.    The Project Office

6.    IT development, support, operations and architecture

7.    Supplier Staff

8.   Structure – how the people are organised to ensure a successful outcome; reviews,  approvals, decisions

9.   Process – this might include processes for programme and project management, the development method, corporate approval and procurement

10.  Products - the output of the project – plans, business case, specifications, test strategy, a working system, documentation etc.

Systems Development Lifecycle (SDLC):

The systems development life cycle (SDLC) is a conceptual model used in project management that describes the stages involved in an information system development project, from an initial feasibility study through maintenance of the completed application.

Various SDLC methodologies have been developed to guide the processes involved, including the waterfall model (which was the original SDLC method); rapid application development (RAD); joint application development (JAD); the fountain model; the spiral model; build and fix; and synchronize-and-stabilize. Frequently, several models are combined into some sort of hybrid methodology. Documentation is crucial regardless of the type of model chosen or devised for any application, and is usually done in parallel with the development process. Some methods work better for specific types of projects, but in the final analysis, the most important factor for the success of a project may be how closely the particular plan was followed.

In general, an SDLC methodology follows the following steps:

1. The existing system is evaluated. Deficiencies are identified. This can be done by interviewing users of the system and consulting with support personnel.

2. The new system requirements are defined. In particular, the deficiencies in the existing system must be addressed with specific proposals for improvement.

3. The proposed system is designed. Plans are laid out concerning the physical construction, hardware, operating systems, programming, communications, and security issues.

4. The new system is developed. The new components and programs must be obtained and installed. Users of the system must be trained in its use, and all aspects of performance must be tested. If necessary, adjustments must be made at this stage.

5. The system is put into use. This can be done in various ways. The new system can phased in, according to application or location, and the old system gradually replaced. In some cases, it may be more cost-effective to shut down the old system and implement the new system all at once.

6. Once the new system is up and running for a while, it should be exhaustively evaluated. Maintenance must be kept up rigorously at all times. Users of the system should be kept up-to-date concerning the latest modifications and procedures.

Privacy and Security

Computer Crime

The Sources and Types of Security Threats

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

Yesterday's security doesn't work for today's threats

Traditional or customary approaches to enterprise security are inherently reactive, an approach that can spell disaster for the fast-emerging threat landscape today. Cyber crime demands a very different approach to securing data assets, as this video demonstrates.

http://www.youtube.com/watchv=eEzmXrs0mdA&feature=share&list=PLN8WnwDokjIghFZZI1aBPuY66qyXnx7bs

Internet Related Threats:

1.   Denial of service (DoS): This is a form of attack on company information systems that involves flooding the company's Internet servers with huge amounts of traffic. Such attacks effectively halt all of the company's Internet activities until the problem is dealt with.

Simple DOS: It involves getting the server to perform a large number of mundane tasks, exceeding the capacity of the server to cope with any other task. E.g. Ping computer to ask its name reputedly.

Distributed DOS:  Multiple computers are virus infected to be slaves to master computer. Master computer instructs slaves to bombard target with multiple mundane resource intensive requests. Also strain on Internet due to number of packets routed via different places.

2.   Brand abuse: This describes a wide range of activities, ranging from the sale of counterfeit goods (e.g. software applications) to the exploitation a well-known brand name for commercial gain.

3.   Cyber-squatting: The act of registering an Internet domain with the intention of selling it for profit to an interested party. As an example, the name of a celebrity might be registered and then offered for sale at an extremely high price.

4.   Cyber stalking: This refers to the use of the Internet as a means of harassing another individual. A related activity is known as corporate stalking, where an organisation uses its resources to harass individuals or business competitors.

5.   Cyber terrorism: This describes attacks made on information systems that are motivated by political or religious beliefs.

6.   Online stock fraud: Most online stock fraud involves posting false information to the Internet in order to increase or decrease the values of stocks.

7.   Social engineering: This involves tricking people into providing information that can be used to gain access to a computer system.

8.   Phishing: A relatively new development, phishing involves attempting to gather confidential information through fake e-mail messages and web sites.

Internal Threats:

·    Intentional Malicious Behavior

·  Typically associated with disgruntled or ill-willed employees – e.g.: A marketing employee selling customers’ e-mail addresses to spammers

·   Careless Behavior- Associated with ignorance of or disinterest in security problem -  e.g.: Failing to destroy sensitive data according to planned schedules

Responding to Security Threats:

Internal Security Threats

·   Security Policies

·   Spell out what the organization believes are the behaviours that individual employeeswithin the firm should follow in order to minimize security risks

·   They should specify:

·    Password standards

·    User rights

·    Legitimate uses of portable devices

·    The firm should audit the policies to ensure compliance

Risk Assessment:

·   Audit the current resources

·   Map the current state of information systems security in the organization

·   The audit will expose vulnerabilities and provide the basis for risk analysis

·    Risk Analysis: The process of quantifying the risks identifies in the audit

Managers need to be aware of the following:

·   Understand the need for the use of appropriate software such as anti-virus packages, firewalls and intrusion detection software.

·   Manage the implementation of a formal security policy that incorporates an acceptable use policy.

·   The use of regular audits to control activities such as the use of illegal software. Audits can also be useful in detecting unauthorised access to data and attempts to carry out acts of fraud.

·   The introduction of various recovery methods intended to allow the organisation to resume its operations as quickly as possible.

Regulations:

·    National UK: Computer Misuse Act 1990

Sec 1: Unauthorised access to Programs or computer material

Sec 2: Unauthorised access with intent to commit or facilitate commission of further offences

New Sec.3: Unauthorised acts with intent to impair operation of computer

Old Sec 3 – Unauthorised modification - updated in 2006 (via Police and Justice Act 2006) in response to ‘denial of service attacks’.

·   Data Protection Act (1984): Legislation setting out the rights of organizations and individuals in terms of how personal information is gathered, stored, processed and disclosed. The Data Protection Act 1998 regulates not only the overt collection of data over the Internet but also invisible tracking (whether by means of cookies or otherwise).

-     Personal Data: information that relates to an identified or identifiable person or which in combination with other information in the possession of, or that is likely to come into the possession of the data controller would permit their identification.

-    Information will ‘relate to’ an individual if it is information that affects a person’s privacy, whether in his personal or family life, business or professional capacity.

-    Sensitive Personal Data: racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental condition, sex life, criminal proceedings or convictions.

Data protection act latest information for organisations

http://www.youtube.com/watch?v=b5p8IytfT8E

Short news report

http://www.youtube.com/watch?v=dsqbKqmm_Gs&NR=1 

E-commerce

E-commerce can be defined as the use of the Internet and the Web to conduct business transactions. Electronic commerce consists of the buying and selling of products or services over electronic systems such as the Internet and other computer networks. Modern electronic commerce typically uses the World Wide Web at least at some point in the transaction's lifecycle, although it can encompass a wider range of technologies such as e-mail as well.

Features of e-commerce technology:

• Ubiquity: It is available just about everywhere and at all times.

• Global Reach: the potential market size is roughly equal to the size of the online population of the world.

• Universal standards: The technical standards of the Internet, and therefore of conducting e-commerce, are shared by all of the nations in the world.

• Richness: Information that is complex and content rich can be delivered without sacrificing reach.

• Interactivity: E-commerce technologies allow two-way communication between the merchant and the consumer.

• Information density: The total amount and quality of information available to all market participants is vastly increased and is cheaper to deliver.

• Personalization/Customization: E-commerce technologies enable merchants to target their marketing messages to a person’s name, interests, and past purchases. They allow a merchant to change the product or service to suit the purchasing behaviour and preferences of a consumer.

• Social technology: User content generation and social networking technologies.

There are primarily five types of e-commerce models:

1.      Business to Consumer (B2C)

B2C stands for Business to Consumer as the name suggests, it is the model taking businesses and consumers interaction. Online business sells to individuals. The basic concept of this model is to sell the product online to the consumers. B2c is the indirect trade between the company and consumers. It provides direct selling through online. For example: if you want to sell goods and services to customer so that anybody can purchase any products directly from supplier’s website.

Directly interact with the customers is the main difference with other business model. AsB2B it manages directly relationship with consumers, B2C supply chains normally deal with business that are related to the customer.

2.    Business to Business (B2B)

B2B stands for Business to Business. It consists of largest form of Ecommerce. This model defines that Buyer and seller are two different entities. It is similar to manufacturer issuing goods to the retailer or wholesaler.  Dell deals computers and other associated accessories online but it is does not make up all those products. So, in govern to deal those products, first step is to purchases them from unlike businesses i.e. the producers of those products.“It is one of the cost effective way to sell out product throughout the world”

Benefits:

• Encourage your businesses online
• Products import and export
• Determine buyers and suppliers
• Position trade guides

3.    Consumer to Consumer (C2C)

C2C stands for Consumer to Consumer. It helps the online dealing of goods or services among people. Though there is no major parties needed but the parties will not fulfill the transactions without the program which is supplied by the online market dealer such as eBay.

4.      Peer to Peer (P2P)

It is a discipline that deal itself which assists people to instantly shares related computer files and computer sources without having to interact with central web server.If you are going to implement this model, both sides demand to install the expected software so that they could able to convey on the mutual platform. This kind of e-commerce has very low revenue propagation as from the starting it has been tended to the release of use due to which it sometimes caught involved in cyber laws.

5.      m-Commerce

It deals with conducting the transactions with the help of mobile. The mobile device consumers can interact with each other and can lead the business. Mobile Commerce involves the change of ownership or rights to utilize goods and related services.

Evolution of e-commerce:

The three stages in the evolution of e-commerce are innovation, consolidation, and reinvention. Innovation took place from 1995–2000 and was characterized by excitement and idealistic visions of markets in which quality information was equally available to both buyers and merchants. However, e-commerce did not fulfil these visions during its early years. After 2000, e-commerce entered its second stage of development: consolidation. In this stage, more traditional firms began to use the Web to enhance their existing businesses. Less emphasis was placed on creating new brands. In 2006, though, e-commerce entered its current stage, reinvention, as social networking and Web 2.0 applications reinvigorated e-commerce and encouraged the development of new business models.

Limitations on the growth of e-commerce:

One major limitation to the growth of e-commerce is the price of personal computers. Another limitation is the need for many people to learn complicated operating systems, at least in comparison to other technologies such as the television or the telephone. People must also learn a set of sophisticated skills to make effective use of the Internet and e-commerce capabilities. Another limitation is the unlikelihood that the digital shopping experience will ever replace the social and cultural experience that many seek from the traditional shopping environment. Finally, persistent global income inequality will exclude most of the world’s population, who do not and probably will not in the foreseeable future, have access to telephones or PCs. Social and cultural limitations are likely to be tougher to overcome than technological limitations.

Systems in Small Businesses

"SME" stands for small and medium-sized enterprises – as defined in EU law: EU recommendation 2003/361.

The main factors determining whether a company is an SME are:

Company category	Employees	Turnover	or		Balance sheet total
Medium-sized	< 250	≤ € 50 m		≤ € 43 m
Small	< 50	≤ € 10 m		≤ € 10 m
Micro	< 10	≤ € 2 m		≤ € 2 m

1Euro =86p

There were an estimated 4.8 million businesses in the UK which employed 23.9 million people, and had a combined turnover of £3,100 billion. SMEs accounted for 99.9 per cent of of all private sector businesses in the UK, 59.1 per cent of private sector employment and 48.8 per cent of private sector turnover. SMEs employed 14.1 million people and had a combined turnover of £1,500 billion. Small businesses alone accounted for 47 per cent of private sector employment and 34.4 per cent of turnover. Of all businesses, 62.7 per cent (three million) were sole proprietorships, 28 per cent (1.3 million) were companies and 9.3 per cent (448,000) partnerships.

micro: 0-9 employees, small: 10-49 employees, medium: 50-249 employees

(updated October 2012, figures obtained from the Department for Business Innovation and Skills. Home working figures courtesy of Enterprise Nation).

Mintzberg’s Model of Organisational Structure

The Canadian academic, Henry Mintzberg, synthesised organisational design literature into five ideal organisational forms or configurations that do not exist in the real world, but provide consultants and managers a framework to understand and design organisational structures.

Mintzberg defined organisational structure as "the sum total of the ways in which it divides its labour into distinct tasks and then achieves coordination among them". Each configuration contains six components:

Operating core: The people directly related to the production of services or products.

Strategic apex: Serves the needs of those people who control the organisation.

Middle line: The managers who connect the strategic apex with the operating core.

Technostructure: The analysts, who design, plan, change or train the operating core.

Support staff: The specialists who provide support to the organisation outside of the operating core's activities.

Ideology: The traditions and beliefs that make the organisation unique.

The Four Basic Steps for a Small Business to Systemisation:

1. Flowchart each process in the business.
2. Document how it gets done.. A team member who is currently doing the job writes down   every step in performing a task. A new person then does the task with the written down steps. If the person currently doing the task has to step in and explain anything to the new person then they need to add or clarify the step etc. Once completed start again with another person until any person can do the task without intervention. It may seem laborious, but it will save time and money in the long run.
3. Measure using key performance indicators. Typically, these will be the top five measures to show system performance e.g. in sales you could use no. of leads, conversion rate, average sale value etc.
4. Allow the system to change/grow. Ensure the system is self-correcting and can evolve – this does not mean loss of control, but strengthening and maturity.

The key systems for small businesses are:

1. Lead Generation – Marketing
2. Lead Conversion – Selling
3. Client Fulfilment – Delivering Value