Planning for Information System

Focuses on discovering innovative approaches to satisfy customer and business value goals. Component of IT Planning Strategy Development: concurrent with organization vision Resource Management: managing or outsourcing an organization resources Technology Architecture: choice of appropriate architecture

Factors Affecting Identification of Application

1. 2. 3. 4. 5. 6. MIS goals and objectives Strategy for the plan achievement The architecture of the MIS The system development schedule Hardware and software plan Ascertaining the class of information

Goals of Business Planning Systems

Understand the issues and opportunities with the current applications and technical architecture Develop a future state and migration path for the technology that supports the enterprise Provide business executives with a direction and decision making framework for IT capital expenditures Provide IS with a blueprint for development The result of a BPS project is an actionable roadmap that aligns technology investments to business strategy.

CRITICAL SUCCESS FACTORS(CSF)

CSFs are those characteristics, conditions, or variables which when maintained and sustained, can have significant impact on the success of an organization competing in a particular industry.
A basic nature of CSFs is that they differ from industry to industry e.g. consumer goods versus industrial goods, local versus globa1 industries and so on .

CRITICAL SUCCESS FACTORS (CSFs)

SMALL NUMBER, EASILY IDENTIFIABLE OPERATIONAL GOALS SHAPED BY INDUSTRY, MANAGER, ENVIRONMENT BELIEVED TO ASSURE FIRMS SUCCESS USED TO DETERMINE ORGANIZATIONS INFORMATION REQUIREMENTS

CRITICAL SUCCESS FACTORS

Example: PROFIT CONCERN

GOALS (AUTOMOBILE INDUSTRY): Earnings per share, return on investment, market share, new product
CSF: Styling, quality dealer system, cost control, energy standards

CRITICAL SUCCESS FACTORS Example: NONPROFIT CONCERN

GOALS (HOSPITAL): Excellent health care, meeting government regulations, future health needs CSF: Regional integration with other hospitals, efficient use of resources, improved monitoring of regulations

Critical Success Factors for Information System

Critical success factors (CSF) are widely used in the information systems arena. CSFs can be understood as the few key areas where things must go right for the implementation to be successful. Following are the commonly identified CSFs identified for the success of MIS implementation project. Project Management Project Management involves the use of skills and knowledge in coordinating the scheduling and monitoring of defined activities to ensure that the stated objectives of implementation projects are achieved. The formal project implementation plan defines project activities, commits personnel to those activities, and promotes organizational support by organizing the implementation process.
User training and education In MIS implementation process many projects fail in the end due to lack of proper training. Many researchers consider users training and education to be an important factor of the successful MIS implementation. The main reason for education and training program for MIS implementation is to make the user comfortable with the system and increase the expertise and knowledge level of the people. MIS related concept, features of MIS system, and hands on training are all important dimensions of training program for MIS implementation. Training is not only using the new system, but also in new processes and in understanding the integration within the system how the work of one employee influences the work of others.

Technological infrastructure The adequate IT infrastructure, hardware and networking are crucial for an MIS systems success. It is clear that MIS implementation involves a complex transition from legacy information systems and business processes to an integrated IT infra-structure and common business process throughout the organization. Hardware selection is driven by the firms choice of an MIS software package. The MIS software vendor generally certifies which hardware (and hardware configurations) must be used to run the MIS system. This factor has been considered critical by the practitioners and as well as by the researchers.

Change management Change management is a primary concern of many organizations involved in MIS project implementation . Many MIS implementations fail to achieve expected benefits, possibly because companies underestimate the efforts involved in change management. organizational change is the body of knowledge that is used to ensure that a complex change, like that associated with a new big information system, gets the right results, in the right timeframe, at the right costs. Generally, one of the main obstacles facing MIS implementation is resistance to change. The resistance to change is one of the main hurdles faced by most companies. Resistance can be destructive since it can create conflicts between actors, it can be very time consuming. To implement an MIS systems successfully, the way organizations do business will need to change and ways people do their jobs will need to change as well. The recurring improvisational change methodology as a useful technique for identifying, managing, and tracking changes in implementing an MIS system. Change Management is important and one of the critical success factors identified in the literature. It is imperative for success of implementation project starting at the initial phase and continuing throughout the entire life cycle.

Management of Risk Every Information technology implementation project carries important elements of risk; hence it is probable that progress will deviate from the plan at some point in the project life cycle. MIS implementation project risks are described as uncertainties, liabilities or vulnerabilities that may cause the project to deviate from the defined plan. Risk management is the competence to handle unexpected crises and deviation from the plan. The implementation of MIS system project is characterized as complex activity and involves a possibility of occurrence of unexpected events. Therefore, risk management is to minimize the impact of unplanned incidents in the project by identifying and addressing potential risks before significant consequences occur. It is understood that the risk of project failure is substantially reduced if the appropriate risk management strategy is followed.

Top Management Support Top management support has been consistently identified as the most important and crucial success factor in MIS system implementation projects. Top management to provide the necessary resources and authority or power for project success. Top management support in MIS implementation has two main facets: (1) providing leadership; and (2) providing the necessary resources. To implement MIS system successfully, management should monitor the implementation progress and provide clear direction of the project. They must be willing to allow for a mindset change by accepting that a lot of learning has to be done at all levels, including themselves.

Team work and composition MIS team work and composition is important throughout the MIS implementation project. An MIS project involves all of the functional departments and demands the effort and cooperation of technical and business experts as well as end-users., MIS implementation team comprises of, functional personnel and management, IT personnel and management, top management, IT consultants, MIS vendor , parent company employees, management consultants, hardware vendor. The MIS team should be balanced, or cross functional and comprise a mix of external consultants and internal staff so the internal staff can develop the necessary technical skills for design and MIS implementation. According to a survey, having competent members in the project team is the fourth most important success factor for IS implementation. Further, the members of the project team(s) must be empowered to make quick decisions. User Involvement User involvement refers to a psychological state of the individual and is defined as the importance and personal relevance of a system to a user. It is also defined as the users participation in the implementation process. There are two areas for user involvement when the company decides to implement an MIS system: (1) user involvement in the stage of definition of the companys MIS system needs, and (2) user participation the implementation of MIS systems. The functions of the MIS system rely on the user to use the system after going live, but the user is also a significant factor in the implementation. Use of consultants Due to the complexity of implementing an MIS system, it requires the use of either internal or external experts who are knowledgeable about the installation and software. Many companies prefer or must have external consultants to perform MIS implementation. MIS implementation the consultants may be involved in different stages of the MIS project implementation. Clearly, it is critical success factor and has to be managed and monitored very carefully.

Business Process Reengineering Another important factor that is critical for the success of MIS implementation is the Business Process Reengineering. It is defined the fundamental rethinking and radical redesign of business processes to achieve dramatic improvements in critical, contemporary measures of performance, such as cost, quality, service and speed. Organizations should be willing to change their businesses to fit the MIS software in order to minimize the degree of customization needed. The implementation of MIS requires examination of many business processes, which believed to be one of the important and beneficial results of the implementation of MIS system. Goals and Objectives Clear goals and objectives are essential to guide an ongoing organizational effort for MIS implementation as it usually exceeds the time frame for a typical business project. Clear goals and objectives were the third most critical success factors in a study of MRP implementation. It is important to set the goals of the project before even seeking top management support. The triple constraint of project management specifies three often competing and interrelated goals that need to be met: scope, time, and cost goals. There must also be clear definitions of goals, expectations, and deliverables. Finally, the organization must carefully define why the MIS system is being implemented and what critical business needs the system will address. Effective Communication Communication is one of most challenging and difficult tasks in any MIS implementation project. It is considered a critical success factors for the implementation of MIS systems by many authors. It is essential for creating an understanding, an approval of the implementation and sharing information between the project team and communicating to the whole organization the results and the goals in each implementation stage. In addition to gaining approval and user acceptance, the communication will allow the implementation to initiate the necessary final acceptance. The communication should start early in the MIS implementation project and can include overview of the system and the reason for implementing it be consistent and continuous.

USING CSFs TO DEVELOP SYSTEMS

COLLECT MANAGERS CSFs AGGREGATE, ANALYZE INDIVIDUALS CSFs DEVELOP AGREEMENT ON COMPANY CSFs DEFINE COMPANY CSFs USE CSFs TO DEVELOP INFORMATION SYSTEM PRIORITIES DEFINE DSS & DATABASES

Advantages of CSF Approach

There are certain advantages of using CSF approach
1. CSF approach produces a smaller data set to analyze for determining information requirements. 2. CSF approach can be tailored to the structure of each Industry, with different competitive strategies producing different information systems. 3. CSF approach takes into account the changing environment with which the organization and its managers must deal.

4. CSF approach brings consensus among top managers about what is important to measure to gauge the organizational success. This enables the managers to focus their attention on how Information should be handled.

Limitations of CSF Approach

1.There is no rigorous method of identifying CSFs either Industry wise or organization wise. Whatever factors managers may perceive as being critical may not truly be critical. Therefore, for Identify various CSFs. managers need high-level of imagination experience. 2.CSF approach focuses more on managers Individually rather than focusing on the organization as a whole. What might be a CSF from a manager's point of view, may not be a CSF from the organization point of view. Therefore. confusion arises which CSFs has to consider for information system design. 3.CSF approach is specifically useful for higher-level Information systems i.e. decision support systems and executive Information systems.

Make or Buy Decisions

Existing
New

OUTSOURCING
Outsourcing means that the company divests itself of the resources to fullfil a particular activity to another company to focus more effectively on its own competence (NEVI, 2000) Outsourcing is the decision and subsequent transfer process by which activities that constitute a function, that earlier have been carried out within the company, are instead purchased from an external supplier (Axelsson and Wynstra, 2002) Hiring someone whose expertise can perform a business function or activity better, more cost effectively and/or in a more timely manner than can be achieved in-house. Also enables the company to focus on its core competencies and those factors that mean the difference between success and failure.

The Evolution of Outsourcing

The concept of outsourcing is not new. For decades, companies have outsourced a number of functions such as cafeteria service, janitorial service, security guards, payroll, clerical support, manufacturing and distribution.

Outsourcing, by the old definition, was very specific, targeted, and often project based. The company might design a product, then outsource the manufacture of various components, subassemblies, even the finished product.
Things have evolved to where anything that is not a core business process is a candidate to outsource.

Type of outsourcing
Two different types of outsourcing: Turnkey (integral) outsourcing: responsibility for the execution and the coordination of the entire function (or activities) lies with the external supplier.

Partial outsourcing: Only a part of an integrated function is outsourced. The coordination of the function still lies with the outsourcer.

Example of IT Outsourcing
In the early 1990s, the Indian software industry was dominated by players like Infosys, TCS, Wipro and Satyam. The liberalized policy of the Indian Government in 1991 encouraged foreign companies like Texas Instruments, Digital Equipment, Hewlett-Packard and IBM to venture into the Indian software market. ABN Amro has given contracts to two Indian outsourcing providers, Tata and Infosys, for providing application support and development. ABN Amra also employs IBM Global Services to cover its IT infrastructure.

While Patni, in India, and Accenture are providing support in application development

WHEN TO OUTSOURCE
IF FIRM WONT DISTINGUISH DEVELOPING APPLICATION (payroll) ITSELF BY

IF PREDICTABILITY OF UNINTERRUPTED SERVICE NOT IMPORTANT (interruption in insurance claim processing)

IF EXISTING SYSTEM IS LIMITED, INEFFECTIVE, INFERIOR

Managing Outsourcing
For managing outsourcing, the organization can do : Choosing a vendor

A good working relationship between the organization and the vendor should be developed
Contract between the organization and the vendor Should be worked out explicitly Provisions must exist to cope up changing requirements Also contain the clause relating to information security Penal provisions for breaching this clause. The organization should constantly re-evaluate its vendors In the light of changing business conditions Growing pool of vendors.

Advantage of Outsourcing
Economy: vendors are information specialists(lesser amount of effort r required), economy of scale (less cost than the cost of in house services) Flexibility: information need can be accommodated without changes in its information system infrastructure, provide superior control of the business, its costs and capabilities can be adjusted to meet changing business needs. Cost Predictability: costs of information and services can be predicted in advance which is quite useful in decision making for offering these services. Making Fixed Costs Variable: the cost of (h/w, s/w & personnel) remain variable as costs are determined in terms of per unit of services. Abundance of Financial Resources: financial resources which otherwise used in setting up of computer centres are now used for some other work.

Disadvantages of Outsourcing
Loss of Control: the organization loses its control over information systems. Outsourcing places the vendor (only alternative ) in an advantageous position in terms of technology provided etc. Vulnerability of Strategic Information: In outsourcing, trade secrets information of strategic use may be leaked to organization's competitors. Dependency: Because of outsourcing, the organization is dependent on vendor and to some extent, Its fate is tied up with the vendor. If something goes wrong with the vendor. the client organization is also affected adversely.

Risk in Information System

The unauthorized use, access, modification, and destruction of hardware, software, data, or network resources

The unauthorized release of information

The unauthorized copying of software Denying an end user access to his or her own hardware, software, data, or network resources

Using or conspiring to use computer or network resources illegally to obtain information or tangible property

Hacking
Definition: The obsessive use of computers, or the unauthorized access and use of networked computer systems

Common Hacking Tactics

Denial of Service hammering a websites equipment with too many requests for information, effectively clogging the system, slowing performance or even crashing the site
Scans widespread probes of the Internet to determine types of computers, services, and connections

Common Hacking Tactics

Sniffer programs that covertly search individual packets of data as they pass through the Internet, capturing passwords or entire contents
Spoofing faking an e-mail address or Web page to trick users into passing along critical information like passwords or credit card numbers

Common Hacking Tactics

Trojan Horse a program that, unknown to the user, contains instructions that exploit a known vulnerability in some software
Back Doors a point hidden point of entry to be used in case the original entry point has been detected or blocked

Common Hacking Tactics

Malicious Applets tiny programs that misuse your computers resources, modify files on the hard disk, send fake e-mail, or steal passwords
War Dialing programs that automatically dial thousands of telephone numbers in search of a way in through a modem connection

Common Hacking Tactics

Logic Bombs an instruction in a computer program that triggers a malicious act
Buffer Overflow a technique for crashing or gaining control of a computer by sending too much data to the buffer in a computers memory

Password Crackers software that can guess passwords

Common Hacking Tactics

Social Engineering a tactic used to gain access to computer systems by talking unsuspecting company employees out of valuable information such as passwords
Dumpster Diving sifting through a companys garbage to find information to help break into their computers

Cyber Theft
Definition: Computer crime involving the theft of money

Unauthorized Use
Definition: Time and resource theft may range from doing private consulting or personal finances, or playing video games, to unauthorized use of the Internet on company networks

Piracy
Software Piracy unauthorized copying of computer programs Piracy of Intellectual Property unauthorized copying of copyrighted material, such as music, videos, images, articles, books and other written works especially vulnerable to copyright infringement

Virus vs. Worm

Computer Virus a program code that cannot work without being inserted into another program
Worm distinct program that can run unaided

Security Management
The goal of security management is the accuracy, integrity, and safety of all information system processes and resources.

Internetworked Security Defenses

Encryption data transmitted in scrambled form and unscrambled by computer systems for authorized users only
Firewalls a gatekeeper system that protects a companys intranets and other computer networks from intrusion (interruption) by providing a filter and safe transfer point for access to and from the Internet and other networks

Denial of Service Defenses

At the zombie (Robots) machines set and enforce security policies At the ISP monitor and block traffic spikes (points) At the victims website create backup servers and network connections

Internetworked Security Defenses

E-mail Monitoring use of content monitoring software that scans for troublesome words that might compromise corporate security
Virus Defenses centralize the distribution and updating of antivirus software

Other Security Measures

Security Codes multilevel password system used to gain access into the system
Backup Files duplicate files of data or programs Security Monitors software that monitors the use of computer systems and networks and protects them from unauthorized use, fraud, and destruction

Other Security Measures

Biometrics computer devices that measure physical traits that make each individual unique
Computer Failure Controls devices used to prevent computer failure or minimize its effects

Fault Tolerant Systems

Systems that have redundant processors, peripherals, and software that provide a:
Fail-over capability to back up components in the event of system failure
Fail-safe capability where the computer system continues to operate at the same level even if there is a major hardware or software failure

Disaster Recover
Formalized procedures to follow in the event a disaster occurs including:
Which employees will participate What their duties will be What hardware, software, and facilities will be used Priority of applications that will be processed Use of alternative facilities Offsite storage of an organizations databases