This document provides an overview of business models, strategies, and IT systems in digital organizations. It discusses four types of business models: market, operational, financial, and competitive. It also covers various competitive strategies such as cost leadership, differentiation, and developing competitive advantages. Additionally, it summarizes key concepts around IT systems including functional business systems, enterprise systems, and the role of IT in creating competitive advantages through activities like business process reengineering.

1. ChristianReina,CISSP
2009
METCS782
Version1.0
This document may be used only for informational, educational, and noncommercial purposes. You are free to copy, distribute, publish and alter this document under the conditions that you give credit to the original
author. 2009 – Christian Reina, CISSP.

2. Module1–BusinessModels&Strategies Introduction
It is no longer adequate for IT professionals to be good
technologists or managers. They need to understand what makes
their organizations successful and what drives their business so
that their ideas, decisions, and actions are all in furtherance of
that success. Understanding what makes an organization succeed
is grounded in an understanding of business models and how
businesses compete.
Business Models
A business model is a conceptual framework, describing the way
in which a business makes money. It can be subdivided into four
sub-models; market, operational, financial, and competitive. A
business model is a conceptual framework that expresses the
underlying economic logic and system that prove how a business
can deliver value to customers at an appropriate cost and make
money.
1. Market Model
 Company's offerings
 Focus: standardized mass market products and services,
mass customization, providing individual customized
produces and services
 Product positioning
 Market positioning
 Custom or volume business
 Value proposition: why would customers want it?
2. Operational Model
 Company size
 organization and management
 Employee relationships
 Resource management
 Supply chain management
 Sales and delivery channels
3. Financial Model
 Profit margin, earnings, Earnings Before Interest, Taxes,
Depreciation and Amortization (EBITDA)
 Company growth
 Business costs
 Revenue and profit model
 Intellectual property
 Value to its investors
4. Competitive Model
 Competitors
 Competitive forces
 Competitive advantage
 Complementary offerings
 External business relationships
Common Business Models:
 Manufacturer Manufacture a product which is
distributed to customers through various sales channels
 Razor and Blades Manufacture a product (e.g., razors
or printers) that is sold at a low price or even given
away free, while the real money is made on a second
product (e.g., blades or ink) consumed in using the
main product
 Retail Sell products (and sometimes related services)
purchased from manufacturers and distributors to
consumers through retail outlets
 Catalog Sell offerings through catalogs
 Consignment Sell products provided by suppliers
(generally at a price determined by the supplier)—pay
the supplier only after the product is sold
 Distributor Distribute products obtained from
manufacturers and upstream distributors to volume and
retail customers
 Build-to-Order Manufacture a product using JIT (Just In
Time) delivery of parts needed to produce the product.
It requires a solid relationship between suppliers and
distributors. Dell has had much success using this
model.
Business / IT Planning
A process which focuses on discovering innovative approaches to
satisfy a company's customer value and business value. A CEO
and CIO work together as a coadaptation process.
1. Strategic Development: Business strategies that
support a company's vision.
2. Resource Management: Strategic plans for managing or
outsourcing a company's IT resources
3. Technology Architecture: Strategic IT choices that
reflect an information technology architecture to support
business initiatives.
a. Technology Platforms
b. Data resources
c. Application architecture
d. IT Organization
Competitive Forces
In 1985, Michael Porter described how businesses develop
strategies to respond to competitive forces in its industry. He listed
five competitive forces [Qui04a] which are very useful to keep in
mind and can be used as a checklist to ensure that one is not
overlooking factors.
1. The rivalry of competitors
2. The threat of new entrants: as a result of low barriers to
entry
3. The threat of substitutes: Disruptive technologies (or
more generally, disruptive innovations) initially appeal to
a small market niche, but evolve to become major
competitors, changing the market and affecting the
value proposition for the technology they displace.
4. The bargaining power of buyers: Note that buyers do
not necessarily correspond to the ultimate end-users of
a product or service, but can include intermediaries,
such as wholesalers or resellers
5. The bargaining power of suppliers
** It can also be useful to consider the bargaining power of
partners
Competitive Strategies
Watching for general changes in the business environment is
sometimes called PEST Analysis, after the acronym of the four
environmental components:
 Political (including regulatory changes)
 Economic
 Social (including short and long term cultural changes)
 Technological
PEST Analysis is a component of a broader activity called
Environmental Scanning, which involves paying attention to any
changes that can affect a company's success.
Organizations develop competitive strategies (also called
business strategies) in order to:
 respond to competitive forces
 respond to other changes in the business environment
 take advantage of opportunities that arise
1. Position-based Approach.
Product Positioning
 Cost Leadership: Sell for less
 Differentiation: Customers who value the
differences and availability of complements.
Market Positioning (Market Focus): Build strong
relationship with customers by increasing their loyalty.

3. Module1–BusinessModels&Strategies 2. Advantage-based Approach. A competitive advantage
is a characteristic of a business that allows it to be more
profitable than its competitors. An advantage-based
approach focuses on how a company can build a
sustainable competitive advantage -- one which
- can be maintained over a significant
period of time
- is based on some characteristic of the
business that is difficult or impossible to
replicate.
 Developing or Acquiring Intellectual Property
 Economies of Scale and Scope: horizontal
integration (merger or acquisition of
businesses that provide specialized
processes for a large volume business
 Network Effects: more people more value. A
company can induce or strengthen network
effects through its pricing model.
 Switching costs
 Resources and capabilities: Exclusive rights
to resources
 Legislation and Regulations
 Brand
 IT and Business Processes: Significant costs
for competitors to replicate technology.
 Knowledge and culture
** These act as barriers of entry
First Mover Advantage: first company to produce a
product based on brad and innovative capacity.
Cost reduction is not a competitive strategy, but it is
often a way to achieve other strategic goals like
producing positioning and additional funds.
3. Relationship-based Approach. This focuses on how
the company can develop or strengthen its external
relationships to more effectively compete. This is
different from the position and advantage based
because is a systematic consideration of each type of
external relationship and how it can be improved.
 Customers: customization, customer service,
personalizatioin, special offers
 Channels: Sales and distribution channels.
o Direct channels: A company's
website/retails outlets, and sales
force
o Indirect channels (Channel
partners): distributors, wholesalers,
resellers, catalog, and independent
retail stores. Dependent
intermediaries focus on a
company's products/services while
independent intermediaries have
wide variety of sources.
Forward integration: company manages the
path to its customers therefore eliminating
channel conflicts with complete forward
integration.
 Suppliers: Companies can eliminate or
reduce the bargaining power of suppliers
through backward integration (also a
kind of vertical integration). Backward
integration is the degree to which a
company directly obtains the supplies it
needs through multiple levels of the
supply chain, and through supply
intermediaries.
 Partners:
o Operational partners
o Complement partners
o Channel partners
o Integration partners
 Competitors: Coopetition (cooperation)
among competitors
o Standards
o Cross-Licensing: Reduces
patent litigation.
4. Model-based Approach: The model-based approach
to competitive strategy focuses on how a company's
business model and strategies can or should evolve.
 Enhance - Incrementally improves positioning
of existing products and services in their
existing market segments, and strengthens
existing relationships
 Expand - Adds new products or services,
targets new market segments, and adds new
relationships
 Extend - Enters new lines of business or
adopts new business models
 Exit - Drops products, services, market
segments, relationships, lines of business, or
business models
Basis of Competition
Competition is often based on price, service, customizability,
convenience, quality, reliability, or reputation. Clayton Christensen
has pointed out that the basis of competition within an industry
often tends to evolve, from functionality, to reliability, to
convenience, and then to price.
Strategic Advantage of IT
If a company emphasized strategic business uses of information
technology, its management would view IT as a major competitive
differentiator. They would then devise business strategies that use
IT. Competitive advantage comes from your math, your workflow,
and your processes through your systems. This is where IT
becomes the enabler to new business capabilities.
 Reengineering Business Processes:
o BPR: Business process reengineering.
o Organizational redesign: Multidisciplinary
process teams
 Agile Company: Ability of a company to prosper in
rapidly changing environments. It depends heavily on
Internet Technologies
o Price products based on value
o Cooperation with everyone (customer,
competitors etc)
o Flexible organizational structures
o Entrepreneurial Spirit.
 Virtual Company: Users IT to link people, organizations,
assets, and ideas.
 Knowledge-Creating Company: Making personal
knowledge available to others is the central activity of
the knowledge-creating company.
o Explicit: Data
o Tacit: People

4. Module2–ITSystemsintheDigitalOrganization
Terms
Metcalfe’s law: states that the usefulness, or utility, of a network
equals the square of the number of users.
Telecommunications: The exchange of information in any form
over networks. Industry has changed from government regulated
monopolies to a deregulated market with fiercely competitive
suppliers of telecommunications services.
Open Systems: Information systems that use common
standards. Interoperability.
Middleware: general term for any programming that serves to
glue together two separate programs.
Internet2: High-performance network that uses an entirely
different infrastructure that the public internet. Networks are
connected via Abilene.
Telecommunications business value: Overcome geographic
barriers, time barriers, cost barriers, structural barriers.
Internet business value: Provides a synthesis of computing and
communication capabilities that adds value to every part of the
business cycle. Substantial cost savings.
Intranet business value: An enterprise portal for applications in
communication and collaboration, business operations and
management, web publishing, and intranet portal management.
Extranet: Improve communication with customers and partners.
Connect the inter-networked enterprise to consumers, business
customers, suppliers, and other business partners.
Telecommunications network model: Terminals,
telecommunications processors, telecommunications channels,
telecommunications control software.
Network requirements: Reliability, Scalability, Security,
Economy, Responsibility
Types of networks: WANs, LANs, VPNs, Client/server networks,
P2P, Network computing (three-tier client/server)
Telecommunications Media: Twisted pair, coaxial, fiber optics,
terrestrial microwave, communications satellites, cellular phone
systems, LAN radio.
Problem of the “Last Mile”: Homes connected to a fiber network
have are wired with twisted-pair and cannot handle the bandwidth
provided by fiber.
Wireless web: very thin clients like pagers, smart phones, PDAs
and other devices are growing in wireless networks.
Inter-network processors: switches, routers, hubs, gateways
Multiplexer: Allows a single communications channel to carry
simultaneous data transmissions from many terminals.
Network management:
 Traffic management
 Security
 Network monitoring
 Capacity monitoring
Network topologies: star, ring, bus, mesh
OSI Model:
1. Physical
2. Data link
3. Network
4. Transport
5. Session
6. Presentation
7. Application
TCP/IP Model:
1. Physical
2. Network
3. Internet
4. Host-to-Host
5. Application
Voice over IP: makes use of a packet-based network to carry
voice calls rather than a traditional circuit-switched network.
Bandwidth:
 Wi-Fi: 11-54MB
 Token ring: 16MB
 High speed Ethernet: 100MB
 FDDI: 100MB
 DDN: 2.4K – 2MB
 PSN: 64K – 1.5MB
 Frame Relay: 1.5MB – 45MB
 ISDN: 64k – 2MB
 ATM: up to 2.4 GB
 SONET: 45MB – 40G
IT Systems in the Digital Organizations
 Functional Business Systems: Functional Business
Systems are the basic systems that support primary
business functions
o Manufacturing Information Systems
o Procurement Systems
o Logistics Systems
o Accounting Information Systems
o Financial Management Systems
o Sales and Marketing Information Systems
o Human Resource Information Systems
 Enterprise Business Systems: Enterprise Business
Systems are major cross-enterprise business systems
that support essential business functionality (CRM,
SCM, ERP, EAI, BPM)
 Enterprise Communication and Collaboration Systems:
Enterprise Communication and Collaboration Systems
allow users to communicate, conference, share
knowledge, and collaboratively work together.
 Business Intelligence and Decision Support Systems:
Business Intelligence and Decision Support Systems
include data warehouses and OLAP (online analytical
processing) systems, data mining, and model-based
decision support systems.
 E-Commerce Systems: E-Commerce Systems support
marketing, sales, and delivery of products and services
using the web.
IT System Extent and Visibility
 System Extent: The extent of a system is the degree to
which it affects business units across the organization
 Functional Primarily limited to one business unit or
functionality area (e.g., Accounting, HR) within the
organization
 Cross-Functional Integrates functionality across
multiple business units and business functions
 System Visibility: The visibility of a system is the degree
to which the operations and processes of the system
can be directly experienced from outside of the
organization
 Internal Operations and processes of the system
are only visible within the organization e.g., to
customer service representatives
 External Operations and processes are visible
externally (e.g., to customers, suppliers, and/or
partners) e.g., online banking interfaces
Extent/Visibility Matrix: Indicating IT systems on an extent/visibility
chart is a way of understanding the relative involvement required
from internal and external parties, and therefore the degree and
complexity of interactions needed to make the system successful.
Competitive and Operational Perspectives on IT
Competitive Perspective: The competitive perspective considers
impacts from the point of view of competitive strategy
 improve product positioning
 improve market positioning
 create a sustainable competitive advantage
 New lines of business
Operational Perspective: The operational (or organizational)
perspective considers impact from the point of view of the
organization and its operations. Operational benefits can directly
result in competitive benefits.
 Technology
 business processes
 structure
 management
 individuals and culture

5. Module2–ITSystemsintheDigitalOrganization Role of IT within the Organization
Interestingly enough, the rise of utility computing and software-as-
a-service (which we'll discuss in more detail later) is causing the
pendulum to swing back towards IT as a cost center, albeit one
with a much more strategic role in the organization.
Sustaining Competitive Advantage with IT
 Build IT systems that provide valuable functionality, and
that are difficult and expensive to replicate.
 Keep IT systems proprietary with internal visibility only
 Tailor the system to the organization; design it for
unique, organization-specific, processes and strategic
approaches.
 Continually improve the IT system faster than your
competitors.
 Use IT to innovate-develop new features, products, and
processes, and better market and product positioning
The Value Chain
The Primary Activities of the Value Chain Framework
 Inbound Logistics How the organization acquires and
manages its supplies
 Operations How the organization (using its supplies)
produces products and services
 Outbound Logistics How the organization prepares its
products and services for delivery
 Marketing and Sales How the organization markets and
sells its products and services
 Customer Services Post-sale services to customers
Secondary Activities:
 Administrative (including accounting, finance and
management)
 Human Resources
 Technology Research and Development (other than the
actual manufacturing of products themselves)
 Procurement (though one can also think of this as a
separate primary activity, preceding inbound logistics)
The Value System: The value chain is focused on the activities
within an individual organization. The value system (also called
the value network) extends the value chain in two ways:
1. On the incoming end-including an organization's
suppliers, and their suppliers. This is called the supply
chain.
2. On the outgoing end-including an organization's sales
and distribution channels.
Organizational and Operational Impact of IT
1. Impacts on Technology: IT deployments generally do
not exist within a technology vacuum. They need to be
matched and integrated with an organization's existing
IT, and to some degree, take into account future IT
plans.
2. Impacts on Business Processes: Six Sigma is a
business management strategy which is highly focused
on reducing defects and errors in manufacturing or
business processes.
3. Impacts on Structure: Technology can allow
businesses to reorganize and redeploy employees to
better exploit opportunities and respond to competitive
forces.
4. Impacts on Management: IT that improves
connectivity or automates management tasks enables
managers to spend more time interacting with the
people they manage, to focus on leading, rather than
just organizing and directing.
5. Impacts on Individuals and Culture within the
Organization: Technology can fundamentally change
the nature of human communication, especially with
regard to presence, attentiveness, signaling, and
response times.
Organizational Agility
IT has supported organizational agility, and has itself been a
major driver of agility. In particular, IT has affected:
 Structural agility-through distributed teams and
outsourcing, largely driven by the increasing capabilities
of internet-based communication and collaboration
 Business process agility-through rapid changes in
business processes, largely driven by workflow and
business process management systems
 Management agility-through better decision making,
largely driven by the growth of business intelligence
systems, including data mining and decision support
systems
Internet 2 Consortium or UCAID (University Corporation for
Advanced Internet Development)
The Internet2 Consortium is a non-profit group which consists
mainly of universities, government and some corporate members
within the networking domain. The main purpose behind the
Internet2 Consortium is to:
 Developing and maintaining a leading-edge network.
 Fully exploiting the capabilities of broadband
connections through the use of new-generation
applications.
 Transferring new network services and applications to
all levels of educational use, and eventually the broader
Internet community.
Characterizing Communication and Collaboration Systems
Media Type: what kind of data is being communicated (e.g.,
discrete vs. continuous, its format, etc.)?
Participation: are the senders and receivers users or
applications, and are they individuals or groups?
Immediacy: is the communication synchronous (where
information is received at the same time as, or very shortly after,
the sender sends it), or asynchronous?
Task-Focus: is the system focused on accomplishing a particular
task, or does it just generally enable communication?
Types of Systems
1. User Communication Systems:
 Characterizing Media Types:
i. Composition: Unitary, Sequential,
Segmented
ii. Format
iii. Sensory and Cognitive capabilities
iv. Physicality
 Audio and Video Streaming
 P2P
 VoIP
 IM
2. Information Sharing Systems
 Blogs
 Wikis
 Knowledge Management Systems (KMS)
3. Collaborative Work Systems
4. Conferencing and Synchronous Collaboration
Systems
 Conferencing and Virtual Teams

6. Module3–ITEnterpriseSystems
Customer Relationship Management (CRM)
―The business focus‖, customer-centric strategy or customer-
focused business was one of the top business strategies. It is a
single complete view of every customer at every touch point and
across all channels and provides the customer with a single,
complete view of the company and its extended channels. A
cross-functional enterprise system that integrates and automates
many of the customer-serving processes in sales, marketing, and
customer services.
 Contact and Account Management
 Sales
 Marketing and Fulfillment
 Customer Service and Support
 Retention and Loyalty Programs
The Three Phases of CRM
1. Acquire: Help the business by doing a superior job
using CRM
2. Enhance: Supporting superior service
3. Retain: Identify and reward customers
Benefits
 Identify and target best customers
 Real-time customization
 Keep track of customer contacts
Failures
 Lack of preparation
 Lack of understanding
Types:
 Operational CRM:
o Customer interactions
o Easier to do business with
 Analytical CRM:
o In-depth customer history, preferences,
information
o Analyze, predict, deliver
o Approach with relevant information
 Collaborative CRM:
o Easy collaboration with customer, suppliers,
and partners
o Improves efficiency throughout the supply
chain
o Greater responsiveness
 Portal-based CRM:
o Empowers employees to respond to
customers
o Access, link, use all internal/external
customer information
Enterprise Resource Planning (ERP)
―The Business Backbone‖. Helps reduce inventories, shorten
cycle times, lower costs, and improve overall operations. A cross-
functional enterprise backbone that integrates and automates
many internal business processes and information systems within
the manufacturing, logistics, distribution, accounting, finance, and
human resource functions of a company.
Benefits:
 Quality and Efficiency
 Decreased costs
 Decision support
 Enterprise agility
―The risk was certainly disruption of business because if you do
not do ERP properly, you can kill your company, guaranteed.‖
Causes of Failures:
 Underestimate complexity
 Too much too fast
 Insufficient training
Trends in ERP:
 Flexible ERP
 Web-Enabled ERP
 Interenterprise ERP
 e-Business Suites
Supply Chain Management (SCM)
―The Business Network‖. Accurate order processing, just-in time
inventory management, and timely order fulfillment. A major e-
business application development initiative. A cross-functional
interenterprise system that uses information technology to help
support and manage the links between some of a company’s key
business processes and those of its suppliers, customers, and
business partners. . Create a fast, efficient, and cost effective
network of business relationships.
Supply Chain Life Cycle:
 Commit
 Schedule
 Make
 Deliver
SCM Functional Processes:
 Strategic Sourcing and Procurement
 Production Logistics
 Distribution Network and warehouse Operations
 Forecast and demand planning
 Customer order fulfillment/service
 Transportation and shipment management
Electronic Data Interchange (EDI): Involves the electronic
exchange of business transaction documents over the Internet
and other networks between.
The Role of SCM:
Objectives Outcomes
Strategic What Objectives
Service levels
Network design
Tactical How much Demand forecast
Inventory targets
Operational When, Where Work center
scheduling
Order/inventory
tracking
Execution Do Order cycle
Material
movement
Benefits:
 Strategic relationships with suppliers
 Reductions in inventory levels
 Quicker times to market
 Lower costs
 Accuracy
Failure:
 Lack of proper demand planning knowledge, tools, and
guidelines
 Inaccurate demand forecasts
 Lack of adequate collaboration
 Inaccurate inventory numbers
Trends in SCM:
Stage 1 Stage 2 Stage 3
Information
sharing
Product/sales data
Sourcing help
Logistics
Order fulfillment
Order
management
Inventory
management
Resource
allocation
Systems use and
integration
Intranet/extranet
links to trading
partners
Collaborative
marketing
Sales and service
SCM optimization
Collaborative
design and
delivery
Extranet and
exchange-based
collaboration

7. Module3–ITEnterpriseSystems
Data, Application and Business Process Integration
IT Integration across the enterprise faces three challenges:
1. Data Integration Problem - Integrate related (and
sometimes overlapping) data stored in separate
disconnected data repositories.
a. Data Consistency still maintains the data in
the existing separate repositories, but uses
consistency mechanisms,
b. Data View Integration depends upon some
mechanism to provide a single unified view of
the data, which is still stored in separate
repositories. Data View Integration approach
often has the lowest cost and the lowest risk,
i. Database Federation creates a
view which looks like a typical
database.
ii. OO Mapping uses a standard
transactional Object Oriented
mapping layer, such as EJB, JDO,
Castor, or Hibernate, which
explicitly coordinates requests to
the multiple underlying data
repositories.
iii. Service Wrapping provides a
service (perhaps a web service)
with a custom API (Application
Program Interface) that provides
modification and access of the
needed data.
c. Data Migration moves some or all of the data
to a single (centralized or distributed)
repository.
2. Application Integration Problem - Allow independent
applications to call or send information or notifications to
one another. The primary goal of application integration
(also called Enterprise Application Integration, or EAI,
when it connects applications across the enterprise) is
to allow applications to pass information or notifications
to one another, and use each other's functionality.
a. Ways to integrate disparate applications:
i. Custom Integration
ii. Development Platform
Standardization (.Net)
iii. Application Platform
Standardization (SAP)
iv. Distributed Application
Infrastructure Stadardization
(CORBA, DCE)
v. Multi-Infrastructure
Architectures (Java, Web
services)
3. Business Process Integration Problem - Integrate
and streamline business processes that span the
enterprise, that require data from disparate sources and
that need to interact with multiple applications.
Web Services
 XML
 SOAP (Simple Object Access Protocol)
The important characteristics of SOAP are:
 SOAP requests are made to a separate URL which
understands SOAP
 Responses are formatted in XML, allowing easy
parsing
 Requests use XML as well, for easier separation of
the arguments to the request
 SOAP can be also used to pass along control and
state information
 SOAP is usually transmitted using HTTP over
TCP/IP, although other protocols, notably SMTP,
are supported as well
 The SOAP envelope can also contain a Header (in
addition to the Body), which is flexible enough to
support a wide range of add-on mechanisms such
as security, reliability, etc.
Web Services and Complex Business Processes
Using web services for business processes that are spread out in
time, that involve parallel activities or complex business logic or
that involve multiple partners are even more complex. Managing
complex business processes is known as Workflow Management,
or Business Process Management, or when applied to a web
service architecture, as Web Service Orchestration.
Service Oriented Architecture (SOA)
A service-oriented architecture is one in which:
 application functionality is made available through
services
 services are distributed, generally across an intranet,
but sometimes across an extranet, or even possibly
across the public internet
 The interfaces to these services are implementation-
independent. That is, even if a service is implemented
in Java, there is nothing Java-specific about its
interface, and no requirement that clients of the service
use or understand Java.
Often there are two transparency requirements specified for
SOA's as well:
location-transparency—a client that needs a service does not
have to be bound to using that service at a specific site.
transport-transparency—a client that needs a service does not
have to be bound to using that service with a specific transport
protocol stack.
Message-oriented middleware (MOM), like Java's JMS, IBM's
MQSeries and Microsoft's MSMQ, do not even require that a
service be running for a client to send a request.
Service-oriented architectures do not need to be built using web
services; it's just that the combination of SOAP, WSDL and UDDI
is an excellent match for SOA requirements.
Software as a Service (SaaS)
The advent of SOA has provided a business opportunity for
companies to be, to an extent, the IT department of their
customers.
Workflow and Business Process Management Systems
Workflow management systems manage and track the flow of
work (tasks and associated documents) through an organization,
and sometimes across organizations.
Workflow systems manage workflow by:
 determining when a workflow is to be started (explicitly
by users, or triggered by system events, including data
modification, alarms and timeouts)
 organizing a workflow as a sequence of tasks,
potentially with conditions and loops
 structuring tasks into subtasks (sometimes
hierarchically), also called stages or activities, or
defining them as sub-workflows in their own right
 determining the actions to take when tasks and
subtasks are completed, and determining the conditions
under which subtasks can be started (typically the
completion of some set of other subtasks)
 providing mechanisms to back out of
erroneous/incomplete workflows, undoing (often by
compensating for) actions already performed

8. Module3–ITEnterpriseSystems
 transmit and manage information and documents as
work flows from task to task; these are often forms, to
be successively filled in as work flows through the
system
 monitor and log task status and the flow of work,
providing information on request, including overall
reports and alerts on bottlenecks
 transmit and manage information and documents as
work flows from task to task; these are often forms, to
be successively filled in as work flows through the
system
 monitor and log task status and the flow of work,
providing information on request, including overall
reports and alerts on bottlenecks
Product vs. Customer-Centric Organizations
 A product-centric organization organizes its product
groups by product (or service) line. Sales and marketing
groups are then part of each separate product division.
Problem:
multiple sales people
 Customer-centric organizations organize both its
product groups and its sales and marketing
organizations by market segment.
Problem:
duplication of effort (duplicate products)
Supply Chain Planning within the Organization
 Demand Planning forecasts what you expect your
customers will need and when, based on previous
history, input from knowledgeable parties (e.g., buyers,
channel partners, and customers), and other predictive
variables (the weather, the economy, etc.).
 Production Planning forecasts and plans production.
This may be particularly complicated when
manufacturing facilities can be used to manufacture
multiple products, or when they are shared or
outsourced.
 Supply Planning forecasts and plans the flow of
supplies, particularly important when suppliers need
substantial lead times and when demand and
availability of supplies are unpredictable (due, for
example, to problems with their own planning and
suppliers).
There are two approaches to forecasting
 Automated forecasting calculates forecasts based on
historic data along with other variables, including, to
some degree, those supplied by knowledgeable parties.
 Collaborative forecasting uses collaboration systems to
allow knowledgeable parties to agree on forecasts,
potentially in conjunction with information provided by
automated forecasting systems.
SCM Agility
Classic manufacturing uses an approach known as ―Make and
Sell.‖ Companies can do better if they can delay commitments for
supplies and resources until they have orders for products.
An intermediate approach is called ―Sense and Respond.‖ It
requires
 Real-time sensing of how demand is changing (typically
via access to the planning systems of companies in its
downstream supply chain), and
 Dynamic adjustment of production and supply to adjust to
changes in demand.
The long-term success of Sense and Respond is really dependent
on three key characteristics (AAA)
1. Agility is able to respond to rapid changes.
2. Adaptability focuses on longer-term changes in
the supply chain.
3. Alignment with partners and suppliers
Business Intelligence
Broadly, business intelligence (BI) is the aggregation, analysis, and
exploration of business data for the purpose of making business
decisions. BI systems have their genesis in what used to be called
Executive Information Systems (EIS).
OLAP vs. OLTP
Operational
Database
Data
Warehouse
Usage
Transactional
(OLTP)
Analytical
(OLAP)
Organized for Modifications Queries
Modifications Continual Generally Periodic
Queries
Narrow-scope
Low-complexity
Broad-scope
High-complexity
Breadth of Data All operational data
All operational data
or just aggregated
summaries
Span of Data Recent, active data Historical data
Database Relational
Relational/
Dimensional
Data
Organizational
Normalized Denormalized
Extraction, Transformation and Loading (ETL)
Enterprise Information Integration-to make it possible to rapidly
pull together the disparate sources of changing information and
flow them into the data warehouse, sometimes known as CTF
(Capture, Transform, and Flow). This activity of determining how
to extract and integrate data from disparate data sources, how to
aggregate and transform them, and how to load them into a data
warehouse is a complex activity known as ETL (Extraction,
Transformation and Loading).
Data Mining (DM)
Data mining is, in essence, the discovery of knowledge,
especially as it relates to business operations.
Goals of Data Mining
 Novel/Significant
 Understandable/Useful
 Causal: All data has random variations that can show
up as spurious patterns and relationships. Good data
mining algorithms and approaches aim to filter these
out.

Types of Data Mining
 Market Basket Analysis—Finds collections of data
items which frequently occur together in the same
―market basket‖ (often products in a shopping cart)
and formulates the cause
 Classification—Attempts to classify or categorize
data items based on their features
 Clustering—Finding groups of data items, some of
whose features are all similar to one another.
 Trend Analysis—Finding changing patterns over
time, and associated factors.

Data Mining Activities
 Discovery/Modeling
 Forensics
 Prediction
 Detection
Decision Support Systems (DSSes)
Decision support systems (DSSes) assist mangers in deciding
on courses of actions. To an extent, most of the preceding
systems are DSSes. They also include expert systems-
applications that encode human expertise to use in reasoning
about a specific area. Neural networks involve an architecture
based on the brain that uses data to create predictors.

9. Module4–E-Commerce&Security
E-Commerce
The entire online process of developing, marketing, selling, delivering,
servicing, and paying for products and services transacted on inter-
networked, global marketplaces of customers, with the support of a
worldwide network of business partners.
 Selling process:
o Marketing Discovery
 Market/product research
 Market Stimulation/Education
 Terms negotiation
o Transaction Processing
 Order Receipt
 Order Selection and Priority
 Order Billing/Payment Mgmt
o Service and Support
 Order scheduling/fulfillment
 Customer service and support
 Buying Process
o Marketing Discovery
 Product discovery
 Product evaluation
 Terms negotiation
o Transaction Processing
 Order placement
 Order tracking
 Order payment
o Service and support
 Product receipt
 Product service and support
Categories
Business to Consumer (B2C)
Consumer to Consumer (C2C)
Business to Business (B2B)
E-Commerce Processes
Electronic Payment Process
Business to Consumer (B2C)
Second Mover Strategy:
1. Be better, faster, cheaper, easier
2. Trip up incumbents with tactics from other fields
3. Swipe their business models and start your own race
4. Follow the biggest leader you can find
5. Aim for the leader’s Achilles’ heel
Success Factors:
 Selection & Value
 Performance & Service
 Look & Feel
 Advertisement & Incentives
 Personal attention
 Community Relationship
 Security & Reliability
Web Store Requirements
Business to Business (B2B)
Clicks and Bricks in E-Commerce
 Capitalizing on any unique strategic capabilities that may
exist in a company’s traditional business operations that
could be used to support an e-commerce business
 Gaining several strategic benefits of integrating e-
commerce into a company’s traditional business.
Artificial Intelligence in Business
The goal of AI is to develop computers that can simulate the ability
to think, as well as see, hear, walk, talk, and feel.
AI Domains
1. Cognitive Science Applications: Based on research in
biology, neurology, psychology, mathematics, and many
allied disciplines. It focuses on researching how the
human brain works and how humans think and learn.
a. Expert Systems
b. Learning systems
c. Fuzzy logic
d. Generic algorithms
e. Neural Networks
f. Intelligent agents
2. Robotics Applications: AI, engineering, and physiology.
Applications designed to give robots the powers of sight,
or visual perception; touch, dexterity, locomotion, and
navigation.
3. Natural Interface Applications:
a. Natural languages
b. Speech recognition
c. Multisensory interfaces
d. Virtual Reality

10. Module4–Ecommerce&Security
Expert Systems
Components:
 Knowledge Base: frame-based, object-based, case-
based, or rule-based
 Software resources: inference engine, user interface
programs
Applications: Diagnose illnesses, search for minerals, analyze
compounds, recommend repairs, or financial planning.
Benefits: Outperform a single human expert, preserve and
reproduce the knowledge.
Limitations: Inability to learn, maintenance problems, and
development costs
** Knowledge engineering: professional who works with experts to
capture the knowledge they possess and then builds the
knowledge base.
Neural Networks
Computing systems modeled after the brain’s meshlike network of
interconnected processing elements (neurons). Learns to
recognize patterns and relationships in data sets.
Fuzzy Logic Systems
Represent a small, but serious, application of AI in business. It’s a
method of reasoning that resembles human reasoning. Allows
approximate values and inferences (Fuzzy logic) and incomplete
data (fuzzy data).
Genetic Algorithms
Uses Darwinian and other mathematical functions to simulate an
evolutionary process that can yield better solutions to a problem.
Useful for situations in which thousands of solutions are possible
and must be evaluated to produce and optimal solution.
Virtual Reality
Relies on multisensory input/output devices such as a tracking
headset with video goggles. Virtual reality is also called
telepresense. VR becomes telepresense when users use VR
systems tow or alone or together at a remote site.
Intelligent Agents
A software surrogate for a n end user or a process that fulfills a
stated need or activity. They are special purpose, knowledge
based information systems that accomplish specific tasks for
users.
Types:
 Interface Tutors
 Presentation agents
 Network navigation agents
 Role-Playing agents
 Search agents
 Information brokers
 Information filters
Security Terms
Business ethics: concerned with the numerous ethical questions
that managers must confront as part of their daily business
decision making.
Stockholder Theory: Managers are agents of the stockholders,
and their only ethical responsibility is to increase the profits of the
business without violating the law or engaging in fraudulent
practices
Social contract theory: states that companies have ethical
responsibilities to all members of society, which allows
corporations to exist according to a social contract. Companies
need to enhance the economic satisfaction of consumers and
employees and avoid fraudulent practices
Responsible Professional:
 Acting with integrity
 Increase professional competence
 Setting high standards
 Accepting responsibility
 Advancing the health, privacy, and general welfare of
the public
Cracker: a person who maintains knowledge of the vulnerabilities
he or she finds and exploits them for private advantage.
Time and Resource Theft: unauthorized use fo computer
systems and networks.
Sales Channels and the Web
Information Interactions: Interactions through which customers
obtain information about a product.
Purchase Interaction: The process through which customers
actually purchase the product.
1. Physical Sales Interactions: Highly personal product
interaction. Information interaction varies based on
expertise of the sales representative. Sales
representative drives the sale.
a. Bricks and Mortar
b. Retail Store Model
c. Show Model
d. Party Model
e. Door-to-Door Model
2. Remote Sales Interactions: Lack interaction with the
product, but a lot of written material. Information and
purchase interaction varies.
a. Sales Advertisement Model
b. Cold Call Model
c. Catalog / Brochure Model
d. Home Shopping Network Model
e. Web-Based Sales Interactions
f. Virtual Sales Interactions
Delivery Channels and the Web
 Information based products that have already been
delivered online for some time includes articles, reports,
computer programs, and music.
 Information-based services have been available since
the early web, using the forms-based functionality
initially available in HTML and HTTP.
 Physical products and services cannot (yet?) be
delivered online. However, airline flights, movies, and
appliances are all cases where the online sales process
results in a ticket.
Sales Terms
Blurred Offers: A product that requires a service
Auctions: A bidding model that can either be open or closed.
Forward auctions are offer-based and reverse auctions /
procurement auctions are request-based.
Market Models
 Infomediaries: cnet.com
 Product/Service Aggregators: esurance.com
 Information Aggregators: choicepoint.com
 Brokers
 Portals: yahoo.com
E-Commerce Marketing and Advertising
 Advertising: Click-throughts, cross-selling, up-selling.
 Stickiness: Keep users on a website
 Personalization: Requires knowing about the customer:
o demographics
o personal info
o preferences
o behavioral info
 Ad selection and placements
E-Commerce Software Components
Site Management Components
 Content and Catalog Management
 Access Control and Security
 Weblog Analysis
 Profiling
 Personalization
 Advertisement
 Indexing
Business Transaction Support Components
 Exchange Management
 Order Management
 Workflow Management
 Electronic Payment
 Order Tracking and Scheduling
User Interaction Components
 Customization
 Event Notification
 Community Facilitation
 Review
 Recommendation

11. Module4–Ecommerce&Security
Proprietary e-Commerce Web Services
Proprietary web services provide competitive advantage in two
ways: (1) as barriers to entry, since viable competitors must now
also build competitive web-service interfaces tied into their internal
systems, and (2) through increasing switching costs, since
customers who use their services must engineer their own
systems to interface with those web services.
Security, Availability, Privacy, and Compliance
Integrity: Ensure that electronic transactions and data resources
are not tampered with at any point, either accidentally or
maliciously.
Availability: Ensure uninterrupted service to authorized users.
Confidentiality: Safeguard user privacy and prevent the theft of
enterprise information, both stored and in transit.
Accountability: Monitor and trace attacks in progress as well as
damage from successful attacks (security auditing and intrusion
detection). Prevent system users from later denying completed
transactions and other actions (non-repudiation).
Effects of Security Attacks and Accidents
 Theft of Data and Software
 Theft of Service
 Denial of Service (DoS)
 Tampering and Abetting
 Intangible Damage
 Tangible Damage
IT-Related Threats and Countermeasures
 Physical System Attacks
 Password Attacks
 Discretionary Access Control Attacks
 Network Attacks
 Security Exploits
 Social Engineering
 Remote Control Attacks
 Epidemic Attacks
Privacy and Confidentiality
Personal Information
 Demographic information
 Preference information
 Purchase histories
 Customer interests and profiles,
 Employee information
 Financial information
 Medical information
 Education information
 Legal information
 Contact information
 Location information
Privacy Regulations
 HIPPA
 GLBA
 EU Data Privacy Directive
 FERPA
 FTC Act
Compliance, Controls and Accountability
The Sarbanes-Oxley Act
 The CEO and CFO are required to certify that their
company's financial reports are true and accurate
 Companies and their auditors must maintain accounting
documents and work papers for a minimum of seven
years.
 Companies must promptly report any changes in
financial condition or any significant problems that might
affect the value of the company.
IT Controls
IT controls are business processes and practices which prevent
errors and illicit activities that affect the reliability of data and
software.
IT controls include mechanisms for addressing:
 the approval process for hardware, network and
software changes
 policies for code and architecture review
 backup and recovery procedures
 mechanisms for monitoring and filtering outgoing e-
mail, web postings, and web-service calls
 audit trails to track all data and code modifications, as
well as viewing of sensitive (e.g., financial or medical)
information (including who performed the action and
when)

12. Module5–ITManagement
Developing Business / IT Strategies
Organizational planning process:
1. team building, modeling, and consensus
2. evaluating accomplishments and acquired resources
3. analyzing business, economic, political and societal
environments
4. anticipating and evaluating the impact of future
developments
5. building a shared vision and deciding on what goals they
want to achieve
6. deciding which actions to take to achieve their goals
Strategic planning: deals with the development of an organization’s
mission, goals, strategies, and policies.
Tactical planning: involves the setting of objectives and the
development of procedures, rules, schedules, and budgets
Operational planning: short-term basis to implement and control
day to day operations.
Converging trends:
 Technology:
o E-commerce
o Customer information technology
o Death of distance
 Competitive Imperatives
o Imperatives
 Real growth
 Globalization
 New entrants
 Customer orientation
o Enablers
 Alliances
 Outsourcing
 Deregulation
o Regulated markets opening up
o Fewer regulatory impediments in business
o Single currency zones
 Customer Sophistication/Expectations
o Better and more convenient
o Service
o Better quality
o Added value
o Brand ―savvy‖
Risks:
1. Business operations risk
2. Program risk
3. Business interruption risk
4. Market risk
SWOT Analysis: Strengths, Weaknesses, Opportunities, and
Threats is used to evaluate the impact that each possible strategic
opportunity can have on a company and its use of IT.
 S: Core competencies/Resources
 W: Areas of substandard performance
 O: Potential new business markets
 T: Potential for business losses
Business Model: Conceptual framework that expresses the
underlying economic logic and system that prove how a
business can deliver value to customers at an appropriate cost
and make money.
Components of a Business Model:
 Customer value
 Scope
 Pricing
 Revenue source
 Connected activities
 Implementation
 Capabilities
 Sustainability
Business /IT Planning
Balanced Scorecard: BSC is a method for measuring a
company’s activities in terms of its vision and strategies.
 Financial perspective: cash flow, ROI, market value
 Customer perspective: Customer surveys,
complaints, competitive rankings
 Business Process Perspective: Process cost,
Measure performance key business processes
 Learning and Growth Perspective: Staff training,
employee suggestions
Strategic positioning matrix:
 Cost and efficiency improvements: Low internal
connectivity and use of IT
 Performance Improvement in Business Effectiveness:
High internal connectivity, Low external connectivity
 Global Market Penetration: High degree of
customer/competitor connectivity
 Product and Service Transformation: Company,
customers, suppliers and competitors are extensively
networked. E-Business strategies in place
o Market creator: Amazon.com
o Channel reconfiguration: Dell
o Transaction intermediary: eBay
o Infomediary: HomeAdvisor
o Self-service innovator: Employease
o Supply chain innovator: McKesson and
Ingram Micro
o Channel mastery: Charles Schwab
Business Application Planning
Begins after the strategic phase of business/IT planning has
occurred. Involves the evaluation of proposals, evaluation of
business case, and development/ implementation of the business
applications.
Implementation Challenges
A process that carries out the plans for changes in business/IT
strategies and applications that wee developed in the planning
process.
 End user resistance: Education and training can help
resolve problems, but most important is end user
involvement.
A Change Management Process

13. Module5–ITManagement Information Systems Development LifeCycle
Feasibility Studies: A preliminary study where the information
needs of prospective users and the resource requirements, costs,
benefits, and feasibility of a proposed project are determined. A
very rough analysis of its viability that must be continually refined
over time.
Planning
3 Phases of Planning
Initial Planning
determines the project's goals,
stakeholders, scope, functionality,
and governance
System
Planning
determines the architecture and
components needed to implement the
project
Implementation
Planning
determines, in detail, how the project
will be implemented, how the
resulting system will be deployed and
maintained, and how resulting
operational and organizational
changes will be effected
Project Failure and Recovery
Poor Planning Potential Failure
Do an inadequate job of
identifying the
stakeholders and
determining how they
should be involved....
Increase the risk that the
project won't meet their
needs, or even if it does, the
stakeholders will resist using it
because they weren't involved
in planning it
Do an inadequate job of
developing metrics to
evaluate the project....
Increase the risk that it won't
meet its requirements
Do an inadequate job of
determining the
processes for project
administration and
governance....
Increase the risk that the
project will go over schedule
or budget, or that it will fail
because no one is looking out
for the big problems until it's
too late
Initial Planning Phases
 Project Initiation
o Identification of problems and opportunities
the project is meant to address
o Preliminary identification of the goals, scale,
and scope of the project
o Determining the project stakeholders-i.e., who
cares about the project or might be affected
it-and how they should be involved in it
o Establishment of project leadership and
governance
 Preliminary Analysis
o Validating the problems and opportunities
o Determining the causes of the problems and
the drivers of the opportunity
o Validating project goals
o Identifying risks
o Determining the preliminary feasibility of the
project
Project Investment Metrics
o ROI (Return on Investment)
o EVA (Economic Value Added)
o ROO (Return on Opportunity)
System Planning Phases
 System Design and Evaluation
o Exploration of alternatives for the design and
architecture of the system
o Exploration of alternative technologies and
components to implement the various
designs
o Research, prototyping, testing and evaluation
to determine the feasibility of various
alternatives
 Feasibility and Impact Analysis
o How effectively the system meets the project
goals
o The cost and return of the system
o The time it will take to build the system
o Risks specific to the system (especially if it
uses components or an approach that hasn't
been successfully deployed in similar
situations)
o Risks and costs due to impacts on existing
technologies, business processes, structure,
management, individuals and culture, and
relationships
o Legal/contractual feasibility and impacts
 Commitment
o Finalizing requirements, scale and scope
o Determining system architecture, technology
and components
o Negotiating contracts and building
relationships with vendors

14. Module5–ITManagement Deployment Approaches
The Parallel approach involves running both the new and old
system simultaneously, and cutting over entirely to the new
system only when it is clear that it is working adequately. This is a
very safe approach, but it can be costly to set up an environment
in which both systems can run simultaneously.
The Parallel approach can be combined with the Pilot or Phase
approach-that is, a Pilot or Phase can run with both an old and a
new system. This may be less costly than a full Parallel approach.
The Pilot approach involves switching a small subset of
(presumably less significant) transactions to the new system. This
will work well if the success of the Pilot is a good predictor of the
success of the full system.
In each phase, additional transactions are incrementally
transferred to the new system. The Phased approach can also be
used to move functionality incrementally to the new system.
The Plunge approach often seems to be the simplest and least
costly. However, if the new system has bugs, then it is important
that either
 the new system is still usable (albeit with workarounds)
and retains data integrity
 it is possible to back out to the old system, without
losing any transactions
If this is not possible, then the bugs will result in system
unavailability with all the attendant consequences.
Implementation Planning
Determines, in detail, how the project will be implemented, how
the resulting system will be deployed and maintained, and how
resulting operational and organizational changes will be effected.
 Project Management Systems: Project management
systems help managers ensure that projects are
delivered on-time, on-budget, and up to quality
standards.
 Requirements and Issue Management Systems:
Model and maintain complex sets of project
requirements, allowing managers to categorize and
associate attributes with them, and to specify and
analyze dependencies and other relationships among
them.
 Issue management systems track and maintain
project issues, including relationships between
them, and how the issues are resolved.
 Change management and bug tracking systems
are special cases of issue management systems,
and are sometimes integrated with them.
 Integration with project management systems
provides additional synergies, such as being able
to analyze the risk of meeting requirements based
on the risks in the schedule of the associated tasks
 Negotiation Support Systems: provide automated
support for complex negotiations, often over the
detailed terms of a contract, the details of a project or
outsourcing arrangements, including service level
agreements. Negotiation support systems are
sometimes part of other systems, including logistics
systems.
Evaluating IT Projects Underway and Completed
Progress Metrics measure progress towards successful
completion of a project and management/reduction of risk based,
for example, on milestones.
Result Metrics measure whether the objectives of a project are
met-for example, product reliability, process efficiency, usability,
revenues, or customer retention.
Outsourcing IT Development
Using Contractors
 The organization may simply not have the capabilities
and expertise needed for the development (and can't
acquire them in a reasonable time or for a reasonable
cost).
 The capabilities are available, but the employees with
those capabilities are needed more urgently for other
purposes.
 The capabilities are only needed in the short-term, and
the organization doesn't want to make the commitment
to permanently hire the necessary employees.
Why outsource development?
 Inability to find contractors.
 Lack of high-level or managerial expertise.
 Organizational or operational problems.
 A need to develop capabilities elsewhere.
Outsourcing and Alignment: The organization outsourcing the
work wants to get the most amount of high quality work done at
the lowest cost; the outsourcing vendor would like to perform the
work in a way that minimizes its expenditures and maximizes its
current and future revenues.
Security Issues for Outsourced Development: An organization
needs to understand the existing security practices of the potential
vendor (including existing safeguards and how it handles security
breaches), and decide what additionally needs to be encoded in
its outsourcing contract.
Outsourcing IT Services and Functions
 Hosting Companies
 Application Service Providers, ASPs and Software as a
Service, SaaS
o Service Level Agreements: ensure that
hosting companies, ASP's, and SaaS
vendors provide service that meets their
requirements.
Functional IT Outsourcing: Functional IT outsourcing can be
problematic. Successful arrangements can require surprisingly
large amounts of time, money and energy, both to initially forge an
agreement and to manage the outsourcing arrangement on an
ongoing basis. Despite its problems, there are still good reasons
for functional IT outsourcing. Startups and companies missing key
capabilities obviously can benefit from outsourcing.
Utility Computing and the Future of IT: Virtualization, grid
computing and web services are leading to the treatment of
hardware and applications as pluggable components, under the
banner of ―utility computing.‖
Offshoring IT: While the cost savings are greater, and therefore
are a stronger incentive to outsource, the potential for problems is
greater as well, and must be factored in along with the increased
cost savings

15. Module5–ITManagement
Vulnerability and Security Management
Vulnerability management focuses on the assessment of risks,
and overall planning of projects and approaches to mitigate them.
Security management additionally covers development and
management of the structures and processes that protect an
organization on an ongoing basis, all of which we'll discuss in the
following pages.
Risk Assessment
Vulnerability Management starts with risk assessment. The risks
that affect a company, their seriousness, and their overall impact,
may not even be clear unless there is an ongoing effort to assess
them.
Vulnerability Management
Beyond risk assessment, a systematic approach to vulnerability
management is important for a couple of reasons:
 Even if a company has the resources, it may not be
reasonable or useful to address each risk or problem as
the organization becomes aware of it. Some need to be
addressed specifically and immediately, some can be
addressed as part of larger initiatives, and based on an
overall analysis, some need to be deferred.
 Solutions exist at many levels, from point solutions to
re-architecting the entire enterprise to address the
various threats and problems. Determining the right mix
and schedule for solutions requires careful planning and
involvement of key stakeholders across the enterprise.
The investment metrics for security projects focused on
countermeasures are based on evaluating:
 the likelihood of a possible threat
 the cost of implementing the countermeasures
 the cost of damage if countermeasures are not
implemented
The investment metrics for security projects focused on facilitating
damage recovery are based on evaluating:
 the likelihood of the damage
 the cost of facilitating the damage recovery
 the cost of recovery if it is not facilitated in advance
Security Management
 network security—for monitoring network threats,
 software security—ensuring that software development
and customization is done safely
 employee security—including access control
Vulnerability and Security Management
To operate effectively, an organization's systems, internal
networks, and external connections must remain available.
Organization Damage from Cyber-Terrorism
 Code reviews, or more generally, reengineering the
software development process, are essential as part of
reducing the possibility of erroneous and malicious
code.
 Network components, including firewalls, routers and
switches, contain a significant amount of code, and may
have dangerous vulnerabilities.
Business Continuity Planning
Disasters and security attacks can affect a business' ability to
continue operating effectively at four different levels of
seriousness:
 Loss of access to data and information
 Loss of system and network access
 Loss of equipment and facilities
 Loss of personnel
Crisis Management and Disaster Recovery
Part of disaster recovery planning is making sure that there are
processes in place, and personnel identified, who will deal with
crises as they occur, decide how serious they are, and determine
what to do about them.

16. Module6– Pending

17. Module6–