Cloud Computing and Operational Excellence

profileskollipara1028
Textbook_beyond.pdf

Information Systems for Business and Beyond (2019)

Information Systems for Business and Beyond (2019)

Information systems, their use in business, and the larger impact they are having on our world.

DAVID BOURGEOIS

JOSEPH MORTATI, SHOUHONG WANG, AND JAMES SMITH

Information Systems for Business and Beyond (2019) by David Bourgeois is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License, except where otherwise noted.

This book was initially developed in 2014 by Dr. David Bourgeois as part of

the Open Textbook Challenge funded by the Saylor Foundation. This 2019

edition is an update to that textbook.

This book was produced with Pressbooks (https://pressbooks.com) and

rendered with Prince.

Information Systems for Business and Beyond

Updated edition: August 1, 2019

DAVID T. BOURGEOIS, PH.D.

JAMES L. SMITH, PH.D.

SHOUHONG WANG, PH.D.

JOSEPH MORTATI, MBA

Title Page | v

Copyright

Information Systems for Business and Beyond (2019) by David Bourgeois is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License, except where otherwise noted.

vi | Copyright

Book Contributors

Information Systems for Business and Beyond was originally

developed in 2014 by David T. Bourgeois Ph.D.

Updates for the 2019 edition were graciously contributed by:

• James L. Smith Ph.D. (all chapters)

• Shouhong Wong, Ph.D. (chapters 4 and 8)

• Joseph Mortati, MBA (chapter 10)

Book Contributors | vii

Changes from Previous Edition

Information Systems for Business and Beyond was written by Dr.

David Bourgeois and originally published in 2014 as part of the

Open Textbook Challenge at the Saylor Foundation. Since then, it

has been accessed thousands of time and used in many courses

worldwide. This 2019 update to the textbook brings it up to date

and adds many new topics. True to its open textbook roots, many

of the updates have come from the community of instructors and

practitioners who are passionate about information systems. See

the page Book Contributors to see the primary contributors to this

edition. A majority of the changes listed below were made by Dr.

James Smith, who did a revision to this text in 2018.

Here is a summary of the changes made:

Overall

• New and updated images, especially those related to statistics,

in order to bring them up to date.

• References brought up to date.

• Added labs for every chapter.

• Added an index.

• Editing for consistency.

Chapter 1: What is an information system?

• Added video: Blum’s fibre optic TED Talk

viii | Changes from Previous Edition

Chapter 2: Hardware

• Removed text which discussed increasing dependency on

tablets and decreasing use of desktops

• Clarification of bit vs. byte, binary vs. digital. Added tables to

Understanding Binary sidebar

• Added Huang’s Law on graphics processor units

• Modified text regarding Moore’s Law to state that his law is no

longer able to be maintained

Chapter 3: Software

• Added information about Ubuntu Linux

• Added Eclipse IDE

• Added information about Tableau

• Supply Chain Management: added an emphasis on use of

Information Systems up and down supply chain by Walmart to

gain competitive advantage

Chapter 4: Data and Databases

• Database schemas redesigned

• Data types added

• SQL examples include output

• NoSQL described

• Data Dictionary re-ordered to column name

• New section on “Why database technology?”

• Differentiation of data, information, and knowledge

• Section on Data models

• Changed illustrative example of database tables and

relationships.

Changes from Previous Edition | ix

• Updated section on Business Intelligence to focus on the rise

of analytics and data science. Includes a new “What is Data

Science?” sidebar.

Chapter 5: Networking and Communication

• History of ARPANET initial four nodes, etc.

• Metcalfe’s Law

Chapter 6: Information Systems Security

• Added information on blockchain and Bitcoin.

Chapter 8: Business Processes

• Introduce tools (DFD, BPMN, UML) of business process

modeling

• Introduce examples of DFD.

Chapter 10: Information Systems Development

• Java sample code

• Mismanaging Change side bar

• Added section on mobile development.

• Added sidebar on risks of end-user computing

x | Information Systems for Business and Beyond (2019)

Chapter 11: Globalization and the Digital Divide

• World 3.0 written by economist Pankaj Ghemawat; also his

TED talk video

Chapter 12: The Ethical and Legal Implications of Information Systems

• Facebook and Cambridge Analytics data privacy

• General Data Protection Regulation section

Chapter 13: Trends in Information Systems

• Waze mapping app

• Drone video

• Drone blood delivery in Kenya video

• Added sidebar on Mary Meeker and her Internet Trends report

Changes from Previous Edition | xi

How you can help

This is an open textbook and relies on the support of its users to

stay relevant and available. Here’s how you can help:

1. Let us know you are using this textbook.

◦ If you are an instructor, please let us know you’ve adopted

this textbook by filling out the instructor survey.

◦ If you are not an instructor, please fill out the student

survey.

2. Let us know how to improve the textbook. If you have

suggestions, please let us know by filling out our feedback

form.

3. Finally, the domain, web hosting, security, backup and export

tools used by this textbook are not free. Please consider

supporting us financially through PayPal. Please note: this

donation goes directly to Imperial Digital LLC, the company

hosting and supporting this open textbook project. All

contribution are marked as donations towards this open

textbook project.

xii | How you can help

Introduction

Welcome to Information Systems for Business and Beyond. In this book, you will be introduced to the concept of information systems, their use in business, and how information systems can be used to gain competitive advantage.

Audience

This book is written as an introductory text, meant for those with

little or no experience with computers or information systems.

While sometimes the descriptions can get a bit technical, every

effort has been made to convey the information essential to

understanding a topic while not getting overly focused in detailed

terminology.

Chapter Outline

The text is organized around thirteen chapters divided into three

major parts, as follows:

• Part 1: What Is an Information System?

◦ Chapter 1: What Is an Information System? – This chapter

provides an overview of information systems, including

the history of how information systems got to where it is

today.

◦ Chapter 2: Hardware – This is a discussion of information

Introduction | 1

systems hardware and how it works. You will look at

different computer parts and learn how they interact.

◦ Chapter 3: Software – Without software, hardware is

useless. This chapter covers software and the role it plays

in an organization.

◦ Chapter 4: Data and Databases – This chapter explores

how organizations use information systems to turn data

into information that can then be used for competitive

advantage. Special attention is paid to the role of

databases.

◦ Chapter 5: Networking and Communication – Today’s

computers are expected to also be communication

devices. This chapter reviews the history of networking,

how the Internet works, and the use of networks in

organizations today.

◦ Chapter 6: Information Systems Security – This chapter

discusses the information security triad of confidentiality,

integrity, and availability. Different security technologies

are reviewed, and the chapter concludes with a primer on

personal information security.

• Part 2: Information Systems for Strategic Advantage

◦ Chapter 7: Does IT Matter? – This chapter examines the

impact that information systems have on an organization.

Can IT give a company a competitive advantage? This

chapter discusses the seminal works by Brynjolfsson, Carr,

and Porter as they relate to IT and competitive advantage.

◦ Chapter 8: Business Processes – Business processes are the

essence of what a business does, and information systems

play an important role in making them work. This chapter

will discuss business process management, business

process reengineering, and ERP systems.

◦ Chapter 9: The People in Information Systems – This

chapter will provide an overview of the different types of

people involved in information systems. This includes

2 | Information Systems for Business and Beyond (2019)

people who create information systems, those who

operate and administer information systems, those who

manage information systems, and those who use

information systems.

◦ Chapter 10: Information Systems Development – How are

information systems created? This chapter will review the

concept of programming, look at different methods of

software development, review website and mobile

application development, discuss end-user computing,

and look at the “build vs. buy” decision that many

companies face.

• Part 3: Information Systems beyond the Organization

◦ Chapter 11: Globalization and the Digital Divide – The rapid

rise of the Internet has made it easier than ever to do

business worldwide. This chapter will look at the impact

that the Internet is having on the globalization of business

and the issues that firms must face because of it. It will

also cover the concept of the digital divide and some of

the steps being taken to alleviate it.

◦ Chapter 12: The Ethical and Legal Implications of

Information Systems – The rapid changes in information

and communication technology in the past few decades

have brought a broad array of new capabilities and powers

to governments, organizations, and individuals alike. This

chapter will discuss the effects that these new capabilities

have had and the legal and regulatory changes that have

been put in place in response.

◦ Chapter 13: Future Trends in Information Systems – This

final chapter will present an overview of some of the new

technologies that are on the horizon. From wearable

technology to 3-D printing, this chapter will provide a look

forward to what the next few years will bring.

Introduction | 3

For the Student

Each chapter in this text begins with a list of the relevant learning

objectives and ends with a chapter summary. Following the

summary is a list of study questions that highlight key topics in the

chapter. In order to get the best learning experience, you would

be wise to begin by reading both the learning objectives and the

summary and then reviewing the questions at the end of the

chapter.

For the Instructor

Instructors: if you have adopted this book for your course, would

you be so kind as to let us know in the instructor survey?

Learning objectives can be found at the beginning of each

chapter. Of course, all chapters are recommended for use in an

introductory information systems course. However, for courses on

a shorter calendar or courses using additional textbooks, a review

of the learning objectives will help determine which chapters can be

omitted.

At the end of each chapter, there is a set of study questions and

exercises (except for chapter 1, which only offers study questions).

The study questions can be assigned to help focus students’ reading

on the learning objectives. The exercises are meant to be a more

in-depth, experiential way for students to learn chapter topics. It

is recommended that you review any exercise before assigning it,

adding any detail needed (such as length, due date) to complete the

assignment. Some chapters also includes lab assignments.

As an open textbook, support for supplemental materials relies

on the generosity of those who have created them and wish to

share them. Supplemental materials, including slides and quizzes,

are located on the home page for this book. If you wish to contribute

4 | Information Systems for Business and Beyond (2019)

materials that you have created, please fill out the instructor survey

and communicate that fact.

Introduction | 5

PART I: WHAT IS AN INFORMATION SYSTEM?

Part I: What is an information system? | 7

Chapter 1: What Is an Information System?

Learning Objectives

Upon successful completion of this chapter, you will be

able to:

• define what an information system is by identifying

its major components;

• describe the basic history of information systems;

and

• describe the basic argument behind the article

“Does IT Matter?” by Nicholas Carr.

Introduction

Welcome to the world of information systems, a world that seems to

change almost daily. Over the past few decades information systems

have progressed to being virtually everywhere, even to the point

where you may not realize its existence in many of your daily

activities. Stop and consider how you interface with various

components in information systems every day through different

Chapter 1: What Is an Information System? | 9

electronic devices. Smartphones, laptop, and personal computers

connect us constantly to a variety of systems including messaging,

banking, online retailing, and academic resources, just to name a

few examples. Information systems are at the center of virtually

every organization, providing users with almost unlimited

resources.

Have you ever considered why businesses invest in technology?

Some purchase computer hardware and software because everyone

else has computers. Some even invest in the same hardware and

software as their business friends even though different technology

might be more appropriate for them. Finally, some businesses do

sufficient research before deciding what best fits their needs. As

you read through this book be sure to evaluate the contents of each

chapter based on how you might someday apply what you have

learned to strengthen the position of the business you work for, or

maybe even your own business. Wise decisions can result in stability

and growth for your future enterprise.

Information systems surround you almost every day. Wi-fi

networks on your university campus, database search services in

the learning resource center, and printers in computer labs are

good examples. Every time you go shopping you are interacting

with an information system that manages inventory and sales. Even

driving to school or work results in an interaction with the

transportation information system, impacting traffic lights,

cameras, etc. Vending machines connect and communicate using

the Internet of Things (IoT). Your car’s computer system does more

than just control the engine – acceleration, shifting, and braking

data is always recorded. And, of course, everyone’s smartphone is

constantly connecting to available networks via Wi-fi, recording

your location and other data.

Can you think of some words to describe an information system?

Words such as “computers,” “networks,” or “databases” might pop

into your mind. The study of information systems encompasses a

broad array of devices, software, and data systems. Defining an

10 | Information Systems for Business and Beyond (2019)

information system provides you with a solid start to this course

and the content you are about to encounter.

Defining Information Systems

Many programs in business require students to take a course in

information systems. Various authors have attempted to define the

term in different ways. Read the following definitions, then see if

you can detect some variances.

• “An information system (IS) can be defined technically as a set

of interrelated components that collect, process, store, and

distribute information to support decision making and control

in an organization.” 1

• “Information systems are combinations of hardware, software,

and telecommunications networks that people build and use to

collect, create, and distribute useful data, typically in

organizational settings.” 2

• “Information systems are interrelated components working

together to collect, process, store, and disseminate

information to support decision making, coordination, control,

analysis, and visualization in an organization.” 3

As you can see these definitions focus on two different ways of

describing information systems: the components that make up an

information system and the role those components play in an

organization. Each of these need to be examined.

1. [1]

2. [2]

3. [3]

Chapter 1: What Is an Information System? | 11

The Components of Information Systems

Information systems can be viewed as having five major

components: hardware, software, data, people, and processes. The

first three are technology. These are probably what you thought

of when defining information systems. The last two components,

people and processes, separate the idea of information systems

from more technical fields, such as computer science. In order to

fully understand information systems, you will need to understand

how all of these components work together to bring value to an

organization.

Technology

Technology can be thought of as the application of scientific

knowledge for practical purposes. From the invention of the wheel

to the harnessing of electricity for artificial lighting, technology has

become ubiquitous in daily life, to the degree that it is assumed

to always be available for use regardless of location. As discussed

before, the first three components of information systems –

hardware, software, and data – all fall under the category of

technology. Each of these will be addressed in an individual chapter.

At this point a simple introduction should help you in your

understanding.

Hardware

Hardware is the tangible, physical portion of an information system

– the part you can touch. Computers, keyboards, disk drives, and

flash drives are all examples of information systems hardware. How

12 | Information Systems for Business and Beyond (2019)

these hardware components function and work together will be

covered in Chapter 2.

Software

Software comprises the set of instructions that tell the hardware

what to do. Software is not tangible – it cannot be touched.

Programmers create software by typing a series of instructions

telling the hardware what to do. Two main categories of software

are: Operating Systems and Application software. Operating

Systems software provides the interface between the hardware and

the Application software. Examples of operating systems for a

personal computer include Microsoft Windows and Ubuntu Linux.

The mobile phone operating system market is dominated by Google

Android and Apple iOS. Application software allows the user to

perform tasks such as creating documents, recording data in a

spreadsheet, or messaging a friend. Software will be explored more

thoroughly in Chapter 3.

Data

The third technology component is data. You can think of data as

a collection of facts. For example, your address (street, city state,

postal code), your phone number, and your social networking

Chapter 1: What Is an Information System? | 13

account are all pieces of data. Like software, data is also intangible,

unable to be seen in its native state. Pieces of unrelated data are

not very useful. But aggregated, indexed, and organized together

into a database, data can become a powerful tool for businesses.

Organizations collect all kinds of data and use it to make decisions

which can then be analyzed as to their effectiveness. The analysis

of data is then used to improve the organization’s performance.

Chapter 4 will focus on data and databases, and how it is used in

organizations.

Networking Communication

Besides the technology components (hardware, software, and data)

which have long been considered the core technology of

information systems, it has been suggested that one other

component should be added: communication. An information

system can exist without the ability to communicate – the first

personal computers were stand-alone machines that did not access

the Internet. However, in today’s hyper-connected world, it is an

extremely rare computer that does not connect to another device

or to a enetwork. Technically, the networking communication

component is made up of hardware and software, but it is such a

core feature of today’s information systems that it has become its

own category. Networking will be covered in Chapter 5.

People

14 | Information Systems for Business and Beyond (2019)

Jeff Bezos, Amazon CEO

When thinking about information

systems, it is easy to focus on the

technology components and forget to

look beyond these tools to fully

understand their integration into an

organization. A focus on the people

involved in information systems is the

next step. From the front-line user

support staff, to systems analysts, to

developers, all the way up to the chief

information officer (CIO), the people

involved with information systems are

an essential element. The people

component will be covered in Chapter 9.

Process

The last component of information systems is process. A process

is a series of steps undertaken to achieve a desired outcome or

goal. Information systems are becoming more integrated with

organizational processes, bringing greater productivity and better

control to those processes. But simply automating activities using

technology is not enough – businesses looking to utilize

information systems must do more. The ultimate goal is to improve

processes both internally and externally, enhancing interfaces with

suppliers and customers. Technology buzzwords such as “business

process re-engineering,” “business process management,” and

“enterprise resource planning” all have to do with the continued

improvement of these business procedures and the integration of

technology with them. Businesses hoping to gain a competitive

advantage over their competitors are highly focused on this

Chapter 1: What Is an Information System? | 15

IBM 704 Mainframe (Copyright: Lawrence Livermore National Laboratory)

component of information systems. The process element in

information systems will be discussed in Chapter 8.

The Role of Information Systems

You should now understand that information systems have a

number of vital components, some tangible, others intangible, and

still others of a personnel nature. These components collect, store,

organize, and distribute data throughout the organization. You may

have even realized that one of the roles of information systems

is to take data and turn it into information, and then transform

that information into organizational knowledge. As technology has

developed, this role has evolved into the backbone of the

organization, making information systems integral to virtually every

business. The integration of information systems into organizations

has progressed over the decades.

The Mainframe Era

From the late 1950s through the

1960s, computers were seen as

a way to more efficiently do

calculations. These first

business computers were

room-sized monsters, with

several machines linked

16 | Information Systems for Business and Beyond (2019)

Registered trademark of International Business Machines

together. The primary work was to organize and store large volumes

of information that were tedious to manage by hand. Only large

businesses, universities, and government agencies could afford

them, and they took a crew of specialized personnel and dedicated

facilities to provide information to organizations.

Time-sharing allowed dozens or even hundreds of users to

simultaneously access mainframe computers from locations in the

same building or miles away. Typical functions included scientific

calculations and accounting, all under the broader umbrella of “data

processing.”

In the late 1960s,

Manufacturing Resources

Planning (MRP) systems were

introduced. This software,

running on a mainframe

computer, gave companies the

ability to manage the

manufacturing process, making it more efficient. From tracking

inventory to creating bills of materials to scheduling production, the

MRP systems gave more businesses a reason to integrate computing

into their processes. IBM became the dominant mainframe

company. Continued improvement in software and the availability

of cheaper hardware eventually brought mainframe computers (and

their little sibling, the minicomputer) into most large businesses.

Today you probably think of Silicon Valley in northern California

as the center of computing and technology. But in the days of the

mainframe’s dominance corporations in the cities of Minneapolis

and St. Paul produced most computers. The advent of the personal

computer resulted in the “center of technology” eventually moving

to Silicon Valley.

Chapter 1: What Is an Information System? | 17

IBM PC

The PC Revolution

In 1975, the first microcomputer was announced on the cover of

Popular Mechanics: the Altair 8800. Its immediate popularity

sparked the imagination of entrepreneurs everywhere, and there

were soon dozens of companies manufacturing these “personal

computers.” Though at first just a niche product for computer

hobbyists, improvements in usability and the availability of practical

software led to growing sales. The most prominent of these early

personal computer makers was a little company known as Apple

Computer, headed by Steve Jobs and Steve Wozniak, with the hugely

successful “Apple II.” Not wanting to be left out of the revolution,

in 1981 IBM teamed with Microsoft, then just a startup company,

for their operating system software and hurriedly released their

own version of the personal computer simply called the “PC.” Small

businesses finally had affordable computing that could provide

them with needed information systems. Popularity of the IBM PC

gave legitimacy to the microcomputer and it was named

Time magazine’s “Man of the Year” for 1982.

Because of the IBM PC’s open

architecture, it was easy for

other companies to copy, or

“clone” it. During the 1980s,

many new computer

companies sprang up, offering

less expensive versions of the

PC. This drove prices down and

spurred innovation. Microsoft

developed the Windows

operating system, with version

3.1 in 1992 becoming the first

commercially successful release. Typical uses for the PC during this

period included word processing, spreadsheets, and databases.

18 | Information Systems for Business and Beyond (2019)

Registered Trademark of SAP

These early PCs were standalone machines, not connected to a

network.

Client-Server

In the mid-1980s, businesses began to see the need to connect their

computers as a way to collaborate and share resources. Known as

“client-server,” this networking architecture allowed users to log

in to the Local Area Network (LAN) from their PC (the “client”) by

connecting to a central computer called a “server.” The server would

lookup permissions for each user to determine who had access to

various resources such as printers and files. Software companies

began developing applications that allowed multiple users to access

the same data at the same time. This evolved into software

applications for communicating, with the first popular use of

electronic mail appearing at this time.

This networking and data

sharing all stayed mainly within

the confines of each business.

Sharing of electronic data

between companies was a very

specialized function.

Computers were now seen as tools to collaborate internally within

an organization. These networks of computers were becoming so

powerful that they were replacing many of the functions previously

performed by the larger mainframe computers at a fraction of the

cost. It was during this era that the first Enterprise Resource

Planning (ERP) systems were developed and run on the client-server

architecture. An ERP system is an application with a centralized

database that can be used to run a company’s entire business. With

separate modules for accounting, finance, inventory, human

resources, and many more, ERP systems, with Germany’s SAP

Chapter 1: What Is an Information System? | 19

ARPANet, 1969

leading the way, represented the state of the art in information

systems integration. ERP systems will be discussed in Chapter 9.

The Internet, World Wide Web and E-Commerce

The first long distance

transmission between two

computers occurred on

October 29, 1969 when

developers under the direction

of Dr. Leonard Kleinrock sent

the word “login” from the

campus of UCLA to Stanford

Research Institute in Menlo

Park, California, a distance of

over 350 miles. The United

States Department of Defense

created and funded ARPA Net

(Advanced Research Projects

Administration), an

experimental network which

eventually became known as

the Internet. ARPA Net began with just four nodes or sites, a very

humble start for today’s Internet. Initially, the Internet was confined

to use by universities, government agencies, and researchers. Users

were required to type commands (today we refer to this as

“command line”) in order to communicate and transfer files. The

first e-mail messages on the Internet were sent in the early 1970s as

a few very large companies expanded from local networks to the

Internet. The computer was now evolving from a purely

computational device into the world of digital communications.

In 1989, Tim Berners-Lee developed a simpler way for researchers

to share information over the Internet, a concept he called the

20 | Information Systems for Business and Beyond (2019)

Registered trademark of Amazon.com, Inc.

World Wide Web. 4 This invention became the catalyst for the growth

of the Internet as a way for businesses to share information about

themselves. As web browsers and Internet connections became the

norm, companies rushed to grab domain names and create

websites.

In 1991 the National Science

Foundation, which governed

how the Internet was used,

lifted restrictions on its

commercial use. Corporations

soon realized the huge potential of a digital marketplace on the

Internet and in 1994 both eBay and Amazon were founded. A mad

rush of investment in Internet-based businesses led to the dot-com

boom through the late 1990s, and then the dot-com bust in 2000.

The bust occurred as investors, tired of seeing hundreds of

companies reporting losses, abandoned their investments. An

important outcome for businesses was that thousands of miles of

Internet connections, in the form of fiber optic cable, were laid

around the world during that time. The world became truly “wired”

heading into the new millenium, ushering in the era of globalization,

which will be discussed in Chapter 11. This TED Talk video focuses

on connecting Africa to the Internet through undersea fibre optic

cable.

The digital world also became a more dangerous place as virtually

all companies connected to the Internet. Computer viruses and

worms, once slowly propagated through the sharing of computer

disks, could now grow with tremendous speed via the Internet.

Software and operating systems written for a standalone world

found it very difficult to defend against these sorts of threats. A

whole new industry of computer and Internet security arose.

Information security will be discussed in Chapter 6.

4. [4]

Chapter 1: What Is an Information System? | 21

Web 2.0

As the world recovered from the dot-com bust, the use of

technology in business continued to evolve at a frantic pace.

Websites became interactive. Instead of just visiting a site to find

out about a business and then purchase its products, customers

wanted to be able to customize their experience and interact online

with the business. This new type of interactive website, where you

did not have to know how to create a web page or do any

programming in order to put information online, became known as

Web 2.0. This new stage of the Web was exemplified by blogging,

social networking, and interactive comments being available on

many websites. The new Web 2.0 world, in which online interaction

became expected, had a major impact on many businesses and even

whole industries. Many bookstores found themselves relegated to a

niche status. Video rental chains and travel agencies simply began

going out of business as they were replaced by online technologies.

The newspaper industry saw a huge drop in circulation with some

cities such as New Orleans no longer able to support a daily

newspaper.

Disintermediation is the process of technology replacing a

middleman in a transaction. Web 2.0 allowed users to get

information and news online, reducing dependence of physical

books and newspapers.

As the world became more connected, new questions arose.

Should access to the Internet be considered a right? Is it legal

to copy a song that had been downloaded from the Internet? Can

information entered into a website be kept private? What

information is acceptable to collect from children? Technology

moved so fast that policymakers did not have enough time to enact

appropriate laws. Ethical issues surrounding information systems

will be covered in Chapter 12.

22 | Information Systems for Business and Beyond (2019)

The Post-PC World, Sort of

Ray Ozzie, a technology visionary at Microsoft, stated in 2012 that

computing was moving into a phase he called the post-PC world. 5

Now six years later that prediction has not stood up very well to

reality. As you will read in Chapter 13, PC sales have dropped slightly

in recent years while there has been a precipitous decline in tablet

sales. Smartphone sales have accelerated, due largely to their

mobility and ease of operation. Just as the mainframe before it, the

PC will continue to play a key role in business, but its role will

be somewhat diminished as people emphasize mobility as a central

feature of technology. Cloud computing provides users with mobile

access to data and applications, making the PC more of a part of

the communications channel rather than a repository of programs

and information. Innovation in the development of technology and

communications will continue to move businesses forward.

5. [5]

Chapter 1: What Is an Information System? | 23

Eras of Business Computing

Era Hardware Operating System Applications

Mainframe (1970s)

Terminals connected to mainframe computer

Time-sharing (TSO) on Multiple Virtual Storage (MVS)

Custom-written MRP software

PC (mid-1980s)

IBM PC or compatible. Sometimes connected to mainframe computer via network interface card.

MS-DOS WordPerfect, Lotus 1-2-3

Client-Server (late 80s to early 90s)

IBM PC “clone” on a Novell Network.

Windows for Workgroups

Microsoft Word, Microsoft Excel

World Wide Web (mid-90s to early 2000s)

IBM PC “clone” connected to company intranet.

Windows XP Microsoft Office, Internet Explorer

Web 2.0 (mid-2000s – present)

Laptop connected to company Wi-Fi.

Windows 10 Microsoft Office

Post-PC (today and beyond)

Smartphones Android, iOS Mobile-friendly websites, mobile apps

Can Information Systems Bring Competitive Advantage?

It has always been the assumption that the implementation of

information systems will bring a business competitive advantage. If

installing one computer to manage inventory can make a company

more efficient, then it can be expected that installing several

computers can improve business processes and efficiency.

In 2003, Nicholas Carr wrote an article in the Harvard Business

24 | Information Systems for Business and Beyond (2019)

Registered Trademark of Walmart, Inc.

Review that questioned this assumption. Entitled “I.T. Doesn’t

Matter.” Carr was concerned that information technology had

become just a commodity. Instead of viewing technology as an

investment that will make a company stand out, Carr said

technology would become as common as electricity – something to

be managed to reduce costs, ensure that it is always running, and be

as risk-free as possible.

The article was both hailed and scorned. Can I.T. bring a

competitive advantage to an organization? It sure did for Walmart

(see sidebar). Technology and competitive advantage will be

discussed in Chapter 7.

Sidebar: Walmart Uses Information Systems to Become the World’s Leading Retailer

Walmart is the world’s largest

retailer, earn 8.1 billion for the

fiscal year that ended on

January 31, 2018. Walmart

currently serves over 260

million customers every week worldwide through its 11,700 stores in

28 countries. 6

In 2018 Fortune magazine for the sixth straight year

ranked Walmart the number one company for annual revenue as

they again exceeded $500 billion in annual sales. The next closest

company, Exxon, had less than half of Walmart’s total revenue. 7

Walmart’s rise to prominence is due in large part to making

6. [6]

7. [7]

Chapter 1: What Is an Information System? | 25

information systems a high priority, especially in their Supply Chain

Management (SCM) system known as Retail Link.ing $14.3 billion on

sales of $30

This system, unique when initially implemented in the mid-1980s,

allowed Walmart’s suppliers to directly access the inventory levels

and sales information of their products at any of Walmart’s more

than eleven thousand stores. Using Retail Link, suppliers can

analyze how well their products are selling at one or more Walmart

stores with a range of reporting options. Further, Walmart requires

the suppliers to use Retail Link to manage their own inventory

levels. If a supplier feels that their products are selling out too

quickly, they can use Retail Link to petition Walmart to raise the

inventory levels for their products. This has essentially allowed

Walmart to “hire” thousands of product managers, all of whom have

a vested interest in the products they are managing. This

revolutionary approach to managing inventory has allowed Walmart

to continue to drive prices down and respond to market forces

quickly.

Today Walmart continues to innovate with information

technology. Using its tremendous market presence, any technology

that Walmart requires its suppliers to implement immediately

becomes a business standard. For example, in 1983 Walmart became

the first large retailer to require suppliers to the use Uniform

Product Code (UPC) labels on all products. Clearly, Walmart has

learned how to use I.T. to gain a competitive advantage.

Summary

In this chapter you have been introduced to the concept of

information systems. Several definitions focused on the main

components: technology, people, and process. You saw how the

26 | Information Systems for Business and Beyond (2019)

business use of information systems has evolved over the years,

from the use of large mainframe computers for number crunching,

through the introduction of the PC and networks, all the way to

the era of mobile computing. During each of these phases, new

innovations in software and technology allowed businesses to

integrate technology more deeply into their organizations.

Virtually every company uses information systems which leads

to the question: Does information systems bring a competitive

advantage? In the final analysis the goal of this book is to help you

understand the importance of information systems in making an

organization more competitive. Your challenge is to understand the

key components of an information system and how it can be used to

bring a competitive advantage to every organization you will serve

in your career.

Study Questions

1. What are the five major components that make up an

information system?

2. List the three examples of information system hardware?

3. Microsoft Windows is an example of which component of

information systems?

4. What is application software?

5. What roles do people play in information systems?

6. What is the definition of a process?

7. What was invented first, the personal computer or the

Internet?

8. In what year were restrictions on commercial use of the

Internet first lifted?

9. What is Carr’s main argument about information technology?

Chapter 1: What Is an Information System? | 27

Exercises

1. Suppose that you had to explain to a friend the concept of an

information system. How would you define it? Write a one-

paragraph description in your own words that you feel would

best describe an information system to your friends or family.

2. Of the five primary components of an information system

(hardware, software, data, people, process), which do you think

is the most important to the success of a business

organization? Write a one-paragraph answer to this question

that includes an example from your personal experience to

support your answer.

3. Everyone interacts with various information systems every

day: at the grocery store, at work, at school, even in our cars.

Make a list of the different information systems you interact

with daily. Can you identify the technologies, people, and

processes involved in making these systems work.

4. Do you agree that we are in a post-PC stage in the evolution of

information systems? Do some original research and cite it as

you make your prediction about what business computing will

look like in the next generation.

5. The Walmart sidebar introduced you to how information

systems was used to make them the world’s leading retailer.

Walmart has continued to innovate and is still looked to as a

leader in the use of technology. Do some original research and

write a one-page report detailing a new technology that

Walmart has recently implemented or is pioneering.

Labs

1. Examine your PC. Using a four column table format identify

and record the following information: 1st column: Program

28 | Information Systems for Business and Beyond (2019)

name, 2nd column: software manufacturer, 3rd column:

software version, 4th column: software type (editor/word

processor, spreadsheet, database, etc.).

2. Examine your mobile phone. Create another four column table

similar to the one in Lab #1. This time identify the apps, then

record the requested information.

3. In this chapter you read about the evolution of computing

from mainframe computers to PCs and on to smartphones.

Create a four column table and record the following

information about your own electronic devices: 1st column –

Type: PC or smartphone, 2nd column – Operating system

including version, 3rd column – Storage capacity, 4th column –

Storage available.

1. Laudon, K.C. and Laudon, J. P. (2014) Management Information

Systems, thirteenth edition. Upper Saddle River, New Jersey:

Pearson.

2. Valacich, J. and Schneider, C. (2010). Information Systems Today

– Managing in the Digital World, fourth edition. Upper Saddle

River, New Jersey: Prentice-Hall.

3. Laudon, K.C. and Laudon, J. P. (2012). Management Information

Systems, twelfth edition. Upper Saddle River, New Jersey:

Prentice-Hall.

4. CERN. (n.d.) The Birth of the Web. Retrieved

from http://public.web.cern.ch/public/en/about/web-

en.html

5. Marquis, J. (2012, July 16) What is the Post-PC World? Online

Universities.com. Retrieved from

https://www.onlineuniversities.com/blog/2012/07/what-

post-pc-world/

6. Walmart. (n.d.) 2017 Annual Report. Retrieved from

http://s2.q4cdn.com/056532643/files/doc_financials/2017/

Annual/WMT_2017_AR-(1).pdf

Chapter 1: What Is an Information System? | 29

7. McCoy, K. (2018, May 21). Big Winners in Fortune 500 List. USA

Today. Retrieved from http://https://www.usatoday.com/

story/money/2018/05/21/big-winners-fortune-500-list-

walmart-exxon-mobil-amazon/628003002/

30 | Information Systems for Business and Beyond (2019)

Chapter 2: Hardware

Learning Objectives

Upon successful completion of this chapter, you will be

able to:

• describe information systems hardware;

• identify the primary components of a computer

and the functions they perform; and

• explain the effect of the commoditization of the

personal computer.

Introduction

As you learned in the first chapter, an information system is made

up of five components: hardware, software, data, people, and

process. The physical parts of computing devices – those that you

can actually touch – are referred to as hardware. In this chapter, you

will take a look at this component of information systems, learn a

little bit about how it works, and discuss some of the current trends

surrounding it.

As stated above, computer hardware encompasses digital devices

that you can physically touch. This includes devices such as the

following:

Chapter 2: Hardware | 31

• desktop computers

• laptop computers

• mobile phones

• tablet computers

• e-readers

• storage devices, such as flash drives

• input devices, such as keyboards, mice, and scanners

• output devices such as printers and speakers.

Besides these more traditional computer hardware devices, many

items that were once not considered digital devices are now

becoming computerized themselves. Digital technologies are being

integrated into many everyday objects so the days of a device being

labeled categorically as computer hardware may be ending.

Examples of these types of digital devices include

automobiles, refrigerators, and even beverage dispensers. In this

chapter, you will also explore digital devices, beginning with

defining what is meant by the term itself.

Digital Devices

A digital device processes electronic signals into discrete values, of

which there can be two or more. In comparison analog signals are

continuous and can be represented by a smooth wave pattern. You

might think of digital (discrete) as being the opposite of analog.

Many electronic devices process signals into two discrete values,

typically known as binary. These values are represented as either

a one (“on”) or a zero (“off”). It is commonly accepted to refer to

the on state as representing the presence of an electronic signal.

It then follows that the off state is represented by the absence of

an electronic signal. Note: Technically, the voltages in a system are

evaluated with high voltages converted into a one or on state and

low voltages converted into a zero or off state.

32 | Information Systems for Business and Beyond (2019)

Each one or zero is referred to as a bit (a blending of the two

words “binary” and “digit”). A group of eight bits is known as a byte.

The first personal computers could process 8 bits of data at once.

The number of bits that can be processed by a computer’s processor

at one time is known as word size. Today’s PCs can process 64 bits of

data at a time which is where the term 64-bit processor comes from.

You are most likely using a computer with a 64-bit processor.

Sidebar: Understanding Binary

The numbering system you first learned was Base 10 also known as

Decimal. In Base 10 each column in the number represents a power

of 10 with the exponent increasing in each column as you move to

the left, as shown in the table:

Thousands Hundreds Tens Units

103 102 101 100

The rightmost column represents units or the values zero through

nine. The next column from the left represents tens or the values

teens, twenties, thirties, etc, followed by the hundreds column (one

hundred, two hundred, etc.), then the thousands column (one

thousand, two thousand) etc. Expanding the table above, you can

write the number 3456 as follows:

Thousands Hundreds Tens Units

103 102 101 100

3 4 5 6

3000 400 50 6

Chapter 2: Hardware | 33

Computers use the Base 2 numbering system. Similar to Base 10,

each column has a Base of 2 and has an increasing exponent value

moving to the left as shown in the table below:

Two cubed

Two squared

Two Units

23 22 21 20

The rightmost column represents 20 or units ( 1 ). The next

column from the left represents 21 twos or ( 2 ). The third column

represents 22 or ( 4 ) and the fourth column represents 23 or ( 8 ).

Expanding the table above, you can see how the decimal number 15

is converted to 1111 in binary as follows:

Two cubed

Two squared

Two Units

23 22 21 20

1 1 1 1

8 4 2 1

8 + 4 + 2 + 1 = 15

Understanding binary is important because it helps us understand

how computers store and transmit data. A “bit” is the lowest level

of data storage, stored as either a one or a zero. If a computer

wants to communicate the number 15, it would need to send 1111 in

binary (as shown above). This is four bits of data since four digits

are needed. A “byte” is 8 bits. If a computer wanted to transmit the

number 15 in a byte, it would send 00001111. The highest number

that can be sent in a byte is 255, which is 11111111, which is equal

to 27+26+25+24+23+22+21+20.

34 | Information Systems for Business and Beyond (2019)

As the capacities of digital devices grew, new terms were developed

to identify the capacities of processors, memory, and disk storage

space. Prefixes were applied to the word byte to represent different

orders of magnitude. Since these are digital specifications, the

prefixes were originally meant to represent multiples of 1024 (which

is 210), but have more recently been rounded for the sake of

simplicity to mean multiples of 1000, as shown in the table below:

Prefix Represents Example

kilo one

thousand kilobyte=one

thousand bytes

mega one million megabyte = one

million bytes

giga one billion gigabyte = one

billion bytes

tera one trillion terabyte = one trillion bytes

peta one

quadrillion petabyte = one

quadrillion bytes

exa one

quintillion exabyte = one

quintillion bytes

zetta one

sextillion zettabyte = one sextillion bytes

yotta one

septillion yottabyte = one septillion bytes

Tour of a PC

All personal computers consist of the same basic components: a

Central Processing Unit (CPU), memory, circuit board, storage, and

input/output devices. Almost every digital device uses the same set

of components, so examining the personal computer will give you

Chapter 2: Hardware | 35

Intel Core i7 CPU

insight into the structure of a variety of digital devices. Here’s a

“tour” of a personal computer.

Processing Data: The CPU

The core of a computer is the Central Processing Unit, or CPU. It

can be thought of as the “brains” of the device. The CPU carries out

the commands sent to it by the software and returns results to be

acted upon.

The earliest CPUs were large circuit

boards with limited functionality.

Today, a CPU can perform a large

variety of functions. There are two

primary manufacturers of CPUs for

personal computers: Intel and

Advanced Micro Devices (AMD).

The speed (“clock time”) of a CPU is

measured in hertz. A hertz is defined

as one cycle per second. A kilohertz (abbreviated kHz) is one

thousand cycles per second, a megahertz (mHz) is one million cycles

per second, and a gigahertz (gHz) is one billion cycles per second.

The CPU’s processing power is increasing at an amazing rate (see

the sidebar about Moore’s Law).

Besides a faster clock time, today’s CPU chips contain multiple

processors. These chips, known as dual-core (two processors) or

quad-core (four processors), increase the processing power of a

computer by providing the capability of multiple CPUs all sharing

the processing load. Intel’s Core i7 processors contain 6 cores and

their Core i9 processors contain 16 cores. This video shows how a

CPU works.

36 | Information Systems for Business and Beyond (2019)

Sidebar: Moore’s Law and Huang’s Law

As you know computers get faster every year. Many times we are

not sure if we want to buy today’s model because next week it

won’t be the most advanced any more. Gordon Moore, one of the

founders of Intel, recognized this phenomenon in 1965, noting that

microprocessor transistor counts had been doubling every year. 1

His insight eventually evolved into Moore’s Law:

The number of integrated circuits on a chip doubles every two

years.

Moore’s Law has been generalized into the concept that

computing power will double every two years for the same price

point. Another way of looking at this is to think that the price for the

same computing power will be cut in half every two years. Moore’s

Law has held true for over forty years (see figure below).

The limits of Moore’s Law are now being reached and circuits

cannot be reduced further. However, Huang’s Law regarding

Graphics Processors Units (GPUs) may extend well into the future.

Nvidia’s CEO Jensen Huang spoke at the GPU Technology

Conference in March 2018 announcing that the speed of GPUs are

increasing faster than Moore’s Law. Nvidia’s GPUs are 25 times

faster than five years ago. He admitted that the advancement is

because of advances in architecture, memory technology,

algorithms, and interconnects. 2

1. [1]

2. [2]

Chapter 2: Hardware | 37

Motherboard

Motherboard bus traces

Motherboard

The motherboard is the main

circuit board on the computer.

The CPU, memory, and storage

components, among other

things, all connect into the

motherboard. Motherboards

come in different shapes and

sizes, depending upon how

compact or expandable the

computer is designed to be. Most modern motherboards have many

integrated components, such as network interface card, video, and

sound processing, which previously required separate components.

The motherboard provides

much of the bus of the

computer (the term bus refers

to the electrical connections

between different computer

components). The bus is an

important factor in

determining the computer’s

speed – the combination of how

fast the bus can transfer data

and the number of data bits that can be moved at one time

determine the speed. The traces shown in the image are on the

underside of the motherboard and provide connections between

motherboard components.

Random-Access Memory

When a computer boots, it begins to load information from storage

38 | Information Systems for Business and Beyond (2019)

DDR4 Memory

Hard disk interior

into its working memory. This working memory, called Random-

Access Memory (RAM), can transfer data much faster than the hard

disk. Any program that you are running on the computer is loaded

into RAM for processing. In order for a computer to work effectively,

some minimal amount of RAM must be installed. In most cases,

adding more RAM will allow the computer to run faster. Another

characteristic of RAM is that it is “volatile.” This means that it can

store data as long as it is receiving power. When the computer is

turned off, any data stored in RAM is lost.

RAM is generally installed in a

personal computer through the

use of a Double Data Rate (DDR)

memory module. The type of

DDR accepted into a computer

is dependent upon the motherboard. There have been basically four

generations of DDR: DDR1, DDR2, DDR3, and DDR4. Each generation

runs faster than the previous with DDR4 capable of speeds twice as

fast as DDR3 while consuming less voltage.

Hard Disk

While the RAM is used as

working memory, the computer

also needs a place to store data

for the longer term. Most of

today’s personal computers use

a hard disk for long-term data

storage. A hard disk is

considered non-volatile

storage because when the

computer is turned off the data

remains in storage on the disk, ready for when the computer is

turned on. Drives with a capacity less than 1 Terabyte usually have

Chapter 2: Hardware | 39

Solid State Drive interior

just one platter. Notice the single platter in the image. The read/

write arm must be positioned over the appropriate track before

accessing or writing data.”

Solid State Drives

Solid State Drives (SSD) are becoming more popular in personal

computers. The SSD performs the same function as a hard disk,

namely long-term storage. Instead of spinning disks, the SSD uses

flash memory that incorporates EEPROM (Electrically Erasable

Programmable Read Only Memory) chips, which is much faster.

Solid-state drives are

currently a bit more expensive

than hard disks. However, the

use of flash memory instead of

disks makes them much lighter

and faster than hard disks. SSDs

are primarily utilized in

portable computers, making

them lighter, more durable, and

more efficient. Some computers combine the two storage

technologies, using the SSD for the most accessed data (such as the

operating system) while using the hard disk for data that is accessed

less frequently. SSDs are considered more reliable since there are

no moving parts.

40 | Information Systems for Business and Beyond (2019)

USB Drive

Removable Media

Removable storage has changed

greatly over the four decades of

PCs. Floppy disks have been

replaced by CD-ROM drives,

then they were replaced by USB

(Universal Serial Bus) drives.

USB drives are now standard on

all PCs with capacities

approaching 512 gigabytes. Speeds have also increased from 480

Megabits in USB 2.0 to 10 Gigabits in USB 3.1. USB devices also use

EEPROM technology.

3

Network Connection

When personal computers were first stand-alone units when first

developed, which meant that data was brought into the computer

or removed from the computer via removable media. Beginning in

the mid-1980s, however, organizations began to see the value in

connecting computers together via a digital network. Because of

this personal computers needed the ability to connect to these

networks. Initially, this was done by adding an expansion card to

the computer that enabled the network connection. These cards

were known as Network Interface Cards (NIC). By the mid-1990s

an Ethernet network port was built into the motherboard on most

personal computers. As wireless technologies began to dominate

3. [3]

Chapter 2: Hardware | 41

USB port on a computer

in the early 2000s, many personal computers also began including

wireless networking capabilities. Digital communication

technologies will be discussed further in Chapter 5.

Input and Output

In order for a personal

computer to be useful, it must

have channels for receiving

input from the user and

channels for delivering output

to the user. These input and

output devices connect to the

computer via various

connection ports, which

generally are part of the

motherboard and are accessible outside the computer case. In early

personal computers, specific ports were designed for each type of

output device. The configuration of these ports has evolved over the

years, becoming more and more standardized over time. Today,

almost all devices plug into a computer through the use of a USB

port. This port type, first introduced in 1996, has increased in its

capabilities, both in its data transfer rate and power supplied.

Bluetooth

Besides USB, some input and output devices connect to the

computer via a wireless-technology standard called Bluetooth

which was invented in 1994. Bluetooth exchanges data over short

distances of 10 meters up to 100 meters using radio waves. Two

devices communicating with Bluetooth must both have a Bluetooth

42 | Information Systems for Business and Beyond (2019)

communication chip installed. Bluetooth devices include pairing

your phone to your car, computer keyboards, speakers, headsets,

and home security, to name just a few.

Input Devices

All personal computers need components that allow the user to

input data. Early computers simply used a keyboard for entering

data or select an item from a menu to run a program. With the

advent operating systems offering the graphical user interface, the

mouse became a standard component of a computer. These two

components are still the primary input devices to a personal

computer, though variations of each have been introduced with

varying levels of success over the years. For example, many new

devices now use a touch screen as the primary way of data entry.

Other input devices include scanners which allow users to input

documents into a computer either as images or as text.

Microphones can be used to record audio or give voice commands.

Webcams and other types of video cameras can be used to record

video or participate in a video chat session.

Output Devices

Output devices are essential as well. The most obvious output

device is a display or monitor, visually representing the state of

the computer. In some cases, a personal computer can support

multiple displays or be connected to larger-format displays such as

a projector or large-screen television. Other output devices include

speakers for audio output and printers for hardcopy output.

Chapter 2: Hardware | 43

Sidebar: Which Hardware Components Contribute to the Speed of Your Computer

The speed of a computer is determined by many elements, some

related to hardware and some related to software. In hardware,

speed is improved by giving the electrons shorter distances to

travel in completing a circuit. Since the first CPU was created in

the early 1970s, engineers have constantly worked to figure out

how to shrink these circuits and put more and more circuits onto

the same chip – these are known as integrated circuits. And this

work has paid off – the speed of computing devices has been

continuously improving.

Multi-core processors, or CPUs, have contributed to faster

speeds. Intel engineers have also improved CPU speeds by using

QuickPath Interconnect, a technique which minimizes the

processor’s need to communicate directly with RAM or the hard

drive. Instead, the CPU contains a cache of frequently used data

for a particular program. An algorithm evaluates a program’s data

usage and determines which data should be temporarily stored in

the cache.

The hardware components that contribute to the speed of a

personal computer are the CPU, the motherboard, RAM, and the

hard disk. In most cases, these items can be replaced with newer,

faster components. The table below shows how each of these

contributes to the speed of a computer. Besides upgrading

hardware, there are many changes that can be made to the software

of a computer to make it faster.

44 | Information Systems for Business and Beyond (2019)

Component Speed measured by

Units Description

CPU Clock speed

GHz (billions of cycles)

Hertz indicates the time it takes to complete a cycle.

Motherboard Bus speed

MHz The speed at which data can move across the bus.

RAM Data transfer rate

Mb/s (millions of bytes per second)

The time it takes for data to be transferred from memory to system measured in Megabytes.

Hard Disk

Access time

ms (millisecond)

The time it takes for the drive to locate the data to be accessed.

Data transfer rate

MBit/s The time it takes for data to be transferred from disk to system.

Other Computing Devices

A personal computer is designed to be a general-purpose device,

able to solve many different types of problems. As the technologies

of the personal computer have become more commonplace, many

of the components have been integrated into other devices that

previously were purely mechanical. The definition or description

of what defines a computer has changed. Portability has been an

important feature for most users. Here is an overview of some

trends in personal computing.

Chapter 2: Hardware | 45

MacBook Air

Portable Computers

Portable computing today

includes laptops, notebooks

and netbooks, many weighing

less than 4 pounds and

providing longer battery life.

The MacBook Air is a good

example of this: it weighs less

than three pounds and is only

0.68 inches thick!

Netbooks (short for Network

Books) are extremely light because they do not have a hard drive,

depending instead on the Internet “cloud” for data and application

storage. Netbooks depend on a Wi-Fi connection and can run Web

browsers as well as a word processor.

Smartphones

While cell phones were introduced in the 1970s, smartphones have

only been around for the past 20 years. As cell phones evolved

they gained a broader array of features and programs. Today’s

smartphones provide the user with telephone, email, location, and

calendar services, to name a few. They function as a highly mobile

computer, able to connect to the Internet through either cell

technology or Wi-Fi. Smartphones have revolutionized computing,

bringing the one feature PCs and laptops could not deliver, namely

mobility. Consider the following data regarding mobile computing 4 :

4. [4]

46 | Information Systems for Business and Beyond (2019)

1. There are 3.7 billion global mobile Internet users as at January 2018.

2. Mobile devices influenced sales to the tune of over $1.4 trillion

in 2016.

3. Mobile commerce revenue in the U.S. is projected to be

$459.38 billion in 2018, and it is estimated to be $693.36 billion

by 2019.

4. By the end of 2018, over $1 trillion — or 75 percent — of

ecommerce sales in China will be done via mobile devices.

5. The average order value for online orders placed on

Smartphones in the first quarter of 2018 is $84.55 while the

average order value for orders placed on Tablets is $94.91.

6. Of the 2.79 billion active social media users in the world, 2.55

billion actively use their mobile devices for social media-

related activities.

7. 90 percent of the time spent on mobile devices is spent in

apps.

8. Mobile traffic is responsible for 52.2 percent of Internet traffic

in 2018 — compared to 50.3 percent from 2017.

9. While the total percentage of mobile traffic is more than

desktop, engagement is higher on desktop. 55.9 percent of

time spent on sites is by desktop users and 40.1 percent of time

spent on sites is by mobile users.

10. By 2020, mobile commerce will account for 45 percent of all e-

commerce activities — compared to 20.6 percent in 2016.

The Apple iPhone was introduced in January 2007 and went on

the market in June of that same year. Its ease of use and intuitive

interface made it an immediate success and solidified the future of

smartphones. The first Android phone was released in 2008 with

functionality similar to the iPhone.

Chapter 2: Hardware | 47

iPad Air

Tablet Computers

A tablet computer uses a

touch screen as its primary

input and is small enough and

light enough to be easily

transported. They generally

have no keyboard and are self-

contained inside a rectangular

case. Apple set the standard for

tablet computing with the

introduction of the iPad in 2010

using iOS, the operating system

of the iPhone. After the success

of the iPad, computer

manufacturers began to

develop new tablets that

utilized operating systems that

were designed for mobile devices, such as Android.

Global market share for tablets has changed since the early days

of Apple’s dominance. Today the iPad has about 25% of the global

market while Amazon Fire has 15% and Samsung Galaxy has 14%. 5 However, the popularity of tablets has declined sharply in recent

years.

Integrated Computing and Internet of Things (IoT)

Along with advances in computers themselves, computing

5. [5]

48 | Information Systems for Business and Beyond (2019)

technology is being integrated into many everyday products. From

automobiles to refrigerators to airplanes, computing technology is

enhancing what these devices can do and is adding capabilities into

our every day lives thanks in part to IoT.

Internet of Things and the Cloud

The Internet of Things (IoT) is a network of billions of devices,

each with their own unique network address, around the world with

embedded electronics allowing them to connect to the Internet

for the purpose of collecting and sharing data, all without the

involvement of human beings. 6

Objects ranging from a simple light bulb to a fitness band such

as FitBit to a driverless truck are all part of IoT thanks to the

processors inside them. A smartphone app can control and/or

communicate with each of these devices as well as others such as

electric garage door openers (for those who can’t recall if the door

has been closed), kitchen appliances (“Buy milk after work today.”),

thermostats such as Nest, home security, audio speakers, and the

feeding of pets.

Here are three of the latest ways that computing technologies are

being integrated into everyday products through IoT:

6. [6]

Chapter 2: Hardware | 49

• How IoT Works

• The Smart House

• The Self-Driving Car

The Commoditization of the Personal Computer

Over the past forty years, as the personal computer has gone from

technical marvel to part of everyday life, it has also become a

commodity. There is very little differentiation between computer

models and manufacturers, and the primary factor that controls

their sale is their price. Hundreds of manufacturers all over the

world now create parts for personal computers which are

purchased and assembled. As commodities, there are essentially

little or no differences between computers made by these different

companies. Profit margins for personal computers are minimal,

leading hardware developers to find the lowest-cost manufacturing

methods.

There is one brand of computer for which this is not the case

– Apple. Because Apple does not make computers that run on the

same open standards as other manufacturers, they can design and

manufacture a unique product that no one can easily copy. By

creating what many consider to be a superior product, Apple can

charge more for their computers than other manufacturers. Just

as with the iPad and iPhone, Apple has chosen a strategy of

differentiation, an attempt to avoid commoditization.

Summary

Information systems hardware consists of the components of digital

50 | Information Systems for Business and Beyond (2019)

technology that you can touch. This chapter covered the

components that make up a personal computer, with the

understanding that the configuration of a personal computer is very

similar to that of any type of digital computing device. A personal

computer is made up of many components, most importantly the

CPU, motherboard, RAM, hard disk, removable media, and input/

output devices. Variations on the personal computer, such as the

smartphone, were also examined. Finally, commoditization of the

personal computer was addressed.

Study Questions

1. Write your own description of what the term information

systems hardware means.

2. What has lead to the shift toward mobility in computing?

3. What is the impact of Moore’s Law on the various hardware

components described in this chapter?

4. Write a one page summary of one of the items linked to in the

“Integrated Computing” section.

5. Explain why the personal computer is now considered a

commodity.

6. The CPU can also be thought of as the _____________ of

the computer.

7. List the units of measure for data storage in increasing order

from smallest to largest, kilobyte to yottabyte.

8. What is the bus of a computer?

9. Name two differences between RAM and a hard disk.

10. What are the advantages of solid-state drives over hard disks?

Chapter 2: Hardware | 51

Exercises

1. If you could build your own personal computer, what

components would you purchase? Put together a list of the

components you would use to create it, including a computer

case, motherboard, CPU, hard disk, RAM, and DVD drive. How

can you be sure they are all compatible with each other? How

much would it cost? How does this compare to a similar

computer purchased from a vendor such as Dell or HP?

2. Re-read the section on IoT, then find at least two scholarly

articles about IoT. Prepare a minimum of three slides that

address issues related to IoT. Be sure to give attribution to

your sources.

3. What is the current status of solid-state drives vs. hard disks?

Research online and compare prices, capacities, speed, and

durability. Again, be sure to give attribution to your sources.

Labs

1. Review the sidebar on the binary number system. Represent

the following decimal numbers in binary: 16, 100. Represent the

following binary numbers in decimal: 1011, 100100. Write the

decimal number 254 in an 8-bit byte.

2. Re-read the section on IoT, then look around your building

(dorm, apartment, or house) and make a list of possible

instances of IoTs. Be sure to list their location and likely

function.

1. Moore, G. E. (1965). Cramming more components onto

integrated circuits. Electronics Magazine, 4.

2. Huang, J. (2018, April 2). Move Over Moore’s Law: Make Room

52 | Information Systems for Business and Beyond (2019)

for Huang’s Law. IEEE Spectrum. Retrieved from

https://spectrum.ieee.org/view-from-the-valley/computing/

hardware/move-over-moores-law-make-way-for-huangs-

law↵

3. Wikipedia. (n.d.) Universal Serial Bus. Retrieved from

https://en.wikipedia.org/wiki/USB.

4. Stevens, J. (2017). Mobile Internet Statistics and Facts 2017.

Hosting Facts, August 17, 2017. Retrieved from

https://hostingfacts.com/internet-facts-stats-2016/

5. Statista. (2018). Global market share held by tablet vendors 4th

quarter 2017. Retrieved from https://www.statista.com/

statistics/276635/market-share-held-by-tablet-vendors/

6. Ranger, S. (2018, January 19). What is the IoT? ZDNet. Retrieved

from http://www.zdnet.com/article/what-is-the-internet-of-

things-everything-you-need-to-know-about-the-iot-right-

now/.

Chapter 2: Hardware | 53

Chapter 3: Software

Learning Objectives

Upon successful completion of this chapter, you will be

able to:

• define the term software;

• identify and describe the two primary categories of

software;

• describe the role ERP software plays in an

organization;

• describe cloud computing and its advantages and

disadvantages for use in an organization; and

• define the term open-source and identify its

primary characteristics.

Introduction

The second component of an information system is software, the

set of instructions that tells the hardware what to do. Software

is created by developers through the process of programming

(covered in more detail in Chapter 10). Without software, the

hardware would not be functional.

54 | Chapter 3: Software

Types of Software

Software can be broadly divided into two categories: operating

systems and application software. Operating systems manage the

hardware and create the interface between the hardware and the

user. Application software performs specific tasks such as word

processing, accounting, database management, video games, or

browsing the web.

Operating Systems

An operating system is first loaded into the computer by the

boot program, then it manages all of the programs in the computer,

including both programs native to the operating system such as

file and memory management and application software. Operating

systems provide you with these key functions:

1. managing the hardware resources of the computer;

2. providing the user-interface components;

Chapter 3: Software | 55

Linux Ubuntu desktop

3. providing a platform for software developers to write

applications.

All computing devices require an operating system. The most

popular operating systems for personal computers are: Microsoft

Windows, Apple’s Mac OS, and various versions of Linux.

Smartphones and tablets run operating systems as well, such as

iOS (Apple), Android (Google), Windows Mobile (Microsoft), and

Blackberry.

Microsoft provided the first operating system for the IBM-PC,

released in 1981. Their initial venture into a Graphical User Interface

(GUI) operating system, known as Windows, occurred in 1985.

Today’s Windows 10 supports the 64-bit Intel CPU. Recall that

“64-bit” indicates the size of data that can be moved within the

computer.

Apple introduced the Macintosh computer 1984 with the first

commercially successful GUI. Apple’s operating system for the

Macintosh is known as “Mac OS ” and also uses an Intel CPU

supporting 64-bit processing. Mac OS versions have been named

after mountains such as El Capitan, Sierra, and High Sierra.

Multitasking, virtual memory, and voice input have become

standard features of both operating systems.

The Linux operating system

is open source, meaning

individual developers are

allowed to make modifications

to the programming code.

Linux is a version of the Unix

operating. Unix runs on large

and expensive minicomputers.

Linux developer Linus Torvalds,

a professor in Finland and the creator of Linux, wanted to find a way

to make Unix run on less expensive personal computers. Linux has

many variations and now powers a large percentage of web servers

in the world.

56 | Information Systems for Business and Beyond (2019)

Sidebar: Why Is Microsoft Software So Dominant in the Business World?

If you’ve worked in business, you may have noticed that almost

all computers in business run a version of Microsoft Windows.

However, in classrooms from elementary to college, there is almost

a balance between Macs and PCs. Why has this not extended into

the business world?

As discussed in Chapter 1, many businesses used IBM mainframe

computers back in the 1960s and 1970s. When businesses migrated

to the microcomputer (personal computer) market, they elected to

stay with IBM and chose the PC. Companies took the safe route,

invested in the Microsoft operating system and in Microsoft

software/applications.

Microsoft soon found itself with the dominant personal computer

operating system for businesses. As the networked PC began to

replace the mainframe computer, Microsoft developed a network

operating system along with a complete suite of programs focused

on business users. Today Microsoft Office in its various forms

controls 85% of the market. 1

Application Software

The second major category of software is application software.

1. [1]

Chapter 3: Software | 57

Image of Microsoft Excel

Application software is utilized directly today to accomplish a

specific goal such as word processing, calculations on a

spreadsheet, or surfing the Internet using your favorite browser.

The “Killer” App

When a new type of digital

device is invented, there are

generally a small group of

technology enthusiasts who

will purchase it just for the joy

of figuring out how it works. A

“killer” application is one that

becomes so essential that large

numbers of people will buy a

device just to run that application. For the personal computer, the

killer application was the spreadsheet.

The first spreadsheet was created by an MBA student at Harvard

University who tired of making repeated calculations to determine

the optimal result on a problem and decided to create a tool that

allowed the user to easily change values and recalculate formulas.

The result was the spreadsheet. Today’s dominant spreadsheet is

Microsoft Excel which still retains the basic functionality of the first

spreadsheet.

Productivity Software

Along with the spreadsheet, several other software applications

have become standard tools for the workplace. Known as

productivity software, these programs allow office employees to

complete their daily work efficiently. Many times these applications

58 | Information Systems for Business and Beyond (2019)

come packaged together, such as in Microsoft’s Office suite. Here is

a list of some of these applications and their basic functions:

• Word processing Users can create and edit documents using this class of software. Functions include the ability to type and

edit text, format fonts and paragraphs, as well as add, move,

and delete text throughout the document. Tables and images

can be inserted. Documents can be saved in a variety of

electronic file formats with Microsoft Word’s DOCX being the

most popular. Documents can also be converted to other

formats such as Adobe’s PDF (Portable Document Format) or a

.TXT file.

• Spreadsheet This class of software provides a way to do numeric calculations and analysis, displaying the result in

charts and graphs. The working area is divided into rows and

columns, where users can enter numbers, text, or formulas. It

is the formulas that make a spreadsheet powerful, allowing the

user to develop complex calculations that can change based on

the numbers entered. The most popular spreadsheet package

is Microsoft Excel, which saves its files in the XLSX format.

• Presentation Users can create slideshow presentations using this class of software. The slides can be projected, printed, or

distributed to interested parties. Text, images, audio, and

visual can all be added to the slides. Microsoft’s PowerPoint is

the most popular software right now, saving its files in PPTX

format.

• Some office suites include other types of software. For

example, Microsoft Office includes Outlook, its e-mail

package, and OneNote, an information-gathering collaboration

tool. The professional version of Office also includes Microsoft

Access, a database package. (Databases are covered more in

Chapter 4.)

Microsoft popularized the idea of the office-software productivity

Chapter 3: Software | 59

bundle with their release of the Microsoft Office Suite. This package

continues to dominate the market and most businesses expect

employees to know how to use this software. However, many

competitors to Microsoft Office do exist and are compatible with

the file formats used by Microsoft (see table below). Microsoft also

offers a cloud-based version of their office suite named Microsoft

Office 365. Similar to Google Drive, this suite allows users to edit

and share documents online utilizing cloud-computing technology.

Utility Software and Programming Software

Utility software includes programs that allow you to fix or modify

your computer in some way. Examples include anti-malware

software and programs that totally remove software you no longer

want installed. These types of software packages were created to

fill shortcomings in operating systems. Many times a subsequent

release of an operating system will include these utility functions as

part of the operating system itself.

Programming software’s purpose is to produce software. Most of

60 | Information Systems for Business and Beyond (2019)

Screen shot of Tableau (click to enlarge)

these programs provide developers with an environment in which

they can write the code, test it, and convert/compile it into the

format that can then be run on a computer. This software is typically

identified as the Integrated Development Environment (IDE) and is

provided free from the corporation that developed the

programming language that will be used to write the code.

Sidebar: “PowerPointed” to Death

As presentation software has

gained acceptance as the

primary method to formally

present information to a group

or class, the art of giving an

engaging presentation is

becoming rare. Many

presenters now just read the

bullet points in the

presentation and immediately bore those in attendance, who can

already read it for themselves. The real problem is not with

PowerPoint as much as it is with the person creating and presenting.

Author and chief evangelist Guy Kawasaki has developed the 10/20/

30 rule for Powerpoint users. Just remember: 10 slides, 20 minutes,

30 point font.” 2 If you are determined to improve your PowerPoint

skills, read Presentation Zen by Garr Reynolds.

New digital presentation technologies are being developed that

go beyond Powerpoint. For example, Prezi uses a single canvas for

the presentation, allowing presenters to place text, images, and

2. [2]

Chapter 3: Software | 61

other media on the canvas, and then navigate between these objects

as they present. Tools such as Tableau allow users to analyze data in

depth and create engaging interactive visualizations.

Sidebar: I Own This Software, Right? Well…

When you purchase software and install it on your computer, are

you the owner of that software? Technically, you are not! When you

install software, you are actually just being given a license to use it.

When you first install a package, you are asked to agree to the terms

of service or the license agreement. In that agreement, you will find

that your rights to use the software are limited. For example, in

the terms of the Microsoft Office software license, you will find

the following statement: “This software is licensed, not sold. This

agreement only gives you some rights to use the features included

in the software edition you licensed.”

For the most part, these restrictions are what you would expect.

You cannot make illegal copies of the software and you may not use

it to do anything illegal. However, there are other, more unexpected

terms in these software agreements. For example, many software

agreements ask you to agree to a limit on liability. Again, from

Microsoft: “Limitation on and exclusion of damages. You can

recover from Microsoft and its suppliers only direct damages up to

the amount you paid for the software. You cannot recover any other

damages, including consequential, lost profits, special, indirect or

incidental damages.” This means if a problem with the software

causes harm to your business, you cannot hold Microsoft or the

supplier responsible for damages.

62 | Information Systems for Business and Beyond (2019)

Applications for the Enterprise

As the personal computer proliferated inside organizations, control

over the information generated by the organization began

splintering. For instance, the customer service department creates

a customer database to keep track of calls and problem reports,

and the sales department also creates a database to keep track of

customer information. Which one should be used as the master

list of customers? Or perhaps someone in sales might create a

spreadsheet to calculate sales revenue, while someone in finance

creates a different revenue document that meets the needs of their

department, but calculates revenue differently. The two

spreadsheets will report different revenue totals. Which one is

correct? And who is managing all of this information?

Enterprise Resource Planning

In the 1990s

the need to bring an organization’s information back under

centralized control became more apparent. The Enterprise

Resource Planning (ERP) system (sometimes just called enterprise

software) was developed to bring together an entire organization

within one program. ERP software utilizes a central database that

is implemented throughout the entire organization. Here are some

key points about ERP.

• A software application. ERP is an application that is used by

Chapter 3: Software | 63

many of an organization’s employees.

• Utilizes a central database. All users of the ERP edit and save their information from the same data source. For example, this

means there is only one customer table in the database, there

is only one sales (revenue) table in the database, etc.

• Implemented organization-wide. ERP systems include functionality that covers all of the essential components of a

business. An organization can purchase modules for its ERP

system that match specific needs such as order entry,

manufacturing, or planning.

ERP systems were originally marketed to large corporations.

However, as more and more large companies began installing them,

ERP vendors began targeting mid-sized and even smaller

businesses. Some of the more well-known ERP systems include

those from SAP, Oracle, and Microsoft.

In order to effectively implement an ERP system in an

organization, the organization must be ready to make a full

commitment. All aspects of the organization are affected as old

systems are replaced by the ERP system. In general, implementing

an ERP system can take two to three years and cost several million

dollars.

So why implement an ERP system? If done properly, an ERP

system can bring an organization a good return on their investment.

By consolidating information systems across the enterprise and

using the software to enforce best practices, most organizations

see an overall improvement after implementing an ERP. Business

processes as a form of competitive advantage will be covered in

Chapter 9.

64 | Information Systems for Business and Beyond (2019)

Customer Relationship Management

A Customer Relationship Management (CRM) system manages an

organization’s customers. In today’s environment, it is important to

develop relationships with your customers, and the use of a well-

designed CRM can allow a business to personalize its relationship

with each of its customers. Some ERP software systems include

CRM modules. An example of a well-known CRM package is

Salesforce.

Supply Chain Management

Supply Chain

Many organizations must deal with the complex task of managing

their supply chains. At its simplest, a supply chain is the linkage

between an organization’s suppliers, its manufacturing facilities,

and the distributors of its products. Each link in the chain has a

multiplying effect on the complexity of the process. For example,

if there are two suppliers, one manufacturing facility, and two

distributors, then the number of links to manage = 4 ( 2 x 1 x

2 ). However, if two more suppliers are added, plus another

manufacturing facility, and two more distributors, then the number

of links to manage = 32 ( 4 x 2 x 4 ). Also, notice in the above

illustration that all arrows have two heads, indicating that

information flows in both directions. Suppliers are part of a

business’s supply chain. They provide information such as price,

size, quantity, etc. to the business. In turn, the business provides

information such as quantity on hand at every store to the supplier.

The key to successful supply chain management is the information

system.

Chapter 3: Software | 65

A Supply Chain Management (SCM) system handles the

interconnection between these links as well as the inventory of

the products in their various stages of development. As discussed

previously much of Walmart’s success has come from its ability

to identify and control the supply chain for its products. Walmart

invested heavily in their information system so they could

communicate with their suppliers and manage the thousands of

products they sell.

Walmart realized in the 1980s that the key to their success was

information systems. Specifically, they needed to manage their

complex supply chain with its thousands of suppliers, thousands

of retail outlets, and millions of customers. Their success came

from being able to integrate information systems to every entity

(suppliers, warehouses, retail stores) through the sharing of sales

and inventory data. Take a moment to study the diagram

above…look for the double-headed arrow. Notice that data flows

down the supply chain from suppliers to retail stores. But it also

flows up the supply chain, back to the suppliers so they can be up to

date regarding production and shipping.

Mobile Applications

Just as with the personal computer, mobile devices such as

66 | Information Systems for Business and Beyond (2019)

smartphones and electronic tablets also have operating systems and

application software. These mobile devices are in many ways just

smaller versions of personal computers. A mobile app is a software

application designed to run specifically on a mobile device.

As shown in Chapter 2, smartphones are becoming a dominant

form of computing, with more smartphones being sold than

personal computers. A greater discussion of PC and smartphone

sales appears in Chapter 13, along with statistics regarding the

decline in tablet sales. Businesses have adjusted to this trend by

increasing their investment in the development of apps for mobile

devices. The number of mobile apps in the Apple App Store has

increased from zero in 2008 to over 2 million in 2017. 3

Building a mobile app will will be covered in Chapter 10.

Cloud Computing

Historically, for software to run on a computer an individual copy

of the software had to be installed on the computer. The concept of

“cloud” computing changes this.

Cloud Computing

The “cloud” refers to applications, services, and data storage

located on the Internet. Cloud service providers rely on giant server

farms and massive storage devices that are connected via the

Internet. Cloud computing allows users to access software and data

storage services on the Internet.

You probably already use cloud computing in some form. For

example, if you access your e-mail via your web browser, you are

3. [3]

Chapter 3: Software | 67

using a form of cloud computing if you are using Google Drive’s

applications. While these are free versions of cloud computing,

there is big business in providing applications and data storage over

the web. Cloud computing is not limited to web applications. It can

also be used for services such as audio or video streaming.

Advantages of Cloud Computing

• No software to install or upgrades to maintain.

• Available from any computer that has access to the Internet.

• Can scale to a large number of users easily.

• New applications can be up and running very quickly.

• Services can be leased for a limited time on an as-needed

basis.

• Your information is not lost if your hard disk crashes or your

laptop is lost or stolen.

• You are not limited by the available memory or disk space on

your computer.

Disadvantages of Cloud Computing

• Your information is stored on someone else’s computer.

• You must have Internet access to use it.

• You are relying on a third-party to provide these services.

Cloud computing has the ability to really impact how

organizations manage technology. For example, why is an IT

department needed to purchase, configure, and manage personal

computers and software when all that is really needed is an Internet

connection?

68 | Information Systems for Business and Beyond (2019)

Using a Private Cloud

Many organizations are understandably nervous about giving up

control of their data and some of their applications by using cloud

computing. But they also see the value in reducing the need for

installing software and adding disk storage to local computers. A

solution to this problem lies in the concept of a private cloud. While

there are various models of a private cloud, the basic idea is for

the cloud service provider to section off web server space for a

specific organization. The organization has full control over that

server space while still gaining some of the benefits of cloud

computing.

Virtualization

Virtualization is the process of using software to simulate a

computer or some other device. For example, using virtualization

a single physical computer can perform the functions of several

virtual computers, usually referred to as Virtual Machines (VMs).

Organizations implement virtual machines in an effort to reduce

the number of physical servers needed to provide the necessary

services to users. This reduction in the number of physical servers

also reduces the demand for electricity to run and cool the physical

servers. For more detail on how virtualization works, see this

informational page from VMWare.

Chapter 3: Software | 69

Example program “Hello World” written in Java

Software Creation

Modern software applications

are written using a

programming language such as

Java, Visual C, C++, Python, etc.

A programming language

consists of a set of commands

and syntax that can be

organized logically to execute

specific functions. Using this language a programmer writes a

program (known as source code) that can then be compiled into

machine-readable form, the ones and zeroes necessary to be

executed by the CPU. Languages such as HTML and Javascript are

used to develop web pages.

Open-Source Software

When the personal computer was first released, computer

enthusiasts banded together to build applications and solve

problems. These computer enthusiasts were motivated to share any

programs they built and solutions to problems they found. This

collaboration enabled them to more quickly innovate and fix

problems.

As software began to become a business, however, this idea of

sharing everything fell out of favor with many developers. When a

program takes hundreds of hours to develop, it is understandable

that the programmers do not want to just give it away. This led to a

new business model of restrictive software licensing which required

payment for software, a model that is still dominant today. This

model is sometimes referred to as closed source, as the source code

is not made available to others.

70 | Information Systems for Business and Beyond (2019)

There are many, however, who feel that software should not be

restricted. Just as with those early hobbyists in the 1970s, they feel

that innovation and progress can be made much more rapidly if

they share what has been learned. In the 1990s, with Internet access

connecting more people together, the open-source movement

gained steam.

Open Office Suite

Open-source software makes the source code available for

anyone to copy and use. For most people having access to the

source code of a program does little good since it is challenging to

modify existing programming code. However, open-source software

is also available in a compiled format that can be downloaded and

installed. The open-source movement has led to the development

of some of the most used software in the world such as the Firefox

browser, the Linux operating system, and the Apache web server.

Many businesses are wary of open-source software precisely

because the code is available for anyone to see. They feel that this

increases the risk of an attack. Others counter that this openness

actually decreases the risk because the code is exposed to

thousands of programmers who can incorporate code changes to

quickly patch vulnerabilities.

There are thousands of open-source applications available for

download. For example, you can get the productivity suite from

Chapter 3: Software | 71

Open Office. One good place to search for open-source software is

sourceforge.net, where thousands of programs are available for free

download.

Summary

Software gives the instructions that tell the hardware what to do.

There are two basic categories of software: operating systems and

applications. Operating systems interface with the computer

hardware and make system resources available. Application

software allows users to accomplish specific tasks such as word

processing, presentations, or databases. This group is also referred

to as productivity software. An ERP system stores all data in a

centralized database that is made accessible to all programs and

departments across the organization. Cloud computing provides

access to software and databases from the Internet via a web

browser. Developers use various programming languages to develop

software.

Study Questions

1. Develop your own definition of software being certain to

explain the key terms.

2. What are the primary functions of an operating system?

3. Which of the following are operating systems and which are

applications: Microsoft Excel, Google Chrome, iTunes,

Windows, Android, Angry Birds.

4. What is your favorite software application? What tasks does it

help you accomplish?

72 | Information Systems for Business and Beyond (2019)

5. How would you categorize the software that runs on mobile

devices? Break down these apps into at least three basic

categories and give an example of each.

6. What does an ERP system do?

7. What is open-source software? How does it differ from closed-

source software? Give an example of each.

8. What does a software license grant to the purchaser of the

software?

Exercises

1. Find a case study online about the implementation of an ERP

system. Was it successful? How long did it take? Does the case

study tell you how much money the organization spent?

2. If you were running a small business with limited funds for

information technology, would you consider using cloud

computing? Find some web-based resources that support your

decision.

3. Go to sourceforge.net and review their most downloaded

software applications. Report on the variety of applications you

find. Then pick one that interests you and report back on what

it does, the kind of technical support offered, and the user

reviews.

4. Review this article on the security risks of open-source

software. Write a short analysis giving your opinion on the

different risks discussed.

5. List three examples of programming languages? What features

in each language makes it useful to developers?

Chapter 3: Software | 73

Lab

1. Download Apache Open Office and create a document. Note: If

your computer does not have Java Runtime Environment (JRE)

32-bit (x86) installed, you will need to download it first from

this site.Open Office runs only in 32-bit (x86) mode. Here is a

link to the Getting Started documentation for Open Office.

How does it compare to Microsoft Office? Does the fact that

you got it for free make it feel less valuable?

1. Statista. (2017). Microsoft – Statistics & Facts. Retrieved from

https://www.statista.com/topics/823/microsoft/

2. Kawasaki, G. (n.d.). The 10/20/30 Rules for PowerPoint.

Retrieved from https://guykawasaki.com/the_102030_rule/.↵

3. Statista. (2018). Number of apps in Apple App Store July 2008 to

January 2017. Retrieved from https:https://www.statista.com/

statistics/263795/number-of-available-apps-in-the-apple-

app-store/.↵

74 | Information Systems for Business and Beyond (2019)

Chapter 4: Data and Databases

Learning Objectives

Upon successful completion of this chapter, you

will be able to:

• Describe the differences between data,

information, and knowledge;

• Describe why database technology must be

used for data resource management;

• Define the term database and identify the

steps to creating one;

• Describe the role of a database

management system;

• Describe the characteristics of a data

warehouse; and

• Define data mining and describe its role in

an organization.

Chapter 4: Data and Databases | 75

Introduction

You have already been introduced to the first two components of

information systems: hardware and software. However, those two

components by themselves do not make a computer useful. Imagine

if you turned on a computer, started the word processor, but could

not save a document. Imagine if you opened a music player but

there was no music to play. Imagine opening a web browser but

there were no web pages. Without data, hardware and software

are not very useful! Data is the third component of an information

system.

Data, Information, and Knowledge

There have been many definitions and theories about data,

information, and knowledge. The three terms are often used

interchangeably, although they are distinct in nature. We define

and illustrate the three terms from the perspective of information

systems.

76 | Information Systems for Business and Beyond (2019)

Data are the raw facts, and may

be devoid of context or intent. For example, a sales order of

computers is a piece of data. Data can be quantitative or qualitative.

Quantitative data is numeric, the result of a measurement, count,

or some other mathematical calculation. Qualitative data is

descriptive. “Ruby Red,” the color of a 2013 Ford Focus, is an example

of qualitative data. A number can be qualitative too: if I tell you my

favorite number is 5, that is qualitative data because it is descriptive,

not the result of a measurement or mathematical calculation.

Information is processed data that possess context, relevance, and

purpose. For example, monthly sales calculated from the collected

daily sales data for the past year are information. Information

typically involves the manipulation of raw data to obtain an

indication of magnitude, trends, in patterns in the data for a

purpose.

Knowledge in a certain area is human beliefs or perceptions about

relationships among facts or concepts relevant to that area. For

example, the conceived relationship between the quality of goods

Chapter 4: Data and Databases | 77

and the sales is knowledge. Knowledge can be viewed as

information that facilitates action.

Once we have put our data into context, aggregated and analyzed

it, we can use it to make decisions for our organization. We can

say that this consumption of information produces knowledge. This

knowledge can be used to make decisions, set policies, and even

spark innovation.

Explicit knowledge typically refers to knowledge that can be

expressed into words or numbers. In contrast, tacit knowledge

includes insights and intuitions, and is difficult to transfer to

another person by means of simple communications.

Evidently, when information or explicit knowledge is captured

and stored in computer, it would become data if the context or

intent is devoid.

The final step up the information ladder is the step from

knowledge (knowing a lot about a topic) to wisdom. We can say

that someone has wisdom when they can combine their knowledge

and experience to produce a deeper understanding of a topic. It

often takes many years to develop wisdom on a particular topic, and

requires patience.

Big Data

Almost all software programs require data to do anything useful.

For example, if you are editing a document in a word processor

such as Microsoft Word, the document you are working on is the

data. The word-processing software can manipulate the data: create

a new document, duplicate a document, or modify a document.

Some other examples of data are: an MP3 music file, a video file, a

spreadsheet, a web page, a social media post, and an e-book.

Recently, big data has been capturing the attention of all types of

organizations. The term refers to such massively large data sets that

conventional data processing technologies do not have sufficient

78 | Information Systems for Business and Beyond (2019)

power to analyze them. For example, Walmart must process millions

customer transactions every hour across the world. Storing and

analyzing that much data is beyond the power of traditional data

management tools. Understanding and developing the best tools

and techniques to manage and analyze these large data sets are a

problem that governments and businesses alike are trying to solve.

Databases

The goal of many information systems is to transform data into

information in order to generate knowledge that can be used for

decision making. In order to do this, the system must be able to take

data, allow the user to put the data into context, and provide tools

for aggregation and analysis. A database is designed for just such a

purpose.

Why Databases?

Data is a valuable resource in the organization. However, many

people do not know much about database technology, but use non-

database tools, such as Excel spreadsheet or Word document, to

store and manipulate business data, or use poorly designed

databases for business processes. As a result, the data are

redundant, inconsistent, inaccurate, and corrupted. For a small

data set, the use of non-database tools such as spreadsheet may

not cause serious problem. However, for a large organization,

corrupted data could lead to serious errors and destructive

consequences. The common defects in data resources management

are explained as follows.

(1) No control of redundant data

People often keep redundant data for convenience. Redundant

Chapter 4: Data and Databases | 79

data could make the data set inconsistent. We use an illustrative

example to explain why redundant data are harmful. Suppose the

registrar’s office has two separate files that store student data: one

is the registered student roster which records all students who have

registered and paid the tuition, and the other is student grade roster

which records all students who have received grades.

As you can see from the two spreadsheets, this data management

system has problems. The fact that “Student 4567 is Mary Brown,

and her major is Finance” is stored more than once. Such

occurrences are called data redundancy. Redundant data often

make data access convenient, but can be harmful. For example, if

Mary Brown changes her name or her major, then all her names and

major stored in the system must be changed altogether. For small

data systems, such a problem looks trivial. However, when the data

system is huge, making changes to all redundant data is difficult if

not impossible. As a result of data redundancy, the entire data set

can be corrupted.

(2) Violation of data integrity

Data integrity means consistency among the stored data. We

use the above illustrative example to explain the concept of data

integrity and how data integrity can be violated if the data system is

flawed. You can find that Alex Wilson received a grade in MKT211;

however, you can’t find Alex Wilson in the student roster. That is,

the two rosters are not consistent. Suppose we have a data integrity

control to enforce the rules, say, “no student can receive a grade

unless she/he has registered and paid tuition”, then such a violation

of data integrity can never happen.

(3) Relying on human memory to store and to search needed data

The third common mistake in data resource management is the

80 | Information Systems for Business and Beyond (2019)

over use of human memory for data search. A human can remember

what data are stored and where the data are stored, but can also

make mistakes. If a piece of data is stored in an un-remembered

place, it has actually been lost. As a result of relying on human

memory to store and to search needed data, the entire data set

eventually becomes disorganized.

To avoid the above common flaws in data resource management,

database technology must be applied. A database is an organized

collection of related data. It is an organized collection, because in

a database, all data is described and associated with other data.

For the purposes of this text, we will only consider computerized

databases.

Though not good for replacing databases, spreadsheets can be

ideal tools for analyzing the data stored in a database. A spreadsheet

package can be connected to a specific table or query in a database

and used to create charts or perform analysis on that data.

Data Models and Relational Databases

Databases can be organized in many different ways by using

different models. The data model of a database is the logical

structure of data items and their relationships. There have been

several data models. Since the 1980s, the relational data model

has been popularized. Currently, relational database systems are

commonly used in business organizations with few exceptions. A

relational data model is easy to understand and use.

In a relational database, data is organized into tables (or relations).

Each table has a set of fields which define the structure of the data

stored in the table. A record is one instance of a set of fields in a

table. To visualize this, think of the records as the rows (or tuple) of

the table and the fields as the columns of the table.

In the example below, we have a table of student data, with each

row representing a student record , and each column representing

Chapter 4: Data and Databases | 81

one filed of the student record. A special filed or a combination

of fields that determines the unique record is called primary key

(or key). A key is usually the unique identification number of the

records.

Rows and columns in a table

Designing a Database

Suppose a university wants to create a School Database to track

data. After interviewing several people, the design team learns that

the goal of implementing the system is to give better insight into

students’ performance and academic resources. From this, the

team decides that the system must keep track of the students, their

grades, courses, and classrooms. Using this information, the design

team determines that the following tables need to be created:

• STUDENT: student name, major, and e-mail.

• COURSE: course title, enrollment capacity.

• GRADE: this table will correlate STUDENT with COURSE,

allowing us to have any given student to enroll multiple

courses and to receive a grade for each course.

• CLASSROOM: classroom location, classroom type, and

classroom capacity

82 | Information Systems for Business and Beyond (2019)

Now that the design team has determined which tables to create,

they need to define the specific data items that each table will hold.

This requires identifying the fields that will be in each table. For

example, course title would be one of the fields in the COURSE

table. Finally, since this will be a relational database, every table

should have a field in common with at least one other table (in other

words, they should have relationships with each other).

A primary key must be selected for each table in a relational

database. This key is a unique identifier for each record in the table.

For example, in the STUDENT table, it might be possible to use the

student name as a way to identify a student. However, it is more

than likely that some students share the same name. A student’s

e-mail address might be a good choice for a primary key, since e-

mail addresses are unique. However, a primary key cannot change,

so this would mean that if students changed their e-mail address we

would have to remove them from the database and then re-insert

them – not an attractive proposition. Our solution is to use student

ID as the primary key of the STUDENT table. We will also do this

for the COURSE table and the CLASSROOM table. This solution is

quite common and is the reason you have so many IDs! The primary

key of table can be just one field, but can also be a combination of

two or more fields. For example, the combination of StudentID and

CourseID the GRADE table can be the primary key of the GRADE

table, which means that a grade is received by a particular student

for a specific course.

The next step of design of database is to identify and make the

relationships between the tables so that you can pull the data

together in meaningful ways. A relationship between two tables is

implemented by using a foreign key. A foreign key is a field in one

table that connects to the primary key data in the original table. For

example, ClassroomID in the COURSE table is the foreign key that

connects to the primary key ClassroomID in the CLASSROOM table.

With this design, not only do we have a way to organize all of the

data we need and have successfully related all the table together to

Chapter 4: Data and Databases | 83

Tables of the student database

meet the requirements, but have also prevented invalid data from

being entered into the database. You can see the final database

design in the figure below:

Normalization

When designing a database, one important concept to understand

is normalization. In simple terms, to normalize a database means to

design it in a way that: 1) reduces data redundancy; and 2) ensure

data integrity.

In the School Database design, the design team worked to achieve

these objectives. For example, to track grades, a simple (and wrong)

solution might have been to create a Student field in the COURSE

table and then just list the names of all of the students there.

However, this design would mean that if a student takes two or

more courses, then his or her data would have to be entered twice

or more times. This means the data are redundant. Instead, the

designers solved this problem by introducing the GRADE table.

In this design, when a student registers into the school system

before taking a course, we first must add the student to the

STUDENT table, where their ID, name, major, and e-mail address

are entered. Now we will add a new entry to denote that the

student takes a specific course. This is accomplished by adding a

record with the StudentD and the CourseID in the GRADE table.

If this student takes a second course, we do not have to duplicate

the entry of the student’s name, major, and e-mail; instead, we

84 | Information Systems for Business and Beyond (2019)

only need to make another entry in the GRADE table of the second

course’s ID and the student’s ID.

The design of the School database also makes it simple to change

the design without major modifications to the existing structure.

For example, if the design team were asked to add functionality

to the system to track instructors who teach the courses, we could

easily accomplish this by adding a PROFESSOR table (similar to the

STUDENT table) and then adding a new field to the COURSE table

to hold the professors’ ID.

Data Types

When defining the fields in a database table, we must give each field

a data type. For example, the field StudentName is text string, while

EnrollmentCapacity is number. Most modern databases allow for

several different data types to be stored. Some of the more common

data types are listed here:

• Text: for storing non-numeric data that is brief, generally

under 256 characters. The database designer can identify the

maximum length of the text.

• Number: for storing numbers. There are usually a few different

number types that can be selected, depending on how large

the largest number will be.

• Boolean: a data type with only two possible values, such as 0 or

1, “true” or “false”, “yes” or “no”.

• Date/Time: a special form of the number data type that can be

interpreted as a number or a time.

• Currency: a special form of the number data type that formats

all values with a currency indicator and two decimal places.

• Paragraph Text: this data type allows for text longer than 256

characters.

• Object: this data type allows for the storage of data that cannot

Chapter 4: Data and Databases | 85

Open Office Database Management System

be entered via keyboard, such as an image or a music file.

There are two important reasons that we must properly define

the data type of a field. First, a data type tells the database what

functions can be performed with the data. For example, if we wish

to perform mathematical functions with one of the fields, we must

be sure to tell the database that the field is a number data type. For

example, we can subtract the course capacity from the classroom

capacity to find out the number of extra seats available.

The second important reason to define data type is so that the

proper amount of storage space is allocated for our data. For

example, if the StudentName field is defined as a Text(50) data type,

this means 50 characters are allocated for each name we want to

store. If a student’s name is longer than 50 characters, the database

will truncate it.

Database Management Systems

To the computer, a database

looks like one or more files. In

order for the data in the

database to be stored, read,

changed, added, or removed, a

software program must access

it. Many software applications

have this ability: iTunes can

read its database to give you a listing of its songs (and play the

songs); your mobile-phone software can interact with your list of

contacts. But what about applications to create or manage a

database? What software can you use to create a database, change

a database’s structure, or simply do analysis? That is the purpose of

a category of software applications called database management

systems (DBMS).

86 | Information Systems for Business and Beyond (2019)

DBMS packages generally provide an interface to view and change

the design of the database, create queries, and develop reports.

Most of these packages are designed to work with a specific type

of database, but generally are compatible with a wide range of

databases.

A database that can only be used by a single user at a time is not

going to meet the needs of most organizations. As computers have

become networked and are now joined worldwide via the Internet,

a class of database has emerged that can be accessed by two, ten,

or even a million people. These databases are sometimes installed

on a single computer to be accessed by a group of people at a

single location. Other times, they are installed over several servers

worldwide, meant to be accessed by millions. In enterprises the

relational DBMS are built and supported by companies such as

Oracle, Microsoft SQL Server, and IBM Db2. The open-source

MySQL is also an enterprise database.

Microsoft Access and Open Office Base are examples of personal

database-management systems. These systems are primarily used

to develop and analyze single-user databases. These databases are

not meant to be shared across a network or the Internet, but are

instead installed on a particular device and work with a single user

at a time. Apache OpenOffice.org Base (see screen shot) can be

used to create, modify, and analyze databases in open-database

(ODB) format. Microsoft’s Access DBMS is used to work with

databases in its own Microsoft Access Database format. Both Access

and Base have the ability to read and write to other database

formats as well.

Structured Query Language

Once you have a database designed and loaded with data, how

will you do something useful with it? The primary way to work

Chapter 4: Data and Databases | 87

with a relational database is to use Structured Query Language,

SQL (pronounced “sequel,” or simply stated as S-Q-L). Almost all

applications that work with databases (such as database

management systems, discussed below) make use of SQL as a way to

analyze and manipulate relational data. As its name implies, SQL is a

language that can be used to work with a relational database. From

a

simple request for data to a complex update operation, SQL is a

mainstay of programmers and database administrators. To give you

a taste of what SQL might look like, here are a couple of examples

using our School database:

The following query will retrieve the major of student John

Smith from the STUDENT table:

SELECT StudentMajor FROM STUDENT WHERE StudentName = ‘John Smith’;

The following query will list the total number of students in

the STUDENT table:

SELECT COUNT(*) FROM STUDENT;

SQL can be embedded in many computer languages that are used

to develop platform-independent web-based applications. An in-

depth description of how SQL works is beyond the scope of this

introductory text, but these examples should give you an idea of

the power of using SQL to manipulate relational databases. Many

DBMS, such as Microsoft Access, allow you to use QBE (Query-by-

Example), a graphical query tool, to retrieve data though visualized

commands. QBE generates SQL for you, and is easy to use. In

comparison with SQL, QBE has limited functionalities and is unable

to work without the DBMS environment.

88 | Information Systems for Business and Beyond (2019)

Other Types of Databases

The relational database model is the most used database model

today. However, many other database models exist that provide

different strengths than the relational model. The hierarchical

database model, popular in the 1960s and 1970s, connected data

together in a hierarchy, allowing for a parent/child relationship

between data. The document-centric model allowed for a more

unstructured data storage by placing data into “documents” that

could then be manipulated.

Perhaps the most interesting new development is the concept

of NoSQL (from the phrase “not only SQL”). NoSQL arose from the

need to solve the problem of large-scale databases spread over

several servers or even across the world. For a relational database

to work properly, it is important that only one person be able to

manipulate a piece of data at a time, a concept known as record-

locking. But with today’s large-scale databases (think Google and

Amazon), this is just not possible. A NoSQL database can work with

data in a looser way, allowing for a more unstructured environment,

communicating changes to the data over time to all the servers that

are part of the database.

As stated earlier, the relational database model does not scale

well. The term scale here refers to a database getting larger

and larger, being distributed on a larger number of computers

connected via a network. Some companies are looking to provide

large-scale database solutions by moving away from the relational

model to other, more flexible models. For example, Google now

offers the App Engine Datastore, which is based on NoSQL.

Developers can use the App Engine Datastore to develop

applications that access data from anywhere in the world.

Amazon.com offers several database services for enterprise use,

including Amazon RDS, which is a relational database service, and

Amazon DynamoDB, a NoSQL enterprise solution.

Chapter 4: Data and Databases | 89

Sidebar: What Is Metadata?

The term metadata can be understood as “data about data.”

Examples of metadata of database are:

• number of records

• data type of field

• size of field

• description of field

• default value of field

• rules of use.

When a database is being designed, a “data dictionary” is created to

hold the metadata, defining the fields and structure of the database.

Finding Value in Data: Business Intelligence

With the rise of Big Data and a myriad of new tools and techniques

at their disposal, businesses are learning how to use information to

their advantage. The term business intelligence is used to describe

the process that organizations use to take data they are collecting

and analyze it in the hopes of obtaining a competitive advantage.

Besides using their own data, stored in data warehouses (see below),

firms often purchase information from data brokers to get a big-

picture understanding of their industries and the economy. The

results of these analyses can drive organizational strategies and

provide competitive advantage.

90 | Information Systems for Business and Beyond (2019)

Data Visualization

Data visualization is the graphical representation of information and

data. These graphical representations (such as charts, graphs, and

maps) can quickly summarize data in a way that is more intuitive

and can lead to new insights and understandings. Just as a picture

of a landscape can convey much more than a paragraph of text

attempting to describe it, graphical representation of data can

quickly make meaning of large amounts of data. Many times,

visualizing data is the first step towards a deeper analysis and

understanding of the data collected by an organization. Examples of

data visualization software include Tableau and Google Data Studio.

Data Warehouses

As organizations have begun to utilize databases as the centerpiece

of their operations, the need to fully understand and leverage the

data they are collecting has become more and more apparent.

However, directly analyzing the data that is needed for day-to-day

operations is not a good idea; we do not want to tax the operations

of the company more than we need to. Further, organizations also

want to analyze data in a historical sense: How does the data we

have today compare with the same set of data this time last month,

or last year? From these needs arose the concept of the data

warehouse.

The concept of the data warehouse is simple: extract data from

one or more of the organization’s databases and load it into the

data warehouse (which is itself another database) for storage and

analysis. However, the execution of this concept is not that simple.

A data warehouse should be designed so that it meets the following

criteria:

• It uses non-operational data. This means that the data

Chapter 4: Data and Databases | 91

Data Warehouse Process (top-down)

warehouse is using a copy of data from the active databases

that the company uses in its day-to-day operations, so the

data warehouse must pull data from the existing databases on

a regular, scheduled basis.

• The data is time-variant. This means that whenever data is

loaded into the data warehouse, it receives a time stamp,

which allows for comparisons between different time periods.

• The data is standardized. Because the data in a data warehouse

usually comes from several different sources, it is possible that

the data does not use the same definitions or units. For

example, each database uses its own format for dates (e.g.,

mm/dd/yy, or dd/mm/yy, or yy/mm/dd, etc.). In order for

the data warehouse to match up dates, a standard date format

would have to be agreed upon and all data loaded into the data

warehouse would have to be converted to use this standard

format. This process is called extraction-transformation-load

(ETL).

There are two primary schools of thought when designing a data

warehouse: bottom-up and top-down. The bottom-up approach

starts by creating small data warehouses, called data marts, to solve

specific business problems. As these data marts are created, they

can be combined into a larger data warehouse. The top- down

approach suggests that we should start by creating an enterprise-

wide data warehouse and then, as specific business needs are

identified, create smaller data marts from the data warehouse.

Benefits of Data Warehouses

Organizations find data

warehouses quite beneficial for a number of reasons:

92 | Information Systems for Business and Beyond (2019)

• The process of developing a data warehouse forces an

organization to better understand the data that it is currently

collecting and, equally important, what data is not being

collected.

• A data warehouse provides a centralized view of all data being

collected across the enterprise and provides a means for

determining data that is inconsistent.

• Once all data is identified as consistent, an organization can

generate “one version of the truth”. This is important when the

company wants to report consistent statistics about itself,

such as revenue or number of employees.

• By having a data warehouse, snapshots of data can be taken

over time. This creates a historical record of data, which allows

for an analysis of trends.

• A data warehouse provides tools to combine data, which can

provide new information and analysis.

Data Mining and Machine Learning

Data mining is the process of analyzing data to find previously

unknown and interesting trends, patterns, and associations in order

to make decisions. Generally, data mining is accomplished through

automated means against extremely large data sets, such as a data

warehouse. Some examples of data mining include:

• An analysis of sales from a large grocery chain might

determine that milk is purchased more frequently the day after

it rains in cities with a population of less than 50,000.

• A bank may find that loan applicants whose bank accounts

show particular deposit and withdrawal patterns are not good

credit risks.

• A baseball team may find that collegiate baseball players with

specific statistics in hitting, pitching, and fielding make for

Chapter 4: Data and Databases | 93

more successful major league players.

One data mining method that an organization can use to do these

analyses is called machine learning. Machine learning is used to

analyze data and build models without being explicitly programmed

to do so. Two primary branches of machine learning exist:

supervised learning and unsupervised learning.

Supervised learning occurs when an organization has data about

past activity that has occurred and wants to replicate it. For

example, if they want to create a new marketing campaign for a

particular product line, they may look at data from past marketing

campaigns to see which of their consumers responded most

favorably. Once the analysis is done, a machine learning model is

created that can be used to identify these new customers. It is called

“supervised” learning because we are directing (supervising) the

analysis towards a result (in our example: consumers who respond

favorably). Supervised learning techniques include analyses such as

decision trees, neural networks, classifiers, and logistic regression.

Unsupervised learning occurs when an organization has data and

wants to understand the relationship(s) between different data

points. For example, if a retailer wants to understand purchasing

patterns of its customers, an unsupervised learning model can be

developed to find out which products are most often purchased

together or how to group their customers by purchase history. Is

it called “unsupervised” learning because no specific outcome is

expected. Unsupervised learning techniques include clustering and

association rules.

Privacy Concerns

The increasing power of data mining has caused concerns for many,

especially in the area of privacy. In today’s digital world, it is

becoming easier than ever to take data from disparate sources and

94 | Information Systems for Business and Beyond (2019)

combine them to do new forms of analysis. In fact, a whole industry

has sprung up around this technology: data brokers. These firms

combine publicly accessible data with information obtained from

the government and other sources to create vast warehouses of

data about people and companies that they can then sell. This

subject will be covered in much more detail in chapter 12 – the

chapter on the ethical concerns of information systems.

Sidebar: What is data science? What is data analytics?

The term “data science” is a popular term meant to describe the

analysis of large data sets to find new knowledge. For the past

several years, it has been considered one of the best career fields

to get into due to its explosive growth and high salaries. While a

data scientist does many different things, their focus is generally

on analyzing large data sets using various programming methods

and software tools to create new knowledge for their organization.

Data scientists are skilled in machine learning and data visualization

techniques. The field of data science is constantly changing, and

data scientists are on the cutting edge of work in areas such as

artificial intelligence and neural networks.

Knowledge Management

We end the chapter with a discussion on the concept of knowledge

management (KM). All companies accumulate knowledge over the

Chapter 4: Data and Databases | 95

course of their existence. Some of this knowledge is written down

or saved, but not in an organized fashion. Much of this knowledge

is not written down; instead, it is stored inside the heads of its

employees. Knowledge management is the process of creating,

formalizing the capture, indexing, storing, and sharing of the

company’s knowledge in order to benefit from the experiences and

insights that the company has captured during its existence.

Summary

In this chapter, we learned about the role that data and databases

play in the context of information systems. Data is made up of

facts of the world. If you process data in a particular context, then

you have information. Knowledge is gained when information is

consumed and used for decision making. A database is an organized

collection of related data. Relational databases are the most widely

used type of database, where data is structured into tables and all

tables must be related to each other through unique identifiers. A

database management system (DBMS) is a software application that

is used to create and manage databases, and can take the form of

a personal DBMS, used by one person, or an enterprise DBMS that

can be used by multiple users. A data warehouse is a special form of

database that takes data from other databases in an enterprise and

organizes it for analysis. Data mining is the process of looking for

patterns and relationships in large data sets. Many businesses use

databases, data warehouses, and data-mining techniques in order to

produce business intelligence and gain a competitive advantage.

96 | Information Systems for Business and Beyond (2019)

Study Questions

1. What is the difference between data, information, and

knowledge?

2. Explain in your own words how the data component relates to

the hardware and software components of information

systems.

3. What is the difference between quantitative data and

qualitative data? In what situations could the number 42 be

considered qualitative data?

4. What are the characteristics of a relational database?

5. When would using a personal DBMS make sense?

6. What is the difference between a spreadsheet and a database?

List three differences between them.

7. Describe what the term normalization means.

8. Why is it important to define the data type of a field when

designing a relational database?

9. Name a database you interact with frequently. What would

some of the field names be?

10. What is metadata?

11. Name three advantages of using a data warehouse.

12. What is data mining?

13. In your own words, explain the difference between supervised

learning and unsupervised learning. Give an example of each

(not from the book).

Exercises

1. Review the design of the School database earlier in this

chapter. Reviewing the lists of data types given, what data

types would you assign to each of the fields in each of the

tables. What lengths would you assign to the text fields?

Chapter 4: Data and Databases | 97

2. Download Apache OpenOffice.org and use the database tool to

open the “Student Clubs.odb” file available here. Take some

time to learn how to modify the database structure and then

see if you can add the required items to support the tracking of

faculty advisors, as described at the end of the Normalization

section in the chapter. Here is a link to the Getting Started

documentation.

3. Using Microsoft Access, download the database file of

comprehensive baseball statistics from the website

SeanLahman.com. (If you don’t have Microsoft Access, you can

download an abridged version of the file here that is

compatible with Apache Open Office). Review the structure of

the tables included in the database. Come up with three

different data-mining experiments you would like to try, and

explain which fields in which tables would have to be analyzed.

4. Do some original research and find two examples of data

mining. Summarize each example and then write about what

the two examples have in common.

5. Conduct some independent research on the process of

business intelligence. Using at least two scholarly or

practitioner sources, write a two-page paper giving examples

of how business intelligence is being used.

6. Conduct some independent research on the latest

technologies being used for knowledge management. Using at

least two scholarly or practitioner sources, write a two-page

paper giving examples of software applications or new

technologies being used in this field.

98 | Information Systems for Business and Beyond (2019)

Chapter 5: Networking and Communication

Learning Objectives

Upon successful completion of this chapter, you will be

able to:

• understand the history and development of

networking technologies;

• define the key terms associated with networking

technologies;

• understand the importance of broadband

technologies; and

• describe organizational networking.

Introduction

In the early days of computing, computers were seen as devices

for making calculations, storing data, and automating business

processes. However, as the devices evolved, it became apparent that

many of the functions of telecommunications could be integrated

into the computer. During the 1980s, many organizations began

Chapter 5: Networking and Communication | 99

combining their once-separate telecommunications and

information systems departments into an Information Technology

(IT) department. This ability for computers to communicate with

one another and to facilitate communication between individuals

and groups has had a major impact on the growth of computing over

the past several decades.

Computer networking began in the 1960s with the birth of the

Internet. However, while the Internet and web were evolving,

corporate networking was also taking shape in the form of local

area networks and client-server computing. The Internet went

commercial in 1994 as technologies began to pervade all areas of the

organization. Today it would be unthinkable to have a computer that

did not include communications capabilities. This chapter reviews

the different technologies that have been put in place to enable this

communications revolution.

A Brief History of the Internet

In the Beginning: ARPANET

The story of the Internet, and networking in general, can be traced

back to the late 1950s. The United States was in the depths of the

Cold War with the USSR as each nation closely watched the other

to determine which would gain a military or intelligence advantage.

In 1957, the Soviets surprised the U.S. with the launch of Sputnik,

propelling us into the space age. In response to Sputnik, the U.S.

Government created the Advanced Research Projects Agency

(ARPA), whose initial role was to ensure that the U.S. was not

surprised again. It was from ARPA, now called DARPA

((Defense Advanced Research Projects Agency), that the Internet

first sprang.

100 | Information Systems for Business and Beyond (2019)

ARPA was the center of computing research in the 1960s, but

there was just one problem. Many of the computers could not

communicate with each other. In 1968 ARPA sent out a request

for proposals for a communication technology that would allow

different computers located around the country to be integrated

together into one network. Twelve companies responded to the

request, and a company named Bolt, Beranek, and Newman (BBN)

won the contract. They immediately began work and were able to

complete the job just one year later.

ARPA Net 1969

Professor Len Kleinrock of UCLA along with a group of graduate

students were the first to successfully send a transmission over

the ARPANET. The event occurred on October 29, 1969 when they

attempted to send the word “login” from their computer at UCLA to

the Stanford Research Institute. You can read their actual notes. The

first four nodes were at UCLA, University of California, Stanford,

and the University of Utah.

Chapter 5: Networking and Communication | 101

The Internet and the World Wide Web

Over the next decade, the ARPANET grew and gained popularity.

During this time, other networks also came into existence. Different

organizations were connected to different networks. This led to a

problem. The networks could not communicate with each other.

Each network used its own proprietary language, or protocol (see

sidebar for the definition of protocol) to send information back and

forth. This problem was solved by the invention of Transmission

Control Protocol/Internet Protocol (TCP/IP). TCP/IP was designed

to allow networks running on different protocols to have an

intermediary protocol that would allow them to communicate. So

as long as your network supported TCP/IP, you could communicate

with all of the other networks running TCP/IP. TCP/IP quickly

became the standard protocol and allowed networks to

communicate with each other. It is from this breakthrough that we

first got the term Internet, which simply means “an interconnected

network of networks.”

Sidebar: An Internet Vocabulary Lesson

Network communication is full of some very technical concepts

based on simple principles. Learn the following terms and you’ll be

able to hold your own in a conversation about the Internet.

• Packet The fundamental unit of data transmitted over the Internet. When a host (PC, workstation, server, printer, etc.)

intends to send a message to another host (for example, your

PC sends a request to YouTube to open a video), it breaks the

message down into smaller pieces, called packets. Each packet

has the sender’s address, the destination address, a sequence

102 | Information Systems for Business and Beyond (2019)

number, and a piece of the overall message to be sent.

Different packets in a single message can take a variety of

routes to the destination and they can arrive at different times.

For this reason the sequence number is used to reassemble the

packets in the proper order at the destination.

• Switch A network device that connects multiple hosts together and forwards packets based on their destination within the

local network which is commonly known as a Local Area

Network (LAN).

• Router A device that receives and analyzes packets and then routes them towards their destination. In some cases a router

will send a packet to another router. In other cases it will send

it directly to its destination. Routers are used to connect one

network to another network.

• IP Address Every device on the Internet (personal computer, a tablet, a smartphone, etc.) is assigned a unique identifying

number called an IP (Internet Protocol) address. Originally, the

IPv4 (version 4) standard was used. It had a format of four

numbers with values ranging from 0 and 255 separated by a

period. For example, the domain Dell.com has the IPv4 address

107.23.196.166. The IPv4 standard has a limit of 4,294,967,296

possible addresses. As the use of the Internet has grown, the

number of IP addresses needed has increased to the point

where the use of IPv4 addresses will be exhausted. This has led

to the new IPv6 standard.The IPv6 standard is formatted as

eight groups of four hexadecimal digits, such as

2001:0db8:85a3:0042:1000:8a2e:0370:7334. The IPv6 standard

has a limit of 3.4×1038 possible addresses. For example, the

domain LinkedIn.com has an IPv6 address of:

[2620:109:c002::6cae:a0a]. You probably noticed that the

address has only five groups of numbers. That’s because IPv6

allows the use of two semi-colons ( :: ) to indicate groups that

are all zeroes and do not need to be displayed. For more detail

about the IPv6 standard, see this Wikipedia article.

• Domain name If you had to try to remember the IP address of

Chapter 5: Networking and Communication | 103

every web site you wanted to access, the Internet would not be

nearly as easy to use. A domain name is a human-friendly

name, convenient for remembering a website. These names

generally consist of a descriptive word followed by a dot

(period) and the Top-Level Domain (TLD). For example,

Wikipedia’s domain name is wikipedia.org. Wikipedia describes

the organization and .org is the TLD. Other well-known TLDs

include .com, .net, and .gov. For a list and description of top

level domain names, see this Wikipedia article.

• DNS DNS stands for “domain name server or system.” DNS acts as the directory of websites on the Internet. When a request to

access a host with a domain name is given, a DNS server is

queried. It returns the IP address of the host requested,

allowing for proper routing.

• Packet-switching When a message’s packets are sent on the Internet, routers try to find the optimal route for each packet.

This can result in packets being sent on different routes to

their destination. After the packets arrive they are re-

assembled into the original message for the recipient. For

more details on packet-switching, see this interactive web

page.

• Protocol A protocol is the set of rules that govern how communications take place on a network. For example, File

Transfer Protocol (FTP) are the communication rules for

transferring files from one host to another. TCP/IP, discussed

earlier, is known as a protocol suite since it contains numerous

protocols.

104 | Information Systems for Business and Beyond (2019)

Internet Users Worldwide, December 2017.

(Public Domain. Courtesy of the Miniwatts Marketing Group)

The 1980s witnessed a significant growth in Internet

usage. Internet access came primarily from government, academic,

and research organizations. Much to the surprise of the engineers,

the early popularity of the Internet was driven by the use of

electronic mail (see the next sidebar ).

Initially, Internet use meant having to type commands, even

including IP addresses, in order to access a web server. That all

changed in 1990 when Tim Berners-Lee introduced his World Wide

Web project which provided an easy way to navigate the Internet

through the use of hypertext. The World Wide Web gained even

more steam in 1993 with the release of the Mosaic browser which

allowed graphics and text to be combined as a way to present

information and navigate the Internet.

The Dot-Com Bubble

In the 1980s and early 1990s, the Internet was being managed by

the National Science Foundation (NSF). The NSF had restricted

commercial ventures on the Internet, which meant that no one

could buy or sell anything online. In 1991, the NSF transferred its

role to three other organizations, thus getting the US government

out of direct control over the Internet and essentially opening up

commerce online.

This new commercialization of the Internet led to what is now

known as the dot-com bubble. A frenzy of investment in new dot-

Chapter 5: Networking and Communication | 105

com companies took place in the late 1990s with new tech

companies issuing Initial Public Offerings (IPO) and heating up the

stock market. This investment bubble was driven by the fact that

investors knew that online commerce would change everything.

Unfortunately, many of these new companies had poor business

models and anemic financial statements showing little or no profit.

In 2000 and 2001, the bubble burst and many of these new

companies went out of business. Some companies survived,

including Amazon (started in 1994) and eBay (1995). After the dot-

com bubble burst, a new reality became clear. In order to succeed

online, e-business companies would need to develop business

models appropriate for the online environment.

Web 2.0

In the first few years of the World Wide Web, creating and hosting a

website required a specific set of knowledge. A person had to know

how to set up a web server, get a domain name, create web pages in

HTML, and troubleshoot various technical issues.

Starting in the early 2000s, major changes came about in how the

Internet was being used. These changes have come to be known as

Web 2.0. Here are some key characteristics in Web 2.0.

• Universal access to Apps

• Value is found in content, not display software

• Data can be easily shared

• Distribution is bottom up, not top down

• Employees and customers can use access and use tools on

their own

• Informal networking is encouraged since more contributors

results in better content

• Social tools encourage people to share information 1

106 | Information Systems for Business and Beyond (2019)

Social networking, the last item in the list, has led to major

changes in society. Prior to Web 2.0 major news outlets investigated

and reported important news stories of the day. But in today’s world

individuals are able to easily share their own views on various

events. Apps such as Facebook, Twitter, Youtube, and personal blogs

allow people to express their own viewpoint.

Sidebar: E-mail Is the “Killer” App for the Internet

As discussed in chapter 3, a “killer app” is a use of a device that

becomes so essential that large numbers of people will buy the

device just to run that application. The killer app for the personal

computer was the spreadsheet, enabling users to enter data, write

formulas, and easily make “what if” decisions. With the introduction

of the Internet came another killer app – E-mail.

The Internet was originally designed as a way for the Department

of Defense to manage projects. However, the invention of electronic

mail drove demand for the Internet. While this wasn’t what

developers had in mind, it turned out that people connecting with

people was the killer app for the Internet. As we look back today, we

can see this being repeated again and again with new technologies

that enable people to connect with each other.

Sidebar: The Internet and the World Wide Web

1. [1]

Chapter 5: Networking and Communication | 107

Are Not the Same Thing

Many times the terms “Internet” and “World Wide Web,” or even

just “the web,” are used interchangeably. But really, they are not the

same thing.

The Internet is an interconnected network of networks. Services

such as email, voice and video, file transfer, and the World Wide

Web all run across the Internet.The World Wide Web is simply one

part of the Internet. It is made up of web servers that have HTML

pages that are being viewed on devices with web browsers.

The Growth of High Speed Internet

In the early days of the Internet, most access was accomplished via

a modem over an analog telephone line. A modem was connected

to the incoming phone line when then connected to a computer.

Speeds were measured in bits-per-second (bps), with speeds

growing from 1200 bps to 56,000 bps over the years. Connection to

the Internet via modems is called dial-up access. As the web became

more interactive, dial-up hindered usage when users wanted to

transfer more and more data. As a point of reference, downloading

a typical 3.5 MB song would take 24 minutes at 1200 bps and 2

minutes at 28,800 bps.

High speed Internet speeds, by definition, are a minimum of

256,000 bps, though most connections today are much faster,

measured in millions of bits per second (megabits or Mbps) or even

billions (gigabits). For the home user, a high speed connection is

usually accomplished via the cable television lines or phone lines

using a Digital Subscriber Line (DSL). Both cable and DSL have

similar prices and speeds, though price and speed can vary in local

communities. According to the website Recode, the average home

108 | Information Systems for Business and Beyond (2019)

broadband speed ranges from 12 Mbps and 125 Mbps. 2

Telecommunications companies provide T1 and T3 lines for greater

bandwidth and reliability.

High speed access, also known as broadband, is important

because it impacts how the Internet is used. Communities with

high speed Internet have found residences and businesses increase

usage of digital resources. Access to high speed Internet is now

considered a basic human right by the United Nations, as declared

in their 2011 statement:

“Broadband technologies are fundamentally transforming the way

we live,” the Broadband Commission for Digital Development, set up

in 2017 by the UN Educational Scientific and Cultural Organization

(UNESCO) and the UN International Telecommunications Union

(ITU), said in issuing “The Broadband Challenge” at a leadership

summit in Geneva.

“It is vital that no one be excluded from the new global knowledge

societies we are building. We believe that communication is not just

a human need – it is a right.” 3

Wireless Networking

Thanks to wireless technology, access to the Internet is virtually

everywhere, especially through a smartphone.

Wi-Fi

Wi-Fi takes an Internet signal and converts it into radio waves.

2. [2]

3. [3]

Chapter 5: Networking and Communication | 109

These radio waves can be picked up within a radius of

approximately 65 feet by devices with a wireless adapter. Several

Wi-Fi specifications have been developed over the years, starting

with 802.11b in 1999, followed by the 802.11g specification in 2003

and 802.11n in 2009. Each new specification improved the speed and

range of Wi-Fi, allowing for more uses. One of the primary places

where Wi-Fi is being used is in the home. Home users access Wi-Fi

via in-home routers provided by the telecommunications firm that

services the residence.

Mobile Network

As the cellphone has evolved into the smartphone, the desire for

Internet access on these devices has led to data networks being

included as part of the mobile phone network. While Internet

connections were technically available earlier, it was really with

the release of the 3G networks in 2001 (2002 in the US) that

smartphones and other cellular devices could access data from the

Internet. This new capability drove the market for new and more

powerful smartphones, such as the iPhone, introduced in 2007. In

2011, wireless carriers began offering 4G data speeds, giving the

cellular networks the same speeds that customers were accustomed

to getting via their home connection.

Beginning in 2019, some part of the world began seeing the

implementation of 5G communication networks. Speeds associated

with 5G will be greater than 1 GB/second, providing connection

speeds to handle just about any type of application. Some have

speculated that the 5G implementation will lead households to

eliminate the purchase of wired Internet connections for their

homes, just using 5G wireless connections instead.

110 | Information Systems for Business and Beyond (2019)

3G, 4G, and 5G Comparison

3G 4G 5G

Deployed 2004-2005 2006-2010 By 2020

Bandwidth 2 mbps 200 mbps > 1 gbps,

Service

Integrated high-quality audio, video and data

Dynamic information access, variable devices

Dynamic information access, variable devices with all capabilities

(James Dean, Raconteur, December 7, 2014) 4

Sidebar: Why Doesn’t My Cellphone Work When I Travel Abroad?

As mobile phone technologies have evolved, providers in different

countries have chosen different communication standards for their

mobile phone networks. There are two competing standards in the

US: GSM (used by AT&T and T-Mobile) and CDMA (used by the

other major carriers). Each standard has its pros and cons, but

the bottom line is that phones using one standard cannot easily

switch to the other. This is not a big deal in the US because mobile

networks exist to support both standards. But when traveling to

other countries, you will find that most of them use GSM networks.

The one exception is Japan which has standardized on CDMA. It is

possible for a mobile phone using one type of network to switch

to the other type of network by changing out the SIM card, which

controls your access to the mobile network. However, this will not

4. [4]

Chapter 5: Networking and Communication | 111

work in all cases. If you are traveling abroad, it is always best to

consult with your mobile provider to determine the best way to

access a mobile network.

Bluetooth

While Bluetooth is not generally used to connect a device to the

Internet, it is an important wireless technology that has enabled

many functionalities that are used every day. When created in 1994

by Ericsson, it was intended to replace wired connections between

devices. Today, it is the standard method for wirelessly connecting

nearby devices. Bluetooth has a range of approximately 300 feet

and consumes very little power, making it an excellent choice for

a variety of purposes. Some applications of Bluetooth include:

connecting a printer to a personal computer, connecting a mobile

phone and headset, connecting a wireless keyboard and mouse to a

computer, or connecting your mobile phone to your car, resulting in

hands free operation of your phone.

112 | Information Systems for Business and Beyond (2019)

Typical VoIP communicati on

VoIP

Voice over IP (VoIP) allows analog signals to be converted to digital

signals, then transmitted on a network. By using existing

technologies and software, voice communication over the Internet

is now available to anyone with a browser (think Skype, WebEx,

Google Hangouts). Beyond this, many companies are now offering

VoIP-based telephone service for business and home use.

Chapter 5: Networking and Communication | 113

Organizational Networking

LAN and WAN

Scope of business networks

While the Internet was evolving and creating a way for

organizations to connect to each other and the world, another

revolution was taking place inside organizations. The proliferation

of personal computers led to the need to share resources such

as printers, scanners, and data. Organizations solved this problem

through the creation of local area networks (LANs), which allowed

computers to connect to each other and to peripherals.

A LAN is a local network, usually operating in the same building

or on the same campus. A Wide Area Network (WAN) provides

connectivity over a wider area such as an organization’s locations in

different cities or states.

114 | Information Systems for Business and Beyond (2019)

Client-Server

Client-server computing provides stand-alone devices such as

personal computers, printers, and file servers to work together. The

personal computer originally was used as a stand-alone computing

device. A program was installed on the computer and then used to

do word processing or calculations. With the advent of networking

and local area networks, computers could work together to solve

problems. Higher-end computers were installed as servers, and

users on the local network could run applications and share

information among departments and organizations.

Intranet

An intranet, as the name implies, provides web-based resources

for the users within an organization. These web pages are not

accessible to those outside the company. The pages typically

contain information useful to employees such as policies and

procedures. In an academic setting the intranet provides an

interface to learning resources for students.

Extranet

Sometimes an organization wants to be able to collaborate with

its customers or suppliers while at the same time maintaining the

security of being inside its own network. In cases like this a

company may want to create an extranet, which is a part of a

company’s network that can be made available securely to those

outside of the company. Extranets can be used to allow customers

to log in and place orders, or for suppliers to check their customers’

inventory levels.

Chapter 5: Networking and Communication | 115

Sometimes an organization will need to allow someone who is not

located physically within its internal network to gain secure access

to the intranet. This access can be provided by a virtual private

network (VPN). VPNs will be discussed further in Chapter 6 which

focuses on Information Security).

Sidebar: Microsoft’s SharePoint Powers the Intranet

As organizations begin to see the power of collaboration between

their employees, they often look for solutions that will allow them

to leverage their intranet to enable more collaboration. Since most

companies use Microsoft products for much of their computing,

some are using Microsoft’s SharePoint to support employee

collaboration.

SharePoint provides a communication and collaboration platform

that integrates seamlessly with Microsoft’s Office suite of

applications. Using SharePoint, employees can share a document

and edit it together, avoiding the need to email the document for

others to review. Projects and documents can be managed

collaboratively across the organization. Corporate documents are

indexed and made available for search.

Cloud Computing

Cloud computing was covered in Chapter 3. The universal

availability of the Internet combined with increases in processing

116 | Information Systems for Business and Beyond (2019)

power and data-storage capacity have made cloud computing a

viable option for many companies. Using cloud computing,

companies or individuals can contract to store data on storage

devices somewhere on the Internet. Applications can be “rented”

as needed, giving a company the ability to quickly deploy new

applications. The I.T. department benefits from not having to

maintain software that is provided on the cloud.

Sidebar: Metcalfe’s Law

Just as Moore’s Law describes how computing power is increasing

over time, Metcalfe’s Law describes the power of networking.

Metcalfe’s Law states that the value of a telecommunications

network is proportional to the square of the number of connected

users of the system, or N2. If a network has 10 nodes, the inherent

value is 100, or 102.

Metcalfe’s Law is attributed to Robert Metcalfe, the co-inventor of

Ethernet. It attempts to address the added value provided by each

node on the network. Think about it this way: If none of your friends

were on Instagram, would you spend much time there? If no one

else at your school or place of work had e-mail, would it be very

useful to you? Metcalfe’s Law tries to quantify this value.

Summary

The networking revolution has completely changed how personal

computers are used. Today, no one would imagine using a computer

that was not connected to one or more networks. The development

Chapter 5: Networking and Communication | 117

of the Internet and World Wide Web, combined with wireless

access, has made information available at our fingertips. The Web

2.0 revolution has made everyone potential authors of web content.

As networking technology has matured, the use of Internet

technologies has become a standard for every type of organization.

The use of intranets and extranets has allowed organizations to

deploy functionality to employees and business partners alike,

increasing efficiencies and improving communications. Cloud

computing has truly made information available everywhere.

Study Questions

1. What were the first four locations hooked up to the Internet

(ARPANET)?

2. What does the term packet mean?

3. Which came first, the Internet or the World Wide Web?

4. What was revolutionary about Web 2.0?

5. What was the so-called killer app for the Internet?

6. What does the term VoIP mean?

7. What is a LAN?

8. What is the difference between an intranet and an extranet?

9. What is Metcalfe’s Law?

Exercises

1. What is the difference between the Internet and the World

Wide Web? Create at least three statements that identify the

differences between the two.

2. Who are the broadband providers in your area? What are the

118 | Information Systems for Business and Beyond (2019)

prices and speeds offered?

3. Pretend you are planning a trip to three foreign countries in

the next month. Consult your wireless carrier to determine if

your mobile phone would work properly in those countries.

What would the costs be? What alternatives do you have if it

would not work?

Labs

1. Check the speed of your Internet connection by going to the

following web site: speedtest.net

What is your download and upload speed?

2. What is the IP address of your computer? How did you find it?

Hint for Windows: Go to the start icon and click Run. Then

open the Command Line Interface by typing: cmd Then type: ipconfigWhat is your IPv4 address?What is your IPv6 address?

3. When you enter an address in your web browser, a Domain

Name Server (DNS) is used to lookup the IP address of the site

you are seeking. To locate the DNS server your computer is

using, type: nslookupWrite down the name and address of your DNS server.Use the nslookup command to find the

address for a favorite web site. For example, to find the IP

address of espn type: nslookup espnWrite down your website’s name and address. Note: it is on the line following the name of

the web site you entered.

4. You can use the tracert (trace route) command to display the

path from your computer to the web site’s IP address you used

in the previous lab. For example, tracert 199.181.132.250Be patient as tracert contacts each router in the path to your

website’s server. A “Request timed out” message indicates the

tracing is taking too long, probably due to a lack of bandwidth.

You can stop the trace by pressing Ctrl + C

Chapter 5: Networking and Communication | 119

5. The ping command allows you check connectivity between the

local host (your computer) and another host. If you are unable

to connect to another host, the ping command can be used to

incrementally test your connectivity. The IP address 127.0.0.1 is

known as your home address (local host).Begin your test by

going to your command line interface (command promkpt) and

pinging your local host: ping 127.0.0.1You should get a series of “Reply from 127.0.0.1” messagesNext, ping the IP address you

used in lab #3.Sometimes a failed ping is not the result of a

lack of connectivity. Network administrators of some IP

addresses/hosts do not want their site pinged so they block all

ICMP packets. That’s the protocol used for pinging.

• The whois.domaintools.com site provides you with information

about a web site. For example, to find information about

google.com open your web browser and type:

whoisdomaintools.com Then in the Lookup window, type: google.comFind information about a favorite site of yours. Record the following: administrator name, phone number,

when the site was created, and the site’s name servers (the

names begin with “ns”).

• Network statistics can be displayed using the netstat

command. In the command line window (see lab #2 for

instructions on how to get to the command line), type: netstat -eHow many bytes were sent and how many were received?Execute the command again and record your results.

You should see an increase in both received and sent bytes.To

see a complete list of options/switches for the netstat

command, type: netstat ?

1. Wolcott, M. (2017). What is Web 2.0? MoneyWatch. Retrieved

from https://www.cbsnews.com/news/what-is-web-20/↵

2. Molla, R. (2017). These are the fastest and slowest Internet

120 | Information Systems for Business and Beyond (2019)

speeds”. Recode. Retrieved from https://www.recode.net/2017/

6/9/15768598/states-fastest-slowest-internet-speeds↵

3. International Telecommunications Union. (2018, January 23).

UN Broadband Commission sets goal broadband targets to

bring online the world’s 3.8 billion not connected to the

Internet. Retrieved from https://www.itu.int/en/

mediacentre/Pages/2018-PR01.aspx↵

4. “Dean, J. (2014). 4G vs 5G Mobile Technology. Raconteur

Retrieved from https://www.raconteur.net/technology/4g-

vs-5g-mobile-technology.

Chapter 5: Networking and Communication | 121

Chapter 6: Information Systems Security

Learning Objectives

Upon successful completion of this chapter, you will be

able to:

• identify the information security triad;

• identify and understand the high-level concepts

surrounding information security tools; and

• secure yourself digitally.

Introduction

As computers and other digital devices have become essential to

business and commerce, they have also increasingly become a

target for attacks. In order for a company or an individual to use

a computing device with confidence, they must first be assured

that the device is not compromised in any way and that all

communications will be secure. This chapter reviews the

fundamental concepts of information systems security and

discusses some of the measures that can be taken to mitigate

122 | Chapter 6: Information Systems Security

The security triad

security threats. The chapter begins with an overview focusing on

how organizations can stay secure. Several different measures that a

company can take to improve security will be discussed. Finally, you

will review a list of security precautions that individuals can take in

order to secure their personal computing environment.

The Information Security Triad: Confidentiality, Integrity, Availability (CIA)

Confidentiality

Protecting information

means you want to want to be

able to restrict access to those

who are allowed to see it. This

is sometimes referred to as

NTK, Need to Know. Everyone

else should be disallowed from

learning anything about its

contents. This is the essence of

confidentiality. For example,

federal law requires that

universities restrict access to private student information. Access to

grade records should be limited to those who have authorized

access.

Chapter 6: Information Systems Security | 123

Integrity

Integrity is the assurance that the information being accessed has

not been altered and truly represents what is intended. Just as a

person with integrity means what he or she says and can be trusted

to consistently represent the truth, information integrity means

information truly represents its intended meaning. Information can

lose its integrity through malicious intent, such as when someone

who is not authorized makes a change to intentionally misrepresent

something. An example of this would be when a hacker is hired to

go into the university’s system and change a student’s grade.

Integrity can also be lost unintentionally, such as when a

computer power surge corrupts a file or someone authorized to

make a change accidentally deletes a file or enters incorrect

information.

Availability

Information availability is the third part of the CIA triad. Availability

means information can be accessed and modified by anyone

authorized to do so in an appropriate timeframe. Depending on

the type of information, appropriate timeframe can mean different

things. For example, a stock trader needs information to be available

immediately, while a sales person may be happy to get sales

numbers for the day in a report the next morning. Online retailers

require their servers to be available twenty-four hours a day, seven

days a week. Other companies may not suffer if their web servers

are down for a few minutes once in a while.

124 | Information Systems for Business and Beyond (2019)

Tools for Information Security

In order to ensure the confidentiality, integrity, and availability of

information, organizations can choose from a variety of tools. Each

of these tools can be utilized as part of an overall information-

security policy.

Authentication

The most common way to identify someone is through their

physical appearance, but how do we identify someone sitting behind

a computer screen or at the ATM? Tools for authentication are used

to ensure that the person accessing the information is, indeed, who

they present themselves to be.

Authentication can be accomplished by identifying someone

through one or more of three factors:

1. Something they know,

2. Something they have, or

3. Something they are.

For example, the most common form of authentication today is the

user ID and password. In this case, the authentication is done by

confirming something that the user knows (their ID and password).

But this form of authentication is easy to compromise (see sidebar)

and stronger forms of authentication are sometimes needed.

Identifying someone only by something they have, such as a key or a

card, can also be problematic. When that identifying token is lost or

stolen, the identity can be easily stolen. The final factor, something

you are, is much harder to compromise. This factor identifies a user

through the use of a physical characteristic, such as a retinal scan,

Chapter 6: Information Systems Security | 125

RSA SecureID token

fingerprint, or facial geometry. Identifying someone through their

physical characteristics is called biometrics.

A more secure way to authenticate a user is through multi-factor

authentication. By combining two or more of the factors listed

above, it becomes much more difficult for someone to misrepresent

themselves. An example of this would be the use of an RSA SecurID

token. The RSA device is something you have, and it generates a

new access code every sixty seconds. To log in to an information

resource using the RSA device, you combine something you know,

such as a four-digit PIN, with the code generated by the device. The

only way to properly authenticate is by both knowing the code and

having the RSA device.

Access Control

Once a user has been authenticated, the next step is to ensure that

they can only access the information resources that are appropriate.

This is done through the use of access control. Access control

determines which users are authorized to read, modify, add, and/

or delete information. Several different access control models exist.

Two of the more common are: the Access Control List (ACL) and

Role-Based Access Control (RBAC).

An information security employee can produce an ACL which

identifies a list of users who have the capability to take specific

actions with an information resource such as data files. Specific

126 | Information Systems for Business and Beyond (2019)

Comparison of ACL and RBAC

permissions are assigned to each user such as read, write, delete,

or add. Only users with those permissions are allowed to perform

those functions.

ACLs are simple to understand and maintain, but there are several

drawbacks. The primary drawback is that each information resource

is managed separately, so if a security administrator wanted to add

or remove a user to a large set of information resources, it would be

quite difficult. And as the number of users and resources increase,

ACLs become harder to maintain. This has led to an improved

method of access control, called role-based access control, or RBAC.

With RBAC, instead of giving specific users access rights to an

information resource, users are assigned to roles and then those

roles are assigned the access. This allows the administrators to

manage users and roles separately, simplifying administration and,

by extension, improving security.

The following image shows an ACL with permissions granted to

individual users. RBAC allows permissions to be assigned to roles,

as shown in the middle grid, and then in the third grid each user is

assigned a role. Although not modeled in the image, each user can

have multiple roles such as Reader and Editor.

Sidebar: Password Security

So why is using just a simple user ID and password not considered a

secure method of authentication? It turns out that this single-factor

Chapter 6: Information Systems Security | 127

authentication is extremely easy to compromise. Good password

policies must be put in place in order to ensure that passwords

cannot be compromised. Below are some of the more common

policies that organizations should use.

• Require complex passwords. One reason passwords are compromised is that they can be easily guessed. A recent study

found that the top three passwords people used were

password, 123456 and 12345678.[1] A password should not be

simple, or a word that can be found in a dictionary. Hackers

first attempt to crack a password by testing every term in the

dictionary. Instead, a good password policy should require the

use of a minimum of eight characters, at least one upper-case

letter, one special character, and one digit.

• Change passwords regularly. It is essential that users change their passwords on a regular basis. Also, passwords may not be

reused. Users should change their passwords every sixty to

ninety days, ensuring that any passwords that might have been

stolen or guessed will not be able to be used against the

company.

• Train employees not to give away passwords. One of the primary methods used to steal passwords is to simply figure

them out by asking the users for their password. Pretexting

occurs when an attacker calls a helpdesk or security

administrator and pretends to be a particular authorized user

having trouble logging in. Then, by providing some personal

information about the authorized user, the attacker convinces

the security person to reset the password and tell him what it

is. Another way that employees may be tricked into giving away

passwords is through e-mail phishing. Phishing occurs when a

user receives an e-mail that looks as if it is from a trusted

source, such as their bank or employer. In the e-mail the user

is asked to click a link and log in to a website that mimics the

genuine website, then enter their ID and password. The userID

and password are then captured by the attacker.

128 | Information Systems for Business and Beyond (2019)

Encryption

Many times an organization needs to transmit information over the

Internet or transfer it on external media such as a flash drive. In

these cases, even with proper authentication and access control, it

is possible for an unauthorized person to gain access to the data.

Encryption is a process of encoding data upon its transmission

or storage so that only authorized individuals can read it. This

encoding is accomplished by software which encodes the plain text

that needs to be transmitted (encryption). Then the recipient

receives the cipher text and decodes it (decryption). In order for

this to work, the sender and receiver need to agree on the method

of encoding so that both parties have the same message. Known

as symmetric key encryption, both parties share the encryption key,

enabling them to encode and decode each other’s messages.

An alternative to symmetric key encryption is public key

encryption. In public key encryption, two keys are used: a public key

and a private key. To send an encrypted message, you obtain the

public key, encode the message, and send it. The recipient then uses

their private key to decode it. The public key can be given to anyone

who wishes to send the recipient a message. Each user simply needs

one private key and one public key in order to secure messages. The

private key is necessary in order to decrypt a message sent with the

public key.

Notice in the image how the sender on the left creates a plaintext

message which is then encrypted with a public key. The ciphered

text is transmitted through the communication channel and the

recipient uses their private key to decrypt the message and then

read the plain text.

Chapter 6: Information Systems Security | 129

Public Key Encryption

Sidebar: Blockchain and Bitcoin

Blockchain

Introduced in 2008 as part of a proposal for Bitcoin, Blockchain is

a peer-to-peer network which provides an open, distributed record

of transactions between two parties. A “peer-to-peer” network is

one where there is no server between the two nodes trying to

communicate. Essentially, this means that each node acts as a server

and a client.

130 | Information Systems for Business and Beyond (2019)

Supporters see blockchain as a tool to simplify all types of

transactions: payments, contracts, etc. Motivation comes from the

desire to remove the middleman (lawyer, banker, broker) from

transactions, making them more efficient and readily available

across the Internet. Blockchain is already being used to track

products through supply chains.

Blockchain is considered a foundational technology, potentially

creating new foundations in economics and social systems. There

are numerous concerns about Blockchain and its adoption.

Consider the following:

• Speed of adoption. Initially there is a great deal of enthusiasm by a small group. However, adoption on a larger scale can take

a great number of years even decades for a worldwide

acceptance of a new method of doing business.

• Governance. The banking sector, both in individual countries (U. S. Federal Reserve System) and the world at large (the

International Monetary Fund), controls financial transactions.

One purpose of these organizations is an attempt to avoid

banking and financial systems collapse. Blockchain will result

in the governance of financial transactions shifting away from

these government-controlled institutions.

• Smart contracts. The smart contract will re-shape how businesses interact. It is possible for blockchain to

automatically send payment to a vendor the instant the

product is delivered to the customer. Such “self-executing”

contracts are already taking place in banking and venture

capital funding. 1

Many are forecasting some universal form of payment or value

transfer for business transactions. Blockchain and Bitcoin are being

used to transform banking in various locations around the world.

1. [9]

Chapter 6: Information Systems Security | 131

The following Bitcoin section includes a look at a new banking

venture in Tanzania, East Africa.

Bitcoin

Bitcoin logo

Bitcoin is a world wide payment system using cryptocurrency. It

functions without a central bank, operating as a peer-to-peer

network with transactions happening directly between vendors and

buyers. Records for transactions are recorded in the blockchain.

Bitcoin technology was released in 2009. The University of

Cambridge estimated there were 2.9 and 5.8 million unique users

of bitcoin in 2017. 2 This web site provides more information about

bitcoin.

A major bitcoin project is underway in Tanzania. Business

transactions in this East African country are fraught with many

challenges such as counterfeit currency and a 28% transaction fee

on individuals who do not have a bank account. Seventy percent of

the country’s population fall into this category. Benjamin Fernandes,

2. [10]

132 | Information Systems for Business and Beyond (2019)

a Tanzanian and 2017 graduate of Stanford Graduate School of

Business, is co-founder of NALA, a Tanzanian firm working to bring

cryptocurrency to a country where 96% of the population have

access to mobile devices. NALA’s goal is to provide low cost

transactions to all of the country’s citizens through

cryptocurrency. 3

You can read more of this cryptocurrency venture

here.

Backups

Another essential tool for information security is a comprehensive

backup plan for the entire organization. Not only should the data

on the corporate servers be backed up, but individual computers

used throughout the organization should also be backed up. A good

backup plan should consist of several components.

• Full understanding of the organization’s information resources. What information does the organization actually have? Where is it stored? Some data may be stored on the

organization’s servers, other data on users’ hard drives, some

in the cloud, and some on third-party sites. An organization

should make a full inventory of all of the information that

needs to be backed up and determine the best way to back it

up.

• Regular backups of all data. The frequency of backups should be based on how important the data is to the company,

combined with the ability of the company to replace any data

that is lost. Critical data should be backed up daily, while less

3. [11]

Chapter 6: Information Systems Security | 133

critical data could be backed up weekly. Most large

organizations today use data redundancy so their records are

always backed up.

• Offsite storage of backup data sets. If all backup data is being stored in the same facility as the original copies of the data,

then a single event such as an earthquake, fire, or tornado

would destroy both the original data and the backup. It is

essential the backup plan includes storing the data in an offsite

location.

• Test of data restoration. Backups should be tested on a regular basis by having test data deleted then restored from backup.

This will ensure that the process is working and will give the

organization confidence in the backup plan.

Besides these considerations, organizations should also examine

their operations to determine what effect downtime would have

on their business. If their information technology were to be

unavailable for any sustained period of time, how would it impact

the business?

Additional concepts related to backup include the following:

• Uninterruptible Power Supply (UPS). A UPS provides battery backup to critical components of the system, allowing them to

stay online longer and/or allowing the IT staff to shut them

down using proper procedures in order to prevent data loss

that might occur from a power failure.

• Alternate, or “hot” sites. Some organizations choose to have an alternate site where an exact replica of their critical data is

always kept up to date. When the primary site goes down, the

alternate site is immediately brought online so that little or no

downtime is experienced.

As information has become a strategic asset, a whole industry

has sprung up around the technologies necessary for implementing

a proper backup strategy. A company can contract with a service

134 | Information Systems for Business and Beyond (2019)

Diagram of a network configuration with firewalls, a router, and a DMZ.

provider to back up all of their data or they can purchase large

amounts of online storage space and do it themselves. Technologies

such as Storage Area Networks (SAN) and archival systems are now

used by most large businesses for data backup.

Firewalls

Firewalls are another method

that an organization can use for

increasing security on its

network. A firewall can exist as

hardware or software, or both.

A hardware firewall is a device

that is connected to the

network and filters the packets

based on a set of rules. One

example of these rules would

be preventing packets entering

the local network that come

from unauthorized users. A software firewall runs on the operating

system and intercepts packets as they arrive to a computer.

A firewall protects all company servers and computers by

stopping packets from outside the organization’s network that do

not meet a strict set of criteria. A firewall may also be configured

to restrict the flow of packets leaving the organization. This may

be done to eliminate the possibility of employees watching YouTube

videos or using Facebook from a company computer.

A demilitarized zone (DMZ) implements multiple firewalls as part

of network security configuration, creating one or more sections of

their network that are partially secured. The DMZ typically contains

resources that need broader access but still need to be secured.

Chapter 6: Information Systems Security | 135

Intrusion Detection Systems

Intrusion Detection Systems (IDS) can be placed on the network

for security purposes. An IDS does not add any additional security.

Instead, it provides the capability to identify if the network is being

attacked. An IDS can be configured to watch for specific types of

activities and then alert security personnel if that activity occurs. An

IDS also can log various types of traffic on the network for analysis

later. It is an essential part of any good security system.

Sidebar: Virtual Private Networks

Using firewalls and other security technologies, organizations can

effectively protect many of their information resources by making

them invisible to the outside world. But what if an employee

working from home requires access to some of these resources?

What if a consultant is hired who needs to do work on the internal

corporate network from a remote location? In these cases, a Virtual

Private Network (VPN) is needed.

136 | Information Systems for Business and Beyond (2019)

Diagram of VPN (click to enlarge). Attribution to Ludovic.ferre.

A VPN allows a user who is outside of a corporate network to

take a detour around the firewall and access the internal network

from the outside. Through a combination of software and security

measures, a VPN provides off-site access to the organization’s

network while ensuring overall security.

The Internet cloud is essentially an insecure channel through

which people communicate to various web sites/servers.

Implementing a VPN results in a secure pathway, usually referred

to as a tunnel, through the insecure cloud, virtually guaranteeing

secure access to the organization’s resources. The diagram

represents security by way of the functionality of a VPN as it

“tunnels” through the insecure Internet Cloud. Notice that the

remote user is given access to the organization’s intranet, as if the

user was physically located within the intranet.

Chapter 6: Information Systems Security | 137

Physical Security

An organization can implement the best authentication scheme in

the world, develop superior access control, and install firewalls and

intrusion detection, but its security cannot be complete without

implementation of physical security. Physical security is the

protection of the actual hardware and networking components that

store and transmit information resources. To implement physical

security, an organization must identify all of the vulnerable

resources and take measures to ensure that these resources cannot

be physically tampered with or stolen. These measures include the

following.

• Locked doors. It may seem obvious, but all the security in the world is useless if an intruder can simply walk in and physically

remove a computing device. High value information assets

should be secured in a location with limited access.

• Physical intrusion detection. High value information assets should be monitored through the use of security cameras and

other means to detect unauthorized access to the physical

locations where they exist.

• Secured equipment. Devices should be locked down to prevent them from being stolen. One employee’s hard drive

could contain all of your customer information, so it is

essential that it be secured.

• Environmental monitoring. An organization’s servers and other high value equipment should always be kept in a room

that is monitored for temperature, humidity, and airflow. The

risk of a server failure rises when these factors exceed

acceptable ranges.

• Employee training. One of the most common ways thieves steal corporate information is the theft of employee laptops

while employees are traveling. Employees should be trained to

secure their equipment whenever they are away from the

138 | Information Systems for Business and Beyond (2019)

office.

Security Policies

Besides the technical controls listed above, organizations also need

to implement security policies as a form of administrative control.

In fact, these policies should really be a starting point in developing

an overall security plan. A good information security policy lays out

the guidelines for employee use of the information resources of the

company and provides the company recourse in the event that an

employee violates a policy.

According to the SANS Institute, a good policy is “a formal, brief,

and high-level statement or plan that embraces an

organization’s general beliefs, goals, objectives, and acceptable

procedures for a specified subject area.” Policies require

compliance. Failure to comply with a policy will result in disciplinary

action. A policy does not list the specific technical details, instead it

focuses on the desired results. A security policy should be based on

the guiding principles of confidentiality, integrity, and availability. 4

Web use is a familiar example of a security policy. A web use

policy lays out the responsibilities of company employees as they

use company resources to access the Internet. A good example of a

web use policy is included in Harvard University’s “Computer Rules

and Responsibilities” policy, which can be found here.

A security policy should also address any governmental or

industry regulations that apply to the organization. For example,

if the organization is a university, it must be aware of the Family

Educational Rights and Privacy Act (FERPA), which restricts access

to student information. Health care organizations are obligated to

4. [2]

Chapter 6: Information Systems Security | 139

follow several regulations, such as the Health Insurance Portability

and Accountability Act (HIPAA).

A good resource for learning more about security policies is the

SANS Institute’s Information Security Policy Page.

Sidebar: Mobile Security

As the use of mobile devices such as laptops and smartphones

proliferates, organizations must be ready to address the unique

security concerns that the use of these devices bring. One of the

first questions an organization must consider is whether to allow

mobile devices in the workplace at all. Many employees already have

these devices, so the question becomes: Should we allow employees

to bring their own devices and use them as part of their employment

activities? Or should we provide the devices to our employees?

Creating a BYOD (“Bring Your Own Device”) policy allows employees

to integrate themselves more fully into their job and can bring

higher employee satisfaction and productivity. In many cases, it

may be virtually impossible to prevent employees from having their

own smartphones or laptops in the workplace. If the organization

provides the devices to its employees, it gains more control over

use of the devices, but it also increases the burden of having to

administrate distribution and use.

Mobile devices can pose many unique security challenges to an

organization. Probably one of the biggest concerns is theft of

intellectual property. For an employee with malicious intent, it

would be a very simple process to connect a mobile device either to

a computer via the USB port, or wirelessly to the corporate network,

and download confidential data. It would also be easy to secretly

take a high-quality picture using a built-in camera.

When an employee does have permission to access and save

140 | Information Systems for Business and Beyond (2019)

company data on his or her device, a different security threat

emerges. Namely, that device now becomes a target for thieves.

Theft of mobile devices (in this case, including laptops) is one of the

primary methods that data thieves use.

So what can be done to secure mobile devices? Begin with a

good policy regarding their use. According to a 2013 SANS study,

organizations should consider developing a mobile device policy

that addresses the following issues: use of the camera, use of voice

recording, application purchases, encryption at rest, Wi-Fi

autoconnect settings, Bluetooth settings, VPN use, password

settings, lost or stolen device reporting, and backup. 5

Besides policies, there are several different tools that an

organization can use to mitigate some of these risks. For example,

if a device is stolen or lost, geolocation software can help the

organization find it. In some cases, it may even make sense to install

remote data removal software, which will remove data from a device

if it becomes a security risk.

Usability

When looking to secure information resources, organizations must

balance the need for security with users’ needs to effectively access

and use these resources. If a system’s security measures make it

difficult to use, then users will find ways around the security, which

may make the system more vulnerable than it would have been

without the security measures. Consider password policies. If the

organization requires an extremely long password with several

5. [3]

Chapter 6: Information Systems Security | 141

Stop.Think.Connect. poster (click to enlarge)

special characters, an employee may resort to writing it down and

putting it in a drawer since it will be impossible to memorize.

Personal Information Security

As a final topic for this

chapter, consider what

measures each of us, as

individual users, can take to

secure our computing

technologies. There is no way

to have 100% security, but

there are several simple steps

each individual can take to be

more secure.

• Keep your software up to date. Whenever a software vendor determines that a

security flaw has been

found in their software, an

update will be released so you can download the patch to fix

the problem. You should turn on automatic updating on your

computer to automate this process.

• Install antivirus software and keep it up to date. There are many good antivirus software packages on the market today,

including some that are free.

• Be smart about your connections. You should be aware of your surroundings. When connecting to a Wi-Fi network in a

public place, be aware that you could be at risk of being spied

on by others sharing that network. It is advisable not to access

your financial or personal data while attached to a Wi-Fi

hotspot. You should also be aware that connecting USB flash

142 | Information Systems for Business and Beyond (2019)

drives to your device could also put you at risk. Do not attach

an unfamiliar flash drive to your device unless you can scan it

first with your security software.

• Backup your data. Just as organizations need to backup their data, individuals need to so as well. The same rules apply.

Namely, do it regularly and keep a copy of it in another

location. One simple solution for this is to set up an account

with an online backup service to automate your backups.

• Secure your accounts with two-factor authentication. Most e-mail and social media providers now have a two-factor

authentication option. When you log in to your account from

an unfamiliar computer for the first time, it sends you a text

message with a code that you must enter to confirm that you

are really you. This means that no one else can log in to your

accounts without knowing your password and having your

mobile phone with them.

• Make your passwords long, strong, and unique. Your personal passwords should follow the same rules that are recommended

for organizations. Your passwords should be long (at least 12

random characters) and contain at least two of the following:

uppercase and lowercase letters, digits, and special characters.

Passwords should not include words that could be tied to your

personal information, such as the name of your pet. You also

should use different passwords for different accounts, so that

if someone steals your password for one account, they still are

locked out of your other accounts.

• Be suspicious of strange links and attachments. When you receive an e-mail, tweet, or Facebook post, be suspicious of

any links or attachments included there. Do not click on the

link directly if you are at all suspicious. Instead, if you want to

access the website, find it yourself with your browser and

navigate to it directly. The I Love You virus was distributed via

email in May 2000 and contained an attachment which when

opened copied itself into numerous folders on the user’s

computer and modified the operating system settings. An

Chapter 6: Information Systems Security | 143

estimated 50,000 computers were affected, all of which could

have been avoided if users had followed the warning to not

open the attachment.

You can find more about these steps and many other ways to be

secure with your computing by going to Stop. Think. Connect. This

website is part of a campaign by the STOP. THINK. CONNECT.

Messaging Convention in partnership with the U.S. government,

including the White House.

Summary

As computing and networking resources have become more an

integral part of business, they have also become a target of

criminals. Organizations must be vigilant with the way they protect

their resources. The same holds true for individuals. As digital

devices become more intertwined in everyone’s life, it becomes

crucial for each person to understand how to protect themselves.

Study Questions

1. Briefly define each of the three members of the information

security triad.

2. What does the term authentication mean?

3. What is multi-factor authentication?

4. What is role-based access control?

5. What is the purpose of encryption?

144 | Information Systems for Business and Beyond (2019)

6. What are two good examples of a complex password?

7. What is pretexting?

8. What are the components of a good backup plan?

9. What is a firewall?

10. What does the term physical security mean?

Exercises

1. Describe one method of multi-factor authentication that you

have experienced and discuss the pros and cons of using

multi-factor authentication.

2. What are some of the latest advances in encryption

technologies? Conduct some independent research on

encryption using scholarly or practitioner resources, then

write a two- to three-page paper that describes at least two

new advances in encryption technology.

3. Find favorable and unfavorable articles about both blockchain

and bitcoin. Report your findings, then state your own opinion

about these technologies

4. What is the password policy at your place of employment or

study? Do you have to change passwords every so often? What

are the minimum requirements for a password?

5. When was the last time you backed up your data? What

method did you use? In one to two pages, describe a method

for backing up your data. Ask your instructor if you can get

extra credit for backing up your data.

6. Find the information security policy at your place of

employment or study. Is it a good policy? Does it meet the

standards outlined in the chapter?

7. How diligent are you in keeping your own information secure?

Review the steps listed in the chapter and comment on your

security status.

Chapter 6: Information Systems Security | 145

Labs

1. The Caesar Cipher. One of the oldest methods of encryption was used by Julius Caesar and involved simply shifting text a

specified number of positions in the alphabet. The number of

shifted positions is known as the key. So a key = 3 would

encrypt ZOO to CRR. Decrypt the following message which has

a key = 3: FRPSXWHU

2. The Vigenere Cipher. This cipher was used as recently as the Civil War by the Confederate forces. The key is slightly more

complex than the Caesar Cipher. Vigenere used the number of

letters after ‘A’ for his key. For example, if the key = COD, the

first letter in the cypher is shifted 2 characters (because “C” is

2 letters after the letter ‘A’), the second letter is shifted 14

letters (O being 14 letters after ‘A’), and the third letter is

shifted 3 letters (D being 3 letters after ‘A’). Then the pattern is

repeated for subsequent letters. Decrypt the following

message which has a key = COD: YSPGSWCHGCKQ

3. Frequency and Pattern Analysis. If you’ve ever watched Wheel of Fortune you know that contestants look for patterns and

frequencies in trying to solve a puzzle. Your job in this lab is to

analyze letter frequency and letter patterns to determine the

plaintext message which in this case is a single word. The key

is a simple substitution where the same letter in plaintext

always results in the same letter in the cyphertext. The most

frequently used letters in the English language are: E, A, O , I, T,

S, N. Pattern analysis includes knowing words that have double

letters such as “school.” Other patterns include “ing” at the end

of a word, “qu” and “th” as a pairs of letters.Cyphertext =

CAGGJWhat is the key and the plaintext?

1. Gallagher, S. (2012, November 3). Born to be

146 | Information Systems for Business and Beyond (2019)

breached. Arstechnica. Retrieved from

http://arstechnica.com/information-technology/2012/11/

born-to-be-breached-the-worst-passwords-are-still-the-

most-common/

2. SANS Institute. (n.d.). Information Security Policy Templates.

Retrieved from http://www.sans.org/security-resources/

policies/Policy_Primer.pdf on May 31, 2013.

3. SANS. (n.d.). SCORE: Checklists and Step by Step Guides.

Retrieved from http://www.sans.org/score/checklists/

mobile-device-checklist.xls

4. Iansiti, M. and Lakhani, K. R. (2017, January). The truth about

blockchain. Harvard Business Review. Retrieved from

https://hbr.org/2017/01/the-truth-about-blockchain↵

5. Wikipedia. (n.d.). Bitcoin. Harvard Business Review. Retrieved

from https://en.wikipedia.org/wiki/Bitcoin↵

6. Fernandes, B. (2017, October 20). Personal telephone

interview↵

Chapter 6: Information Systems Security | 147

PART II: INFORMATION SYSTEMS FOR STRATEGIC ADVANTAGE

Part II: Information Systems for Strategic Advantage | 149

Chapter 7: Does IT Matter?

Learning Objectives

Upon successful completion of this chapter, you will be

able to:

• define the productivity paradox and explain the

current thinking on this topic;

• evaluate Carr’s argument in “Does IT Matter?”;

• describe the components of competitive advantage;

and

• describe information systems that can provide

businesses with competitive advantage.

Introduction

For over fifty years, computing technology has been a part of

business. Organizations have spent trillions of dollars on

information technologies. But has all this investment in IT made

a difference? Have there been increases in productivity? Are

companies that invest in IT more competitive? This chapter looks

at the value IT can bring to an organization and attempts to answer

Chapter 7: Does IT Matter? | 151

these questions. Two important works in the past two decades have

attempted to address this issue.

The Productivity Paradox

In 1991, Erik Brynjolfsson wrote an article, published in

the Communications of the ACM, entitled “The Productivity Paradox

of Information Technology: Review and Assessment.” After

reviewing studies about the impact of IT investment on productivity,

Brynjolfsson concluded that the addition of information technology

to business had not improved productivity at all. He called this

the “productivity paradox.” While he did not draw any specific

conclusions from his work, 1 he did provide the following analysis.

Although it is too early to conclude that IT’s

productivity contribution has been subpar, a paradox

remains in our inability to unequivocally document

any contribution after so much effort. The various

explanations that have been proposed can be

grouped into four categories:

1) Mismeasurement of outputs and inputs 2) Lags due to learning and adjustment 3) Redistribution and dissipation of profits 4) Mismanagement of information and technology

In 1998, Brynjolfsson and Lorin Hitt published a follow-up paper

entitled “Beyond the Productivity Paradox [2] In this paper, the

authors utilized new data that had been collected and found that

IT did, indeed, provide a positive result for businesses. Further,

they found that sometimes the true advantages in using technology

1. [1]

152 | Information Systems for Business and Beyond (2019)

were not directly relatable to higher productivity, but to “softer”

measures, such as the impact on organizational structure. They also

found that the impact of information technology can vary widely

between companies.

IT Doesn’t Matter

Just as a consensus was forming about the value of IT, the Internet

stock market bubble burst. Two years later in 2003, Harvard

professor Nicholas Carr wrote his article “IT Doesn’t Matter” in

the Harvard Business Review. In this article Carr asserted that as

information technology had become ubiquitous, it has also become

less of a differentiator, much like a commodity. Products that have

the same features and are virtually indistinguishable are considered

to be commodities. Price and availability typically become the only

discriminators when selecting a source for a commodity. In Carr’s

view all information technology was the same, delivering the same

value regardless of price or supplier. Carr suggested that since IT

is essentially a commodity, it should be managed like one. Just

select the one with the lowest cost this is most easily accessible. He

went on to say IT management should see themselves as a utility

within the company and work to keep costs down. For Carr IT’s

goal is to provide the best service with minimal downtime. Carr

saw no competitive advantage to be gained through information

technology.

As you can imagine, this article caused quite an uproar, especially

from IT companies. Many articles were written in defense of IT

while others supported Carr. In 2004 Carr released a book based on

the article entitled Does IT Matter? A year later he was interviewed

by CNET on the topic “IT still doesn’t matter.” Click here to watch

the video of Carr being interviewed about his book on CNET.

Probably the best thing to come out of the article and subsequent

book were discussions on the place of IT in a business strategy, and

Chapter 7: Does IT Matter? | 153

exactly what role IT could play in competitive advantage. That is the

question to be addressed in this chapter.

Competitive Advantage

What does it mean when a company has a competitive advantage?

What are the factors that play into it? Michael Porter in his

book Competitive Advantage: Creating and Sustaining Superior

Performance. writes that a company is said to have a competitive

advantage over its rivals when it is able to sustain profits that exceed

the average for the industry. According to Porter, there are two

primary methods for obtaining competitive advantage: cost

advantage and differentiation advantage. 2 So the question for I.T.

becomes: How can information technology be a factor in one or both

of these methods?

The following sections address this question by using two of

Porter’s analysis tools: the value chain and the five forces model.

Porter’s analysis in his 2001 article “Strategy and the Internet,”

which examines the impact of the Internet on business strategy and

competitive advantage, will be used to shed further light on the role

of information technology in gaining competitive advantage. 3

2. [3]

3. [4]

154 | Information Systems for Business and Beyond (2019)

Diagram of Porter’s Value Chain (click to enlarge)

The Value Chain

In his book Competitive Advantage: Creating and Sustaining

Performance Porter describes exactly how a company can create

value and therefore profit. Value is built through the value chain: a

series of activities undertaken by the company to produce a product

or service. Each step in the value chain contributes to the overall

value of a product or service. While the value chain may not be a

perfect model for every type of company, it does provide a way to

analyze just how a company is producing value. The value chain is

made up of two sets of activities: primary activities and support

activities. An explanation of these activities and a discussion of

how information technology can play a role in creating value by

contributing to cost advantage or differentiation advantage appears

next.

Primary activities are the functions that directly impact the

creation of a product or service. The goal of a primary activity is to

add value that is greater than the cost of that activity. The primary

activities are:

• Inbound logistics. These are the processes that bring in raw materials and other needed inputs. Information technology

can be used to make these processes more efficient, such as

with supply-chain management systems which allow the

suppliers to manage their own inventory.

• Operations. Any part of a business that converts the raw materials into a final product or service is a part of operations.

Chapter 7: Does IT Matter? | 155

From manufacturing to business process management

(covered in Chapter 8), information technology can be used to

provide more efficient processes and increase innovation

through flows of information.

• Outbound logistics. These are the functions required to get the product out to the customer. As with inbound logistics, IT

can be used here to improve processes, such as allowing for

real-time inventory checks. IT can also be a delivery

mechanism itself.

• Sales/Marketing. The functions that will entice buyers to purchase the products are part of sales and marketing.

Information technology is used in almost all aspects of this

activity. From online advertising to online surveys, IT can be

used to innovate product design and reach customers as never

before. The company website can be a sales channel itself.

• Service. Service activity involves the functions a business performs after the product has been purchased to maintain

and enhance the product’s value. Service can be enhanced via

technology as well, including support services through

websites and knowledge bases.

The support activities are the functions in an organization that

support all of the primary activities. Support activities can be

considered indirect costs to the organization. The support activities

are:

• Firm infrastructure. An organization’s infrastructure includes finance, accounting, ERP systems (covered in Chapter 9) and

quality control. All of these depend on information technology

and represent functions where I.T. can have a positive impact.

• Human Resource Management Human Resource Management (HRM) consists of recruiting, hiring, and other services needed

to attract and retain employees. Using the Internet, HR

departments can increase their reach when looking for

candidates. I.T. also allows employees to use technology for a

156 | Information Systems for Business and Beyond (2019)

Porter’s Five Forces (click to enlarge)

more flexible work environment.

• Technology development. Technology development provides innovation that supports primary activities. These advances

are integrated across the firm to add value in a variety of

departments. Information technology is the primary generator

of value in this support activity.

• Procurement. Procurement focuses on the acquisition of raw materials used in the creation of products. Business-to-

business e-commerce can be used to improve the acquisition

of materials.

This analysis of the value chain provides some insight into how

information technology can lead to competitive advantage. Another

important concept from Porter is the “Five Forces Model.”

Porter’s Five Forces

Porter developed the Five

Forces model as a framework

for industry analysis. This

model can be used to help

understand the degree of

competition in an industry and

analyze its strengths and

weaknesses. The model

consists of five elements, each of which plays a role in determining

the average profitability of an industry. In 2001 Porter wrote an

article entitled ”Strategy and the Internet,” in which he takes this

model and looks at how the Internet impacts the profitability of an

industry. Below is a quick summary of each of the Five Forces and

the impact of the Internet.

• Threat of substitute products or services. The first force

Chapter 7: Does IT Matter? | 157

challenges the user to consider the likelihood of another

produce or service replacing the product or service you offer.

The more types of products or services there are that can meet

a particular need, the less profitability there will be in an

industry. In the communications industry, the smartphone has

largely replaced the pager. In some construction projects,

metal studs have replaced wooden studs for framing. The

Internet has made people more aware of substitute products,

driving down industry profits in those industries in which

substitution occurs. Please notice that substitution refers to a

product being replaced by a similar product for the purpose of

accomplishing the same task. It does not mean dissimilar

products or services such as flying to a destination rather than

traveling by rail.

• Bargaining power of suppliers. A supplier’s bargaining power is strong when there are few suppliers from which your

company can obtain a needed product or service. Conversely,

when they are many suppliers their bargaining power is lower

since your company would have many sources from which to

source a product. When your company has several suppliers to

choose from, you can negotiate a lower price. When a sole

supplier exists, then your company is at the mercy of the

supplier. For example, if only one company makes the

controller chip for a car engine, that company can control the

price, at least to some extent. The Internet has given

companies access to more suppliers, driving down prices.

• Bargaining power of customers. A customer’s bargaining power is strong when your company along with your

competitors is attempting to provide the same product to this

customer. In this instance the customer has many sources

from which to source a product so they can approach your

company and seek a price reduction. If there are few suppliers

in your industry, then the customer’s bargaining power is

considered low.

• Barriers to entry. The easier it is to enter an industry, the

158 | Information Systems for Business and Beyond (2019)

more challenging it will be to make a profit in that industry.

Imagine you are considering starting a lawn mowing business.

The entry barrier is very low since all you need is a law mower.

No special skills or licenses are required. However, this means

your neighbor next door may decide to start mowing lawns

also, resulting in increased competition. In contrast a highly

technical industry such as manufacturing of medical devices

has numerous barriers to entry. You would need to find

numerous suppliers for various components, hire a variety of

highly skilled engineers, and work closely with the Food and

Drug Administration to secure approval for the sale of your

products. In this example the barriers to entry are very high so

you should expect few competitors.

• Rivalry among existing competitors: Rivalry among existing competitors helps you evaluate your entry into the market.

When rivalry is fierce, each competitor is attempting to gain

additional market share from the others. This can result in

aggressive pricing, increasing customer support, or other

factors which might lure a customer away from a competitor.

Markets in which rivalry is low may be easier to enter and

become profitable sooner because all of the competitors are

accepting of each other’s presence.

Porter’s five forces are used to analyze an industry to determine

the average profitability of a company within that industry. Adding

in Porter’s analysis of the Internet to his Five Forces results in the

realization that technology has lowered overall profitability. 4

4. [5]

Chapter 7: Does IT Matter? | 159

Using Information Systems for Competitive Advantage

Having learned about Porter’s Five Forces and their impact on a

firm’s ability to generate a competitive advantage, it is time to look

at some examples of competitive advantage. A strategic information

system is designed specifically to implement an organizational

strategy meant to provide a competitive advantage. These types of

information systems began popping up in the 1980s, as noted in a

paper by Charles Wiseman entitled “Creating Competitive Weapons

From Information Systems.” 5

A strategic information system attempts to do one or more of the

following:

• Deliver a product or a service at a lower cost;

• Deliver a product or service that is differentiated;

• Help an organization focus on a specific market segment;

• Enable innovation.

Here are some examples of information systems that fall into this

category.

Business Process Management Systems

In their book, IT Doesn’t Matter – Business Processes Do, Howard

Smith and Peter Fingar argue that it is the integration of information

systems with business processes that leads to competitive

advantage. The authors state that Carr’s article is dangerous

because it gave CEOs and IT managers approval to start cutting

5. [6]

160 | Information Systems for Business and Beyond (2019)

Comparison of process with and without EDI (click to enlarge)

their technology budgets, putting their companies in peril. True

competitive advantage can be found with information systems that

support business processes. Chapter 8 focuses on the use of

business processes for competitive advantage.

Electronic Data Interchange

Electronic Data Interchange (EDI) provides a competitive advantage

through integrating the supply chain electronically. EDI can be

thought of as the computer-to-computer exchange of business

documents in a standard electronic format between business

partners. By integrating suppliers and distributors via EDI, a

company can vastly reduce the resources required to manage the

relevant information. Instead of manually ordering supplies, the

company can simply place an order via the computer and the

products are ordered.

Chapter 7: Does IT Matter? | 161

Collaborative Systems

As organizations began to implement networking technologies,

information systems emerged that allowed employees to begin

collaborating in different ways. These systems allowed users to

brainstorm ideas together without the necessity of physical, face-

to-face meetings. Tools such as video conferencing with Skype or

WebEx, collaboration and document sharing with Microsoft

SharePoint, and project management with SAP’s Project System

make collaboration possible in a variety of endeavors.

Broadly speaking, any software that allows multiple users to

interact on a document or topic could be considered collaborative.

Electronic mail, a shared Word document, and social networks fall

into this broad definition. However, many software tools have been

created that are designed specifically for collaborative purposes.

These tools offer a broad spectrum of collaborative functions. Here

is just a short list of some collaborative tools available for businesses

today:

• Google Drive. Google Drive offers a suite of office applications

(such as a word processor, spreadsheet, drawing, presentation)

that can be shared between individuals. Multiple users can edit

the documents at the same time and the threaded comments

option is available.

• Microsoft SharePoint. SharePoint integrates with Microsoft

Office and allows for collaboration using tools most office

workers are familiar with. SharePoint was covered in greater

detail in chapter 5.

• Cisco WebEx. WebEx combines video and audio

communications and allows participants to interact with each

other’s computer desktops. WebEx also provides a shared

whiteboard and the capability for text-based chat to be going

on during the sessions, along with many other features. Mobile

editions of WebEx allow for full participation using

162 | Information Systems for Business and Beyond (2019)

smartphones and tablets.

• GitHub. Programmers/developers use GitHub for web-based

team development of computer software.

Decision Support Systems

A decision support system (DSS) helps an organization make a

specific decision or set of decisions. DSSs can exist at different

levels of decision-making within the organization, from the CEO

to first level managers. These systems are designed to take inputs

regarding a known (or partially-known) decision making process

and provide the information necessary to make a decision. DSSs

generally assist a management level person in the decision-making

process, though some can be designed to automate decision-

making.

An organization has a wide variety of decisions to make, ranging

from highly structured decisions to unstructured decisions. A

structured decision is usually one that is made quite often, and one

in which the decision is based directly on the inputs. With

structured decisions, once you know the necessary information you

also know the decision that needs to be made. For example,

inventory reorder levels can be structured decisions. Once your

inventory of widgets gets below a specific threshold, automatically

reorder ten more. Structured decisions are good candidates for

automation, but decision-support systems are generally not built

for them.

An unstructured decision involves a lot of unknowns. Many times

unstructured decisions are made for the first time. An information

system can support these types of decisions by providing the

decision makers with information gathering tools and collaborative

capabilities. An example of an unstructured decision might be

Chapter 7: Does IT Matter? | 163

dealing with a labor issue or setting policy for the implementation

of a new technology.

Decision support systems work best when the decision makers

are having to make semi-structured decisions. A semi-structured

decision is one in which most of the factors needed for making the

decision are known but human experience and other outside factors

may still impact the decision. A good example of an semi-structured

decision would be diagnosing a medical condition (see sidebar).

As with collaborative systems, DSSs can come in many different

formats. A nicely designed spreadsheet that allows for input of

specific variables and then calculates required outputs could be

considered a DSS. Another DSS might be one that assists in

determining which products a company should develop. Input into

the system could include market research on the product,

competitor information, and product development costs. The

system would then analyze these inputs based on the specific rules

and concepts programmed into it. The system would report its

results with recommendations and/or key indicators to be used in

making a decision. A DSS can be looked at as a tool for competitive

advantage because it can give an organization a mechanism to make

wise decisions about products and innovations.

164 | Information Systems for Business and Beyond (2019)

Isabel screen shot

Sidebar: Isabel – A Health Care DSS

A discussed in the text, DSSs

are best applied to semi-

structured decisions, in which

most of the needed inputs are

known but human experience

and environmental factors also

play a role. A good example for

today is Isabel, a health care

DSS. The creators of Isabel

explain how it works:

Isabel uses the information routinely captured

during your workup, whether free text or structured

data, and instantaneously provides a diagnosis

checklist for review. The checklist contains a list of

possible diagnoses with critical “Don’t Miss

Diagnoses” flagged. When integrated into your

Electronic Medical Records (EMR) system, Isabel can

provide “one click” seamless diagnosis support with

no additional data entry. 6

Investing in IT for Competitive Advantage

In 2008, Brynjolfsson and McAfee published a study in the Harvard

Business Review on the role of IT in competitive advantage, entitled

6. [7]

Chapter 7: Does IT Matter? | 165

“Investing in the IT That Makes a Competitive Difference.” Their

study confirmed that IT can play a role in competitive advantage if

deployed wisely. In their study, they drew three conclusions 7 :

• First, the data show that IT has sharpened differences

among companies instead of reducing them. This

reflects the fact that while companies have always

varied widely in their ability to select, adopt, and exploit

innovations, technology has accelerated and amplified

these differences.

• Second, good management matters. Highly qualified

vendors, consultants, and IT departments might be

necessary for the successful implementation of

enterprise technologies themselves, but the real value

comes from the process innovations that can now be

delivered on those platforms. Fostering the right

innovations and propagating them widely are both

executive responsibilities – ones that can’t be delegated.

• Finally, the competitive shakeup brought on by IT is not

nearly complete, even in the IT-intensive US economy.

You can expect to see these altered competitive

dynamics in other countries, as well, as their IT

investments grow.

Information systems can be used for competitive advantage, but

they must be used strategically. Organizations must understand

how they want to differentiate themselves and then use all the

elements of information systems (hardware, software, data, people,

and process) to accomplish that differentiation.

7. [8]

166 | Information Systems for Business and Beyond (2019)

Summary

Information systems are integrated into all components of business

today, but can they bring competitive advantage? Over the years,

there have been many answers to this question. Early research

could not draw any connections between IT and profitability, but

later studies have shown that the impact can be positive. IT is

not a panacea. Just purchasing and installing the latest technology

will not by itself make a company more successful. Instead, the

combination of the right technologies and good management will

give a company the best chance for a positive result.

Study Questions

1. What is the productivity paradox?

2. Summarize Carr’s argument in “Does IT Matter.”

3. How is the 2008 study by Brynjolfsson and McAfee different

from previous studies? How is it the same?

4. What does it mean for a business to have a competitive

advantage?

5. What are the primary activities and support activities of the

value chain?

6. What has been the overall impact of the Internet on industry

profitability? Who has been the true winner?

7. How does EDI work?

8. Give an example of a semi-structured decision and explain

what inputs would be necessary to provide assistance in

making the decision.

9. What does a collaborative information system do?

10. How can IT play a role in competitive advantage, according to

Chapter 7: Does IT Matter? | 167

the 2008 article by Brynjolfsson and McAfee?

Exercises

1. Analyze Carr’s position in regards to PC vs. Mac, Open Office

vs. Microsoft Office, and Microsoft Powerpoint vs. Tableau.

2. Do some independent research on Nicholas Carr (the author of

“IT Doesn’t Matter”) and explain his current position on the

ability of IT to provide competitive advantage.

3. Review the WebEx website. What features of WebEx would

contribute to good collaboration? Compare WebEx with other

collaboration tools such as Skype or Google Hangouts?

Lab

1. Think of a semi-structured decision that you make in your

daily life and build your own DSS using a spreadsheet that

would help you make that decision.

1. Brynjolfsson, E. (1994). The Productivity Paradox of Information

Technology: Review and Assessment. Center for Coordination

Science MIT Sloan School of Management: Cambridge,

Massachusetts.↵

2. Brynjolfsson, E. and Hitt, L. (1998). Beyond the Productivity

Paradox. Communications of the ACM, 41, 49–55. ↵

3. Porter, M. (1985). Competitive Advantage: Creating and

Sustaining Superior Performance. New York: The Free Press. ↵

4. Porter, M. (2001, March). Strategy and the Internet. Harvard

168 | Information Systems for Business and Beyond (2019)

Business Review, 79 ,3. Retrieved from http://hbswk.hbs.edu/

item/2165.html ↵

5. Porter, M. (2001, March). Strategy and the Internet. Harvard

Business Review, 79, 3. Retrieved from http://hbswk.hbs.edu/

item/2165.html↵

6. Wiseman, C. and MacMillan, I. C. (1984). Creating Competitive

Weapons From Information Systems. Journal Of Business

Strategy, 5(2)., 42.↵

7. Isabel. (n.d.). Broaden Your Differential Diagnosis. Retrieved

from http://www.isabelhealthcare.com/home/ourmission. ↵

8. McAfee, A. and Brynjolfsson, E. (2008, July-August). Investing in

the IT That Makes a Competitive Difference. Harvard Business

Review.↵

Chapter 7: Does IT Matter? | 169

Chapter 8: Business Processes

Learning Objectives

Upon successful completion of this chapter, you will be

able to:

• define the term business process;

• understand the tools of documentation of business

processes;

• identify the different systems needed to support

business processes in an organization;

• explain the value of an enterprise resource

planning (ERP) system;

• explain how business process management and

business process reengineering work; and

• understand how information technology combined

with business processes can bring an organization

competitive advantage.

Introduction

The fourth component of information systems is process. But what is

a process and how does it tie into information systems? And in what

170 | Chapter 8: Business Processes

ways do processes have a role in business? This chapter looks to

answer those questions and also describe how business processes

can be used for strategic advantage.

What Is a Business Process?

We have all heard the term process before, but what exactly does

it mean? A process is a series of tasks that are completed in order to

accomplish a goal. A business process, therefore, is a process that is

focused on achieving a goal for a business. Processes are something

that businesses go through every day in order to accomplish their

mission. The better their processes, the more effective the business.

Some businesses see their processes as a strategy for achieving

competitive advantage. A process that achieves its goal in a unique

way can set a company apart. A process that eliminates costs can

allow a company to lower its prices (or retain more profit). If you

have worked in a business setting, you have participated in a

business process. Anything from a simple process for making a

sandwich at Subway to building a space shuttle utilizes one or more

business processes. In the context of information systems, a

business process is a set of business activities performed by human

actors and/or the information system to accomplish a specific

outcome.

Documenting a Process

Every day each of us will perform many processes without even

thinking about them such as getting ready for work, using an ATM,

texting a friend, etc. As processes grow more complex, documenting

becomes necessary. It is essential for businesses to do this because

it allows them to ensure control over how activities are undertaken

Chapter 8: Business Processes | 171

in their organization. It also allows for standardization. For example,

McDonald’s has the same process for building a Big Mac in all of its

restaurants.

The simplest way to document a process is to just create a list.

The list shows each step in the process. Each step can be checked

off upon completion. A simple process such as how to create an

account on gmail might look like this:

1. Go to gmail.com.

2. Click “Create account.”

3. Enter your contact information in the “Create your Google

Account” form.

4. Choose your username and password.

5. Agree to User Agreement and Privacy Policy by clicking on

“Submit.”

For processes that are not so straightforward, documenting all of

the steps as a checklist may not be sufficient. For example, here

is the process for determining if an article for a term needs to be

added to Wikipedia:

1. Search Wikipedia to determine if the term already exists.

2. If the term is found, then an article is already written, so you

must think of another term. Go to step 1.

3. If the term is not found, then look to see if there is a related

term.

4. If there is a related term, then create a redirect.

5. If there is not a related term, then create a new article.

This procedure is relatively simple. In fact it has the same number

of steps as the previous example, but because it has some decision

points, it is more difficult to track as a simple list. In these cases it

may make more sense to use a diagram to document the process.

172 | Information Systems for Business and Beyond (2019)

Diagram of an example business process (click to enlarge)

Business Process Modeling Notation

A diagramming tool for

documentation of business

process is a formalized visual

language that provides systems

analysts with the ability to describe the business processes

unambiguously, to visualize the business processes for systematic

understanding, and to communicate the business process for

business process management. Natural languages (e.g., English) are

incapable to explain complex business processes. Diagrams have

been used as tools for business process modeling in the information

systems field. There have been many types of business process

diagramming tools, and each of them has its own style and syntax to

serve its particular purpose. The most commonly used business

process diagramming tools are Business Process Modeling Notation

(BPMN), Data Flow Diagram (DFD), and the Unified Modeling

Language (UML).

BPMN is an extension of the traditional flowchart method by

adding more diagramming elements for descriptions of business

process. The objective of BPMN is to support business process

documentation by providing intuitive notations for business rules.

The flowchart style diagrams in BPMN can provide detailed

specifications business processes from start to end. However,

BPMN is short of the ability of system decomposition for large

information systems.

DFD has served as a foundation of many other tools of

documentation of business process. The central concept of DFD is

a top-down approach to understanding a system. The top-down

approach is consistent with the system concept that views a system

Chapter 8: Business Processes | 173

in a holistic manner and concerns an understanding of a system

by examining the components and their interactions within the

system. More importantly, while describing a business process by

using DFD, the data stores used in the process and generated data

flows in the process are also defined. We will provide an example

of DFD in the Sidebar section of this chapter to illustrate the

integration of data and business tasks in documenting a business

process.

The Unified Modeling Language (UML) is a general-purpose

modeling tool in the field of software engineering for constructing

all types of computerized systems. UML includes a set of various

types of diagrams with different subjects of modeling and

diversified graphics styles. The diversified diagrams in UML can

provide detailed specifications for software engineering in many

perspectives for construction of information systems, but could

be too complicated for documenting business processes from the

perspective of business process management.

Managing Business Process Documentation

As organizations begin to document their processes, it becomes an

administrative responsibility to keep track of them. As processes

change and improve, it is important to know which processes are

the most recent. It is also important to manage the process so

that it can be easily updated. The requirement to manage process

documentation has been one of the driving forces behind the

creation of the document management system. A document

management system stores and tracks documents and supports the

following functions.

• Versions and timestamps. The document management system will keep multiple versions of documents. The most recent

version of a document is easy to identify and will be

174 | Information Systems for Business and Beyond (2019)

An ERP System (click to enlarge)

considered the default.

• Approvals and workflows. When a process needs to be changed, the system will manage both access to the

documents for editing and the routing of the document for

approval.

• Communication. When a process changes, those who implement the process need to be made aware of the changes.

The document management system will notify the appropriate

people when a change to a document has been approved.

Of course, document management systems are not only used for

managing business process documentation. Many other types of

documents are managed in these systems, such as legal documents

or design documents.

ERP Systems

An Enterprise Resource Planning (ERP) system is software with a

centralized database that can be used to run an entire company.

Here are some of the main components of an ERP system.

Computer program. The system is a computer program,

which means that it has been

developed with specific logic

and rules behind it. It is

customized and installed to

work specifically for an

individual organization.

• Centralized database. All data in an ERP system is stored in a

single, central database.

Centralization is key to the success of an ERP. Data entered in

Chapter 8: Business Processes | 175

one part of the company can be immediately available to other

parts of the company.

• Used to run an entire company. An ERP can be used to manage an entire organization’s operations. Companies can

purchase modules for an ERP that represent different

functions within the organization such as finance,

manufacturing, and sales. Some companies choose to purchase

many modules, others choose a subset of the modules.

An ERP system not only centralizes an organization’s data, but

the processes it enforces are the processes the organization has

adopted. When an ERP vendor designs a module, it has to

implement the rules for the associated business processes. Best

practices can be built into the ERP – a major selling point for ERP. In

other words, when an organization implements an ERP, it also gets

improved best practices as part of the deal.

For many organizations the implementation of an ERP system is

an excellent opportunity to improve their business practices and

upgrade their software at the same time. But for others an ERP

brings a challenge. Is the process embedded in the ERP really better

than the process they are currently utilizing? And if they implement

this ERP and it happens to be the same one that all of their

competitors have, will they simply become more like them, making

it much more difficult to differentiate themselves? A large

organization may have one version of the ERP, then acquire a

subsidiary which has a more recent version. Imagine the challenge

of requiring the subsidiary to change back to the earlier version.

One of the criticisms of ERP systems has been that they

commoditize business processes, driving all businesses to use the

same processes and thereby lose their uniqueness. The good news

is that ERP systems also have the capability to be configured with

custom processes. For organizations that want to continue using

their own processes or even design new ones, ERP systems offer

customization so the ERP is unique to the organization.

176 | Information Systems for Business and Beyond (2019)

Registered Trademark of SAP

There is a drawback to customizing an ERP system. Namely,

organizations have to maintain the changes themselves. Whenever

an update to the ERP system comes out, any organization that

has created a custom process will be required to add that change

to their new ERP version. This requires someone to maintain a

listing of these changes as well as re-testing the system every time

an upgrade is made. Organizations will have to wrestle with this

decision. When should they go ahead and accept the best-practice

processes built into the ERP system and when should they spend

the resources to develop their own processes?

Some of the best-known ERP vendors are SAP, Microsoft, and

Oracle.

Business Process Management

Organizations that are serious about improving their business

processes will also create structures to manage those

processes. Business process management (BPM) can be thought of

as an intentional effort to plan, document, implement, and

distribute an organization’s business processes with the support of

information technology.

BPM is more than just automating some simple steps. While

automation can make a business more efficient, it cannot be used to

Chapter 8: Business Processes | 177

provide a competitive advantage. BPM, on the other hand, can be an

integral part of creating that advantage.

Not all of an organization’s processes should be managed this way.

An organization should look for processes that are essential to the

functioning of the business and those that may be used to bring a

competitive advantage. The best processes to look at are those that

include employees from multiple departments, those that require

decision-making that cannot be easily automated, and processes

that change based on circumstances. Here is an example.

Suppose a large clothing retailer is looking to gain a competitive

advantage through superior customer service. A task force is

created to develop a state-of-the-art returns policy that allows

customers to return any article of clothing, no questions asked. The

organization also decides that, in order to protect the competitive

advantage that this returns policy will bring, they will develop their

own customization to their ERP system to implement this returns

policy. In preparation for the rollout of the system, all customer

service employees are trained, showing how to use the new system

and specifically how to process returns. Once the updated returns

process is implemented, the organization will be able to measure

several key indicators about returns that will allow them to adjust

the policy as needed. For example, if it is determined that many

women are returning their high-end dresses after wearing them

once, they could implement a change to the process that limits

the return period to 14 days from the original purchase date. As

changes to the returns policy are made, the changes are rolled out

via internal communications and updates to the returns processing

on the system are made.

If done properly, business process management will provide

several key benefits to an organization, which can be used to

contribute to competitive advantage. These benefits include:

• Empowering employees. When a business process is designed correctly and supported with information technology,

employees will be able to implement it on their own authority.

178 | Information Systems for Business and Beyond (2019)

In the returns policy example, an employee would be able to

accept returns made before fourteen days or use the system to

make determinations on what returns would be allowed after

fourteen days.

• Built-in reporting. By building measurement into the programming, the organization can stay current on key

metrics regarding their processes. In this example, these can

be used to improve the returns process and also, ideally, to

reduce returns.

• Enforcing best practices. As an organization implements processes supported by information systems, it can work to

implement the best practices for that class of business process.

In this example, the organization may want to require that all

customers returning a product without a receipt show a legal

ID. This requirement can be built into the system so that the

return will not be processed unless a valid ID number is

entered.

• Enforcing consistency. By creating a process and enforcing it with information technology, it is possible to create

consistency across the entire organization. In this example, all

stores in the retail chain can enforce the same returns policy. If

the returns policy changes, the change can be instantly

enforced across the entire chain.

Business Process Re-engineering

As organizations look to manage their processes to gain a

competitive advantage, it is also important to understand that

existing ways of doing things may not be the most effective or

efficient. A process developed in the 1950s is not going to be better

just because it is now supported by technology.

In 1990 Michael Hammer published an article in the Harvard

Business Review entitled “Reengineering Work: Don’t Automate,

Obliterate.” This article suggested that simply automating a bad

Chapter 8: Business Processes | 179

process does not make it better. Instead, companies should “blow

up” their existing processes and develop new processes that take

advantage of the new technologies and concepts. He states in the

introduction to the article:

Many of our job designs, work flows, control mechanisms,

and organizational structures came of age in a different

competitive environment and before the advent of the

computer. They are geared towards greater efficiency and

control. Yet the watchwords of the new decade are

innovation and speed, service, and quality.

It is time to stop paving the cow paths. Instead of

embedding outdated processes in silicon and software, we

should obliterate them and start over. We should “re-

engineer” our businesses: use the power of modern

information technology to radically redesign our business

processes in order to achieve dramatic improvements in

their performance. 1

Business Process Re-engineering (BPR) is not just taking an existing

process and automating it. BPR is fully understanding the goals of a

process and then dramatically redesigning it from the ground up to

achieve dramatic improvements in productivity and quality. But this

is easier said than done. Most people think in terms of how to do

small, local improvements to a process. Complete redesign requires

thinking on a larger scale. Hammer provides some guidelines for

how to go about doing business process re-engineering:

• Organize around outcomes, not tasks. This simply means design the process so that, if possible, one person performs all

the steps. Instead of passing the task on to numerous people,

one person does the entire process, resulting in greater speed

1. [1]

180 | Information Systems for Business and Beyond (2019)

and customer responsiveness.

• Have those who use the outcomes of the process perform the process. With the use of information technology many simple tasks are now automated so the person who needs the

outcome should be empowered to perform it. Hammer

provides the following example. Instead of having every

department in the company use a purchasing department to

order supplies, have the supplies ordered directly by those

who need the supplies using an information system.

• Merge information processing work into the real work that produces the information. When one part of the company creates information, such as sales information or payment

information, it should be processed by that same department.

There is no need for one part of the company to process

information created in another part of the company.

• Treat geographically dispersed resources as though they were centralized. With the communications technologies available today, it becomes easier than ever to focus on

physical location. A multinational organization does not need

separate support departments (such as IT, purchasing, etc.) for

each location anymore.

• Link parallel activities instead of integrating their results. Departments that work in parallel should be sharing data and

communicating with each other during a process instead of

waiting until each group is done and then comparing notes.

The outdated concept of only linking outcomes results in re-

work, increased costs, and delays.

• Put the decision points where the work is performed, and build controls into the process. The people who do the work should have decision making authority and the process itself

should have built-in controls using information

technology. Today’s workforce is more educated and

knowledgeable than in the past so providing workers with

information technology can result in the employees controlling

their processes.

Chapter 8: Business Processes | 181

• Capture information at the source. Requiring information to be entered more than once causes delays and errors. With

information technology, an organization can capture it once

and then make it available whenever needed.

These principles may seem like common sense today, but in 1990

they took the business world by storm. Hammer gives example after

example of how organizations improved their business processes

by many orders of magnitude without adding any new employees,

simply by changing how they did things (see sidebar).

Unfortunately, business process re-engineering got a bad name in

many organizations. This was because it was used as an excuse for

cost cutting that really had nothing to do with BPR. For example,

many companies simply used it as a reason for laying off part of

their workforce. However, today many of the principles of BPR have

been integrated into businesses and are considered part of good

business-process management.

Sidebar: Reengineering the College Bookstore

The process of purchasing the correct textbooks in a timely manner

for college classes has always been problematic. Now with online

bookstores competing directly with the college bookstore for

students’ purchases, the college bookstore is under pressure to

justify its existence.

But college bookstores have one big advantage over their

competitors, namely they have access to students’ data. Once a

student has registered for classes, the bookstore knows exactly

what books that student will need for the upcoming term. To

leverage this advantage and take advantage of new technologies,

182 | Information Systems for Business and Beyond (2019)

College Bookstore Redesign

the bookstore wants to implement a new process that will make

purchasing books through the bookstore advantageous to students.

Though they may not be able to compete on price, they can provide

other advantages such as reducing the time it takes to find the

books and the ability to guarantee that the book is the correct

one for the class. In order to do this, the bookstore will need to

undertake a process redesign.

The goal of the process redesign is simple. Capture a higher

percentage of students as customers of the bookstore. After

diagramming the existing process and meeting with student focus

groups, the bookstore comes up with a new process. In the new

process the bookstore utilizes information technology to reduce the

amount of work the students need to do in order to get their books.

In this new process the bookstore sends the students an e-mail

with a list of all the books required for their upcoming classes. By

clicking a link in this e-mail the students can log into the bookstore,

confirm their books, and complete the purchase. The bookstore will

then deliver the books to the students. And there is an additional

benefit to the faculty: Professors are no longer asked to delay start

of semester assignments while students wait for books to arrive in

the mail. Instead, students can be expected to promptly complete

their assignments and the course proceeds on schedule.

Chapter 8: Business Processes | 183

College bookstore data flow diagram (original) (Click to enlarge)

College bookstore data flow diagram (redesigned) (Click to enlarge)

Here are the changes to this process shown as data flow diagrams:

184 | Information Systems for Business and Beyond (2019)

Sidebar: ISO Certification

Many organizations now claim that they are using best practices

when it comes to business processes. In order to set themselves

apart and prove to their customers, and potential customers, that

they are indeed doing this, these organizations are seeking out

an ISO 9000 certification. ISO is an acronym for International

Standards Organization (website here). This body defines quality

standards that organizations can implement to show that they are,

indeed, managing business processes in an effective way. The ISO

9000 certification is focused on quality management.

In order to receive ISO certification, an organization must be

audited and found to meet specific criteria. In its most simple form,

the auditors perform the following review.

• Tell me what you do (describe the business process).

• Show me where it says that (reference the process

documentation).

• Prove that this is what happened (exhibit evidence in

documented records).

Chapter 8: Business Processes | 185

Over the years, this certification has evolved and many branches

of the certification now exist. ISO certification is one way to

separate an organization from others. You can find out more about

the ISO 9000 standard here.

Summary

The advent of information technologies has had a huge impact on

how organizations design, implement, and support business

processes. From document management systems to ERP systems,

information systems are tied into organizational processes. Using

business process management, organizations can empower

employees and leverage their processes for competitive advantage.

Using business process reengineering, organizations can vastly

improve their effectiveness and the quality of their products and

services. Integrating information technology with business

processes is one way that information systems can bring an

organization lasting competitive advantage.

Study Questions

1. What does the term business process mean?

2. What are three examples of business process from a job you

have had or an organization you have observed?

3. What is the value in documenting a business process?

4. What is an ERP system? How does an ERP system enforce best

practices for an organization?

186 | Information Systems for Business and Beyond (2019)

5. What is one of the criticisms of ERP systems?

6. What is business process re-engineering? How is it different

from incrementally improving a process?

7. Why did BPR get a bad name?

8. List the guidelines for redesigning a business process.

9. What is business process management? What role does it play

in allowing a company to differentiate itself?

10. What does ISO certification signify?

Exercises

1. Think of a business process that you have had to perform in

the past. How would you document this process? Would a

diagram make more sense than a checklist? Document the

process both as a checklist and as a diagram.

2. Review the return policies at your favorite retailer, then answer

this question. What information systems do you think would

need to be in place to support their return policy?

3. If you were implementing an ERP system, in which cases would

you be more inclined to modify the ERP to match your

business processes? What are the drawbacks of doing this?

4. Which ERP is the best? Do some original research and

compare three leading ERP systems to each other. Write a

two- to three-page paper that compares their features.

Labs

1. Visit a fast food restaurant of your choice. Observe the

Chapter 8: Business Processes | 187

processes used in taking an order, filling the order, and

receiving payment. Create a flowchart showing the steps used.

Then create a second flowchart indicating where you would

recommend improvements to the processes.

2. Virginia Mason Medical Center, located in Seattle, Washington,

needed to radically change some of their business processes.

Download the case study. Then read the case study and

respond to the following items.

1. Number of campuses

2. Number of employees

3. Number of physicians

4. Nature of the issue at Virginia Mason

5. “You cannot improve a process until…”

6. Discuss staff walking distance and inventory levels

7. How were patient spaces redesigned?

8. What happened to walking distance after this redesign?

9. Inventory was reduced by what percent?

10. Total cost savings =

1. Hammer, M. (1990). Reengineering work: don’t automate,

obliterate. Harvard Business Review 68.4, 104–112.↵

188 | Information Systems for Business and Beyond (2019)

Chapter 9: The People in Information Systems

Learning Objectives

Upon successful completion of this chapter, you will be

able to:

• describe each of the different roles that people play

in the design, development, and use of information

systems;

• understand the different career paths available to

those who work with information systems;

• explain the importance of where the information-

systems function is placed in an organization; and

• describe the different types of users of information

systems.

Introduction

The opening chapters of this text focused on the technology behind

information systems, namely hardware, software, data, and

networking. The last chapter covered business processes and the

Chapter 9: The People in Information Systems | 189

U. S. Bureau of Labor Statistics – 2020 Projections

key role they can play in the success of a business. This chapter

discusses people, the last component of an information system.

People are involved in information systems in just about every

way. People imagine information systems, people develop

information systems, people support information systems, and,

perhaps most importantly, people use information systems.

The Creators of Information Systems

The first group of people to be considered play a role in designing,

developing, and building information systems. These people are

generally technical and have a background in programming,

analysis, information security, or database design. Just about

everyone who works in the creation of information systems has a

minimum of a bachelor’s degree in computer science or information

systems, though that is not necessarily a requirement. The process

of creating information systems will be covered in more detail in

Chapter 10.

The following chart shows the U. S. Bureau of Labor Statistics

projections for computing career employment in 2020.

190 | Information Systems for Business and Beyond (2019)

Systems Analyst

The systems analyst straddles the divide between identifying

business needs and imagining a new or redesigned system to fulfill

those needs. This individual works with a team or department

seeking to identify business requirements and analyze the specific

details of an existing system or a system that needs to be built.

Generally, the analyst is required to have a good understanding

of the business itself, the purpose of the business, the business

processes involved, and the ability to document them well. The

analyst identifies the different stakeholders in the system and works

to involve the appropriate individuals in the analysis process.

Prior to analyzing the problem or the system of concern, the

analyst needs to a) clearly identify the problem, b) gain approval for

the project, c) identify the stakeholders, and d) develop a plan to

monitor the project. The analysis phase of the project can be broken

down into five steps.

1. Seek out and identify the details

2. Specify requirements

3. Decide which requirements are most important

4. Create a dialog showing how the user interacts with the

existing system

5. Ask users to critique the list of requirements that have been

developed

The analysis phase involves both the systems analyst and the

users. It is important to realize the role the users take in the analysis

of the system. Users can have significant insights into how well the

current system functions as well as suggest improvements.

Once the requirements are determined, the analyst begins the

process of translating these requirements into an information

systems design. It is important to understand which different

technological solutions will work and provide several alternatives

to the client, based on the company’s budgetary constraints,

Chapter 9: The People in Information Systems | 191

technology constraints, and culture. Once the solution is selected,

the analyst will create a detailed document describing the new

system. This new document will require that the analyst understand

how to speak in the technical language of systems developers.

The design phase results in the components of the new system

being identified, including how they relate to one another. The

designer needs to communicate clearly with software developers as

well database administrators by using terminology that is consistent

with both of these specialties. The design phase of the project can

be broken down into six steps.

1. Design the hardware environment

2. Design the software

3. Design how the new system will interface with the users

4. Design hardware interfaces

5. Design database tables

6. Design system security

A systems analyst generally is not the one who does the actual

development of the information system. The design document

created by the systems analyst provides the detail needed to create

the system and is handed off to a developer to actually write the

software and to the database administrator to build the database

and tables that will be in the database.

Sometimes the system may be assembled from off-the-shelf

components by a person called a systems integrator. This is a

specific type of systems analyst that understands how to get

different software packages to work with each other.

To become a systems analyst, you should have a background both

in the business analysis and in systems design. Many analysts first

work as developers and have business experience before becoming

system analysts. It is vital for analysts to clearly understand the

purpose of the business of interest, realizing that all businesses are

unique.

192 | Information Systems for Business and Beyond (2019)

Programmer/Developer

Programmers spend their time writing computer code in a

programming language. In the case of systems development,

programmers generally attempt to fulfill the design specifications

given to them by a systems analyst/designer. Many different styles

of software development exist A programmer may work alone for

long stretches of time or work as part of a team with other

developers. A programmer needs to be able to understand complex

processes and also the intricacies of one or more programming

languages.

Computer Engineer

Computer engineers design the computing devices that are used

every day. There are many types of computer engineers who work

on a variety of different types of devices and systems. Some of the

more prominent computer engineering jobs are as follows:

• Hardware engineer. A hardware engineer designs hardware and test components such as microprocessors, memory

devices, routers, and networks. Many times, a hardware

engineer is at the cutting edge of computing technology,

creating something brand new. Other times, the hardware

engineer’s job is to re-engineer an existing component to work

faster or use less power. Many times a hardware engineer’s job

is to write code to create a program that will be implemented

directly on a computer chip.

• Software engineer. Software engineers tend to focus on a specific area of software such as operating systems, networks,

applications, or databases. Software engineers use three

primary skill areas: computer science, engineering, and

mathematics.

Chapter 9: The People in Information Systems | 193

• Systems engineer. A systems engineer takes the components designed by other engineers and makes them all work

together, focusing on the integration of hardware and

software. For example, to build a computer the mother board,

processor, memory, and hard disk all have to work together. A

systems engineer has experience with many different types of

hardware and software and knows how to integrate them to

create new functionality.

• Network engineer. A network engineer understands the networking requirements of an organization and then designs

a communications system to meet those needs, using the

networking hardware and software, sometimes referred to as a

network operating system. Network engineers design both

local area networks as well as wide area networks.

There are many different types of computer engineers, and often

the job descriptions overlap. While many may call themselves

engineers based on a company job title, there is also a professional

designation of “professional engineer” which has specific

requirements. In the United States each state has its own set of

requirements for the use of this title, as do different countries

around the world. Most often, it involves a professional licensing

exam.

Information Systems Operations and Administration

Another group of information systems professionals are involved in

the day-to-day operations and administration of IT. These people

must keep the systems running and up-to-date so that the rest

of the organization can make the most effective use of these

resources.

194 | Information Systems for Business and Beyond (2019)

Computer Operator

A computer operator is the person who oversees the mainframe

computers and data centers in organizations. Some of their duties

include keeping the operating systems up to date, ensuring available

memory and disk storage, providing for redundancy (think

electricity, connectivity to the Internet, and database backups), and

overseeing the physical environment of the computer. Since

mainframe computers increasingly have been replaced with servers,

storage management systems, and other platforms, computer

operators’ jobs have grown broader and include working with these

specialized systems.

Database Administrator

A Database Administrator (DBA) is the person who designs and

manages the databases for an organization. This person creates and

maintains databases that are used as part of applications or the

data warehouse. The DBA also consults with systems analysts and

programmers on projects that require access to or the creation of

databases.

Help Desk/Support Analyst

Most mid-size to large organizations have their own information

technology help desk. The help desk is the first line of support for

computer users in the company. Computer users who are having

problems or need information can contact the help desk for

assistance. Many times a help desk worker is a junior level employee

who is able to answer basic issues that users need assistance with.

Help desk analysts work with senior level support analysts or have a

Chapter 9: The People in Information Systems | 195

computer knowledgebase at their disposal to help them investigate

the problem at hand. The help desk is a great place to break into

working in IT because it exposes you to all of the different

technologies within the company. A successful help desk analyst

should have good communications skills and a sincere interest in

helping users.

Trainer

A computer trainer conducts classes to teach people specific

computer skills. For example, if a new ERP system is being installed

in an organization, one part of the implementation process is to

teach all of the users how to use the new system. A trainer may work

for a software company and be contracted to come in to conduct

classes when needed; a trainer may work for a company that offers

regular training sessions. Or a trainer may be employed full time for

an organization to handle all of their computer instruction needs.

To be successful as a trainer you need to be able to communicate

technical concepts clearly and demonstrate patience with learners.

Managing Information Systems

The management of information-systems functions is critical to

the success of information systems within the organization. Here

are some of the jobs associated with the management of

information systems.

196 | Information Systems for Business and Beyond (2019)

CIO

The Chief Information Officer (CIO) is the head of the information-

systems function. This person aligns the plans and operations of the

information systems with the strategic goals of the organization.

Tasks include budgeting, strategic planning, and personnel

decisions for the information systems function. The CIO must also

be the face of the IT department within the organization. This

involves working with senior leaders in all parts of the organization

to ensure good communication, planning, and budgeting.

Interestingly, the CIO position does not necessarily require a lot

of technical expertise. While helpful, it is more important for this

person to have good management skills and understand the

business. Many organizations do not have someone with the title

of CIO. Instead, the head of the information systems function is

called the Vice President of Information Systems or Director of

Information Systems.

Functional Manager

As an information systems organization becomes larger, many of

the different functions are grouped together and led by a manager.

These functional managers report to the CIO and manage the

employees specific to their function. For example, in a large

organization there are a group of systems analysts who report to

a manager of the systems analysis function. For more insight into

how this might look, see the discussion later in the chapter of how

information systems are organized.

Chapter 9: The People in Information Systems | 197

Gantt Chart for managing projects

ERP Management

Organizations using an ERP require one or more individuals to

manage these systems. EPR managers make sure that the ERP

system is completely up to date, work to implement any changes to

the ERP that are needed, and consult with various user departments

on needed reports or data extracts.

Project Managers

Information systems projects are notorious for going over budget

and being delivered late. In many cases a failed IT project can spell

doom for a company. A project manager is responsible for keeping

projects on time and on budget. This person works with the

stakeholders of the project to keep the team organized and

communicates the status of the project to management. Gantt

charts, shown above, are used to graphically illustrate a project’s

schedule, tasks, and resources.

A project manager does not have authority over the project team.

198 | Information Systems for Business and Beyond (2019)

Instead, the project manager coordinates schedules and resources

in order to maximize the project outcomes. This leader must be a

good communicator and an extremely organized person. A project

manager should also have good people skills. Many organizations

require each of their project managers to become certified as a

Project Management Professional (PMP).

Information Security Officer

An information security officer is in charge of setting information

security policies for an organization and then overseeing the

implementation of those policies. This person may have one or more

people reporting to them as part of the information security team.

As information has become a critical asset, this position has become

highly valued. The information security officer must ensure that the

organization’s information remains secure from both internal and

external threats.

Emerging Roles

As technology evolves many new roles are becoming more common

as other roles diminish. For example, as we enter the age of “big

data,” we are seeing the need for more data analysts and business

intelligence specialists. Many companies are now hiring social

media experts and mobile technology specialists. The increased use

of cloud computing and Virtual Machine (VM) technologies also is

increasing demand for expertise in those areas.

Chapter 9: The People in Information Systems | 199

Career Paths in Information Systems (click to enlarge)

Career Paths in Information Systems

These job descriptions do not

represent all possible jobs

within an information systems

organization. Larger

organizations will have more

specialized roles, while smaller

organizations may combine

some of these roles. Many of

these roles may exist outside of

a traditional information-

systems organization, as we will

discuss below.

Working with information

systems can be a rewarding

career choice. Whether you

want to be involved in very

technical jobs (programmer,

database administrator), or you

want to be involved in working

with people (systems analyst, trainer, project manager), there are

many different career paths available.

Many times those in technical jobs who want career advancement

find themselves in a dilemma. A person can continue doing

technical work, where sometimes their advancement options are

limited, or become a manager of other employees and put

themselves on a management career track. In many cases those

proficient in technical skills are not gifted with managerial skills.

Some organizations, especially those that highly value their

technically skilled employees, create a technical track that exists in

parallel to the management track so that they can retain employees

who are contributing to the organization with their technical skills.

200 | Information Systems for Business and Beyond (2019)

CISCO certification badge

Sidebar: Are Certifications Worth Pursuing?

As technology becomes more important to businesses, hiring

employees with technical skills is becoming critical. But how can

an organization ensure that the person they are hiring has the

necessary skills? Many organizations are including technical

certifications as a prerequisite for getting hired.

Cisco Certified Internetwork Expert.

Certifications are

designations given by a

certifying body that someone

has a specific level of

knowledge in a specific

technology. This certifying

body is often the vendor of the

product itself, though

independent certifying

organizations, such as

CompTIA, also exist. Many of these organizations offer certification

tracks, allowing a beginning certificate as a prerequisite to getting

more advanced certificates. To get a certificate, you generally

attend one or more training classes and then take one or more

certification exams. Passing the exams with a certain score will

qualify you for a certificate. In most cases, these classes and

certificates are not free. In fact a highly technical certification can

cost thousands dollars. Some examples of the certifications in

highest demand include Microsoft (software certifications), Cisco

(networking), and SANS (security).

For many working in IT, determining whether to pursue one or

more of these certifications is an important question. For many jobs,

Chapter 9: The People in Information Systems | 201

such as those involving networking or security, a certificate will be

required by the employer as a way to determine which potential

employees have a basic level of skill. For those who are already in

an IT career, a more advanced certificate may lead to a promotion.

For those wondering about the importance of certification, the best

solution is to talk to potential employers and those already working

in the field to determine the best choice.

Organizing the Information Systems Function

In the early years of computing, the information-systems function

(generally called “data processing”) was placed in the finance or

accounting department of the organization. As computing became

more important, a separate information-systems function was

formed, but it still was generally placed under the Chief Financial

Officer and considered to be an administrative function of the

company. By the 1980s and 1990s, when companies began

networking internally and then connecting to the Internet, the

information systems function was combined with the

telecommunications functions and designated as the Information

Technology (IT) department. As the role of information technology

continued to increase, its place in the organization became more

important. In many organizations today, the head of IT (the CIO)

reports directly to the CEO.

Where in the Organization Should IS Be?

Before the advent of the personal computer, the information

202 | Information Systems for Business and Beyond (2019)

systems function was centralized within organizations in order to

maximize control over computing resources. When the PC began

proliferating, many departments within organizations saw it as a

chance to gain some computing resources for themselves. Some

departments created an internal information systems group,

complete with systems analysts, programmers, and even database

administrators. These departmental IS groups were dedicated to

the information needs of their own departments, providing quicker

turnaround and higher levels of service than a centralized IT

department. However, having several IS groups within an

organization led to a lot of inefficiencies. There were now several

people performing the same jobs in different departments. This

decentralization also led to company data being stored in several

places all over the company.

In some organizations a matrix reporting structure developed in

which IT personnel were placed within a department and reported

to both the department management and the functional

management within IS. The advantages of dedicated IS personnel

for each department must be weighed against the need for more

control over the strategic information resources of the company.

For many companies, these questions are resolved by the

implementation of the ERP system (see discussion of ERP in Chapter

8). Because an ERP system consolidates most corporate data back

into a single database, the implementation of an ERP system

requires organizations to find “silos” of data so that they can

integrate them back into the corporate system. The ERP allows

organizations to regain control of their information and influences

organizational decisions throughout the company.

Outsourcing

Frequently an organization needs a specific skill for a limited period

of time. Instead of training existing employees or hiring new staff,

Chapter 9: The People in Information Systems | 203

it may make more sense to outsource the job. Outsourcing can be

used in many different situations within the information systems

function, such as the design and creation of a new website or the

upgrade of an ERP system. Some organizations see outsourcing as a

cost-cutting move, contracting out a whole group or department.

New Models of Organizations

The integration of information technology has influenced the

structure of organizations. The increased ability to communicate

and share information has led to a “flattening” of the organizational

structure due to the removal of one or more layers of management.

The network-based organizational structure is another changed

enabled by information systems. In a network-based organizational

structure, groups of employees can work somewhat independently

to accomplish a project. People with the right skills are brought

together for a project and then released to work on other projects

when that project is over. These groups are somewhat informal and

allow for all members of the group to maximize their effectiveness.

Information Systems Users – Types of Users

Besides the people who work to create, administer, and manage

information systems, there is one more extremely important group

of people, namely, the users of information systems. This group

represents a very large percentage of an organization’s employees.

If the user is not able to successfully learn and use an information

system, the system is doomed to failure.

Technology adoption user types

204 | Information Systems for Business and Beyond (2019)

Diffusion of Innovation (click to enlarge)

One tool that can be used to

understand how users will

adopt a new technology comes

from a 1962 study by Everett

Rogers. In his book, Diffusion of

Innovation,[1]Rogers studied

how farmers adopted new

technologies and noticed that

the adoption rate started slowly

and then dramatically

increased once adoption hit a

certain point. He identified five specific types of technology

adopters:

• Innovators. Innovators are the first individuals to adopt a new technology. Innovators are willing to take risks, are the

youngest in age, have the highest social class, have great

financial liquidity, are very social, and have the closest contact

with scientific sources and interaction with other innovators.

Risk tolerance is high so there is a willingness to adopt

technologies thast may ultimately fail. Financial resources help

absorb these failures (Rogers, 1962, p. 282).

• Early adopters. The early adopters are those who adopt innovation soon after a technology has been introduced and

proven. These individuals have the highest degree of opinion

leadership among the other adopter categories, which means

that these adopters can influence the opinions of the largest

majority. Characteristics include being younger in age, having a

higher social status, possessing more financial liquidity, having

advanced education, and being more socially aware than later

adopters. These adopters are more discrete in adoption

choices than innovators, and realize judicious choice of

adoption will help them maintain a central communication

position (Rogers, 1962, p. 283).

• Early majority. Individuals in this category adopt an innovation

Chapter 9: The People in Information Systems | 205

after a varying degree of time. This time of adoption is

significantly longer than the innovators and early adopters.

This group tends to be slower in the adoption process, has

above average social status, has contact with early adopters,

and seldom holds positions of opinion leadership in a system

(Rogers, 1962, p. 283).

• Late majority. The late majority will adopt an innovation after the average member of the society. These individuals approach

an innovation with a high degree of skepticism, have below

average social status, very little financial liquidity, are in

contact with others in the late majority and the early majority,

and show very little opinion leadership.

• Laggards. Individuals in this category are the last to adopt an innovation. Unlike those in the previous categories, individuals

in this category show no opinion leadership. These individuals

typically have an aversion to change agents and tend to be

advanced in age. Laggards typically tend to be focused on

“traditions,” are likely to have the lowest social status and the

lowest financial liquidity, be oldest of all other adopters, and be

in contact with only family and close friends.[2]

These five types of users can be translated into information

technology adopters as well, and provide additional insight into how

to implement new information systems within the organization. For

example, when rolling out a new system, IT may want to identify

the innovators and early adopters within the organization and work

with them first, then leverage their adoption to drive the rest of the

implementation to the other users.

Summary

In this chapter we have reviewed the many different categories

of individuals who make up the people component of information

206 | Information Systems for Business and Beyond (2019)

systems. The world of information technology is changing so fast

that new roles are being created all the time and roles that existed

for decades are being phased out. This chapter this chapter should

have given you a good idea and appreciation for the importance of

the people component of information systems.

Study Questions

1. Describe the role of a systems analyst.

2. What are some of the different roles for a computer engineer?

3. What are the duties of a computer operator?

4. What does the CIO do?

5. Describe the job of a project manager.

6. Explain the point of having two different career paths in

information systems.

7. What are the advantages and disadvantages of centralizing the

IT function?

8. What impact has information technology had on the way

companies are organized?

9. What are the five types of information-systems users?

10. Why would an organization outsource?

Exercises

1. Which IT job would you like to have? Do some original

research and write a two-page paper describing the duties of

the job you are interested in.

2. Spend a few minutes on Dice or Monster to find IT jobs in your

area. What IT jobs are currently available? Write up a two-page

Chapter 9: The People in Information Systems | 207

paper describing three jobs, their starting salary (if listed), and

the skills and education needed for the job.

3. How is the IT function organized in your school or place of

employment? Create an organization chart showing how the IT

organization fits into your overall organization. Comment on

how centralized or decentralized the IT function is.

4. What type of IT user are you? Take a look at the five types of

technology adopters and then write a one-page summary of

where you think you fit in this model.

Lab

1. Define each job in the list, then ask 10 friends to identify which

jobs they have heard about or know something about. Tabulate

your results.

2. Chief marketing technologist

3. Developer evangelist

4. Ethical hacker

5. Business intelligence analyst

6. Digital marketing manager

7. Growth hacker

8. UX designer

9. Cloud architect

10. Data detective

11. Master of edge computing

12. Digital prophet

13. NOC specialist

14. SEO/SEM specialist

1. Rogers, E. M. (1962). Diffusion of innovations. New York: Free

Press↵

208 | Information Systems for Business and Beyond (2019)

2. Rogers, E. M. (1962). Diffusion of innovations. New York: Free

Press↵

Chapter 9: The People in Information Systems | 209

Chapter 10: Information Systems Development

Learning Objectives

Upon successful completion of this chapter, you will be

able to:

• Explain the overall process of developing new

software;

• Explain the differences between software

development methodologies;

• Understand the different types of programming

languages used to develop software;

• Understand some of the issues surrounding the

development of websites and mobile applications; and

• Identify the four primary implementation policies.

Introduction

When someone has an idea for a new function to be performed by

a computer, how does that idea become reality? If a company wants

to implement a new business process and needs new hardware or

210 | Chapter 10: Information Systems Development

Software development methodologie s

software to support it, how do they go about making it happen?

This chapter covers the different methods of taking those ideas and

bringing them to reality, a process known as information systems

development.

Programming

Software is created via programming, as discussed in Chapter 2.

Programming is the process of creating a set of logical instructions

for a digital device to follow using a programming language. The

process of programming is sometimes called “coding” because the

developer takes the design and encodes it into a programming

language which then runs on the computer.

The process of developing good software is usually not as simple

as sitting down and writing some code. Sometimes a programmer

can quickly write a short program to solve a need, but in most

instances the creation of software is a resource-intensive process

that involves several different groups of people in an organization.

In order to do this effectively, the groups agree to follow a specific

software development methodology. The following sections review

several different methodologies for software development, as

summarized in the table below and more fully described in the

following sections.

Chapter 10: Information Systems Development | 211

Systems Development Life Cycle

The Systems Development Life Cycle (SDLC) was first developed in

the 1960s to manage the large software projects associated with

corporate systems running on mainframes. This approach to

software development is very structured and risk averse, designed

to manage large projects that include multiple programmers and

systems that have a large impact on the organization. It requires

a clear, upfront understanding of what the software is supposed

to do and is not amenable to design changes. This approach is

roughly similar to an assembly line process, where it is clear to

all stakeholders what the end product should do and that major

changes are difficult and costly to implement.

Various definitions of the SDLC methodology exist, but most

contain the following phases.

1. Preliminary Analysis. A request for a replacement or new

system is first reviewed. The review includes questions such

as: What is the problem-to-be-solved? Is creating a solution

possible? What alternatives exist? What is currently being

done about it? Is this project a good fit for our organization?

After addressing these question, a feasibility study is launched.

The feasibility study includes an analysis of the technical

feasibility, the economic feasibility or affordability, and the

legal feasibility. This step is important in determining if the

project should be initiated and may be done by someone with a

title of Requirements Analyst or Business Analyst

2. System Analysis. In this phase one or more system analysts

work with different stakeholder groups to determine the

specific requirements for the new system. No programming is

done in this step. Instead, procedures are documented, key

players/users are interviewed, and data requirements are

developed in order to get an overall impression of exactly what

the system is supposed to do. The result of this phase is a

212 | Information Systems for Business and Beyond (2019)

system requirements document and may be done by someone

with a title of Systems Analyst

3. System Design. In this phase, a designer takes the system

requirements document created in the previous phase and

develops the specific technical details required for the system.

It is in this phase that the business requirements are translated

into specific technical requirements. The design for the user

interface, database, data inputs and outputs, and reporting are

developed here. The result of this phase is a system design

document. This document will have everything a programmer

needs to actually create the system and may be done by

someone with a title of Systems Analyst, Developer, or Systems

Architect, based on the scale of the project.

4. Programming. The code finally gets written in the

programming phase. Using the system design document as a

guide, programmers develop the software. The result of this

phase is an initial working program that meets the

requirements specified in the system analysis phase and the

design developed in the system design phase. These tasks are

done by persons with titles such as Developer, Software

Engineer, Programmer, or Coder.

5. Testing. In the testing phase the software program developed

in the programming phase is put through a series of structured

tests. The first is a unit test, which evaluates individual parts of

the code for errors or bugs. This is followed by a system test in

which the different components of the system are tested to

ensure that they work together properly. Finally, the user

acceptance test allows those that will be using the software to

test the system to ensure that it meets their standards. Any

bugs, errors, or problems found during testing are resolved

and then the software is tested again. These tasks are done by

persons with titles such as Tester, Testing Analyst, or Quality

Assurance.

6. Implementation. Once the new system is developed and tested,

it has to be implemented in the organization. This phase

Chapter 10: Information Systems Development | 213

The SDLC method (click to enlarge)

includes training the users, providing documentation, and data

conversion from the previous system to the new system.

Implementation can take many forms, depending on the type

of system, the number and type of users, and how urgent it is

that the system become operational. These different forms of

implementation are covered later in the chapter.

7. Maintenance. This final phase takes place once the

implementation phase is complete. In the maintenance phase

the system has a structured support process in place. Reported

bugs are fixed and requests for new features are evaluated and

implemented. Also, system updates and backups of the

software are made for each new version of the program. Since

maintenance is normally an Operating Expense (OPEX) while

much of development is a Capital Expense (CAPEX), funds

normally come out of different budgets or cost centers.

The SDLC methodology is

sometimes referred to as the

waterfall methodology to

represent how each step is a

separate part of the process.

Only when one step is

completed can another step

begin. After each step an

organization must decide when

to move to the next step. This methodology has been criticized for

being quite rigid, allowing movement in only one direction, namely,

forward in the cycle. For example, changes to the requirements are

not allowed once the process has begun. No software is available

until after the programming phase.

Again, SDLC was developed for large, structured projects. Projects

using SDLC can sometimes take months or years to complete.

Because of its inflexibility and the availability of new programming

techniques and tools, many other software development

214 | Information Systems for Business and Beyond (2019)

methodologies have been developed. Many of these retain some of

the underlying concepts of SDLC, but are not as rigid.

Rapid Application Development

RAD Methodology (click to enlarge)

Rapid Application Development (RAD) focuses on quickly building

a working model of the software, getting feedback from users, and

then using that feedback to update the working model. After several

iterations of development, a final version is developed and

implemented.

The RAD methodology consists of four phases.

1. Requirements Planning. This phase is similar to the preliminary

analysis, system analysis, and design phases of the SDLC. In

this phase the overall requirements for the system are defined,

a team is identified, and feasibility is determined.

Chapter 10: Information Systems Development | 215

2. User Design. In the user design phase representatives of the

users work with the system analysts, designers, and

programmers to interactively create the design of the system.

Sometimes a Joint Application Development (JAD) session is

used to facilitate working with all of these various

stakeholders. A JAD session brings all of the stakeholders for a

structured discussion about the design of the system.

Application developers also participate and observe, trying to

understand the essence of the requirements.

3. Construction. In the construction phase the application

developers, working with the users, build the next version of

the system through an interactive process. Changes can be

made as developers work on the program. This step is

executed in parallel with the User Design step in an iterative

fashion, making modifications until an acceptable version of

the product is developed.

4. Cutover. Cutover involves switching from the old system to the

new software. Timing of the cutover phase is crucial and is

usually done when there is low activity. For example, IT

systems in higher education undergo many changes and

upgrades during the summer or between fall semester and

spring semester. Approaches to the migration from the old to

the new system vary between organizations. Some prefer to

simply start the new software and terminate use of the old

software. Others choose to use an incremental cutover,

bringing one part online at a time. A cutover to a new

accounting system may be done one module at a time such as

general ledger first, then payroll, followed by accounts

receivable, etc. until all modules have been implemented. A

third approach is to run both the old and new systems in

parallel, comparing results daily to confirm the new system is

accurate and dependable. A more thorough discussion of

implementation strategies appears near the end of this

chapter.

216 | Information Systems for Business and Beyond (2019)

As you can see, the RAD methodology is much more compressed

than SDLC. Many of the SDLC steps are combined and the focus

is on user participation and iteration. This methodology is much

better suited for smaller projects than SDLC and has the added

advantage of giving users the ability to provide feedback throughout

the process. SDLC requires more documentation and attention to

detail and is well suited to large, resource-intensive projects. RAD

makes more sense for smaller projects that are less resource

intensive and need to be developed quickly.

Agile Methodologies

Agile methodologies are a group of methodologies that utilize

incremental changes with a focus on quality and attention to detail.

Each increment is released in a specified period of time (called a

time box), creating a regular release schedule with very specific

objectives. While considered a separate methodology from RAD,

the two methodologies share some of the same principles such as

iterative development, user interaction, and flexibility to change.

The agile methodologies are based on the “Agile Manifesto,” first

released in 2001.

Chapter 10: Information Systems Development | 217

Agile Methodology

Agile and Iterative Development

The diagram above emphasizes iterations in the center of agile

development. You should notice how the building blocks of the

developing system move from left to right, a block at a time, not the

entire project. Blocks that are not acceptable are returned through

feedback and the developers make the needed modifications.

Finally, notice the Daily Review at the top of the diagram. Agile

Development means constant evaluation by both developers and

customers (notice the term “Collaboration”) of each day’s work.

The characteristics of agile methodology include:

• Small cross-functional teams that include development team

members and users;

• Daily status meetings to discuss the current state of the

project;

• Short time-frame increments (from days to one or two weeks)

for each change to be completed; and

218 | Information Systems for Business and Beyond (2019)

Lean Methodology (click to enlarge)

• Working project at the end of each iteration which

demonstrates progress to the stakeholders.

The goal of agile methodologies is to provide the flexibility of an

iterative approach while ensuring a quality product.

Lean Methodology

One last methodology to

discuss is a relatively new

concept taken from the

business bestseller The Lean

Startup by Eric Reis. Lean

focuses on taking an initial idea

and developing a Minimum

Viable Product (MVP). The MVP

is a working software

application with just enough

functionality to demonstrate

the idea behind the project.

Once the MVP is developed, the development team gives it to

potential users for review. Feedback on the MVP is generated in two

forms. First, direct observation and discussion with the users and

second, usage statistics gathered from the software itself. Using

these two forms of feedback, the team determines whether they

should continue in the same direction or rethink the core idea

behind the project, change the functions, and create a new MVP.

This change in strategy is called a pivot. Several iterations of the

MVP are developed, with new functions added each time based on

the feedback, until a final product is completed.

The biggest difference between the iterative and non-iterative

methodologies is that the full set of requirements for the system are

not known when the project is launched. As each iteration of the

Chapter 10: Information Systems Development | 219

The quality triangle (click to enlarge)

project is released, the statistics and feedback gathered are used to

determine the requirements. The lean methodology works best in

an entrepreneurial environment where a company is interested in

determining if their idea for a program is worth developing.

Sidebar: The Quality Triangle

When developing software or

any sort of product or service,

there exists a tension between

the developers and the

different stakeholder groups

such as management, users,

and investors. This tension

relates to how quickly the

software can be developed

(time), how much money will be spent (cost), and how well it will be

built (quality). The quality triangle is a simple concept. It states that

for any product or service being developed, you can only address

two of the following: time, cost, and quality.

So why can only two of the three factors in the triangle be

considered? Because each of these three components are in

competition with each other! If you are willing and able to spend

a lot of money, then a project can be completed quickly with high

quality results because you can provide more resources towards

its development. If a project’s completion date is not a priority,

then it can be completed at a lower cost with higher quality results

using a smaller team with fewer resources. Of course, these are

just generalizations, and different projects may not fit this model

perfectly. But overall, this model is designed to help you understand

220 | Information Systems for Business and Beyond (2019)

the trade-offs that must be made when you are developing new

products and services.

There are other, fundamental reasons why low-cost, high-quality

projects done quickly are so difficult to achieve.

1. The human mind is analog and the machines the software run

on are digital. These are completely different natures that

depend upon context and nuance versus being a 1 or a 0.

Things that seem obvious to the human mind are not so

obvious when forced into a 1 or 0 binary choice.

2. Human beings leave their imprints on the applications or

systems they design. This is best summed up by Conway’s Law

(1968) – “Organizations that design information systems are

constrained to do so in a way that mirrors their internal

communication processes.” Organizations with poor

communication processes will find it very difficult to

communicate requirements and priorities, especially for

projects at the enterprise level (i.e., that affect the whole

organization.

Programming Languages

As noted earlier, developers create programs using one of several

programming languages. A programming language is an artificial

language that provides a way for a developer to create programming

code to communicate logic in a format that can be executed by

the computer hardware. Over the past few decades, many different

types of programming languages have evolved to meet a variety of

needs. One way to characterize programming languages is by their

“generation.”

Chapter 10: Information Systems Development | 221

Generations of Programming Languages

Early languages were specific to the type of hardware that had to be

programmed. Each type of computer hardware had a different low

level programming language. In those early languages very specific

instructions had to be entered line by line – a tedious process.

First generation languages were called machine code because programming was done in the format the machine/computer could

read. So programming was done by directly setting actual ones

and zeroes (the bits) in the program using binary code. Here is an

example program that adds 1234 and 4321 using machine language:

10111001 00000000 11010010 10100001 00000100 00000000 10001001 00000000 00001110 10001011 00000000 00011110 00000000 00011110 00000000 00000010 10111001 00000000 11100001 00000011 00010000 11000011 10001001 10100011 00001110 00000100 00000010 00000000

Assembly language is the second generation language and uses English-like phrases rather than machine-code instructions,

making it easier to program. An assembly language program must

be run through an assembler, which converts it into machine code.

Here is a sample program that adds 1234 and 4321 using assembly

language.

MOV CX,1234

222 | Information Systems for Business and Beyond (2019)

MOV DS:[0],CX MOV CX,4321 MOV AX,DS:[0] MOV BX,DS:[2] ADD AX,BX MOV DS:[4],AX

Third-generation languages are not specific to the type of hardware on which they run and are similar to spoken languages.

Most third generation languages must be compiled. The developer

writes the program in a form known generically as source code,

then the compiler converts the source code into machine code,

producing an executable file. Well-known third generation

languages include BASIC, C, Python, and Java. Here is an example

using BASIC:

A=1234 B=4321 C=A+B END

Fourth generation languages are a class of programming tools that enable fast application development using intuitive interfaces and

environments. Many times a fourth generation language has a very

specific purpose, such as database interaction or report-writing.

These tools can be used by those with very little formal training in

programming and allow for the quick development of applications

and/or functionality. Examples of fourth-generation languages

include: Clipper, FOCUS, SQL, and SPSS.

Why would anyone want to program in a lower level language

when they require so much more work? The answer is similar to

why some prefer to drive manual transmission vehicles instead of

automatic transmission, namely, control and efficiency. Lower level

languages, such as assembly language, are much more efficient and

execute much more quickly. The developer has finer control over

the hardware as well. Sometimes a combination of higher and lower

Chapter 10: Information Systems Development | 223

level languages is mixed together to get the best of both worlds. The

programmer can create the overall structure and interface using a

higher level language but use lower level languages for the parts of

the program that are used many times, require more precision, or

need greater speed.

The programming language spectrum (click to enlarge).

Compiled vs. Interpreted

Besides identifying a programming language based on its

generation, we can also classify it through the distinction of

whether it is compiled or interpreted. A computer language is

written in a human-readable form. In a compiled language the

program code is translated into a machine-readable form called

an executable that can be run on the hardware. Some well-known

compiled languages include C, C++, and COBOL.

Interpreted languages require a runtime program to be installed

in order to execute. Each time the user wants to run the software

the runtime program must interpret the program code line by line,

then run it. Interpreted languages are generally easier to work with

but also are slower and require more system resources. Examples

224 | Information Systems for Business and Beyond (2019)

of popular interpreted languages include BASIC, PHP, PERL, and

Python. The web languages of HTML and JavaScript are also

considered interpreted because they require a browser in order to

run.

The Java programming language is an interesting exception to

this classification, as it is actually a hybrid of the two. A program

written in Java is partially compiled to create a program that can

be understood by the Java Virtual Machine (JVM). Each type of

operating system has its own JVM which must be installed before

any program can be executed. The JVM approach allows a single

Java program to run on many different types of operating systems.

Procedural vs. Object-Oriented

A procedural programming language is designed to allow a

programmer to define a specific starting point for the program and

then execute sequentially. All early programming languages worked

this way. As user interfaces became more interactive and graphical,

it made sense for programming languages to evolve to allow the

user to have greater control over the flow of the program. An object-

oriented programming language is designed so that the programmer

defines “objects” that can take certain actions based on input from

the user. In other words, a procedural program focuses on the

sequence of activities to be performed while an object oriented

program focuses on the different items being manipulated.

Chapter 10: Information Systems Development | 225

Employee object

Consider a human resources

system where an “EMPLOYEE”

object would be needed. If the

program needed to retrieve or

set data regarding an employee,

it would first create an

employee object in the program

and then set or retrieve the

values needed. Every object has

properties, which are

descriptive fields associated with the object. Also known as a

Schema, it is the logical view of the object (i.e., each row of

properties represents a column in the actual table, which is known

as the physical view). The employee object has the properties

“EMPLOYEEID”, “FIRSTNAME”, “LASTNAME”, “BIRTHDATE” and

“HIREDATE”. An object also has methods which can take actions

related to the object. There are two methods in the example. The

first is “ADDEMPLOYEE()”, which will create another employee

record. The second is “EDITEMPLOYEE()” which will modify an

employee’s data.

Programming Tools

To write a program, you need little more than a text editor and a

good idea. However, to be productive you must be able to check

the syntax of the code, and, in some cases, compile the code. To

be more efficient at programming, additional tools, such as an

Integrated Development Environment (IDE) or computer-aided

software-engineering (CASE) tools can be used.

226 | Information Systems for Business and Beyond (2019)

Screen shot of Oracle Eclipse

Integrated Development Environment

For most programming languages an Integrated Development

Environment (IDE) can be used to develop the program. An IDE

provides a variety of tools for the programmer, and usually includes:

• Editor. An editor is used for writing the program. Commands are automatically color coded by the IDE to identify command

types. For example, a programming comment might appear in

green and a programming statement might appear in black.

• Help system. A help system gives detailed documentation regarding the programming language.

• Compiler/Interpreter. The compiler/interpreter converts the programmer’s source code into machine language so it can be

executed/run on the computer.

• Debugging tool. Debugging assists the developer in locating errors and finding solutions.

• Check-in/check-out mechanism. This tool allows teams of programmers to work simultaneously on a program without

overwriting another programmer’s code.

Examples of IDEs include Microsoft’s Visual Studio and Oracle’s

Eclipse. Visual Studio is the IDE for all of Microsoft’s programming

Chapter 10: Information Systems Development | 227

languages, including Visual Basic, Visual C++, and Visual C#. Eclipse

can be used for Java, C, C++, Perl, Python, R, and many other

languages.

CASE Tools

While an IDE provides several tools to assist the programmer in

writing the program, the code still must be written. Computer-

Aided Software Engineering (CASE) tools allow a designer to develop

software with little or no programming. Instead, the CASE tool

writes the code for the designer. CASE tools come in many varieties.

Their goal is to generate quality code based on input created by the

designer.

Sidebar: Building a Website

In the early days of the World Wide Web, the creation of a website

required knowing how to use HyperText Markup Language (HTML).

Today most websites are built with a variety of tools, but the final

product that is transmitted to a browser is still HTML. At its simplest

HTML is a text language that allows you to define the different

components of a web page. These definitions are handled through

the use of HTML tags with text between the tags or brackets. For

example, an HTML tag can tell the browser to show a word in italics,

to link to another web page, or to insert an image. The HTML code

below selects two different types of headings (h1 and h2) with text

below each heading. Some of the text has been italicized. The output

as it would appear in a browser is shown after the HTML code.

<h1>This is a first-level heading</h1>

228 | Information Systems for Business and Beyond (2019)

HTML output

Here is some text. <em>Here is some emphasized text.</em> <h2>Here is a second-level heading</h2) Here is some more text.

HTML code

While HTML is used to define the components of a web page,

Cascading Style Sheets (CSS) are used to define the styles of the

components on a page. The use of CSS allows the style of a website

to be set and stay consistent throughout. For example, a designer

who wanted all first-level headings (h1) to be blue and centered

could set the “h1″ style to match. The following example shows how

this might look.

<style> h1 { color:blue; text-align:center; } </style> <h1>This is a first-level heading</h1> Here is some text. <em>Here is some emphasized text.</em> <h2>Here is a second-level heading</h2) Here is some more text.

Chapter 10: Information Systems Development | 229

HTML with CSS output

HTML code with CSS added

The combination of HTML and CSS can be used to create a wide

variety of formats and designs and has been widely adopted by

the web design community. The standards for HTML are set by

a governing body called the World Wide Web Consortium. The

current version of HTML 5 includes new standards for video, audio,

and drawing.

When developers create a website, they do not write it out

manually in a text editor. Instead, they use web design tools that

generate the HTML and CSS for them. Tools such as Adobe

Dreamweaver allow the designer to create a web page that includes

images and interactive elements without writing a single line of

code. However, professional web designers still need to learn HTML

and CSS in order to have full control over the web pages they are

developing.

Sidebar: Building a Mobile App

In many ways building an application for a mobile device is exactly

the same as building an application for a traditional computer.

Understanding the requirements for the application, designing the

230 | Information Systems for Business and Beyond (2019)

interface, and working with users are all steps that still need to be

carried out.

Mobile Apps

So what’s different about building an application for a mobile

device? There are five primary differences:

1. Breakthroughs in component technologies. Mobile devices require multiple components that are not only smaller but

more energy-efficient than those in full-size computers

(laptops or desktops). For example, low-power CPUs combined

with longer-life batteries, touchscreens, and Wi-Fi enable very

efficient computing on a phone, which needs to do much less

actual processing than their full-size counterparts.

2. Sensors have unlocked the notion of context. The combination of sensors like GPS, gyroscopes, and cameras

enables devices to be aware of things like time, location,

velocity, direction, altitude, attitude, and temperature.

Location in particular provides a host of benefits.

3. Simple, purpose-built, task-oriented apps are easy to use. Mobile apps are much narrower in scope than enterprise software and therefore easier to use. Likewise, they need to be

intuitive and not require any training.

4. Immediate access to data extends the value proposition. In addition to the app providing a simpler interface on the front

end, cloud-based data services provide access to data in near

real-time, from virtually anywhere (e.g., banking, travel, driving

directions, and investing). Having access to the cloud is needed

to keep mobile device size and power use down.

5. App stores have simplified acquisition. Developing, acquiring, and managing apps has been revolutionized by app stores such

as Apple’s App Store and Google Play. Standardized

Chapter 10: Information Systems Development | 231

development processes and app requirements allow

developers outside Apple and Google to create new apps with

a built-in distribution channel. Average low app prices

(including many of which that are free) has fueled demand.

In sum, the differences between building a mobile app and other

types of software development look like this:

Mobile app differences

Building a mobile app for both iOS and Android operating systems is

known as cross platform development. There are a number of third-

party toolkits available for creating your app. Many will convert

existing code such as HTML5, JavaScript, Ruby, C++, etc. However,

if your app requires sophisticated programming, a cross platform

developer kit may not meet your needs.

Responsive Web Design (RWD) focuses on making web pages

render well on every device: desktop, laptop, tablet, smartphone.

Through the concept of fluid layout RWD automatically adjusts the

content to the device on which it is being viewed. You can find out

more about responsive design here.

232 | Information Systems for Business and Beyond (2019)

Build vs. Buy

When an organization decides that a new program needs to be

developed, they must determine if it makes more sense to build it

themselves or to purchase it from an outside company. This is the

“build vs. buy” decision.

There are many advantages to purchasing software from an

outside company. First, it is generally less expensive to purchase

software than to build it. Second, when software is purchased, it is

available much more quickly than if the package is built in-house.

Software can take months or years to build. A purchased package

can be up and running within a few days. Third, a purchased

package has already been tested and many of the bugs have already

been worked out. It is the role of a systems integrator to make

various purchased systems and the existing systems at the

organization work together.

There are also disadvantages to purchasing software. First, the

same software you are using can be used by your competitors. If a

company is trying to differentiate itself based on a business process

incorporated into purchased software, it will have a hard time doing

so if its competitors use the same software. Another disadvantage

to purchasing software is the process of customization. If you

purchase software from a vendor and then customize it, you will

have to manage those customizations every time the vendor

provides an upgrade. This can become an administrative headache,

to say the least.

Even if an organization determines to buy software, it still makes

sense to go through the same analysis as if it was going to be

developed. This is an important decision that could have a long-

term strategic impact on the organization.

Chapter 10: Information Systems Development | 233

Web Services

Chapter 3 discussed how the move to cloud computing has allowed

software to be viewed as a service. One option, known as web

services, allows companies to license functions provided by other

companies instead of writing the code themselves. Web services can

greatly simplify the addition of functionality to a website.

Suppose a company wishes to provide a map showing the location

of someone who has called their support line. By utilizing Google

Maps API web services, the company can build a Google Map

directly into their application. Or a shoe company could make it

easier for its retailers to sell shoes online by providing a shoe sizing

web service that the retailers could embed right into their website.

Web services can blur the lines between “build vs. buy.”

Companies can choose to build an application themselves but then

purchase functionality from vendors to supplement their system.

End-User Computing (EUC)

In many organizations application development is not limited to

the programmers and analysts in the information technology

department. Especially in larger organizations, other departments

develop their own department-specific applications. The people

who build these applications are not necessarily trained in

programming or application development, but they tend to be adept

with computers. A person who is skilled in a particular program,

such as a spreadsheet or database package, may be called upon to

build smaller applications for use by their own department. This

phenomenon is referred to as end-user development, or end-user

computing.

End-user computing can have many advantages for an

organization. First, it brings the development of applications closer

234 | Information Systems for Business and Beyond (2019)

to those who will use them. Because IT departments are sometimes

backlogged, it also provides a means to have software created more

quickly. Many organizations encourage end-user computing to

reduce the strain on the IT department.

End-user computing does have its disadvantages as well. If

departments within an organization are developing their own

applications, the organization may end up with several applications

that perform similar functions, which is inefficient, since it is a

duplication of effort. Sometimes these different versions of the

same application end up providing different results, bringing

confusion when departments interact. End-user applications are

often developed by someone with little or no formal training in

programming. In these cases, the software developed can have

problems that then have to be resolved by the IT department.

End-user computing can be beneficial to an organization

provided it is managed. The IT department should set guidelines

and provide tools for the departments who want to create their own

solutions. Communication between departments can go a long way

towards successful use of end-user computing.

Sidebar: Risks of EUC’s as “Shadow IT”

The Federal Home Loan Mortgage Company, better known as

Freddie Mac, was fined over $100 million in 2003 in part for

understating its earnings. This triggered a large-scale project to

restate its financials, which involved automating financial reporting

to comply with the Sarbanes-Oxley Act of 2002. Part of the

restatement project found that EUCs (such as spreadsheets and

databases on individual laptops) were feeding into the General

Ledger. While EUCs were not the cause of Freddie Mac’s problems

(they were a symptom of insufficient oversight) to have such poor

Chapter 10: Information Systems Development | 235

IT governance in such a large company was a serious issue. It turns

these EUCs were done in part to streamline the time it took to

make changes to their business processes (a common complaint of

IT departments in large corporations is that it takes too long to get

things done). As such, these EUCs served as a form of “shadow IT”

that had not been through a normal rigorous testing process.

Implementation Methodologies

Once a new system is developed or purchased, the organization

must determine the best method for implementation. Convincing

a group of people to learn and use a new system can be a very

difficult process. Asking employees to use new software as well as

follow a new business process can have far reaching effects within

the organization.

There are several different methodologies an organization can

adopt to implement a new system. Four of the most popular are

listed below.

• Direct cutover. In the direct cutover implementation methodology, the organization selects a particular date to

terminate the use of the old system. On that date users begin

using the new system and the old system is unavailable. Direct

cutover has the advantage of being very fast and the least

expensive implementation method. However, this method has

the most risk. If the new system has an operational problem or

if the users are not properly prepared, it could prove

disastrous for the organization.

• Pilot implementation. In this methodology a subset of the organization known as a pilot group starts using the new

system before the rest of the organization. This has a smaller

236 | Information Systems for Business and Beyond (2019)

impact on the company and allows the support team to focus

on a smaller group of individuals. Also, problems with the new

software can be contained within the group and then resolved.

• Parallel operation. Parallel operations allow both the old and new systems to be used simultaneously for a limited period of

time. This method is the least risky because the old system is

still being used while the new system is essentially being

tested. However, this is by far the most expensive methodology

since work is duplicated and support is needed for both

systems in full.

• Phased implementation. Phased implementation provides for different functions of the new application to be gradually

implemented with the corresponding functions being turned

off in the old system. This approach is more conservative as it

allows an organization to slowly move from one system to

another.

Your choice of an implementation methodology depends on the

complexity of both the old and new systems. It also depends on the

degree of risk you are willing to take.

Change Management

As new systems are brought online and old systems are phased out,

it becomes important to manage the way change is implemented in

the organization. Change should never be introduced in a vacuum.

The organization should be sure to communicate proposed changes

before they happen and plan to minimize the impact of the change

that will occur after implementation. Change management is a

critical component of IT oversight.

Chapter 10: Information Systems Development | 237

Sidebar: Mismanaging Change

Target Corporation, which operates more than 1,500 discount

stores throughout the United States, opened 133 similar stores in

Canada between 2013 and 2015. The company decided to implement

a new Enterprise Resources Planning (ERP) system that would

integrate data from vendors, customers, and do currency

calculations (US Dollars and Canadian Dollars). This implementation

was coincident with Target Canada’s aggressive expansion plan and

stiff competition from Wal-Mart. A two-year timeline – aggressive

by any standard for an implementation of this size – did not account

for data errors from multiple sources that resulted in erroneous

inventory counts and financial calculations. Their supply chain

became chaotic and stores were plagued by not having sufficient

stock of common items, which prevented the key advantage of

“one-stop shopping” for customers. In early 2015, Target Canada

announced it was closing all 133 stores. In sum, “This

implementation broke nearly all of the cardinal sins of ERP projects.

Target set unrealistic goals, didn’t leave time for testing, and

neglected to train employees properly.” 1

1. Taken from ACC Software Solutions. "THE MANY FACES

OF FAILED ERP IMPLEMENTATIONS (AND HOW TO

AVOID THEM)" https://4acc.com/article/failed-erp-

implementations/

238 | Information Systems for Business and Beyond (2019)

Maintenance

After a new system has been introduced, it enters the maintenance

phase. The system is in production and is being used by the

organization. While the system is no longer actively being

developed, changes need to be made when bugs are found or new

features are requested. During the maintenance phase, IT

management must ensure that the system continues to stay aligned

with business priorities and continues to run well.

Summary

Software development is about so much more than programming. It

is fundamentally about solving business problems. Developing new

software applications requires several steps, from the formal SDLC

process to more informal processes such as agile programming

or lean methodologies. Programming languages have evolved from

very low-level machine-specific languages to higher-level

languages that allow a programmer to write software for a wide

variety of machines. Most programmers work with software

development tools that provide them with integrated components

to make the software development process more efficient. For some

organizations, building their own software does not make the most

sense. Instead, they choose to purchase software built by a third

party to save development costs and speed implementation. In end-

user computing, software development happens outside the

information technology department. When implementing new

software applications, there are several different types of

implementation methodologies that must be considered.

Chapter 10: Information Systems Development | 239

Study Questions

1. What are the steps in the SDLC methodology?

2. What is RAD software development?

3. What makes the lean methodology unique?

4. What are three differences between second-generation and

third-generation languages?

5. Why would an organization consider building its own software

application if it is cheaper to buy one?

6. What is responsive design?

7. What is the relationship between HTML and CSS in website

design?

8. What is the difference between the pilot implementation

methodology and the parallel implementation methodology?

9. What is change management?

10. What are the four different implementation methodologies?

Exercises

1. Which software-development methodology would be best if an

organization needed to develop a software tool for a small

group of users in the marketing department? Why? Which

implementation methodology should they use? Why?

2. Doing your own research, find three programming languages

and categorize them in these areas: generation, compiled vs.

interpreted, procedural vs. object-oriented.

3. Some argue that HTML is not a programming language. Doing

your own research, find three arguments for why it is not a

programming language and three arguments for why it is.

4. Read more about responsive design using the link given in the

text. Provide the links to three websites that use responsive

design and explain how they demonstrate responsive-design

240 | Information Systems for Business and Beyond (2019)

behavior.

Labs

1. Here’s a Python program for you to analyze. The code below

deals with a person’s weight and height. See if you can guess what

will be printed and then try running the code in a Python interpreter

such as https://www.onlinegdb.com/online_python_interpreter.

measurements = (8, 20) print("Original measurements:")

for measurement in measurements: print(measurement)

measurements = (170, 72) print("\nModified measurements:")

for measurement in measurements: print(measurement)

2. Here’s a broken Java program for you to analyze. The code

below deals with calculating tuition, multiplying the tuition rate and

the number of credits taken. The number of credits is entered by

the user of the program. The code below is broken and gives the

incorrect answer. Review the problem below and determine what it

would output if the user entered “6” for the number of credits. How

would you fix the program so that it would give the correct output?

package calcTuition;

//import Scanner import java.util.Scanner;

Chapter 10: Information Systems Development | 241

public class CalcTuition {

public static void main(String[] args) {

//Declare variables int credits; final double TUITION_RATE = 100; double tuitionTotal;

//Get user input Scanner inputDevice = new Scanner(System.in); System.out.println("Enter the number of credits: "); credits = inputDevice.nextInt();

//Calculate tuition tuitionTotal = credits + TUITION_RATE;

//Display tuition total System.out.println("You total tuition is: " + tuitionTotal);

} }

242 | Information Systems for Business and Beyond (2019)

PART III: INFORMATION SYSTEMS BEYOND THE ORGANIZATION

Part III: Information Systems Beyond the Organization | 243

Chapter 11: Globalization and the Digital Divide

Learning Objectives

Upon successful completion of this chapter, you will be

able to:

• explain the concept of globalization;

• describe the role of information technology in

globalization;

• identify the issues experienced by firms as they

face a global economy; and

• define the digital divide and explain Nielsen’s three

stages of the digital divide.

Introduction

The Internet has wired the world. Today it is just as simple to

communicate with someone on the other side of the world as it

is to talk to someone next door. But keep in mind that many

businesses attempted to outsource different needs in technology,

only to discover that near-sourcing (outsourcing to countries to

Chapter 11: Globalization and the Digital Divide | 245

Internet Statistics by Continent. Source: https://www .internetworl dstats.com/ stats.htm. (Click to enlarge)

which your country is physically connected) had greater advantage.

This chapter looks at the implications of globalization and the

impact it is having on the world.

What Is Globalization?

Globalization refers to the integration of goods, services, and

culture among the nations of the world. Globalization is not

necessarily a new phenomenon. In many ways globalization has

existed since the days of European colonization. Further advances

in telecommunication and transportation technologies accelerated

globalization. The advent of the the worldwide Internet has made all

nations virtual next door neighbors.

The Internet is truly a worldwide phenomenon. As of December

2017 the Internet was being used by over 4.1 billion people world

wide. 1 From its initial beginnings in the United States in the 1970s to

the development of the World Wide Web in the 1990s to the social

networks and e-commerce of today, the Internet has continued to

increase the integration between countries, making globalization a

fact of life for citizens all over the world.

1. [1]

246 | Information Systems for Business and Beyond (2019)

The Network Society

In 1996 social-sciences researcher Manuel Castells published The

Rise of the Network Society, in which he identified new ways

economic activity was being organized around the networks that

the new telecommunication technologies had provided. This new,

global economic activity was different from the past, because “it

is an economy with the capacity to work as a unit in real time on

a planetary scale.” 2 Having a world connected via the Internet has

some massive implications.

The World Is Flat

Thomas Friedman’s 2005 book The World Is Flat uses anecdotal

evidence to present the impact the personal computer, the Internet,

and communication software have had on business, specifically the

impact on globalization. Three eras of globalization are defined at

the beginning of the book. 3

:

• “Globalization 1.0″ occurred from 1492 until about 1800. In this

era globalization was centered around countries. It was about

how much horsepower, wind power, and steam power a

country had and how creatively it was deployed. The world

shrank from size “large” to size “medium.”

• “Globalization 2.0″ occurred from about 1800 until 2000,

interrupted only by the two World Wars. In this era, the

dynamic force driving change was multinational companies.

The world shrank from size “medium” to size “small.”

2. [2]

3. [3]

Chapter 11: Globalization and the Digital Divide | 247

• “Globalization 3.0″ is our current era, beginning in the year

2000. The convergence of the personal computer, fiber-optic

Internet connections, and software has created a “flat-world

platform” that allows small groups and even individuals to go

global. The world has shrunk from size “small” to size “tiny.”

According to Friedman, this third era of globalization was brought

about, in many respects, by information technology. Some of the

specific technologies include:

• Graphical user interface for the personal computer popularized in the late 1980s. Before the graphical user interface, using a computer was relatively difficult, requiring

users to type commands rather than click a mouse. By making

the personal computer something that anyone could use, the

computer became a tool of virtually every person, not just

those intrigued by technology. Friedman says the personal

computer made people more productive and, as the Internet

evolved, made it simpler to communicate information

worldwide.

• Build-out of the Internet infrastructure during the dot-com boom during the late-1990s. During the late 1990s, telecommunications companies laid thousands of miles of fiber

optic cable all over the world, turning network

communications into a commodity. At the same time, the

Internet protocols, such as SMTP (e-mail), HTML (web pages),

and TCP/IP (network communications) became standards that

were available for free and used by everyone through their

email programs and web browsers.

• Introduction of software to automate and integrate business processes. As the Internet continued to grow and become the dominant form of communication, it became essential to build

on the standards developed earlier so that the websites and

applications running on the Internet would work well together.

Friedman calls this “workflow software,” by which he means

248 | Information Systems for Business and Beyond (2019)

software that allows people to work together more easily, and

allows different software and databases to integrate with each

other more easily. Examples include payment processing

systems and shipping calculators.

These three technologies came together in the late 1990s to

create a “platform for global collaboration.” Once these technologies

were in place, they continued to evolve. Friedman also points out

a couple more technologies that have contributed to the flat-world

platform, namely the open source movement discussed in Chapter

10 and the advent of mobile technologies.

Economist Pankaj Ghemawat authored the book World 3.0 in 2011

in an attempt to provide a more moderate and research-based

analysis of globalization. While Friedman talked with individuals and

produced an anecdotally-based book, Ghemawat’s approach was to

research economic data, then draw conclusions about globalization.

His research found the following:

• Mailed letters that cross international borders = 1%

• Telephone calling minutes that are international = 2%

• Internet traffic that is routed across international borders =

18%

• National, as opposed to international, TV news sources = 95%

• First generation immigrants as portion of world’s population =

3%

• People who at sometime in their lives will cross an

international border = 10%

• Global exports as portion of the value of all goods produced in

the world = 20% 4

According to Ghemawat, while the Internet has had an impact on

4. [4]

Chapter 11: Globalization and the Digital Divide | 249

the world’s economy, it may well be that domestic economies can be

expected to continue to be the main focus in most countries. You

can watch Ghemawat’s Ted Talk here. Current and future trends will

be discussed in Chapter 13.

The Global Firm

The new era of globalization allows virtually any business to become

international. By accessing this new platform of technologies,

Castells’s vision of working as a unit in real time on a planetary scale

can be a reality. Some of the advantages include:

• Ability to locate expertise and labor around the world. Instead of drawing employees from their local area,

organizations can now hire people from the global labor pool.

This also allows organizations to pay a lower labor cost for the

same work based on the prevailing wage in different countries.

• Ability to operate 24 hours a day. With employees in different time zones all around the world, an organization can literally

operate around the clock, handing off work on projects from

one part of the world to another as the normal business day

ends in one region and begins in another. A few years ago

three people decided to open a web hosting company. They

strategically relocated to three places in the world which were

eight hours apart, giving their business 24 hour coverage while

allowing each to work during the normal business day.

Operating expenses were minimized and the business provided

24/7 support to customers world wide.

• Larger market for their products. Once a product is being sold online, it is available for purchase from a worldwide

customer base. Even if a company’s products do not appeal

beyond its own country’s borders, being online has made the

product more visible to consumers within that country.

250 | Information Systems for Business and Beyond (2019)

In order to fully take advantage of these new capabilities,

companies need to understand that there are also challenges in

dealing with employees and customers from different cultures.

Some of these challenges include:

• Infrastructure differences. Each country has its own infrastructure with varying levels of quality and bandwidth. A

business cannot expect every country it deals with to have the

same Internet speeds. See the sidebar titled “How Does My

Internet Speed Compare?”

• Labor laws and regulations. Different countries (even different states in the United States) have different laws and regulations.

A company that wants to hire employees from other countries

must understand the different regulations and concerns.

• Legal restrictions. Many countries have restrictions on what can be sold or how a product can be advertised. It is important

for a business to understand what is allowed. For example, in

Germany, it is illegal to sell anything Nazi related.

• Language, customs, and preferences. Every country has its own unique culture which a business must consider when

trying to market a product there. Additionally, different

countries have different preferences. For example, in many

parts of Europe people prefer to eat their french fries with

mayonnaise instead of ketchup. In South Africa a hamburger

comes delivered to your table with gravy on top.

• International shipping. Shipping products between countries in a timely manner can be challenging. Inconsistent address

formats, dishonest customs agents, and prohibitive shipping

costs are all factors that must be considered when trying to

deliver products internationally.

Because of these challenges, many businesses choose not to

expand globally, either for labor or for customers. Whether a

business has its own website or relies on a third-party, such as

Chapter 11: Globalization and the Digital Divide | 251

Comparison of top world Internet speeds in 2019. Source: https://www .statista.com /chart/ 7246/ the-countrie s-with-the-f astest-intern et/ (Click to enlarge)

Amazon or eBay, the question of whether or not to globalize must

be carefully considered.

Sidebar: How Does My Internet Speed Compare?

How does your Internet speed compare with others in the world?

The following chart shows how Internet speeds compare

in different countries. You can find the full list of countries by going

to this article . You can also compare the evolution of Internet

speeds among countries by using this tool .

So how does your own Internet speed compare? There are many

online tools you can use to determine the speed at which you are

connected. One of the most trusted sites is speedtest.net, where

you can test both your download and upload speeds.

252 | Information Systems for Business and Beyond (2019)

The Digital Divide

As the Internet continues to make inroads across the world, it is also

creating a separation between those who have access to this global

network and those who do not. This separation is called the “digital

divide” and is of great concern. An article in Crossroads puts it this

way:

Adopted by the ACM Council in 1992, the ACM Code of

Ethics and Professional Conduct focuses on issues involving

the Digital Divide that could prevent certain categories of

people — those from low-income households, senior

citizens, single-parent children, the undereducated,

minorities, and residents of rural areas — from receiving

adequate access to the wide variety of resources offered

by computer technology. This Code of Ethics positions the

use of computers as a fundamental ethical consideration: “In

a fair society, all individuals would have equal opportunity

to participate in, or benefit from, the use of computer

resources regardless of race, sex, religion, age, disability,

national origin, or other similar factors.” This article

summarizes the digital divide in its various forms, and

analyzes reasons for the growing inequality in people’s

access to Internet services. It also describes how society

can bridge the digital divide: the serious social gap between

information “haves” and “have-nots.” 5

The digital divide can occur between countries, regions, or even

neighborhoods. In many US cities, there are pockets with little or no

5. [5]

Chapter 11: Globalization and the Digital Divide | 253

Internet access, while just a few miles away high-speed broadband

is common.

Solutions to the digital divide have had mixed success over the

years. Many times just providing Internet access and/or computing

devices is not enough to bring true Internet access to a country,

region, or neighborhood.

A New Understanding of the Digital Divide

In 2006, web-usability consultant Jakob Nielsen wrote an article

that got to the heart of our understanding of this problem. In his

article he breaks the digital divide up into three stages: the

economic divide, the usability divide, and the empowerment

divide 6

.

• Economic divide. This is what many call the digital divide. The economic divide is the idea that some people can afford to

have a computer and Internet access while others cannot.

Because of Moore’s Law (see Chapter 2), the price of hardware

has continued to drop and, at this point, we can now access

digital technologies, such as smartphones, for very little.

Nielsen asserts that for all intents and purposes, the economic

divide is a moot point and we should not focus our resources

on solving it.

• Usability divide. Usability is concerned with the fact that “technology remains so complicated that many people couldn’t

use a computer even if they got one for free.” And even for

those who can use a computer, accessing all the benefits of

having one is beyond their understanding. Included in this

group are those with low literacy and seniors. According to

6. [6]

254 | Information Systems for Business and Beyond (2019)

Nielsen, we know how to help these users, but we are not

doing it because there is little profit in doing so.

• Empowerment divide. Empowerment is the most difficult to solve. It is concerned with how we use technology to empower

ourselves. Very few users truly understand the power that

digital technologies can give them. In his article, Nielsen

explains that his and others’ research has shown that very few

users contribute content to the Internet, use advanced search,

or can even distinguish paid search ads from organic search

results. Many people will limit what they can do online by

accepting the basic, default settings of their computer and not

work to understand how they can truly be empowered.

Understanding the digital divide using these three stages provides

a more nuanced view of how we can work to alleviate it. More work

needs to be done to address the second and third stages of the

digital divide for a more holistic solution.

Refining the Digital Divide

The Miniwatts Marketing Group, host of Internet World Stats, has

sought in 2018 to further clarify the meaning of digital divide by

acknowledging that the divide is more than just who does or does

not have access to the Internet. In addition to Nielsen’s economic,

usability, and empowerment divides, this group sees the following

concerns.

• Social mobility. Lack of computer education works to the disadvantage of children with lower socioeconomic status.

• Democracy. Greater use of the Internet can lead to healthier democracies especially in participation in elections.

• Economic growth. Greater use of the Internet in developing countries could provide a shortcut to economic advancement.

Chapter 11: Globalization and the Digital Divide | 255

Using the latest technology could give companies in these

countries a competitive advantage.

The focus on the continuing digital divide has led the European

Union to create an initiative known as The European 2020 Strategy.

Five major areas are being targeted: a) research and development,

b) climate/energy, c) education, d) social inclusion, and e) poverty

reduction. 7

Sidebar: Using Gaming to Bridge the Digital Divide

Paul Kim, the Assistant Dean and Chief Technology Officer of the

Stanford Graduate School of Education, designed a project to

address the digital divide for children in developing countries. 8

In their project the researchers wanted to learn if children can

adopt and teach themselves mobile learning technology, without

help from teachers or other adults, and the processes and factors

involved in this phenomenon. The researchers developed a mobile

device called TeacherMate, which contained a game designed to

help children learn math. The unique part of this research was

that the researchers interacted directly with the children. They

did not channel the mobile devices through the teachers or the

schools. There was another important factor to consider. In order

to understand the context of the children’s educational

environment, the researchers began the project by working with

7. [7]

8. [8]

256 | Information Systems for Business and Beyond (2019)

parents and local nonprofits six months before their visit. While the

results of this research are too detailed to go into here, it can be

said that the researchers found that children can, indeed, adopt and

teach themselves mobile learning technologies.

What makes this research so interesting when thinking about

the digital divide is that the researchers found that, in order to be

effective, they had to customize their technology and tailor their

implementation to the specific group they were trying to reach. One

of their conclusions stated the following:

Considering the rapid advancement of technology today,

mobile learning options for future projects will only

increase. Consequently, researchers must continue to

investigate their impact. We believe there is a specific need

for more in-depth studies on ICT [Information and

Communication Technology] design variations to meet

different challenges of different localities.

To read more about Dr. Kim’s project, locate the paper referenced

here.

Summary

Information technology has driven change on a global scale.

Technology has given us the ability to integrate with people all over

the world using digital tools. These tools have allowed businesses to

broaden their labor pools, their markets, and even their operating

hours. But they have also brought many new complications for

businesses, which now must understand regulations, preferences,

and cultures from many different nations. This new globalization

has also exacerbated the digital divide. Nielsen has suggested that

the digital divide consists of three stages (economic, usability, and

empowerment), of which the economic stage is virtually solved.

Chapter 11: Globalization and the Digital Divide | 257

Study Questions

1. What does the term globalization mean?

2. How does Friedman define the three eras of globalization?

3. Which technologies have had the biggest effect on

globalization?

4. What are some of the advantages brought about by

globalization?

5. What are the challenges of globalization?

6. What perspective does Ghemawat provide regarding

globalization in his book World 3.0?

7. What does the term digital divide mean?

8. What are Jakob Nielsen’s three stages of the digital divide?

9. What was one of the key points of The Rise of the Network

Society?

10. Which country has the highest average Internet speed? How

does your country compare?

Exercises

1. Compare the concept of Friedman’s “Globalization 3.0″ with

Nielsen empowerment stage of the digital divide.

2. Do some original research to determine some of the

regulations that a US company may have to consider before

doing business in one of the following countries: China,

Germany, Saudi Arabia, Turkey.

3. Give one example of the digital divide and describe what you

would do to address it.

4. How did the research conducted by Paul Kim address the three

258 | Information Systems for Business and Beyond (2019)

levels of the digital divide?

Lab

1. Go to speedtest.net to determine your Internet speed.

Compare your speed at home to the Internet speed at two

other locations, such as your school, place of employment, or

local coffee shop. Write a one-page summary that compares

these locations.

1. Internet World Stats. (n.d.). World Internet Users and 2018

Population Stats. Retrieved from

http://internetworldstats.com/↵

2. Castells, M. (2000). The Rise of the Network Society (2nd ed.).

Cambridge, MA: Blackwell Publishers, Inc.↵

3. Friedman, T. L. (2005). The world is flat: A brief history of the

twenty-first century. New York: Farrar, Straus and Giroux.↵

4. Ghemawat, P. (2011). World 3.0: Global Prosperity and How to

Achieve It. Boston: Harvard Business School Publishing.↵

5. Kim, K. (2005, December). Challenges in HCI: digital divide.

Crossroads 12, 2. DOI=10.1145/1144375.1144377. Retrieved from

http://doi.acm.org/10.1145/1144375.1144377↵

6. Nielsen, J. (2006).Digital Divide: The 3 Stages. Nielsen Norman

Group. Retrieved from http://www.nngroup.com/articles/

digital-divide-the-three-stages/↵

7. Miniwatts Marketing Group. (2018, May 23). The Digital Divide,

ICT, and Broadband Internet. Retrieved from

https://www.internetworldstats.com/links10.htm↵

8. Kim, P., Buckner, E., Makany, T., and Kim, H. (2011). A

comparative analysis of a game-based mobile learning model in

Chapter 11: Globalization and the Digital Divide | 259

low-socioeconomic communities of India. International Journal

of Educational Development. Retrieved from https//doi:10.1016/

j.ijedudev.2011.05.008.↵

260 | Information Systems for Business and Beyond (2019)

Chapter 12: The Ethical and Legal Implications of Information Systems

Learning Objectives

Upon successful completion of this chapter, you will be

able to:

• describe what the term information systems ethics

means;

• explain what a code of ethics is and describe the

advantages and disadvantages;

• define the term intellectual property and explain

the protections provided by copyright, patent, and

trademark; and

• describe the challenges that information

technology brings to individual privacy.

Introduction

Information systems have had an impact far beyond the world of

Chapter 12: The Ethical and Legal Implications of Information

business. New technologies create new situations that have never

had to be confronted before. One issue is how to handle the new

capabilities that these devices provide to users. What new laws are

going to be needed for protection from misuse of new technologies.

This chapter begins with a discussion of the impact of information

systems has on user behavior or ethics. This will be followed with

the new legal structures being put in place with a focus on

intellectual property and privacy.

Information Systems Ethics

The term ethics means “a set of moral principles” or “the principles

of conduct governing an individual or a group.” 1 Since the dawn

of civilization, the study of ethics and their impact has fascinated

mankind. But what do ethics have to do with information systems?

The introduction of new technology can have a profound effect

on human behavior. New technologies give us capabilities that we

did not have before, which in turn create environments and

situations that have not been specifically addressed in an ethical

context. Those who master new technologies gain new power while

those who cannot or do not master them may lose power. In 1913

Henry Ford implemented the first moving assembly line to create

his Model T cars. While this was a great step forward technologically

and economically, the assembly line reduced the value of human

beings in the production process. The development of the atomic

bomb concentrated unimaginable power in the hands of one

government, who then had to wrestle with the decision to use

it. Today’s digital technologies have created new categories of

ethical dilemmas.

1. [1]

262 | Information Systems for Business and Beyond (2019)

Facebook logo

For example, the ability to anonymously make perfect copies of

digital music has tempted many music fans to download

copyrighted music for their own use without making payment to the

music’s owner. Many of those who would never have walked into a

music store and stolen a CD find themselves with dozens of illegally

downloaded albums.

Digital technologies have given us the ability to aggregate

information from multiple sources to create profiles of people.

What would have taken weeks of work in the past can now be

done in seconds, allowing private organizations and governments

to know more about individuals than at any time in history. This

information has value, but also chips away at the privacy of

consumers and citizens.

Sidebar: Data Privacy, Facebook, and Cambridge Analytica

In early 2018 Facebook acknowledged a

data breach affecting 87 million users. The

app “thisisyourdigitallife”, created by Global

Science Research, informed users that they

could participate in a psychological research

study. About 270,000 people decided to

participate in the research, but the app failed

to tell users that the data of all of their

friends on Facebook would be automatically

captured as well. All of this data theft took place prior to 2014, but it

did not become public until four years later.

In 2015 Facebook learned about Global Science Research’s

collection of data on millions of friends of the users in the research.

Global Science Research agreed to delete the data, but it had already

Chapter 12: The Ethical and Legal Implications of Information Systems | 263

been sold to Cambridge Analytica who used it in the 2016

presidential primary campaign. The ensuing firestorm resulted in

Mark Zuckerberg, CEO of Facebook, testifying before the U.S.

Congress in 2018 on what happened and what Facebook would

do in the future to protect users’ data. Congress is working on

legislation to protect user data in the future, a prime example of

technology advancing faster than the laws needed to protect users.

More information about this case of data privacy can be found at

Facebook and Cambridge Analytica. 2

Code of Ethics

A code of ethics is one method for navigating new ethical waters.

A code of ethics outlines a set of acceptable behaviors for a

professional or social group. Generally, it is agreed to by all

members of the group. The document details different actions that

are considered appropriate and inappropriate.

A good example of a code of ethics is the Code of Ethics and

Professional Conduct of the Association for Computing Machinery, 3

an organization of computing professionals that includes

academics, researchers, and practitioners. Here is a quote from the

preamble:

Commitment to ethical professional conduct is expected of

every member (voting members, associate members, and

student members) of the Association for Computing

Machinery (ACM).

2. [2]

3. [3]

264 | Information Systems for Business and Beyond (2019)

This Code, consisting of 24 imperatives formulated as

statements of personal responsibility, identifies the

elements of such a commitment. It contains many, but not

all, issues professionals are likely to face. Section 1 outlines

fundamental ethical considerations, while Section

2 addresses additional, more specific considerations of

professional conduct. Statements in Section 3 pertain more

specifically to individuals who have a leadership role,

whether in the workplace or in a volunteer capacity such

as with organizations like ACM. Principles involving

compliance with this Code are given in Section 4.

In the ACM’s code you will find many straightforward ethical

instructions such as the admonition to be honest and trustworthy.

But because this is also an organization of professionals that focuses

on computing, there are more specific admonitions that relate

directly to information technology:

• No one should enter or use another’s computer system,

software, or data files without permission. One must always

have appropriate approval before using system resources,

including communication ports, file space, other system

peripherals, and computer time.

• Designing or implementing systems that deliberately or

inadvertently demean individuals or groups is ethically

unacceptable.

• Organizational leaders are responsible for ensuring that

computer systems enhance, not degrade, the quality of

working life. When implementing a computer system,

organizations must consider the personal and professional

development, physical safety, and human dignity of all workers.

Appropriate human-computer ergonomic standards should be

considered in system design and in the workplace.

One of the major advantages of creating a code of ethics is that

it clarifies the acceptable standards of behavior for a professional

Chapter 12: The Ethical and Legal Implications of Information Systems | 265

group. The varied backgrounds and experiences of the members

of a group lead to a variety of ideas regarding what is acceptable

behavior. While the guidelines may seem obvious, having these

items detailed provides clarity and consistency. Explicitly stating

standards communicates the common guidelines to everyone in a

clear manner.

A code of ethics can also have some drawbacks. First, a code of

ethics does not have legal authority. Breaking a code of ethics is

not a crime in itself. What happens if someone violates one of the

guidelines? Many codes of ethics include a section that describes

how such situations will be handled. In many cases repeated

violations of the code result in expulsion from the group.

In the case of ACM: “Adherence of professionals to a code of

ethics is largely a voluntary matter. However, if a member does

not follow this code by engaging in gross misconduct, membership

in ACM may be terminated.” Expulsion from ACM may not have

much of an impact on many individuals since membership in ACM is

usually not a requirement for employment. However, expulsion from

other organizations, such as a state bar organization or medical

board, could carry a huge impact.

Another possible disadvantage of a code of ethics is that there

is always a chance that important issues will arise that are not

specifically addressed in the code. Technology is quickly changing

and a code of ethics might not be updated often enough to keep up

with all of the changes. A good code of ethics, however, is written

in a broad enough fashion that it can address the ethical issues of

potential changes to technology while the organization behind the

code makes revisions.

Finally, a code of ethics could also be a disadvantage in that it

may not entirely reflect the ethics or morals of every member of the

group. Organizations with a diverse membership may have internal

conflicts as to what is acceptable behavior. For example, there may

be a difference of opinion on the consumption of alcoholic

beverages at company events. In such cases the organization must

266 | Information Systems for Business and Beyond (2019)

make a choice about the importance of addressing a specific

behavior in the code.

Sidebar: Acceptable Use Policies

Many organizations that provide technology services to a group

of constituents or the public require agreement to an Acceptable

Use Policy (AUP) before those services can be accessed. Similar to

a code of ethics, this policy outlines what is allowed and what is

not allowed while someone is using the organization’s services. An

everyday example of this is the terms of service that must be agreed

to before using the public Wi-Fi at Starbucks, McDonald’s, or even

a university. Here is an example of an acceptable use policy from

Virginia Tech.

Just as with a code of ethics, these acceptable use policies specify

what is allowed and what is not allowed. Again, while some of the

items listed are obvious to most, others are not so obvious:

• “Borrowing” someone else’s login ID and password is

prohibited.

• Using the provided access for commercial purposes, such as

hosting your own business website, is not allowed.

• Sending out unsolicited email to a large group of people is

prohibited.

As with codes of ethics, violations of these policies have various

consequences. In most cases, such as with Wi-Fi, violating the

acceptable use policy will mean that you will lose your access to

the resource. While losing access to Wi-Fi at Starbucks may not

have a lasting impact, a university student getting banned from the

Chapter 12: The Ethical and Legal Implications of Information Systems | 267

university’s Wi-Fi (or possibly all network resources) could have a

large impact.

Intellectual Property

One of the domains that has been deeply impacted by digital

technologies is intellectual property. Digital technologies have

driven a rise in new intellectual property claims and made it much

more difficult to defend intellectual property.

Intellectual property is defined as “property (as an idea, invention,

or process) that derives from the work of the mind or intellect.” 4

This could include creations such as song lyrics, a computer

program, a new type of toaster, or even a sculpture.

Practically speaking, it is very difficult to protect an idea. Instead,

intellectual property laws are written to protect the tangible results

of an idea. In other words, just coming up with a song in your head

is not protected, but if you write it down it can be protected.

Protection of intellectual property is important because it gives

people an incentive to be creative. Innovators with great ideas will

be more likely to pursue those ideas if they have a clear

understanding of how they will benefit. In the US Constitution,

Article 8, Section 8, the authors saw fit to recognize the importance

of protecting creative works:

Congress shall have the power . . . To promote the Progress

of Science and useful Arts, by securing for limited Times to

Authors and Inventors the exclusive Right to their respective

Writings and Discoveries.

4. [4]

268 | Information Systems for Business and Beyond (2019)

An important point to note here is the “limited time” qualification.

While protecting intellectual property is important because of the

incentives it provides, it is also necessary to limit the amount of

benefit that can be received and allow the results of ideas to become

part of the public domain.

Outside of the US, intellectual property protections vary. You can

find out more about a specific country’s intellectual property laws

by visiting the World Intellectual Property Organization.

The following sections address three of the best known

intellectual property protections: copyright, patent, and trademark.

Copyright

Copyright is the protection given to songs, computer programs,

books, and other creative works. Any work that has an “author” can

be copyrighted. Under the terms of copyright, the author of a work

controls what can be done with the work, including:

• Who can make copies of the work.

• Who can make derivative works from the original work.

• Who can perform the work publicly.

• Who can display the work publicly.

• Who can distribute the work.

Many times a work is not owned by an individual but is instead

owned by a publisher with whom the original author has an

agreement. In return for the rights to the work, the publisher will

market and distribute the work and then pay the original author a

portion of the proceeds.

Copyright protection lasts for the life of the original author plus

seventy years. In the case of a copyrighted work owned by a

publisher or another third party, the protection lasts for ninety-

five years from the original creation date. For works created before

Chapter 12: The Ethical and Legal Implications of Information Systems | 269

1978, the protections vary slightly. You can see the full details on

copyright protections by reviewing the Copyright Basics document

available at the US Copyright Office’s website.

Obtaining Copyright Protection

In the United States a copyright is obtained by the simple act of

creating the original work. In other words, when an author writes

down a song, makes a film, or develops a computer program, the

author has the copyright. However, for a work that will be used

commercially, it is advisable to register for a copyright with the

US Copyright Office. A registered copyright is needed in order to

bring legal action against someone who has used a work without

permission.

First Sale Doctrine

If an artist creates a painting and sells it to a collector who then,

for whatever reason, proceeds to destroy it, does the original artist

have any recourse? What if the collector, instead of destroying it,

begins making copies of it and sells them? Is this allowed? The first

sale doctrine is a part of copyright law that addresses this, as shown

below 5 :

The first sale doctrine, codified at 17 U.S.C. § 109, provides

that an individual who knowingly purchases a copy of a

copyrighted work from the copyright holder receives the

5. [5]

270 | Information Systems for Business and Beyond (2019)

right to sell, display or otherwise dispose of that particular

copy, notwithstanding the interests of the copyright owner.

Therefor, in our examples the copyright owner has no recourse if

the collector destroys the artwork. But the collector does not have

the right to make copies of the artwork.

Fair Use

Another important provision within copyright law is that of fair use.

Fair use is a limitation on copyright law that allows for the use

of protected works without prior authorization in specific cases.

For example, if a teacher wanted to discuss a current event in

class, copies of the copyrighted new story could be handed out in

class without first getting permission. Fair use is also what allows a

student to quote a small portion of a copyrighted work in a research

paper.

Unfortunately, the specific guidelines for what is considered fair

use and what constitutes copyright violation are not well defined.

Fair use is a well-known and respected concept and will only be

challenged when copyright holders feel that the integrity or market

value of their work is being threatened. The following four factors

are considered when determining if something constitutes fair

use: 6

1. The purpose and character of the use, including whether such

use is of commercial nature or is for nonprofit educational

purposes;

2. The nature of the copyrighted work;

3. The amount and substantiality of the portion used in relation

6. [6]

Chapter 12: The Ethical and Legal Implications of Information Systems | 271

to the copyrighted work as a whole;

4. The effect of the use upon the potential market for, or value of,

the copyrighted work.

If you are ever considering using a copyrighted work as part of

something you are creating, you may be able to do so under fair

use. However, it is always best to check with the copyright owner to

be sure you are staying within your rights and not infringing upon

theirs.

Sidebar: The History of Copyright Law

As noted above, current copyright law grants copyright protection

for seventy years after the author’s death, or ninety-five years from

the date of creation for a work created for hire. But it was not always

this way.

The first US copyright law, which only protected books, maps, and

charts, provided protection for only 14 years with a renewable term

of 14 years. Over time copyright law was revised to grant protections

to other forms of creative expression, such as photography and

motion pictures. Congress also saw fit to extend the length of the

protections, as shown in the following chart. Today, copyright has

become big business with many businesses relying on the income

from copyright protected works for their income.

Many now think that the protections last too long. The Sonny

Bono Copyright Term Extension Act has been nicknamed the

“Mickey Mouse Protection Act,” as it was enacted just in time to

protect the copyright on the Walt Disney Company’s Mickey Mouse

character. Because of this term extension, many works from the

1920s and 1930s that would have been available now in the public

domain are still restricted.

272 | Information Systems for Business and Beyond (2019)

Evolution of copyright

The Digital Millennium Copyright Act

As digital technologies have changed what it means to create, copy,

and distribute media, a policy vacuum has been created. In 1998, the

US Congress passed the Digital Millennium Copyright Act (DMCA),

which extended copyright law to take into consideration digital

technologies. Two of the best-known provisions from the DMCA are

the anti-circumvention provision and the “safe harbor” provision.

• The anti-circumvention provision makes it illegal to create

technology to circumvent technology that has been put in

place to protect a copyrighted work. This provision includes

not just the creation of the technology but also the publishing

of information that describes how to do it. While this provision

does allow for some exceptions, it has become quite

controversial and has led to a movement to have it modified.

• The “safe harbor” provision limits the liability of online service

providers when someone using their services commits

copyright infringement. This is the provision that allows

YouTube, for example, not to be held liable when someone

posts a clip from a copyrighted movie. The provision does

Chapter 12: The Ethical and Legal Implications of Information Systems | 273

require the online service provider to take action when they

are notified of the violation (a “takedown” notice). For an

example of how takedown works, here’s how YouTube handles

these requests: YouTube Copyright Infringement Notification.

Many think that the DMCA goes too far and ends up limiting our

freedom of speech. The Electronic Frontier Foundation (EFF) is at

the forefront of this battle. In discussing the anti-circumvention

provision, the EFF states:

Yet the DMCA has become a serious threat that jeopardizes

fair use, impedes competition and innovation, chills free

expression and scientific research, and interferes with

computer intrusion laws. If you circumvent DRM [digital

rights management] locks for non-infringing fair uses or

create the tools to do so you might be on the receiving end

of a lawsuit.

Sidebar: Creative Commons

Chapter 2 introduced the topic of open-source software. Open-

source software has few or no copyright restrictions. The creators

of the software publish their code and make their software available

for others to use and distribute for free. This is great for software,

but what about other forms of copyrighted works? If an artist or

writer wants to make their works available, how can they go about

doing so while still protecting the integrity of their work? Creative

Commons is the solution to this problem.

Creative Commons is a nonprofit organization that provides legal

tools for artists and authors. The tools offered make it simple to

license artistic or literary work for others to use or distribute in a

274 | Information Systems for Business and Beyond (2019)

manner consistent with the author’s intentions. Creative Commons

licenses are indicated with the symbol . It is important to note

that Creative Commons and public domain are not the same. When

something is in the public domain, it has absolutely no restrictions

on its use or distribution. Works whose copyrights have expired are

in the public domain.

By using a Creative Commons license, authors can control the use

of their work while still making it widely accessible. By attaching a

Creative Commons license to their work, a legally binding license is

created. Here are some examples of these licenses:

• CC-BY. This is the least restrictive license. It lets others distribute and build upon the work, even commercially, as long

as they give the author credit for the original work.

• CC-BY-SA. This license restricts the distribution of the work via the “share-alike” clause. This means that others can freely

distribute and build upon the work, but they must give credit

to the original author and they must share using the same

Creative Commons license.

• CC-BY-NC. This license is the same as CC-BY but adds the restriction that no one can make money with this work. NC

stands for “non-commercial.”

• CC-BY-NC-ND. This license is the same as CC-BY-NC but also adds the ND restriction, which means that no derivative works

may be made from the original.

These are a few of the more common licenses that can be created

using the tools that Creative Commons makes available. For a full

listing of the licenses and to learn much more about Creative

Commons, visit their web site.

Chapter 12: The Ethical and Legal Implications of Information Systems | 275

Patent

Patents are another important form of intellectual property

protection. A patent creates protection for someone who invents a

new product or process. The definition of invention is quite broad

and covers many different fields. Here are some examples of items

receiving patents:

• circuit designs in semiconductors;

• prescription drug formulas;

• firearms;

• locks;

• plumbing;

• engines;

• coating processes; and

• business processes.

Once a patent is granted it provides the inventor with protection

from others infringing on his or her patent. A patent holder has the

right to “exclude others from making, using, offering for sale, or

selling the invention throughout the United States or importing the

invention into the United States for a limited time in exchange for

public disclosure of the invention when the patent is granted.” 7

As with copyright, patent protection lasts for a limited period of

time before the invention or process enters the public domain. In

the US, a patent lasts twenty years. This is why generic drugs are

available to replace brand-name drugs after twenty years.

7. [7]

276 | Information Systems for Business and Beyond (2019)

Obtaining Patent Protection

Unlike copyright, a patent is not automatically granted when

someone has an interesting idea and writes it down. In most

countries a patent application must be submitted to a government

patent office. A patent will only be granted if the invention or

process being submitted meets certain conditions.

• Must be original. The invention being submitted must not have been submitted before.

• Must be non-obvious. You cannot patent something that anyone could think of. For example, you could not put a pencil

on a chair and try to get a patent for a pencil-holding chair.

• Must be useful. The invention being submitted must serve some purpose or have some use that would be desired.

The job of the patent office is to review patent applications to

ensure that the item being submitted meets these requirements.

This is not an easy job. In 2017 the US Patent Office granted 318,849

patents, an increase of 5.2% over 2016. 8

The current backlog for a

patent approval is 15.6 months. Information Technology firms have

apply for a significant number of patents each year. Here are the

top five I.T. firms in terms of patent applications filed since 2009.

The percents indicate the percent of total I.T. patents filed since

2009. Notice that over half of patent filings come from just these

five corporations.

• International Business Machines (IBM) 21.6%

• Microsoft Corporation 14.2%

• AT & T, Inc. 7.1%

• Alphabet (Google), Inc. 5.0%

8. [8]

Chapter 12: The Ethical and Legal Implications of Information Systems | 277

• Sony Corporation 4.7%

You might have noticed that Apple is not in the top five listing.

Microsoft holds the lead in Artificial Intelligence (AI) patents. 9

Sidebar: What Is a Patent Troll?

The advent of digital technologies has led to a large increase in

patent filings and therefore a large number of patents being

granted. Once a patent is granted, it is up to the owner of the patent

to enforce it. If someone is found to be using the invention without

permission, the patent holder has the right to sue to force that

person to stop and to collect damages.

The rise in patents has led to a new form of profiteering called

patent trolling. A patent troll is a person or organization who gains

the rights to a patent but does not actually make the invention that

the patent protects. Instead, the patent troll searches for those who

are illegally using the invention in some way and sues them. In many

cases the infringement being alleged is questionable at best. For

example, companies have been sued for using Wi-Fi or for scanning

documents, technologies that have been on the market for many

years.

Recently, the U.S. government has begun taking action against

patent trolls. Several pieces of legislation are working their way

through the U.S. Congress that will, if enacted, limit the ability of

patent trolls to threaten innovation. You can learn a lot more about

9. [9]

278 | Information Systems for Business and Beyond (2019)

Apple logo

patent trolls by listening to a detailed investigation conducted by

the radio program This American Life, by clicking this link.

Trademark

A trademark is a word, phrase, logo,

shape or sound that identifies a

source of goods or services. For

example, the Nike “Swoosh,” the

Facebook “f”, and Apple’s apple (with a

bite taken out of it) are all

trademarked. The concept behind

trademarks is to protect the

consumer. Imagine going to the local

shopping center to purchase a

specific item from a specific store and

finding that there are several stores all with the same name!

Two types of trademarks exist – a common law trademark and

a registered trademark. As with copyright, an organization will

automatically receive a trademark if a word, phrase, or logo is being

used in the normal course of business (subject to some restrictions,

discussed below). A common law trademark is designated by placing

“TM” next to the trademark. A registered trademark is one that has

been examined, approved, and registered with the trademark office,

such as the Patent and Trademark Office in the US. A registered

trademark has the circle-R (®) placed next to the trademark.

While most any word, phrase, logo, shape, or sound can be

trademarked, there are a few limitations. A trademark will not hold

up legally if it meets one or more of the following conditions:

• The trademark is likely to cause confusion with a mark in a

registration or prior application.

Chapter 12: The Ethical and Legal Implications of Information Systems | 279

• The trademark is merely descriptive for the goods/services.

For example, trying to register the trademark “blue” for a blue

product you are selling will not pass muster.

• The trademark is a geographic term.

• The trademark is a surname. You will not be allowed to

trademark “Smith’s Bookstore.”

• The trademark is ornamental as applied to the goods. For

example, a repeating flower pattern that is a design on a plate

cannot be trademarked.

As long as an organization uses its trademark and defends it

against infringement, the protection afforded by it does not expire.

Because of this, many organizations defend their trademark against

other companies whose branding even only slightly copies their

trademark. For example, Chick-fil-A has trademarked the phrase

“Eat Mor Chikin” and has vigorously defended it against a small

business using the slogan “Eat More Kale.” Coca-Cola has

trademarked the contour shape of its bottle and will bring legal

action against any company using a bottle design similar to

theirs. Examples of trademarks that have been diluted and have

now lost their protection in the US include: “aspirin” (originally

trademarked by Bayer), “escalator” (originally trademarked by Otis),

and “yo-yo” (originally trademarked by Duncan).

Information Systems and Intellectual Property

The rise of information systems has resulted in rethinking how

to deal with intellectual property. From the increase in patent

applications swamping the government’s patent office to the new

laws that must be put in place to enforce copyright protection,

digital technologies have impacted our behavior.

280 | Information Systems for Business and Beyond (2019)

Privacy

The term privacy has many definitions, but for purposes here,

privacy will mean the ability to control information about oneself.

The ability to maintain our privacy has eroded substantially in the

past decades, due to information systems.

Personally Identifiable Information

Information about a person that can be used to uniquely establish

that person’s identify is called personally identifiable information, or

PII. This is a broad category that includes information such as:

• Name;

• Social Security Number;

• Date of birth;

• Place of birth;

• Mother‘s maiden name;

• Biometric records (fingerprint, face, etc.);

• Medical records;

• Educational records;

• Financial information; and

• Employment information.

Organizations that collect PII are responsible to protect it. The

Department of Commerce recommends that “organizations

minimize the use, collection, and retention of PII to what is strictly

necessary to accomplish their business purpose and mission.” They

go on to state that “the likelihood of harm caused by a breach

involving PII is greatly reduced if an organization minimizes the

Chapter 12: The Ethical and Legal Implications of Information Systems | 281

amount of PII it uses, collects, and stores.” 10

Organizations that do

not protect PII can face penalties, lawsuits, and loss of business. In

the US, most states now have laws in place requiring organizations

that have had security breaches related to PII to notify potential

victims, as does the European Union.

Just because companies are required to protect your information

does not mean they are restricted from sharing it. In the US,

companies can share your information without your explicit

consent (see the following sidebar), though not all do so. Companies

that collect PII are urged by the FTC to create a privacy policy and

post it on their website. The State of California requires a privacy

policy for any website that does business with a resident of the state

(see http://www.privacy.ca.gov/lawenforcement/laws.htm).

While the privacy laws in the US seek to balance consumer

protection with promoting commerce, privacy in the European

Union is considered a fundamental right that outweighs the

interests of commerce. This has led to much stricter privacy

protection in the EU, but also makes commerce more difficult

between the US and the EU.

Non-Obvious Relationship Awareness

Digital technologies have given people many new capabilities that

simplify and expedite the collection of personal information. Every

time a person comes into contact with digital technologies,

information about that person is being made available. From

location to web-surfing habits, your criminal record to your credit

report, you are constantly being monitored. This information can

then be aggregated to create profiles of each person. While much

of the information collected was available in the past, collecting it

10. [10]

282 | Information Systems for Business and Beyond (2019)

Non-obvious relationship awareness (NORA)

and combining it took time and effort. Today, detailed information

about a person is available for purchase from different companies.

Even information not categorized as PII can be aggregated in such a

way that an individual can be identified.

This process of collecting large quantities of a variety of

information and then combining it to create profiles of individuals

is known as Non-Obvious Relationship Awareness, or NORA. First

commercialized by big casinos looking to find cheaters, NORA is

used by both government agencies and private organizations, and it

is big business.

In some settings NORA can bring many benefits such as in law

enforcement. By being able to identify potential criminals more

quickly, crimes can be solved sooner or even prevented before they

happen. But these advantages come at a price, namely, our privacy.

Chapter 12: The Ethical and Legal Implications of Information Systems | 283

Restrictions on Data Collecting

In the United State the government has strict guidelines on how

much information can be collected about its citizens. Certain

classes of information have been restricted by laws over time and

the advent of digital tools has made these restrictions more

important than ever.

Children’s Online Privacy Protection Act

Websites that collect information from children under the age of

thirteen are required to comply with the Children’s Online Privacy

Protection Act (COPPA), which is enforced by the Federal Trade

Commission (FTC). To comply with COPPA, organizations must

make a good-faith effort to determine the age of those accessing

their websites and, if users are under thirteen years old, must obtain

parental consent before collecting any information.

Family Educational Rights and Privacy Act

The Family Educational Rights and Privacy Act (FERPA) is a US law

that protects the privacy of student education records. In brief, this

law specifies that parents have a right to their child’s educational

information until the child reaches either the age of eighteen or

begins attending school beyond the high school level. At that point

control of the information is given to the child. While this law is

not specifically about the digital collection of information on the

Internet, the educational institutions that are collecting student

information are at a higher risk for disclosing it improperly because

of digital technologies.

284 | Information Systems for Business and Beyond (2019)

GDPR Logo

Health Insurance Portability and Accountability Act

The Health Insurance Portability and Accountability Act of 1996

(HIPAA) singles out records related to health care as a special class

of personally identifiable information. This law gives patients

specific rights to control their medical records, requires health care

providers and others who maintain this information to get specific

permission in order to share it, and imposes penalties on the

institutions that breach this trust. Since much of this information is

now shared via electronic medical records, the protection of those

systems becomes paramount.

General Data Protection Regulation

The European Union, in an effort to

help people take control over their

personal data, passed the General Data

Protection Regulation (GDPR) in May

2016. While this protection applies to

the countries in the EU, it is having an

impact of U.S. companies using the

Internet as well. The regulation went

into effect May 25, 2018.

EU and non-EU countries have

different approaches to protecting the data of individuals. The focus

in the U.S. has been on protecting data privacy so that it does not

impact commercial interests.

In the EU the individual’s data privacy rights supercede those

of business. Under GDPR data cannot be transferred to countries

that do not have adequate data protection for individuals. Currently,

those countries include, but are not limited to, the United States,

Korea, and Japan. While the GDPR applies to countries in the EU,

it is having an impact around the world as businesses in other

Chapter 12: The Ethical and Legal Implications of Information Systems | 285

countries seek to comply with this regulation.IEEE Spectrum.

Retrieved from https://spectrum.ieee.org/telecom/internet/your-

guide-to-the-gdpr.” 11

One week prior to the effective date of May 25, 2018, only 60%

of companies surveyed reported they would be ready by the

deadline.Information Management. Retrieved from

https://www.information-management.com/opinion/playing-

catch-up-with-the-general-data-protection-regulation.” 12

Clearly, the message of GDPR has gone out around the world. It is

likely that greater data protection regulations will forthcoming from

the U.S. Congress as well.

Sidebar: Do Not Track

When it comes to getting permission to share personal information,

the US and the EU have different approaches. In the US, the “opt-

out” model is prevalent. In this model the default agreement states

that you have agreed to share your information with the

organization and must explicitly tell them that you do not want your

information shared. There are no laws prohibiting the sharing of

your data, beyond some specific categories of data such as medical

records. In the European Union the “opt-in” model is required to

be the default. In this case you must give your explicit permission

before an organization can share your information.

11. [11]

12. [12]

286 | Information Systems for Business and Beyond (2019)

To combat this sharing of information, the Do Not Track initiative

was created. As its creators explain 13

:

Do Not Track is a technology and policy proposal that

enables users to opt out of tracking by websites they do

not visit, including analytics services, advertising networks,

and social platforms. At present few of these third parties

offer a reliable tracking opt out and tools for blocking them

are neither user-friendly nor comprehensive. Much like the

popular Do Not Call registry, Do Not Track provides users

with a single, simple, persistent choice to opt out of third-

party web tracking.

Summary

The rapid changes in information technology in the past few

decades have brought a broad array of new capabilities and powers

to governments, organizations, and individuals alike. These new

capabilities have required thoughtful analysis and the creation of

new norms, regulations, and laws. This chapter has covered the

areas of intellectual property and privacy regarding how these

domains have been affected by new information systems

capabilities and how the regulatory environment has been changed

to address them.

13. [13]

Chapter 12: The Ethical and Legal Implications of Information Systems | 287

Study Questions

1. What does the term information systems ethics mean?

2. What is a code of ethics? What is one advantage and one

disadvantage of a code of ethics?

3. What does the term intellectual property mean? Give an

example.

4. What protections are provided by a copyright? How do you

obtain one?

5. What is fair use?

6. What protections are provided by a patent? How do you obtain

one?

7. What does a trademark protect? How do you obtain one?

8. What does the term personally identifiable information mean?

9. What protections are provided by HIPAA, COPPA, and FERPA?

10. How would you explain the concept of NORA?

11. What is GDPR and what was the motivation behind this

regulation?

Exercises

1. Provide one example of how information technology has

created an ethical dilemma that would not have existed before

the advent of I.T.

2. Find an example of a code of ethics or acceptable use policy

related to information technology and highlight five points

that you think are important.

3. Do some original research on the effort to combat patent

trolls. Write a two-page paper that discusses this legislation.

4. Give an example of how NORA could be used to identify an

individual.

5. How are intellectual property protections different across the

288 | Information Systems for Business and Beyond (2019)

world? Pick two countries and do some original research, then

compare the patent and copyright protections offered in those

countries to those in the US. Write a two- to three-page paper

describing the differences.

6. Knowing that GDPR had a deadline of May 25, 2018, provide an

update on the status of compliance by firms in non-European

countries.

Labs

1. Contact someone who has created a mobile device app,

composed music, written a book, or created some other type

of intellectual property. Ask them about the amount of effort

required to produce their work and how they feel about being

able to protect that work. Write a one or two page paper on

your findings.

2. Research the intellectual property portion of the End User

License Agreement (EULA) on a favorite computer program of

yours. Explain what the EULA is saying about protection of this

work.

1. Merriam-Webster Dictionary. (n.d.). Ethics. Retrieved from

http://www.merriam-webster.com/dictionary/ethics↵

2. Grigonis, H. (2018, April 5). Nine Things to Know About

Facebook and Cambridge Analytica. Digital Trends. Retrieved

from https://www.digitaltrends.com/social-media/what-

facebook-users-should-know-about-cambridge-analytica-

and-privacy/

3. Association for Computing Machinery (1992, October 16) ACM

Code of Ethics and Professional Conduct.↵

Chapter 12: The Ethical and Legal Implications of Information Systems | 289

4. Merriam-Webster Dictionary. (n.d.). Intellectual Property.

Retrieved from http://www.merriam-webster.com/

dictionary/intellectual%20property↵

5. United States Department of Justice. (n.d.). Copyright

Infringement – First Sale Doctrine. Retrieved from

http://www.justice.gov/usao/eousa/foia_reading_room/

usam/title9/crm01854.htm↵

6. United States Copyright Office. (n.d.). Fair Use Index. Retrieved

from http://www.copyright.gov/fls/fl102.html↵

7. United States Patent and Trademark Office (n.d.). What Is A

Patent? Retrieved from http://www.uspto.gov/patents/↵

8. United States Patent and Trademark Office (n.d.). Visualization

Center. Retrieved from http://www.uspto.gov/patents/↵

9. Bachmann, S. (2016, December 22). America’s Big 5 Tech

companies increase patent filings, Microsoft holds lead in AI

technologies. IP Watchdog. Retrieved from

http://www.ipwatchdog.com/2016/12/22/big-tech-

companies-increase-patent/id=76019/↵

10. McAllister, E., Grance, T., and Scarfone, K. (2010, April). Guide

to Protecting the Confidentiality of Personally Identifiable

Information (PII). National Institute of Standards and

Technology. Retrieved from http://csrc.nist.gov/publications/

nistpubs/800-122/sp800-122.pdf↵

11. Sanz, R. M. G. (2018, April 30). Your Guide to the GDPR. IEEE

Spectrum. Retrieved from

https://spectrum.ieee.org/telecom/internet/your-guide-to-

the-gdpr↵

12. Zafrin, W. (2018, May 25). Playing Catch-up with the General

Data Protection Regulation. Information Management.

Retrieved from

https://www.information-management.com/opinion/playing-

catch-up-with-the-general-data-protection-regulation↵

13. Electronic Frontier Foundation. (n.d.). Do Not Track. Retrieved

from http://donottrack.us/↵

290 | Information Systems for Business and Beyond (2019)

Chapter 13: Trends in Information Systems

Learning Objectives

Upon successful completion of this chapter, you will be

able to:

• describe current trends in information systems.

• know how to think about the impacts of changes in

technology on society and culture.

Introduction

Information systems have evolved at a rapid pace ever since their

introduction in the 1950s. Today devices you can hold in one hand

are more powerful than the computers used to land a man on the

moon in 1969. The Internet has made the entire world accessible to

you, allowing you to communicate and collaborate like never before.

This chapter examines current trends and looks ahead to what is

coming next. As you read about technology trends in this chapter,

think how you might gain competitive advantage in a future career

through implementation of some of these devices.

Chapter 13: Trends in Information Systems | 291

Global

The first trend to note is the continuing expansion of globalization.

The use of the Internet is growing all over the world, and with

it the use of digital devices. Penetration rates, the percent of the

population using the Internet, remains high in the developed world,

but other continents are gaining. 1

Internet Users by Continent (Source: Internet World Stats)

In addition to worldwide growth in Internet penetration, the

number of mobile phones in use continues to increase. At the end

of 2017 the world population of people over the age 10 years (those

old enough to possibly have their own mobile phone) was about

5.7 billion with an estimated 4.77 billion mobile phone users. This

1. Internet World Stats

292 | Information Systems for Business and Beyond (2019)

equates to over 80% of people in the world having a mobile phone. 2

World wide mobile phone users (Source: Statista)

Social

Social media growth is another trend that continues at a firm

growth rate. As of April 2018 there were about 2.18 billion Facebook

users, a 14% increase from April 2017. 3

2. Statistica Forecast of Mobile Phone Users Worldwide

3. Zephoria Top 15 Valuable Facebook Statistics

Chapter 13: Trends in Information Systems | 293

Facebook users world wide in June 2017 (Source: Internet World

Stats)

In 2018, of the 2.2 billion users who regularly use Facebook, only half

them spoke English and only 10% were from the US. 4

Besides Facebook, other social media sites are also seeing

tremendous growth. Over 83% of YouTube’s users are outside the

US, with the UK, India, Germany, Canada, France, South Korea, and

Russia leading the way. 5 Pinterest gets over 57% of its users from

outside the US, with over 9% residing in India. 6

Twitter now has

over 330 million active users. 7 Social media sites not based in the

US are also growing. China’s WeChat multipurpose messaging and

social media app is the fifth most-visited site in the world. 8

4. https://blog.hootsuite.com/facebook-statistics

5. Omnicore Agency Facebook Statistics

6. Omnicore Agency Pinterest Statistics

7. Omnicore Agency Twitter Statistics

8. Statista

294 | Information Systems for Business and Beyond (2019)

Mary Meeker making her Internet Trends presentation

Personal

Ever since the advent of Web 2.0 and e-commerce, users of

information systems have expected to be able to modify their

experiences to meet their personal tastes. From custom

backgrounds on computer desktops to unique ringtones on mobile

phones, makers of digital devices provide the ability to personalize

how we use them. More recently, companies such as Netflix have

begun assisting their users with personalizations by viewing

suggestions. In the future, we will begin seeing devices perfectly

matched to our personal preferences, based upon information

collected about us.

Sidebar: Mary Meeker and Internet Trends

Chapters such as this are

difficult to maintain because

the future is a moving target.

The same goes for businesses

looking to figure out where to

develop new products and

make investments. Enter Mary

Meeker, up until 2018 a partner

at the notable venture capital

firm Kleiner Perkins Caufield &

Byers and now forming her own investment group, Bond Capital. For

the past several years, Ms. Meeker has presented the “Internet

Trends” report at the Code Conference every May. The

presentation consists of rapid-fire summaries of data that provides

insights into all of the latest trends in digital technologies and their

Chapter 13: Trends in Information Systems | 295

impact on economies, culture, and investing. For those wanting to

keep up with technology, there is no better way than to unpack her

annual presentation by watching a video of the presentation and

reviewing the associated slide deck.

Here are the last few years of videos of her presentation: 2019

2018 2017

You can view her slide decks from previous years by going to the

Bond Capital archive.

Mobile

Perhaps the most impactful trend in digital technologies in the last

decade has been the advent of mobile technologies. Beginning with

the simple cellphone in the 1990s and evolving into the smartphones

of today, the growth of mobile has been overwhelming. Here are

some key indicators of this trend:

• Mobile vs. Desktop. Minutes spent each day on a mobile device are 2.5 times the number of minutes spent on a desktop

computer.

• Daytime vs. Evening. Desktop use dominates in the daytime hours, but mobile devices are dominant in the evening, with

peak usage around 8:00 pm.

• Device usage. Smartphones are used more than any other technology. Laptops are in second place, followed by tablets

holding a slight edge over desktops. 9

• Smartphone sales decline. According to Gartner Group, world

9. Smart Insights

296 | Information Systems for Business and Beyond (2019)

wide smartphone sales declined in the fourth quarter of 2017

by 4.7% compared with the fourth quarter of 2016. This is the

first decline in global smartphone sales since Gartner began

tracking mobile phone sales in 2004. 10

• The rise and fall of tablets. In 2012 the iPad sold more than three times as many units in its first twelve months as the

iPhone did in its first twelve months. However, tablet sales

dropped 20% from the fourth quarter 2015 to fourth quarter

2016. 11

The decline in tablet sales continued into 2017 when first

quarter sales dropped 8.5% to their lowest total since the third

quarter of 2012, the year they were introduced. 12

In

comparison, PC sales dropped only 1.7% in 2017 compared with

tablet sales being down 10%. 13

As discussed in chapter 5, the advent of 5G connection technologies

will accelerate an “always-connected” state for a majority of people

around the world.

Wearable

The average smartphone user looks at his or her smartphone 150

times a day for functions such as messaging (23 times), phone calls

(22), listening to music (13), and social media (9).Many of these

functions would be much better served if the technology was worn

10. Gartner.com

11. Techcrunch

12. Business Insider

13. Telegraph

Chapter 13: Trends in Information Systems | 297

Wearable Devices Actual and Forecast (Source: Gartner Group, August 2017)

on, or even physically integrated into, our bodies. This technology is

known as a “wearable.”

Wearables have been around for a long time, with technologies

such as hearing aids and, later, bluetooth earpieces. Now the

product lines have expanded to include the Smartwatch, body

cameras, sports watch, and various fitness monitors. The following

table from the Gartner Group reports both historical and predicted

sales.

Wearable Devices Worldwide (millions of units)

Notice the strong growth predicted by 2021. Total wearable

devices are projected to increase by about 45% from 2018 to 2021.

298 | Information Systems for Business and Beyond (2019)

Waze Screen Shot (Click to enlarge)

Collaborative

As more people use

smartphones and wearables, it

will be simpler than ever to

share data with each other for

mutual benefit. Some of this

sharing can be done passively,

such as reporting your location

in order to update traffic

statistics. Other data can be

reported actively, such as

adding your rating of a

restaurant to a review site.

The smartphone app Waze is

a community-based tool that

keeps track of the route you are

traveling and how fast you are

making your way to your

destination. In return for

providing your data, you can benefit from the data being sent from

all of the other users of the app. Waze directs you around traffic and

accidents based upon real-time reports from other users.

Yelp! allows consumers to post ratings and reviews of local

businesses into a database, and then it provides that data back to

consumers via its website or mobile phone app. By compiling ratings

of restaurants, shopping centers, and services, and then allowing

consumers to search through its directory, Yelp! has become a huge

source of business for many companies. Unlike data collected

passively however, Yelp! relies on its users to take the time to

provide honest ratings and reviews.

Chapter 13: Trends in Information Systems | 299

Printable

One of the most amazing innovations to be developed recently is

the 3-D printer. A 3-D printer allows you to print virtually any 3-D

object based on a model of that object designed on a computer.

3-D printers work by creating layer upon layer of the model using

malleable materials, such as different types of glass, metals, or even

wax.

3-D printing is quite useful for prototyping the designs of

products to determine their feasibility and marketability. 3-D

printing has also been used to create working prosthetic legs and

an ear that can hear beyond the range of normal hearing. The US

military now uses 3-D printed parts on aircraft such as the F-18. 14

Here are more amazing productions from 3D printers.

• Buildings. Researchers at MIT in 2017 unveiled a 3D printing robot that can construct a building. It has a large arm and small

arm. The large arm moves around the perimeter of the building

while the small arm sprays a variety of materials including

concrete and insulation. Total time to construct a dome-

shaped building is just 14 hours.

• Musical Instruments. Flutes, fiddles, and acoustic guitars are being produced with 3D printing using both metal and plastic.

You can click here for an example of making a violin.

• Medical Models. Medical models are being used to help doctors train in the areas of orthopedics, transplant surgery,

and oncology. Using a 3D printed brain model similar to the

one shown here, surgeons were able to save a patient from a

cerebral aneurysm.

• Clothing. How would you like clothes that fit perfectly? Special

14. The Economist. (2013, September 13). 3-D Printing Scales

Up.

300 | Information Systems for Business and Beyond (2019)

software is used to measure a person, then 3D printing

produces the clothing to the exact measurements. The result is

well-fitting clothes that consume less raw materials. Initially

the challenge was to find materials that would not break. You

can read more about 3D printing of clothes and shoes. 15

3-D printing is one of many technologies embraced by the

“maker” movement. Chris Anderson, editor of Wired magazine, puts

it this way 16

:

In a nutshell, the term “Maker” refers to a new category of

builders who are using open-source methods and the latest

technology to bring manufacturing out of its traditional

factory context, and into the realm of the personal desktop

computer. Until recently, the ability to manufacture was

reserved for those who owned factories. What’s happened

over the last five years is that we’ve brought the Web’s

democratizing power to manufacturing. Today, you can

manufacture with the push of a button.

15. Bosavage, J. (2017, September 5). Unbelievable Creations

from 3-D Printers.

16. Anderson, C. (2012). Makers: The New Industrial

Revolution.. Crown Business.

Chapter 13: Trends in Information Systems | 301

Findable

The “Internet of Things” (IoT) refers to devices that have been

embedded into a variety of objects including appliances, lamps,

vehicles, lightbulbs, toys, thermostats, jet engines, etc. and then

connecting them via Wi-Fi, BlueTooth, or LTE to the Internet.

Principally three factors have come together to give us IoT:

inexpensive processors, wireless connectivity, and a new standard

for addresses on the Internet known as IPv6. The result is these

small, embedded objects (things) are capable of sending and

receiving data. Lights can be turned on or off remotely. Thermostats

can be reset with anyone being present. And, perhaps on the

downside, how you drive your car can be monitored and evaluated

by your insurance company.

Processors have become both smaller and cheaper in recent

years, leading to their being embedded in more devices. Consider

technological advancements in your vehicles. Your car can now

collect data about how fast you drive, where you go, radio stations

you listen to, and your driving performance such as acceleration

and braking. Insurance companies are offering discounts for the

right to monitor your driving behavior. On the positive side, imagine

302 | Information Systems for Business and Beyond (2019)

the benefit of being informed instantly of anticipated traffic delays

each time you adjust your route to work in the morning.

Think of IoT as devices that you wouldn’t normally consider being

connected to the Internet. And, the connection is independent of

human intervention. So a PC is not an IoT, but a fitness band could

be. One keyword for IoT would be “independent”, not relying

directly or constantly on human action.

Another keyword would be “interconnected”, in the sense that

IoTs are connected to other IoTs and data collection points or data

servers. This interconnectedness or uploading of data is virtually

automatic.

“Ubiqutous” is also a good descriptor of IoTs. And so is

“embeddedness.” It is reasonable to expect that devices through

IoTs are reporting data about conditions and events that are not

foremost in our thinking, at least not on a continuous basis. Today

there are IoTs for monitoring traffic, air quality, soil moisture, bridge

conditions, consumer electronics, autonomous vehicles, and the list

seemingly never stops. The question that might come to mind is

“How many IoTs are there today?”

The Gartner Group released a study in January 2017 which

attempted to identify where IoTs exist. They reported that over half

of all IoTs are installed in devices used by consumers. They also

noted that growth in IoTs increased by over 30% from 2016 to the

projected levels for 2017. 17

Benefits from IoTs are virtually everywhere. Here is a quick list.

• Optimization of Processes. IoTs in manufacturing monitor a variety of conditions that impact production including

temperature, humidity, barometric pressure – all factors which

17. Ranger, S. (2018, January 19). What is the IoT? Everything

You Wanted to Know about The Internet of Things Right

Now. ZDNet.

Chapter 13: Trends in Information Systems | 303

require adjustment in application of manufacturing formulas.

• Component Monitoring. IoTs are added to components in the manufacturing process, then monitored to see how each

component is performing.

• Home Security Systems. IoTs make the challenge of monitoring activity inside and outside your home are now

easier.

• Smart Thermostats. Remote control of home thermostats through the use of IoTs allows the homeowner to be more

efficient in consumption of utilities.

• Residential Lighting. IoTs provide remote control of lighting, both interior and exterior, and at any time of day.

18

Security issues need to be acknowledged and resolved, preferably

before IoTs in the form of remote lighting, thermostats, and security

systems are installed in a residence. Here are some security

concerns that need monitoring.

• Eavesdropping. Smart speaker systems in residences have been hacked, allowing others to eavesdrop on conversations

within the home.

• Internet-connected Smart Watches. These devices are sometimes used to monitor the location of children in the

family. Unfortunately, hackers have been able to breakin and

again, eavesdrop as well as learn where children are located.

• Lax Use by Owners. Devices such as smart thermometers, security systems, etc. come with a default password. Many

owners fail to change the password, thereby allowing easy

access by a hacker.

18. Ranger, S. (2018, January 19). What is the IoT? Everything

You Wanted to Know about The Internet of Things Right

Now. ZDNet.

304 | Information Systems for Business and Beyond (2019)

Autonomous

Another trend that is emerging is an extension of the Internet of

Things: autonomous robots and vehicles. By combining software,

sensors, and location technologies, devices that can operate

themselves to perform specific functions are being developed.

These take the form of creations such as medical nanotechnology

robots (nanobots), self-driving cars, or unmanned aerial vehicles

(UAVs).

A nanobot is a robot whose components are on the scale of about

a nanometer, which is one-billionth of a meter. While still an

emerging field, it is showing promise for applications in the medical

field. For example, a set of nanobots could be introduced into the

human body to combat cancer or a specific disease.

In March of 2012, Google introduced the world to their driverless

car by releasing a video on YouTube showing a blind man driving

the car around the San Francisco area. The car combines several

technologies, including a laser radar system, worth about $150,000.

While the car is not available commercially yet, three US states

(Nevada, Florida, and California) have already passed legislation

making driverless cars legal.

A UAV, often referred to as a “drone,” is a small airplane or

helicopter that can fly without a pilot. Instead of a pilot, they are

either run autonomously by computers in the vehicle or operated

by a person using a remote control. While most drones today are

used for military or civil applications, there is a growing market

for personal drones. For around $300, a consumer can purchase a

drone for personal use.

Secure

As digital technologies drive relentlessly forward, so does the

Chapter 13: Trends in Information Systems | 305

demand for increased security. One of the most important

innovations in security is the use of encryption, which we covered

in chapter 6.

Summary

As the world of information technology moves forward, we will

be constantly challenged by new capabilities and innovations that

will both amaze and disgust us. As we learned in chapter 12, many

times the new capabilities and powers that come with these new

technologies will test us and require a new way of thinking about

the world. Businesses and individuals alike need to be aware of these

coming changes and prepare for them.

Study Questions

1. Which countries are the biggest users of the Internet? Social

media? Mobile?

2. Which country had the largest Internet growth (in %) in the

last five years?

3. How will most people connect to the Internet in the future?

4. What are two different applications of wearable technologies?

5. What are two different applications of collaborative

technologies?

6. What capabilities do printable technologies have?

7. How will advances in wireless technologies and sensors make

objects “findable”?

8. What is enhanced situational awareness?

9. What is a nanobot?

10. What is a UAV?

306 | Information Systems for Business and Beyond (2019)

Exercises

1. If you were going to start a new technology business, which of

the emerging trends do you think would be the biggest

opportunity? Do some original research to estimate the market

size.

2. What privacy concerns could be raised by collaborative

technologies such as Waze?

3. Do some research about the first handgun printed using a 3-D

printer and report on some of the concerns raised.

4. Write up an example of how IoT might provide a business with

a competitive advantage.

5. How do you think wearable technologies could improve overall

healthcare?

6. What potential problems do you see with a rise in the number

of autonomous cars? Do some independent research and write

a two-page paper that describes where autonomous cars are

legal and what problems may occur.

7. Seek out the latest presentation by Mary Meeker on “Internet

Trends” (if you cannot find it, the video from 2018 is available

at Mary Meeker). Write a one-page paper describing what the

top three trends are, in your opinion.

8. Select a business enterprise of interest to you, one that you

may pursue following graduation. Select one or more of the

technologies listed in this chapter, then write a one or two

page paper about how you might use that technology to gain a

competitive advantage.

Chapter 13: Trends in Information Systems | 307

Index

Below are listed terms that can be found in this text. The terms are

indexed by chapter and page. For example, “12-254” indicates that

the term can be found in chapter 12 on page 254. Please also note

that page numbers may vary based upon how you are reading this

text!

Acceptable User Policy, 12-254

Access control, 6-127

Agile methodologies, 10-205

Altair 8800, 1-20

Apple II, 1-20

Application software, 1-16, 3-57

ARPA Net, 1-225-104

Assembly language, 10-210

Authentication, 6-125

Autonomous devices, 13-289

Availability, 6-125

Backups, 6-131

Berners-Lee, Tim, 1-22

Big Data, 4-91, 4-93

Binary, 2-33, -34

Binary prefixes, 2-36

Biometrics, 6-126

Bit, 2-33

Bitcoin, 11-245

Blockchain, 11-244

Bluetooth, 2-43, 5-114

Brynjolfson, Eric, 7-146

Build v. buy, 10-218

Bus, 2-39

Business Analytics, 4-98

Business Intelligence, 4-98

Index | 309

Business process, 8-163

Business Process Management (BPM), 7-153, 8-168

Business process re-engineering, 8-170

Byte, 2-33</p>

Cambridge Analytica, 12-251

Career paths, 9-189

Carr, Nicholas, 1-12, 2-26, 7-147

CASE tools, 10-215

Castells, Manuel, 11-233

Cellphone abroad, 5-114

Central Processing Unit (CPU), 2-36, video 2-37, multi-core 2-45

Certifications, 9-190

Change management, 10-223

Chief Information Officer (CIO), 9-186

Client-server, 1-21, 5-116

Cloud computing, 1-25, 3-68, 5-118

Collaborative systems, 7-155, 13-283

Code of ethics, 12-252

Commoditization, 2-50

Competitive advantage, 1-13, 2-26, 7-147, 7-153, 7-158

Compiled v. interpreted, 10-213

Components, 1-14

Computer engineer, 9-183

Computer operator, 9-185

Confidentiality, 6-124

Copyright, 12-256

Creative Commons, 12-261

Cross platform development, 10-221

Customer Relationship Management (CRM), 3-65

Data dictionary, 4-93

Data-Information-Knowledge-Wisdom, 4-77

Data integrity, 4-86

Data mining, 4-96, sidebar, 4-97

Data privacy, 12-251

Data types, 4-83

310 | Information Systems for Business and Beyond (2019)

Data warehouse, 4-93, benefits, 4-95

Database, 4-78

Database administrator, 9-185

Database, enterprise, 4-91

Database spreadsheet sidebar, 4-85

Database Management System (DBMS), 4-90

Database, Relational, 4-78

Decimal numbering system, 2-34

Decision Support Systems (DSS), 7-156

Developer, 9-183

Digital devices, 2-33

Digital divide, 11-240

Digital Millennium Copyright Act, 12-260

Disintermediation, 1-23

Domain name, 5-107

DNS, 5-107

Do Not Track, 12-273

Dot-comm bubble, 1-235, 5-109

Double Data Rate (DDR), 2-40

Eclipse IDE, 3-61

Electronic Data Interchange (EDI), 7-154

Email, 5-110

Encryption, 6-128

End-user computing, 10-220

Enterprise Resource Planning (ERP), 1-21, 3-64, 8-166

Eras, business computing, 1-25

Ethics, 12-250

Extranet, 5-117

Facebook, 11-251, 13-280

Fair use, 12-258

Family Educational Rights and Privacy Act, 12-271

Fernandes, Benjamin, 11-245

Findable, 13-286

Firewalls, 6-132

First sale doctrine, 12-257

Index | 311

Ford, Henry, 12-250

Friedman, Thomas, 11-234

Gantt chart, 9-188

General Data Protection Regulation, 12-272

Global firm, 11-236

Globalization, 11-232

Ghemawat, Pankaj, 11-236

Hammer, Michael, 8-170

Hard disk, 2-41

Hardware, 1-15, 2-32

Health Insurance Portability and Accountability Act, 12-271

Huang’s Law, 2-38

Implementation Methodologies, 10-222

Information security triad, 6-124

Information systems, 1-14

Information systems employment, 9-180

Integrity, 6-124

Intellectual property, 12-255

Internet speed, 11-239

Internet usage statistics, 11-233

Intrusion Detection System (IDS), 6-133

IBM-PC, 1-20

Integrated circuits, 2-45

Internet, 1-22, internet and www, 5-111, high speed, 5-111

Internet of Things (IoT), 2-49, 13-286, install, 13-287

IP address, 5-106

Integrated Development Environment (IDE), 10-214

Internet user worldwide, 5-108

Intranet, 5-116

Isabel, 7-157

ISO certification, 8-174

IT doesn’t matter, 7-147

Key-Value database, 4-89

Kim, Paul, 11-243

Knowledge Management (KM), 4-98

312 | Information Systems for Business and Beyond (2019)

Laptop, 1-12

Lean methodologies, 10-207

Linux, 3-56

Local Area Network (LAN), 1-21

Machine code, 10-209

Mainframe, 1-18

Manufacturing Resource Planning (MRP), 1-19

Metadata, 4-92

Metcaffe’s Law, 5-119

Microsoft Excel, 3-57

Mobile applications, 3-67, building, 10-221, cross platform, 10-221

Mobile phone users worldwide, 13-280

Mobile networking, 5-113

Mobile security, 6-136

Mobile technology trends, 13-282

Motherboard, 2-39

Moore’s Law, 2-37

Nanobot, 13-289

Network Interface Card (NIC), 2-44

Nielsen, Jakob, 11-241

Non-obvious relationship awareness, 12-269

Normalization, 4-82

NoSQL, 4-89

Office application suites, 3-60

Open source software, 3-71

Openoffice, 3-72

Operating systems, 1-15, 3-55

Outsourcing, 9-193

Ownership of software, 3-63

Packet, 5-106

Password security, 6-130

Patent, 12-263

Patent troll, 12-265

PC, 1-12

Personal information security, 6-138

Index | 313

Personally identifiable information, 12-268

Physical security, 6-134

Powerpoint, 3-62

Portable computer, 2-47

Porter’s five forces, 7-150

Post PC world, 1-24

Primary key, 4-80

Printable, 13-284

Privacy, data, 4-97, 12-267

Procedural v. object-oriented, 10-213

Productivity paradox, 7-146

Productivity software, 3-58

Project manager, 9-188

Programming language spectrum, 10-212

Protocol, 5-108

Public key encryption, 6-129

Quality triangle, 10-208

Random Access Memory (RAM), 2-40

Rapid Application Development (RAD), 10-203

Retail Link, Walmart, 1-27

Router, 5-106

RSA SecurID token, 6-126

Security policies, 6-135

Sharepoint, 5-118

Smartphone, 1-12, 2-47

Software, 1-15

Solid State Drive (SSD), 2-41

Stop Think Connect, 6-139

Structured Query Language (SQL) 4-86

Student Clubs database, 4-81

Supply Chain Management, 1-27, 3-66

Support analyst, 9-185

Switch, 5-106

Systems analyst, 9-181

Systems Development Life Cycle (SDLC), 10-200

314 | Information Systems for Business and Beyond (2019)

Tableau, 3-62

Tablet, 2-48, decline, 13-282

TCP/IP, 5-105

Ted talk fibre optic, 1-23

Time-sharing, 1-19

Trademark, 12-265

Universal Serial Bus (USB), 2-42

Unmanned Aerial Vehicle, 13-290

Usability, 6-138

Users, adoption types, 9-194

Value chain, 7-148

Virtual Machine (VM), 3-70

Virtual Private Network (VPN), 6-133

Virtualization, 3-70

Voice Over IP (VOIP), 5-115

Walmart, 1-26, 4-91

Wearable, 13-282

Web 2.0, 1-23, 5-109

Web services, 10-219

Website, build, 10-216

Wi-fi, 5-112

Windows operating system, 1-20

Word size, 2-34

World 3.0, 11-236

World is flat, 11-234

World Wide Web (WWW), 1-22

Index | 315

  • Information Systems for Business and Beyond (2019)
  • Information Systems for Business and Beyond (2019)
  • Title Page
  • Copyright
  • Book Contributors
  • Changes from Previous Edition
  • How you can help
  • Introduction
  • Part I: What is an information system?
    • Chapter 1: What Is an Information System?
    • Chapter 2: Hardware
    • Chapter 3: Software
    • Chapter 4: Data and Databases
    • Chapter 5: Networking and Communication
    • Chapter 6: Information Systems Security
  • Part II: Information Systems for Strategic Advantage
    • Chapter 7: Does IT Matter?
    • Chapter 8: Business Processes
    • Chapter 9: The People in Information Systems
    • Chapter 10: Information Systems Development
  • Part III: Information Systems Beyond the Organization
    • Chapter 11: Globalization and the Digital Divide
    • Chapter 12: The Ethical and Legal Implications of Information Systems
    • Chapter 13: Trends in Information Systems
  • Index