Information Systems Management In Practice 5E Managing Operations Chapter 8 Information Systems Management In Practice 5E McNurlin & Sprague

A Typical MIS Department Budget 33% Systems and Programming 70% Maintenance 30% New Development 10% Administration and Training 57% Operations - Involve more $ than any other part of the MIS department Copyright 2002 by Prentice Hall, Inc.

What are three solutions to operations problems? Buy more equipment Continuously fight fires and rearrange priorities, getting people to solve the problems at hand Continually document and measure what you are doing, to find out the real problems, not just the apparent ones. Then set standards - the preferred solution Copyright 2002 by Prentice Hall, Inc.

Operational Measures External: What the customer sees: system uptime, response time, turnaround time equal customer satisfaction Internal: Of interest to systems people: computer usage as % of capacity, disk storage used Problems reported by external measures can be explained by deviations in internal measures. Copyright 2002 by Prentice Hall, Inc.

What’s New in Operations Companies have “cleaned their operational house.” Operations managers are beginning to manage outward. Operations are being simplified. Certain operations are being offloaded. Copyright 2002 by Prentice Hall, Inc.

Outsourcing Information Systems Functions Outsourcing means turning over a firm’s computer operations, network operations, or other IT function to a vendor for a specified time. Copyright 2002 by Prentice Hall, Inc.

Outsourcing Information Systems Functions: Driving Forces Focus on core businesses: In the 1980s, this led to huge amount of merger and acquisition activity. Shareholder value: Companies were “priced” based on their shareholder value, that is, their discounted cash flow, as a result of high-yield bonds that allowed a few people to buy a company and leverage it with debt. Management must stress value, they must consider outsourcing in all their nonstrategic functions. Copyright 2002 by Prentice Hall, Inc.

Outsourcing Information Systems Functions: Customer-Vendor Buying their professional services: planning, consulting, building, or maintaining application, network and training Buying their products:- with or without training Buying their transactions: e.g., payroll checks, credit rating Systems integrator: to handle planning, development, maintenance, and training for IS project Outsourcing: time-based contract for IS activities Copyright 2002 by Prentice Hall, Inc.

Outsourcing Information Systems Functions: Customer-Vendor Figure 8-2 Shows how IT has moved from the more traditional professional services category to outsourcing. Changes: IS Management loses an increasing amount of control Vendors take more risk Vendors’ margins improve Choosing the right vendor becomes more important Copyright 2002 by Prentice Hall, Inc.

Outsourcing’s History IT outsourcing Transitional outsourcing Best-of-breed outsourcing Shared services Business process outsourcing E-business outsourcing Application service providers (ASPs) Copyright 2002 by Prentice Hall, Inc.

Managing Outsourcing: Organizational Structure Typically, parties establish layers of joint teams. Top-level team: final word in conflict resolution Operational team: oversees day-to-day functioning Joint special purpose teams: created from time to time to solve pressing issues Committees: oversee the use of formal change management procedures Copyright 2002 by Prentice Hall, Inc.

Managing Outsourcing: Governance The foundations of governing an outsourcing relationship are laid in the contract. Service Level Agreement (SLA) Responsibilities, performance requirements, penalties, bonuses Copyright 2002 by Prentice Hall, Inc.

Managing Outsourcing: Day-to-Day Working Recommendations to manage day-to-day interactions: Manage expectations, not staff Realize that informal ways of working may disappear Loss of informal ways of working may add rigor Integration of the two staffs requires explicit actions The best way to manage day-to-day is communicate frequently Copyright 2002 by Prentice Hall, Inc.

Managing Outsourcing: Supplier Development Buying parts and services that go into one’s own products and services Assisting one’s suppliers to improve their product and services by generally improving their processes Copyright 2002 by Prentice Hall, Inc.

Security in the Internet Age Threats (see 2000 Survey – Figure 8-5) Organizations are under attack from inside and outside their electronic perimeter Attacks are being detected Attacks can result in significant losses Defending from attacks requires more than the use of information security technology Copyright 2002 by Prentice Hall, Inc.

Security in the Internet Age: Hacking Approaches hackers use: Cracking the password Tricking someone Network sniffing Misusing administrative tools Playing middleman Denial of service Trojan horse Viruses Spoofing Copyright 2002 by Prentice Hall, Inc.

Security in the Internet Age: Security’s Five Pillars Authentication: verifying the authenticity of users Identification: identifying users to grant them appropriate access Privacy: protecting information from being seen Integrity: keeping information in its original form Nonrepudiation: preventing parties from denying actions they have taken Copyright 2002 by Prentice Hall, Inc.

Security in the Internet Age: Countermeasures Three techniques used by companies to protect themselves Firewalls: Control access between networks Used to create intranets and extranets, which only employees and authorized business partners can access Implementation Packet filtering to block “illegal” traffic, which is defined by the security policy… or By using a proxy server, which acts as an intermediary Copyright 2002 by Prentice Hall, Inc.

Security in the Internet Age: Countermeasures Public key encryption: A third party issues two keys for a person and then manages the keys. Private key: is meant to be kept secret and is used by the person to send and receive encrypted messages. Public key: it is made public and can be used by anyone to send an encrypted message to the person with the private key, or to read messages from that person. Copyright 2002 by Prentice Hall, Inc.

Security in the Internet Age: Countermeasures Virtual Private Networks (VPN): maintains data security as it is transmitted by using: Tunneling: creates a temporary connection between a remote computer and the CLEC’s or ISP’s local data center. Blocks access to anyone trying to intercept messages sent over that link. Encryption: scrambles the message before it is sent and decodes it at the receiving end. Copyright 2002 by Prentice Hall, Inc.

Security in the Internet Age: Countermeasures Three ways to use VPNs: Remote Access VPNs: give remote employees a way to access an enterprise intranet by dialing a specific ISP. Remote Office VPNs: give enterprises a way to create a secure private network with remote offices. The ISP’s VPN equipment encrypts all transactions. Extranet VPNs: give enterprises a way to conduct e-business with trading partners. Copyright 2002 by Prentice Hall, Inc.

Disaster Recovery Alternatives Used By Companies: Multiple data centers Distributed processing Backup telecommunication facilities Local area networks Copyright 2002 by Prentice Hall, Inc.

External Disaster Recovery Available for Companies Integrated disaster recovery services Specialized disaster recovery services Online and off-line data storage facilities Copyright 2002 by Prentice Hall, Inc.

Lessons Learned in Disaster Recovery Consider the risks of a natural disaster in selecting a data center location. Create a plan to return to the primary site after a disaster. Do not expect damaged equipment, disks, and tapes to always be replaced, monitor equipment. Plan for alternate telecommunications. Test site under full workload conditions. Maintain critical data at the alternate site. Copyright 2002 by Prentice Hall, Inc.