BUSINESS INFORMATION SYSTEMS (İŞLETME BİLGİ SİSTEMLERİ) - (İNGİLİZCE) - Chapter 8: Beyond ERP: From Data to Intelligence Özeti :

PAYLAŞ:

Chapter 8: Beyond ERP: From Data to Intelligence

Introduction

Alvin Toffler had predicted particular characteristics of the postindustrial organizations in the 21st century as “flatter organizations”, “distributed decision-making” and “prevailing of knowledge workers”. All three predictions were either sourced or benefited from the existence of business information systems directly or indirectly.

Enterprise Systems

A variety of decisions are made by middle and top managers, engineers and other knowledge workers even in remote locations. Enterprise systems can support diversified groups of decision makers including top executives, which utilize the same information system sometimes called enterprise information systems (EIS). Most of the executives used EIS to support their decisions, some others for scheduling and to set agendas. Due to the diffusion of EIS to each level of management in corporations, first enterprise systems, and second business intelligence is preferred to indicate its new and broader impact. According to (Sharda, 2014), executives seek the following features from EIS on internal or external information:

More timely information, Greater access to operational data, Greater access to corporate databases, More concise, relevant, highly summarized information, New or additional information, More information about the external environment, More competitive information, Faster access to external databases and to information, and Reduced paper costs.

The impact of EIS on the job performances might also be outlined as follows:

  • Better communication, and Exploring capability in detecting historic trends,
  • Improved effectiveness and efficiency, and Fewer and shorter meetings,
  • Improved decision-making, and Betterment of planning and control.
  • A typical ES should support the managers with the following capabilities:
  • Drill down: This capability is about providing details upon follow-up query requests.
  • Critical success factors: factors that delineate the company’s success levels in the market.
  • Analytics: Executives must be supported with the analytical tools.
  • Exception reporting: for effective decisionmaking.
  • Navigation of information: helps to explore vast amount of data and information fast and easy.

Business Analytics

Business analytics is an essential approach to make sound and rational decisions on operations and strategies. The word analytics refers to computerized tools, methods, and algorithms. It means the analysis integrated and supported by technologies. Business analytics covers the systematical and technological efforts in operating business functions and making all sort of business decisions.

  • Business analytics address the companywide needs for data and decision analysis while decision support systems focus on the specific decisions and the analytical and informational expectations and requirements of decision makers.
  • Business intelligence deals with satisfying the enterprise-wide demand for data and information in any content and format, anytime and anyplace by using data warehouses and data marts.
  • The existence of ERP is a prerequisite for business intelligence, business analytics, and decision support systems.
  • The business intelligence is vital for successful and sustainable applications business analytics and decision support systems.
  • The business analytics applications resemble data-oriented decision support systems, one of the major class of decision support systems.

Descriptive Analytics; also called “reporting analytics” deals with the current status of the company based on the key performance indicators. Predictive Analytics aims to reveal the risks and opportunities a company can face in the future. For gaining insights on the future of an enterprise, managers turn to statistical forecasting and prediction methods connected with corporate data sources. Predictive analytics may benefit from the sectoral expertise as well. Prescriptive Analytics aims to provide a feasible solution or a recommendation that shows how to achieve the best performance. The optimization tools may provide optimal solutions for the managers towards the direction they choose to move the company under resource constraints.

Enterprise Decision Support Systems (EDSS)

The core capability of an EDSS is to enable all executives, managers, and decision makers with appropriate decisionmaking tools and techniques.

Informed Decision Making

The most important task of a manager is to make decisions. Decision making process is considered as a blend of the intelligence, educational background, experience, intuition, judgment, as well as personality and the cultural background of the decision maker. This blend is usually called the profile of the decision maker. What is more important than the profile of a decision maker is to follow the steps of the scientific decision making, which includes acc. to (Sharda 2014):

  1. Define or identify the problem or the opportunity
  2. Built an appropriate representation of the problem, that is, a model
  3. Search for best or better feasible solutions to the problem by using the model
  4. Choose a superior solution to the problem.

To follow this process assumes the existence of the insightful information at least, decision-making tools and methods in general, and rational, goal seeking decisionmakers.

Enterprise decision support systems contribute to the rational decision-making process in numerous ways as outlined below. These are;

  • Computational support
  • Modeling support
  • Communication and collaboration support
  • Data support
  • Analytical support
  • Cognitive support
  • Knowledge support
  • Mobile support

Risk Security and Ethics in Information Systems

The fundamental concepts associated with security of information systems is known as CIA triad consists of confidentiality, integrity, and availability.

  • Confidentiality: Preventing unauthorized people, assets or systems from being accessed to information.
  • Integrity: Preventing unauthorized manipulation of information and ensuring its accuracy and consistency throughout the process.
  • Availability: Providing availability and usability of the information whenever it is required by authorized people, assets or systems.
  • Moreover, one of the essential parts of information systems, ensuring security, also serves goals described below:
  • Increase work efficiency by reducing the risk of interruption of system or operations.
  • Providing and maintaining the privacy of information.
  • Ensuring the integrity and dependability of data sources.
  • Ensure availability of data sources and online operations without interruption.
  • Adherence to privacy and security policies and laws.

Risks to Computer Hardware

Hardware is vital parts of a computer. The problems in the electrical installation can cause hardware failures. Blackouts mean instant power cuts which can interrupt operations and cause damage to hardware. On the other hand, Brownouts are voltage drops or spikes in incoming voltage, which cause a current fluctuation, leads similar problems with blackouts on computer hardware. Those risks can cause either irrecoverable physical damages on computer hardware or adverse outcomes regarding services and finance.

Risks to Data and Information

The increasing importance and power of data and data sources in modern business environments bring along security concerns of data and data sources. In case of any problems faced with, it is almost impossible or too costly to collect the same data especially if the data depends on time dimension. Most of the people are using their identifying information or credit card numbers in transactions over Internet especially for e-commerce. Although e-commerce websites and banks provide security for such kinds of information with different protocols like Secure Sockets Layer (SSL), people with bad intention try a variety of ways to access such critical information. This act has been named as cybercrime. Cybercrime is an illegal and unethical action which takes benefit from the vulnerability of computers and the Internet. Phishing is one of the methods used by people with bad intentions frequently. It is a kind of action which takes benefits from peoples’ weakness. Phishing act can be explained as those perpetrators design a fake website or send a fake e-mail in order to earn the trust of people to steal their confidential information. Stolen information can be used to pretend to be that person in order to gain benefits. This kind of cybercrimes can be named as identity theft. The term hacking means infiltrating to the system without any permissions. Hackers who have the aim to sabotage or malicious use of system named as crackers . Another significant risk to the security of information systems is malware . The name malware comes from mali cious soft ware . Computer viruses are software which can reproduce themselves and are embedded into files to infect computers. Viruses are developed to spread and executed to damage the systems. In order to be activated, viruses should be triggered or executed by users. Trojan horses, which looks like beneficial software for computers, are malicious software that is activated by users’ execution. Keyloggers are hardware or software that are used to save everything entered by keyboard and other input devices. Keyloggers are used to steal passwords. Spyware is also developed to seize the information belonging to the user. Other methods that hackers often use are backdoors, scans, sniffer, spoofing, logic bombs, buffer overflows, password crackers and social engineering:

  • Backdoors: It allows attackers to bypass the authentication mechanism and gain access to the system.
  • Scans : Detection and use of Internet vulnerabilities for self-interest.
  • Sniffer : Access confidential information such as a password by infiltrating Internet packet information.
  • Spoofing : Faking a website or e-mail to trick users into passing along credentials.
  • Logic bombs: Instruction in a computer program that triggers a malicious act.
  • Buffer overflows : Sending too much data to the buffer in a computer’s memory to crashing a computer.
  • Password crackers : Software that can guess passwords generally with “brute force”.
  • Social engineering: A method of stealing information by taking benefit of the human factor.

Risks to Operations

Besides the attacks to the data in information systems, people with bad intentions take benefits from different methods in order to impede works and operations of information systems. Denial of services and Computer hijacking are the most common techniques perpetrators used for this intent.

Security Measures and Management

One of the leading controls is access controls. Attacks on the system can be made either on the Internet or physically. In this context, the institution must have a security mechanism and unauthorized access to the areas, which include hardware and software of IS, should be blocked. Another security measure that should be taken is to back up. Periodically duplicating and copying the data and information stored in the system to a separate disk increases the security. Another security measure to be considered in the concept of data and information security is the approach called an atomic transaction. In this approach, transaction records are sent simultaneously to different sources with different purposes and stored. One of the most important methods to be used for protecting all kinds of data shared over the Internet is encrypting the data. Encryption is the process of transforming plain text to the ciphertext by using algorithms or keys. Another mechanism that is used for the control and security of any access over the Internet is the firewalls . They can be hardware or software. Firewalls control all incoming and outgoing communication and allow to establish a connection with trusted sources thus block unwanted traffic.

Besides the security measures of hardware and software, some techniques are used to secure identity such as digital signature. Use of digital signature is a very similar process to the signing, which is done by paper and pen, in real life.

A list of security recommendations to provide information security is below:

  1. It is important to use antivirus and firewall software and moreover, they should be updated frequently.
  2. Confidential information such as passwords or credit card information should be entered via onscreen keyboards.
  3. Electronic commerce websites should not be allowed to store confidential information especially credit card information.
  4. Passwords that cannot be easily guessed should be used for authentication and also can change frequently.
  5. Use different passwords in different systems in order to minimize the damage of stolen passwords.
  6. The operating systems used should be updated frequently.
  7. E-mail from untrusted or unknown sources should not be read and the files should not be downloaded .

Ethical Issues in Information Security

The term ethics refers to the moral principles that govern an individual’s behavior or the carrying out an activity. Business ethics is concerned with the various ethical questions are faced with in the daily business environment. Ethical actions are decisions which made by individuals who are responsible for the consequences of them. There are three elements of ethical actions as responsibility, accountability, and liability.