E Business w7Discussion

Project Management

Each week, you will be asked to respond to the prompt or prompts in the discussion forum. Your initial post should be a minimum of 300 words in length, and you should respond to two additional posts from your peers.

Explain why IT projects (such as Web site development or redesign) are less likely to be delivered on time and within budget than large building construction projects. 
Include a discussion of how project management software can help IT project managers achieve their goals.

CHAPTER 12 MANAGINGELECTRONIC COMMERCE IMPLEMENTATIONS

Summary

This chapter provides an overview of managing electronic commerce implementations. The first step is setting overall goals for the implementation. More specific objectives derive from these overall goals and include planned benefits and planned costs. The benefit and cost objectives should be stated in measurable terms, such as dollars or quantities, and they should be linked to the organization’s business strategies. Before undertaking any online business initiative, companies should evaluate the initiative’s estimated costs and benefits. Some costs, such as opportunity costs, can be difficult to identify and estimate. Funding for online business implementations can come from internal sources in midsize or large firms. Small new businesses can be funded from personal savings or loans and investments made by family and friends. As the startup increases in size, it can turn to angel investors and, eventually, venture capitalists before turning to a public offering of its stock. The most common evaluation technique for online business initiatives is ROI. The benefits of electronic commerce projects can be harder to define and quantify in monetary units than the benefits expected from most other IT projects, so managers should be careful when using quantitative measures such as ROI to evaluate electronic commerce projects. Companies must decide how much, if any, of an electronic commerce project to outsource. Forming an internal team that includes knowledgeable individuals from within the company is a good first step in developing an outsourcing strategy. The internal team develops the specific project objectives and is responsible for meeting those objectives. The internal team can select from specific strategies, such as using incubators or outsourcing various parts of the project, and should supervise the staffing of any part of the project that is to be developed internally. Project management is a formal way to plan and control specific tasks and resources used in a project. It provides project managers with a tool they can use to make informed trade-offs among the project elements of schedule, cost, and performance. Large organizations are beginning to use project portfolio management techniques to track and make trade-offs among multiple ongoing projects. Electronic commerce initiatives are usually completed within a short time frame and thus are less likely to run out of control than other information systems development projects. The company must staff the electronic commerce implementation regardless of whether portions of the project are outsourced. Critical staffing areas include business management, application specialists, customer service staff, systems administration, network operations staff, social network marketing staff, and database administration. A good way for all participants to learn from project experiences is to conduct a postimplementation audit that compares project objectives to the actual results.

© Cengage Learning 2015

1

Figure 13.2 Advantages and disadvantages of custom-designed applications © Cengage Learning 2015

Outsourcing meanings in the IT arena

To commission the development of an application to another organization

To hire the services of another company to manage all or parts of the services usually rendered by an IT unit in the organization

May not include development of new applications

Outsouricing custom-designed (tailored) software is software, developed by another company, specifically for the needs of an organization

There are several advantages which are

The software is a good fit to business needs

The software is a good fit to organizational culture

There is dedicated maintenance

Seamless interfaces with other systems can be included

Specialized security

Potential for strategic advantage

Disadvantages can be

A high cost

The organization must fund all development costs

Staff may be diverted from other projects

Software is less likely to be compatible with other organizations’ systems

Must deal with an inherent conflicts when outsourcing software development:

Client wants a firm contract and set of requirements

Specific requirements may mean that no deviation is allowed if changes are needed later as development progresses

Changes may involve hefty additional charges

Offshoring: outsourcing to other countries such as Costa Rica, Indonesia, Columbia, etc.

1

Licensing Applications

Purchasing software usually means purchasing a license to use the software

There is a large selection of high-quality packaged software available

Groups of ready-made software

Relatively inexpensive software that helps in the workplace, such as office suites

Large, costly applications that support entire organizational functions, such as HR or financial management

© Cengage Learning 2015

2

2

Purchasing software usually means purchasing a license to use the software

There is a large selection of high-quality packaged software available

Groups of ready-made software

Relatively inexpensive software that helps in the workplace, such as office suites

Large, costly applications that support entire organizational functions, such as HR or financial management

Software licensing benefits are:

Immediate system availability

High quality

Low price (license fee)

And Available support

A Beta version is a prerelease version of software to be tested by companies who want to use it

After-the-sale support often includes a period of up to one year of free service

Large applications require installation specialists

Some software licensing risks are:

There can be a loose fit between needs and features

We must determine if the software will comply with company needs and organizational culture

There can be difficulties in customizing the software for company needs

The vendor may dissolve or stop supporting the software before the company is ready and may be left without support and maintenance

High turnover of vendor personnel may result in lowered support expertise from vendor

If custom modifications are undertaken, vendor updates may require, tedious “weaving” into customized system

© Cengage Learning 2015

3

Figure 13.8 Benefits and risks of Software as a Service (SaaS) © Cengage Learning 2015

An application service provider (ASP) is an organization that offers software through a network (the Internet or private network)

Software as a service (SaaS) are applications available through a network

No software is installed on a client’s computers

Files may be stored on local storage devices

ASPs may rent the software they offer

The benefits of renting software are:

There is no need to learn how to maintain the software

There is no large start-up fee

Storage hardware is unnecessary

Software is usually available sooner

A good option for small companies

Considered a “software on demand” approach

The risks of renting software are

The lack of control may be an issue, as the client’s data is managed by the vendor

The vendor is unlikely to make many customized changes to the software

Response time is impacted by traffic levels

There may be security risks through a public network

Many clients use leased lines instead of the Internet to limit security risks

3

© Cengage Learning 2015

4

Figure 13.9 Guidelines for end-user development of information technology applications

© Cengage Learning 2015

User application development is when a nonprogrammer users write their own business applications

Characteristics of user-developed software are:

Simple and limited in scope software

Small applications developed for immediate or brief needs

Software is maintained by end users

Challenges of user-developed applications are:

Managing the reaction of IT professionals,

Providing support.,

Compatibility issues,

And managing access

Advantages of user development of applications are:

Shortened lead times

Good fit to needs

Compliance with culture

Efficient utilization of resources

Acquisition of skills

And freeing up IS staff time

Disadvantages of user-developed applications are

Poorly developed applications

Islands of information

Duplication

Security problems

and poor or no documentation

4

Goals of Information Security

Protecting IT resources is a primary concern

Securing corporate ISs is becoming increasingly challenging

Major goals of information security

Reduce the risk of systems ceasing operation

Maintain information confidentiality

Ensure the integrity and reliability of data resources

Ensure the uninterrupted availability of resources

Ensure compliance with policies and laws

© Cengage Learning 2015

5

5

Protecting IT resources is a primary concern

Securing corporate ISs is becoming increasingly challenging

Major goals of information security are to

Reduce the risk of systems ceasing operation,

Maintain information confidentiality,

Ensure the integrity and reliability of data resources,

Ensure the uninterrupted availability of resources,

And Ensure compliance with policies and laws

Laws passed by U.S. Congress setting standards for protecting privacy

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Sarbanes-Oxley Act of 2002 (SOX)

CIA triad: foundational concepts of information systems security

Confidentiality

Integrity

Availability

Risks associated with cloud computing and data storage

Downtime: the period of time during which an IS is not available

$26 billion lost annually in the U.S. due to downtime

Costs of downtime vary depending on industry, the size of the company, and other factors

There are also risk to hardware.

The #1 cause of system downtime is hardware failure

Major causes of hardware damage

Natural disasters

Fires, floods, earthquakes, hurricanes, tornadoes, and lightning

Blackouts and brownouts

Blackout: total loss of electricity

Brownout: partial loss of electricity

Uninterruptible power supply (UPS): backup power for a short time

Major causes of hardware damage

Vandalism

Deliberate destruction

Deliberate alteration or destruction is often done as a prank, but has a high cost

Online vandal’s target may be a company’s website

Hacking: unauthorized access

Honeytoken: a bogus record in a networked database used to combat hackers

Honeypot: a server containing a mirrored copy of a database or a bogus database

Educates security officers about vulnerable points

Virus: spreads from computer to computer

Worm: spreads in a network without human intervention

Antivirus software: protects against viruses

Trojan horse: a virus disguised as legitimate software

Logic bomb: software that is programmed to cause damage at a specific time

Unintentional, non-malicious damage can be caused by:

Poor training

Lack of adherence to backup procedures

Unauthorized downloading and installation of software may cause damage

Human error

There are risks to online operations. Many hackers try daily to interrupt online businesses

Some types of attacks

Unauthorized access

Data theft

Defacing of webpages

Denial of service

Hijacking computers

Denial of service (DoS): an attacker launches a large number of information requests

Slows down legitimate traffic to site

Distributed denial of service (DDoS): an attacker launches a DoS attack from multiple computers

Usually launched from hijacked personal computers called “zombies”

There is no definitive cure for this

A site can filter illegitimate traffic

Computer Hijacking is using some or all of a computer’s resources without the consent of its owner

Often done for making a DDoS attack

Done by installing a software bot on the computer

Main purpose of hijacking is usually to send spam

Bots are planted by exploiting security holes in operating systems and communications software

A bot usually installs e-mail forwarding software

Security Measures

Organizations can protect against attacks using various approaches, including:

Firewalls

Authentication

Encryption

Digital signatures

Digital certificates

© Cengage Learning 2015

6

6

Organizations can take security measures to protect against attacks using various approaches, including:

Firewalls

Authentication

Encryption

Digital signatures

And Digital certificates

Firewall: hardware and software that blocks access to computing resources

The best defense against unauthorized access over the Internet

Firewalls are now routinely integrated into routers

DMZ: demilitarized zone approach

One end of the network is connected to the trusted network, and the other end to the Internet

Connection is established using a proxy server

Proxy server: “represents” another server for all information requests from resources inside the trusted network

Can also be placed between the Internet and the trusted network when there is no DMZ

Authentication: the process of ensuring that you are who you say you are

Encryption: coding a message into an unreadable form

Messages are encrypted and authenticated to ensure security

Important when communicating confidential information, e.g., financial and medical records

A message may be text, image, sound, or other digital information

Encryption programs scramble the transmitted information

Plaintext is the original message

Ciphertext is the encoded message

Encryption uses a mathematical algorithm and a key

A Key is a unique combination of bits that will decipher the ciphertext

Public-key encryption uses two keys, one public and one private

Symmetric encryption is when the sender and the recipient use the same key

Asymmetric encryption is when both a public and a private key are used

Transport Layer Security (TLS) is a protocol for transactions on the Web that uses a combination of public key and symmetric key encryption

HTTPS is a the secure version of HTTP

A Digital signature is a means to authenticate online messages; implemented with public keys

A Message digest is unique fingerprint of file

Digital certificates are computer files that associate one’s identity with one’s public key

Issued by certificate authority

Certificate authority (CA) is a trusted third party

A digital certificate contains its holder’s name, a serial number, its expiration dates, and a copy of holder’s public key

Also contains the digital signature of the CA

The downside of security measures are:

For Single sign-on (SSO) a user must enter his or her name/password only once

Single sign-on saves employees time

Encryption slows down communication

Every message must be encrypted and then decrypted

IT specialists must clearly explain the implications of security measures to upper management

Recovery Measures

Security measures may reduce mishaps, but no one can control all disasters

Preparation for uncontrolled disasters requires that recovery measures are in place

Redundancy may be used

Very expensive, especially in distributed systems

Other measures must be taken

© Cengage Learning 2015

7

7

Security measures may reduce mishaps, but no one can control all disasters

Recovery measures are preparation for uncontrolled disasters that require recovery of data and information.

Redundancy may be used

It is Very expensive, especially in distributed systems

Other measures must be taken

A Business recovery plan is a detailed plan about what should be done and by whom if critical systems go down

Also called a disaster recovery plan, business resumption plan, or business continuity plan

To develop a business recovery plan

Obtain management’s commitment to the plan

Establish a planning committee

Perform risk assessment and impact analysis

Prioritize recovery needs

Mission-critical applications: those without which the business cannot conduct operations

Select a recovery plan

Select vendors

Develop and implement the plan

Test the plan

Continually test and evaluate

Can outsource recovery plans to firms that specialize in disaster recover planning

Hot sites are alternative sites that a business can use when a disaster occurs

Backup sites provide desks, computer systems, and Internet links

Companies that implement hot sites

IBM

Hewlett-Packard

SunGard Availability Services

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.