Home Uncategorized Paper

Uncategorized

Paper

Test

Information Systems for Business and Beyond (2019)

Information Systems for
Business and Beyond (2019)
Information systems, their use in business, and the
larger impact they are having on our world.
DAVID BOURGEOIS
JOSEPH MORTATI, SHOUHONG WANG,
AND JAMES SMITH

Information Systems for Business and Beyond (2019) by David Bourgeois is licensed
under a Creative Commons Attribution-NonCommercial 4.0 International License,
except where otherwise noted.
This book was initially developed in 2014 by Dr. David Bourgeois as part of
the Open Textbook Challenge funded by the Saylor Foundation. This 2019
edition is an update to that textbook.
This book was produced with Pressbooks (https://pressbooks.com) and
rendered with Prince.

https://creativecommons.org/licenses/by-nc/4.0/

Open Textbook Challenge: Making Textbooks Available (For Free!)

Homepage

Information Systems for
Business and Beyond
Updated edition: August 1, 2019
DAVID T. BOURGEOIS, PH.D.
JAMES L. SMITH, PH.D.
SHOUHONG WANG, PH.D.
JOSEPH MORTATI, MBA
Title Page | v

Copyright
Information Systems for Business and Beyond (2019) by David Bourgeois is licensed
under a Creative Commons Attribution-NonCommercial 4.0 International License,
except where otherwise noted.
vi | Copyright

Cover

https://creativecommons.org/licenses/by-nc/4.0/

http://creativecommons.org/licenses/by/3.0/legalcode

Book Contributors
Information Systems for Business and Beyond was originally
developed in 2014 by David T. Bourgeois Ph.D.
Updates for the 2019 edition were graciously contributed by:
• James L. Smith Ph.D. (all chapters)
• Shouhong Wong, Ph.D. (chapters 4 and 8)
• Joseph Mortati, MBA (chapter 10)
Book Contributors | vii

Changes from Previous
Edition
Information Systems for Business and Beyond was written by Dr.
David Bourgeois and originally published in 2014 as part of the
Open Textbook Challenge at the Saylor Foundation. Since then, it
has been accessed thousands of time and used in many courses
worldwide. This 2019 update to the textbook brings it up to date
and adds many new topics. True to its open textbook roots, many
of the updates have come from the community of instructors and
practitioners who are passionate about information systems. See
the page Book Contributors to see the primary contributors to this
edition. A majority of the changes listed below were made by Dr.
James Smith, who did a revision to this text in 2018.
Here is a summary of the changes made:
Overall
• New and updated images, especially those related to statistics,
in order to bring them up to date.
• References brought up to date.
• Added labs for every chapter.
• Added an index.
• Editing for consistency.
Chapter 1: What is an information system?
• Added video: Blum’s fibre optic TED Talk
viii | Changes from Previous Edition

Chapter 2: Hardware
• Removed text which discussed increasing dependency on
tablets and decreasing use of desktops
• Clarification of bit vs. byte, binary vs. digital. Added tables to
Understanding Binary sidebar
• Added Huang’s Law on graphics processor units
• Modified text regarding Moore’s Law to state that his law is no
longer able to be maintained
Chapter 3: Software
• Added information about Ubuntu Linux
• Added Eclipse IDE
• Added information about Tableau
• Supply Chain Management: added an emphasis on use of
Information Systems up and down supply chain by Walmart to
gain competitive advantage
Chapter 4: Data and Databases
• Database schemas redesigned
• Data types added
• SQL examples include output
• NoSQL described
• Data Dictionary re-ordered to column name
• New section on “Why database technology?”
• Differentiation of data, information, and knowledge
• Section on Data models
• Changed illustrative example of database tables and
relationships.
Changes from Previous Edition | ix

• Updated section on Business Intelligence to focus on the rise
of analytics and data science. Includes a new “What is Data
Science?” sidebar.
Chapter 5: Networking and Communication
• History of ARPANET initial four nodes, etc.
• Metcalfe’s Law
Chapter 6: Information Systems Security
• Added information on blockchain and Bitcoin.
Chapter 8: Business Processes
• Introduce tools (DFD, BPMN, UML) of business process
modeling
• Introduce examples of DFD.
Chapter 10: Information Systems Development
• Java sample code
• Mismanaging Change side bar
• Added section on mobile development.
• Added sidebar on risks of end-user computing
x | Information Systems for Business and Beyond (2019)

Chapter 11: Globalization and the Digital Divide
• World 3.0 written by economist Pankaj Ghemawat; also his
TED talk video
Chapter 12: The Ethical and Legal Implications of
Information Systems
• Facebook and Cambridge Analytics data privacy
• General Data Protection Regulation section
Chapter 13: Trends in Information Systems
• Waze mapping app
• Drone video
• Drone blood delivery in Kenya video
• Added sidebar on Mary Meeker and her Internet Trends report

Changes from Previous Edition | xi

How you can help
This is an open textbook and relies on the support of its users to
stay relevant and available. Here’s how you can help:
1. Let us know you are using this textbook.
◦ If you are an instructor, please let us know you’ve adopted
this textbook by filling out the instructor survey.
◦ If you are not an instructor, please fill out the student
survey.
2. Let us know how to improve the textbook. If you have
suggestions, please let us know by filling out our feedback
form.
3. Finally, the domain, web hosting, security, backup and export
tools used by this textbook are not free. Please consider
supporting us financially through PayPal. Please note: this
donation goes directly to Imperial Digital LLC, the company
hosting and supporting this open textbook project. All
contribution are marked as donations towards this open
textbook project.
xii | How you can help

https://docs.google.com/forms/d/e/1FAIpQLSfF869qKL-ddztjZKTLxdeqDslpuZRGlmV3ccdJAUEzUtxo8Q/viewform

https://docs.google.com/forms/d/e/1FAIpQLScdszjD9mXsCd8IBbTraPJt8rgIJ_I2eIEJuJakqKmd31K5XQ/viewform

https://docs.google.com/forms/d/e/1FAIpQLSfhClva6Vcu10_xxFgLqWapKewr44NmoHsEy108alfomMg3bA/viewform

https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=UBXGVAUNGK5U8&source=url

Introduction
Welcome to Information Systems for Business and
Beyond. In this book, you will be introduced to the
concept of information systems, their use in
business, and how information systems can be
used to gain competitive advantage.
Audience
This book is written as an introductory text, meant for those with
little or no experience with computers or information systems.
While sometimes the descriptions can get a bit technical, every
effort has been made to convey the information essential to
understanding a topic while not getting overly focused in detailed
terminology.
Chapter Outline
The text is organized around thirteen chapters divided into three
major parts, as follows:
• Part 1: What Is an Information System?
◦ Chapter 1: What Is an Information System? – This chapter
provides an overview of information systems, including
the history of how information systems got to where it is
today.
◦ Chapter 2: Hardware – This is a discussion of information
Introduction | 1

systems hardware and how it works. You will look at
different computer parts and learn how they interact.
◦ Chapter 3: Software – Without software, hardware is
useless. This chapter covers software and the role it plays
in an organization.
◦ Chapter 4: Data and Databases – This chapter explores
how organizations use information systems to turn data
into information that can then be used for competitive
advantage. Special attention is paid to the role of
databases.
◦ Chapter 5: Networking and Communication – Today’s
computers are expected to also be communication
devices. This chapter reviews the history of networking,
how the Internet works, and the use of networks in
organizations today.
◦ Chapter 6: Information Systems Security – This chapter
discusses the information security triad of confidentiality,
integrity, and availability. Different security technologies
are reviewed, and the chapter concludes with a primer on
personal information security.
• Part 2: Information Systems for Strategic Advantage
◦ Chapter 7: Does IT Matter? – This chapter examines the
impact that information systems have on an organization.
Can IT give a company a competitive advantage? This
chapter discusses the seminal works by Brynjolfsson, Carr,
and Porter as they relate to IT and competitive advantage.
◦ Chapter 8: Business Processes – Business processes are the
essence of what a business does, and information systems
play an important role in making them work. This chapter
will discuss business process management, business
process reengineering, and ERP systems.
◦ Chapter 9: The People in Information Systems – This
chapter will provide an overview of the different types of
people involved in information systems. This includes
2 | Information Systems for Business and Beyond (2019)

people who create information systems, those who
operate and administer information systems, those who
manage information systems, and those who use
information systems.
◦ Chapter 10: Information Systems Development – How are
information systems created? This chapter will review the
concept of programming, look at different methods of
software development, review website and mobile
application development, discuss end-user computing,
and look at the “build vs. buy” decision that many
companies face.
• Part 3: Information Systems beyond the Organization
◦ Chapter 11: Globalization and the Digital Divide – The rapid
rise of the Internet has made it easier than ever to do
business worldwide. This chapter will look at the impact
that the Internet is having on the globalization of business
and the issues that firms must face because of it. It will
also cover the concept of the digital divide and some of
the steps being taken to alleviate it.
◦ Chapter 12: The Ethical and Legal Implications of
Information Systems – The rapid changes in information
and communication technology in the past few decades
have brought a broad array of new capabilities and powers
to governments, organizations, and individuals alike. This
chapter will discuss the effects that these new capabilities
have had and the legal and regulatory changes that have
been put in place in response.
◦ Chapter 13: Future Trends in Information Systems – This
final chapter will present an overview of some of the new
technologies that are on the horizon. From wearable
technology to 3-D printing, this chapter will provide a look
forward to what the next few years will bring.
Introduction | 3

For the Student
Each chapter in this text begins with a list of the relevant learning
objectives and ends with a chapter summary. Following the
summary is a list of study questions that highlight key topics in the
chapter. In order to get the best learning experience, you would
be wise to begin by reading both the learning objectives and the
summary and then reviewing the questions at the end of the
chapter.
For the Instructor
Instructors: if you have adopted this book for your course, would
you be so kind as to let us know in the instructor survey?
Learning objectives can be found at the beginning of each
chapter. Of course, all chapters are recommended for use in an
introductory information systems course. However, for courses on
a shorter calendar or courses using additional textbooks, a review
of the learning objectives will help determine which chapters can be
omitted.
At the end of each chapter, there is a set of study questions and
exercises (except for chapter 1, which only offers study questions).
The study questions can be assigned to help focus students’ reading
on the learning objectives. The exercises are meant to be a more
in-depth, experiential way for students to learn chapter topics. It
is recommended that you review any exercise before assigning it,
adding any detail needed (such as length, due date) to complete the
assignment. Some chapters also includes lab assignments.
As an open textbook, support for supplemental materials relies
on the generosity of those who have created them and wish to
share them. Supplemental materials, including slides and quizzes,
are located on the home page for this book. If you wish to contribute
4 | Information Systems for Business and Beyond (2019)

https://docs.google.com/forms/d/e/1FAIpQLSfF869qKL-ddztjZKTLxdeqDslpuZRGlmV3ccdJAUEzUtxo8Q/viewform

Home

materials that you have created, please fill out the instructor survey
and communicate that fact.
Introduction | 5

https://docs.google.com/forms/d/e/1FAIpQLSfF869qKL-ddztjZKTLxdeqDslpuZRGlmV3ccdJAUEzUtxo8Q/viewform

PART I: WHAT IS AN
INFORMATION SYSTEM?
Part I: What is an information
system? | 7

Chapter 1: What Is an
Information System?
Learning Objectives
Upon successful completion of this chapter, you will be
able to:
• define what an information system is by identifying
its major components;
• describe the basic history of information systems;
and
• describe the basic argument behind the article
“Does IT Matter?” by Nicholas Carr.

Introduction
Welcome to the world of information systems, a world that seems to
change almost daily. Over the past few decades information systems
have progressed to being virtually everywhere, even to the point
where you may not realize its existence in many of your daily
activities. Stop and consider how you interface with various
components in information systems every day through different
Chapter 1: What Is an Information
System? | 9

electronic devices. Smartphones, laptop, and personal computers
connect us constantly to a variety of systems including messaging,
banking, online retailing, and academic resources, just to name a
few examples. Information systems are at the center of virtually
every organization, providing users with almost unlimited
resources.
Have you ever considered why businesses invest in technology?
Some purchase computer hardware and software because everyone
else has computers. Some even invest in the same hardware and
software as their business friends even though different technology
might be more appropriate for them. Finally, some businesses do
sufficient research before deciding what best fits their needs. As
you read through this book be sure to evaluate the contents of each
chapter based on how you might someday apply what you have
learned to strengthen the position of the business you work for, or
maybe even your own business. Wise decisions can result in stability
and growth for your future enterprise.
Information systems surround you almost every day. Wi-fi
networks on your university campus, database search services in
the learning resource center, and printers in computer labs are
good examples. Every time you go shopping you are interacting
with an information system that manages inventory and sales. Even
driving to school or work results in an interaction with the
transportation information system, impacting traffic lights,
cameras, etc. Vending machines connect and communicate using
the Internet of Things (IoT). Your car’s computer system does more
than just control the engine – acceleration, shifting, and braking
data is always recorded. And, of course, everyone’s smartphone is
constantly connecting to available networks via Wi-fi, recording
your location and other data.
Can you think of some words to describe an information system?
Words such as “computers,” “networks,” or “databases” might pop
into your mind. The study of information systems encompasses a
broad array of devices, software, and data systems. Defining an
10 | Information Systems for Business and Beyond (2019)

information system provides you with a solid start to this course
and the content you are about to encounter.
Defining Information Systems
Many programs in business require students to take a course in
information systems. Various authors have attempted to define the
term in different ways. Read the following definitions, then see if
you can detect some variances.
• “An information system (IS) can be defined technically as a set
of interrelated components that collect, process, store, and
distribute information to support decision making and control
in an organization.” 1
• “Information systems are combinations of hardware, software,
and telecommunications networks that people build and use to
collect, create, and distribute useful data, typically in
organizational settings.”2
• “Information systems are interrelated components working
together to collect, process, store, and disseminate
information to support decision making, coordination, control,
analysis, and visualization in an organization.”3
As you can see these definitions focus on two different ways of
describing information systems: the components that make up an
information system and the role those components play in an
organization. Each of these need to be examined.
1. [1]
2. [2]
3. [3]
Chapter 1: What Is an Information System? | 11

The Components of Information Systems
Information systems can be viewed as having five major
components: hardware, software, data, people, and processes. The
first three are technology. These are probably what you thought
of when defining information systems. The last two components,
people and processes, separate the idea of information systems
from more technical fields, such as computer science. In order to
fully understand information systems, you will need to understand
how all of these components work together to bring value to an
organization.
Technology
Technology can be thought of as the application of scientific
knowledge for practical purposes. From the invention of the wheel
to the harnessing of electricity for artificial lighting, technology has
become ubiquitous in daily life, to the degree that it is assumed
to always be available for use regardless of location. As discussed
before, the first three components of information systems –
hardware, software, and data – all fall under the category of
technology. Each of these will be addressed in an individual chapter.
At this point a simple introduction should help you in your
understanding.
Hardware
Hardware is the tangible, physical portion of an information system
– the part you can touch. Computers, keyboards, disk drives, and
flash drives are all examples of information systems hardware. How
12 | Information Systems for Business and Beyond (2019)

these hardware components function and work together will be
covered in Chapter 2.
Software
Software comprises the set of instructions that tell the hardware
what to do. Software is not tangible – it cannot be touched.
Programmers create software by typing a series of instructions
telling the hardware what to do. Two main categories of software
are: Operating Systems and Application software. Operating
Systems software provides the interface between the hardware and
the Application software. Examples of operating systems for a
personal computer include Microsoft Windows and Ubuntu Linux.
The mobile phone operating system market is dominated by Google
Android and Apple iOS. Application software allows the user to
perform tasks such as creating documents, recording data in a
spreadsheet, or messaging a friend. Software will be explored more
thoroughly in Chapter 3.
Data
The third technology component is data. You can think of data as
a collection of facts. For example, your address (street, city state,
postal code), your phone number, and your social networking
Chapter 1: What Is an Information System? | 13

account are all pieces of data. Like software, data is also intangible,
unable to be seen in its native state. Pieces of unrelated data are
not very useful. But aggregated, indexed, and organized together
into a database, data can become a powerful tool for businesses.
Organizations collect all kinds of data and use it to make decisions
which can then be analyzed as to their effectiveness. The analysis
of data is then used to improve the organization’s performance.
Chapter 4 will focus on data and databases, and how it is used in
organizations.
Networking Communication
Besides the technology components (hardware, software, and data)
which have long been considered the core technology of
information systems, it has been suggested that one other
component should be added: communication. An information
system can exist without the ability to communicate – the first
personal computers were stand-alone machines that did not access
the Internet. However, in today’s hyper-connected world, it is an
extremely rare computer that does not connect to another device
or to a enetwork. Technically, the networking communication
component is made up of hardware and software, but it is such a
core feature of today’s information systems that it has become its
own category. Networking will be covered in Chapter 5.
People

14 | Information Systems for Business and Beyond (2019)

Jeff Bezos, Amazon CEO
When thinking about information
systems, it is easy to focus on the
technology components and forget to
look beyond these tools to fully
understand their integration into an
organization. A focus on the people
involved in information systems is the
next step. From the front-line user
support staff, to systems analysts, to
developers, all the way up to the chief
information officer (CIO), the people
involved with information systems are
an essential element. The people
component will be covered in Chapter 9.

Process
The last component of information systems is process. A process
is a series of steps undertaken to achieve a desired outcome or
goal. Information systems are becoming more integrated with
organizational processes, bringing greater productivity and better
control to those processes. But simply automating activities using
technology is not enough – businesses looking to utilize
information systems must do more. The ultimate goal is to improve
processes both internally and externally, enhancing interfaces with
suppliers and customers. Technology buzzwords such as “business
process re-engineering,” “business process management,” and
“enterprise resource planning” all have to do with the continued
improvement of these business procedures and the integration of
technology with them. Businesses hoping to gain a competitive
advantage over their competitors are highly focused on this
Chapter 1: What Is an Information System? | 15

IBM 704 Mainframe (Copyright:
Lawrence Livermore National
Laboratory)
component of information systems. The process element in
information systems will be discussed in Chapter 8.
The Role of Information Systems
You should now understand that information systems have a
number of vital components, some tangible, others intangible, and
still others of a personnel nature. These components collect, store,
organize, and distribute data throughout the organization. You may
have even realized that one of the roles of information systems
is to take data and turn it into information, and then transform
that information into organizational knowledge. As technology has
developed, this role has evolved into the backbone of the
organization, making information systems integral to virtually every
business. The integration of information systems into organizations
has progressed over the decades.

The Mainframe Era
From the late 1950s through the
1960s, computers were seen as
a way to more efficiently do
calculations. These first
business computers were
room-sized monsters, with
several machines linked
16 | Information Systems for Business and Beyond (2019)

http://commons.wikimedia.org/wiki/File%3AIbm704.gif

Registered trademark of International
Business Machines
together. The primary work was to organize and store large volumes
of information that were tedious to manage by hand. Only large
businesses, universities, and government agencies could afford
them, and they took a crew of specialized personnel and dedicated
facilities to provide information to organizations.
Time-sharing allowed dozens or even hundreds of users to
simultaneously access mainframe computers from locations in the
same building or miles away. Typical functions included scientific
calculations and accounting, all under the broader umbrella of “data
processing.”
In the late 1960s,
Manufacturing Resources
Planning (MRP) systems were
introduced. This software,
running on a mainframe
computer, gave companies the
ability to manage the
manufacturing process, making it more efficient. From tracking
inventory to creating bills of materials to scheduling production, the
MRP systems gave more businesses a reason to integrate computing
into their processes. IBM became the dominant mainframe
company. Continued improvement in software and the availability
of cheaper hardware eventually brought mainframe computers (and
their little sibling, the minicomputer) into most large businesses.
Today you probably think of Silicon Valley in northern California
as the center of computing and technology. But in the days of the
mainframe’s dominance corporations in the cities of Minneapolis
and St. Paul produced most computers. The advent of the personal
computer resulted in the “center of technology” eventually moving
to Silicon Valley.
Chapter 1: What Is an Information System? | 17

IBM PC
The PC Revolution
In 1975, the first microcomputer was announced on the cover of
Popular Mechanics: the Altair 8800. Its immediate popularity
sparked the imagination of entrepreneurs everywhere, and there
were soon dozens of companies manufacturing these “personal
computers.” Though at first just a niche product for computer
hobbyists, improvements in usability and the availability of practical
software led to growing sales. The most prominent of these early
personal computer makers was a little company known as Apple
Computer, headed by Steve Jobs and Steve Wozniak, with the hugely
successful “Apple II.” Not wanting to be left out of the revolution,
in 1981 IBM teamed with Microsoft, then just a startup company,
for their operating system software and hurriedly released their
own version of the personal computer simply called the “PC.” Small
businesses finally had affordable computing that could provide
them with needed information systems. Popularity of the IBM PC
gave legitimacy to the microcomputer and it was named
Time magazine’s “Man of the Year” for 1982.
Because of the IBM PC’s open
architecture, it was easy for
other companies to copy, or
“clone” it. During the 1980s,
many new computer
companies sprang up, offering
less expensive versions of the
PC. This drove prices down and
spurred innovation. Microsoft
developed the Windows
operating system, with version
3.1 in 1992 becoming the first
commercially successful release. Typical uses for the PC during this
period included word processing, spreadsheets, and databases.
18 | Information Systems for Business and Beyond (2019)

Registered Trademark of SAP
These early PCs were standalone machines, not connected to a
network.
Client-Server
In the mid-1980s, businesses began to see the need to connect their
computers as a way to collaborate and share resources. Known as
“client-server,” this networking architecture allowed users to log
in to the Local Area Network (LAN) from their PC (the “client”) by
connecting to a central computer called a “server.” The server would
lookup permissions for each user to determine who had access to
various resources such as printers and files. Software companies
began developing applications that allowed multiple users to access
the same data at the same time. This evolved into software
applications for communicating, with the first popular use of
electronic mail appearing at this time.
This networking and data
sharing all stayed mainly within
the confines of each business.
Sharing of electronic data
between companies was a very
specialized function.
Computers were now seen as tools to collaborate internally within
an organization. These networks of computers were becoming so
powerful that they were replacing many of the functions previously
performed by the larger mainframe computers at a fraction of the
cost. It was during this era that the first Enterprise Resource
Planning (ERP) systems were developed and run on the client-server
architecture. An ERP system is an application with a centralized
database that can be used to run a company’s entire business. With
separate modules for accounting, finance, inventory, human
resources, and many more, ERP systems, with Germany’s SAP
Chapter 1: What Is an Information System? | 19

ARPANet, 1969
leading the way, represented the state of the art in information
systems integration. ERP systems will be discussed in Chapter 9.
The Internet, World Wide Web and E-Commerce
The first long distance
transmission between two
computers occurred on
October 29, 1969 when
developers under the direction
of Dr. Leonard Kleinrock sent
the word “login” from the
campus of UCLA to Stanford
Research Institute in Menlo
Park, California, a distance of
over 350 miles. The United
States Department of Defense
created and funded ARPA Net
(Advanced Research Projects
Administration), an
experimental network which
eventually became known as
the Internet. ARPA Net began with just four nodes or sites, a very
humble start for today’s Internet. Initially, the Internet was confined
to use by universities, government agencies, and researchers. Users
were required to type commands (today we refer to this as
“command line”) in order to communicate and transfer files. The
first e-mail messages on the Internet were sent in the early 1970s as
a few very large companies expanded from local networks to the
Internet. The computer was now evolving from a purely
computational device into the world of digital communications.
In 1989, Tim Berners-Lee developed a simpler way for researchers
to share information over the Internet, a concept he called the
20 | Information Systems for Business and Beyond (2019)

Registered trademark of Amazon.com,
Inc.
World Wide Web.4 This invention became the catalyst for the growth
of the Internet as a way for businesses to share information about
themselves. As web browsers and Internet connections became the
norm, companies rushed to grab domain names and create
websites.
In 1991 the National Science
Foundation, which governed
how the Internet was used,
lifted restrictions on its
commercial use. Corporations
soon realized the huge potential of a digital marketplace on the
Internet and in 1994 both eBay and Amazon were founded. A mad
rush of investment in Internet-based businesses led to the dot-com
boom through the late 1990s, and then the dot-com bust in 2000.
The bust occurred as investors, tired of seeing hundreds of
companies reporting losses, abandoned their investments. An
important outcome for businesses was that thousands of miles of
Internet connections, in the form of fiber optic cable, were laid
around the world during that time. The world became truly “wired”
heading into the new millenium, ushering in the era of globalization,
which will be discussed in Chapter 11. This TED Talk video focuses
on connecting Africa to the Internet through undersea fibre optic
cable.
The digital world also became a more dangerous place as virtually
all companies connected to the Internet. Computer viruses and
worms, once slowly propagated through the sharing of computer
disks, could now grow with tremendous speed via the Internet.
Software and operating systems written for a standalone world
found it very difficult to defend against these sorts of threats. A
whole new industry of computer and Internet security arose.
Information security will be discussed in Chapter 6.
4. [4]
Chapter 1: What Is an Information System? | 21

Web 2.0
As the world recovered from the dot-com bust, the use of
technology in business continued to evolve at a frantic pace.
Websites became interactive. Instead of just visiting a site to find
out about a business and then purchase its products, customers
wanted to be able to customize their experience and interact online
with the business. This new type of interactive website, where you
did not have to know how to create a web page or do any
programming in order to put information online, became known as
Web 2.0. This new stage of the Web was exemplified by blogging,
social networking, and interactive comments being available on
many websites. The new Web 2.0 world, in which online interaction
became expected, had a major impact on many businesses and even
whole industries. Many bookstores found themselves relegated to a
niche status. Video rental chains and travel agencies simply began
going out of business as they were replaced by online technologies.
The newspaper industry saw a huge drop in circulation with some
cities such as New Orleans no longer able to support a daily
newspaper.
Disintermediation is the process of technology replacing a
middleman in a transaction. Web 2.0 allowed users to get
information and news online, reducing dependence of physical
books and newspapers.
As the world became more connected, new questions arose.
Should access to the Internet be considered a right? Is it legal
to copy a song that had been downloaded from the Internet? Can
information entered into a website be kept private? What
information is acceptable to collect from children? Technology
moved so fast that policymakers did not have enough time to enact
appropriate laws. Ethical issues surrounding information systems
will be covered in Chapter 12.
22 | Information Systems for Business and Beyond (2019)

The Post-PC World, Sort of
Ray Ozzie, a technology visionary at Microsoft, stated in 2012 that
computing was moving into a phase he called the post-PC world.5
Now six years later that prediction has not stood up very well to
reality. As you will read in Chapter 13, PC sales have dropped slightly
in recent years while there has been a precipitous decline in tablet
sales. Smartphone sales have accelerated, due largely to their
mobility and ease of operation. Just as the mainframe before it, the
PC will continue to play a key role in business, but its role will
be somewhat diminished as people emphasize mobility as a central
feature of technology. Cloud computing provides users with mobile
access to data and applications, making the PC more of a part of
the communications channel rather than a repository of programs
and information. Innovation in the development of technology and
communications will continue to move businesses forward.
5. [5]
Chapter 1: What Is an Information System? | 23

Eras of Business Computing
Era Hardware Operating System Applications
Mainframe
(1970s)
Terminals connected
to mainframe
computer
Time-sharing
(TSO) on
Multiple
Virtual
Storage
(MVS)
Custom-written
MRP software
PC
(mid-1980s)
IBM PC or compatible.
Sometimes connected
to mainframe
computer via
network interface
card.
MS-DOS WordPerfect, Lotus 1-2-3
Client-Server
(late 80s to
early 90s)
IBM PC “clone” on a
Novell Network.
Windows for
Workgroups
Microsoft
Word,
Microsoft Excel
World
Wide Web
(mid-90s to
early 2000s)
IBM PC “clone”
connected to company
intranet.
Windows XP
Microsoft
Office, Internet
Explorer
Web 2.0
(mid-2000s –
present)
Laptop connected to
company Wi-Fi. Windows 10
Microsoft
Office
Post-PC
(today and
beyond)
Smartphones Android, iOS
Mobile-friendly
websites,
mobile apps
Can Information Systems Bring
Competitive Advantage?
It has always been the assumption that the implementation of
information systems will bring a business competitive advantage. If
installing one computer to manage inventory can make a company
more efficient, then it can be expected that installing several
computers can improve business processes and efficiency.
In 2003, Nicholas Carr wrote an article in the Harvard Business
24 | Information Systems for Business and Beyond (2019)

Registered Trademark of Walmart, Inc.
Review that questioned this assumption. Entitled “I.T. Doesn’t
Matter.” Carr was concerned that information technology had
become just a commodity. Instead of viewing technology as an
investment that will make a company stand out, Carr said
technology would become as common as electricity – something to
be managed to reduce costs, ensure that it is always running, and be
as risk-free as possible.
The article was both hailed and scorned. Can I.T. bring a
competitive advantage to an organization? It sure did for Walmart
(see sidebar). Technology and competitive advantage will be
discussed in Chapter 7.
Sidebar: Walmart Uses Information Systems
to Become the World’s Leading Retailer
Walmart is the world’s largest
retailer, earn 8.1 billion for the
fiscal year that ended on
January 31, 2018. Walmart
currently serves over 260
million customers every week worldwide through its 11,700 stores in
28 countries.6In 2018 Fortune magazine for the sixth straight year
ranked Walmart the number one company for annual revenue as
they again exceeded $500 billion in annual sales. The next closest
company, Exxon, had less than half of Walmart’s total revenue.7
Walmart’s rise to prominence is due in large part to making
6. [6]
7. [7]
Chapter 1: What Is an Information System? | 25

information systems a high priority, especially in their Supply Chain
Management (SCM) system known as Retail Link.ing $14.3 billion on
sales of $30
This system, unique when initially implemented in the mid-1980s,
allowed Walmart’s suppliers to directly access the inventory levels
and sales information of their products at any of Walmart’s more
than eleven thousand stores. Using Retail Link, suppliers can
analyze how well their products are selling at one or more Walmart
stores with a range of reporting options. Further, Walmart requires
the suppliers to use Retail Link to manage their own inventory
levels. If a supplier feels that their products are selling out too
quickly, they can use Retail Link to petition Walmart to raise the
inventory levels for their products. This has essentially allowed
Walmart to “hire” thousands of product managers, all of whom have
a vested interest in the products they are managing. This
revolutionary approach to managing inventory has allowed Walmart
to continue to drive prices down and respond to market forces
quickly.
Today Walmart continues to innovate with information
technology. Using its tremendous market presence, any technology
that Walmart requires its suppliers to implement immediately
becomes a business standard. For example, in 1983 Walmart became
the first large retailer to require suppliers to the use Uniform
Product Code (UPC) labels on all products. Clearly, Walmart has
learned how to use I.T. to gain a competitive advantage.
Summary
In this chapter you have been introduced to the concept of
information systems. Several definitions focused on the main
components: technology, people, and process. You saw how the
26 | Information Systems for Business and Beyond (2019)

business use of information systems has evolved over the years,
from the use of large mainframe computers for number crunching,
through the introduction of the PC and networks, all the way to
the era of mobile computing. During each of these phases, new
innovations in software and technology allowed businesses to
integrate technology more deeply into their organizations.
Virtually every company uses information systems which leads
to the question: Does information systems bring a competitive
advantage? In the final analysis the goal of this book is to help you
understand the importance of information systems in making an
organization more competitive. Your challenge is to understand the
key components of an information system and how it can be used to
bring a competitive advantage to every organization you will serve
in your career.
Study Questions
1. What are the five major components that make up an
information system?
2. List the three examples of information system hardware?
3. Microsoft Windows is an example of which component of
information systems?
4. What is application software?
5. What roles do people play in information systems?
6. What is the definition of a process?
7. What was invented first, the personal computer or the
Internet?
8. In what year were restrictions on commercial use of the
Internet first lifted?
9. What is Carr’s main argument about information technology?
Chapter 1: What Is an Information System? | 27

Exercises
1. Suppose that you had to explain to a friend the concept of an
information system. How would you define it? Write a one-
paragraph description in your own words that you feel would
best describe an information system to your friends or family.
2. Of the five primary components of an information system
(hardware, software, data, people, process), which do you think
is the most important to the success of a business
organization? Write a one-paragraph answer to this question
that includes an example from your personal experience to
support your answer.
3. Everyone interacts with various information systems every
day: at the grocery store, at work, at school, even in our cars.
Make a list of the different information systems you interact
with daily. Can you identify the technologies, people, and
processes involved in making these systems work.
4. Do you agree that we are in a post-PC stage in the evolution of
information systems? Do some original research and cite it as
you make your prediction about what business computing will
look like in the next generation.
5. The Walmart sidebar introduced you to how information
systems was used to make them the world’s leading retailer.
Walmart has continued to innovate and is still looked to as a
leader in the use of technology. Do some original research and
write a one-page report detailing a new technology that
Walmart has recently implemented or is pioneering.
Labs
1. Examine your PC. Using a four column table format identify
and record the following information: 1st column: Program
28 | Information Systems for Business and Beyond (2019)

name, 2nd column: software manufacturer, 3rd column:
software version, 4th column: software type (editor/word
processor, spreadsheet, database, etc.).
2. Examine your mobile phone. Create another four column table
similar to the one in Lab #1. This time identify the apps, then
record the requested information.
3. In this chapter you read about the evolution of computing
from mainframe computers to PCs and on to smartphones.
Create a four column table and record the following
information about your own electronic devices: 1st column –
Type: PC or smartphone, 2nd column – Operating system
including version, 3rd column – Storage capacity, 4th column –
Storage available.
1. Laudon, K.C. and Laudon, J. P. (2014) Management Information
Systems, thirteenth edition. Upper Saddle River, New Jersey:
Pearson.
2. Valacich, J. and Schneider, C. (2010). Information Systems Today
– Managing in the Digital World, fourth edition. Upper Saddle
River, New Jersey: Prentice-Hall.
3. Laudon, K.C. and Laudon, J. P. (2012). Management Information
Systems, twelfth edition. Upper Saddle River, New Jersey:
Prentice-Hall.
4. CERN. (n.d.) The Birth of the Web. Retrieved
from http://public.web.cern.ch/public/en/about/web-
en.html
5. Marquis, J. (2012, July 16) What is the Post-PC World? Online
Universities.com. Retrieved from
https://www.onlineuniversities.com/blog/2012/07/what-
post-pc-world/
6. Walmart. (n.d.) 2017 Annual Report. Retrieved from
http://s2.q4cdn.com/056532643/files/doc_financials/2017/
Annual/WMT_2017_AR-(1)
Chapter 1: What Is an Information System? | 29

7. McCoy, K. (2018, May 21). Big Winners in Fortune 500 List. USA
Today. Retrieved from http://https://www.usatoday.com/
story/money/2018/05/21/big-winners-fortune-500-list-
walmart-exxon-mobil-amazon/628003002/
30 | Information Systems for Business and Beyond (2019)

Chapter 2: Hardware
Learning Objectives
Upon successful completion of this chapter, you will be
able to:
• describe information systems hardware;
• identify the primary components of a computer
and the functions they perform; and
• explain the effect of the commoditization of the
personal computer.

Introduction
As you learned in the first chapter, an information system is made
up of five components: hardware, software, data, people, and
process. The physical parts of computing devices – those that you
can actually touch – are referred to as hardware. In this chapter, you
will take a look at this component of information systems, learn a
little bit about how it works, and discuss some of the current trends
surrounding it.
As stated above, computer hardware encompasses digital devices
that you can physically touch. This includes devices such as the
following:
Chapter 2: Hardware | 31

• desktop computers
• laptop computers
• mobile phones
• tablet computers
• e-readers
• storage devices, such as flash drives
• input devices, such as keyboards, mice, and scanners
• output devices such as printers and speakers.
Besides these more traditional computer hardware devices, many
items that were once not considered digital devices are now
becoming computerized themselves. Digital technologies are being
integrated into many everyday objects so the days of a device being
labeled categorically as computer hardware may be ending.
Examples of these types of digital devices include
automobiles, refrigerators, and even beverage dispensers. In this
chapter, you will also explore digital devices, beginning with
defining what is meant by the term itself.
Digital Devices
A digital device processes electronic signals into discrete values, of
which there can be two or more. In comparison analog signals are
continuous and can be represented by a smooth wave pattern. You
might think of digital (discrete) as being the opposite of analog.
Many electronic devices process signals into two discrete values,
typically known as binary. These values are represented as either
a one (“on”) or a zero (“off”). It is commonly accepted to refer to
the on state as representing the presence of an electronic signal.
It then follows that the off state is represented by the absence of
an electronic signal. Note: Technically, the voltages in a system are
evaluated with high voltages converted into a one or on state and
low voltages converted into a zero or off state.
32 | Information Systems for Business and Beyond (2019)

http://www.ford.com/technology/sync

http://www.npr.org/blogs/thesalt/2012/05/03/151968878/the-smart-fridge-finds-the-lost-lettuce-for-a-price

http://www.coca-colafreestyle.com/

Each one or zero is referred to as a bit (a blending of the two
words “binary” and “digit”). A group of eight bits is known as a byte.
The first personal computers could process 8 bits of data at once.
The number of bits that can be processed by a computer’s processor
at one time is known as word size. Today’s PCs can process 64 bits of
data at a time which is where the term 64-bit processor comes from.
You are most likely using a computer with a 64-bit processor.
Sidebar: Understanding Binary
The numbering system you first learned was Base 10 also known as
Decimal. In Base 10 each column in the number represents a power
of 10 with the exponent increasing in each column as you move to
the left, as shown in the table:
Thousands Hundreds Tens Units
103 102 101 100
The rightmost column represents units or the values zero through
nine. The next column from the left represents tens or the values
teens, twenties, thirties, etc, followed by the hundreds column (one
hundred, two hundred, etc.), then the thousands column (one
thousand, two thousand) etc. Expanding the table above, you can
write the number 3456 as follows:
Thousands Hundreds Tens Units
103 102 101 100
3 4 5 6
3000 400 50 6
Chapter 2: Hardware | 33

Computers use the Base 2 numbering system. Similar to Base 10,
each column has a Base of 2 and has an increasing exponent value
moving to the left as shown in the table below:
Two
cubed
Two
squared Two Units
23 22 21 20

The rightmost column represents 20 or units ( 1 ). The next
column from the left represents 21 twos or ( 2 ). The third column
represents 22 or ( 4 ) and the fourth column represents 23 or ( 8 ).
Expanding the table above, you can see how the decimal number 15
is converted to 1111 in binary as follows:
Two
cubed
Two
squared Two Units
23 22 21 20
1 1 1 1
8 4 2 1

8 + 4 + 2 + 1 = 15

Understanding binary is important because it helps us understand
how computers store and transmit data. A “bit” is the lowest level
of data storage, stored as either a one or a zero. If a computer
wants to communicate the number 15, it would need to send 1111 in
binary (as shown above). This is four bits of data since four digits
are needed. A “byte” is 8 bits. If a computer wanted to transmit the
number 15 in a byte, it would send 00001111. The highest number
that can be sent in a byte is 255, which is 11111111, which is equal
to 27+26+25+24+23+22+21+20.
34 | Information Systems for Business and Beyond (2019)

As the capacities of digital devices grew, new terms were developed
to identify the capacities of processors, memory, and disk storage
space. Prefixes were applied to the word byte to represent different
orders of magnitude. Since these are digital specifications, the
prefixes were originally meant to represent multiples of 1024 (which
is 210), but have more recently been rounded for the sake of
simplicity to mean multiples of 1000, as shown in the table below:
Prefix Represents Example
kilo one thousand
kilobyte=one
thousand bytes
mega one million megabyte = one million bytes
giga one billion gigabyte = one billion bytes
tera one trillion terabyte = one trillion bytes
peta one quadrillion
petabyte = one
quadrillion bytes
exa one quintillion
exabyte = one
quintillion bytes
zetta one sextillion
zettabyte = one
sextillion bytes
yotta one septillion
yottabyte = one
septillion bytes

Tour of a PC
All personal computers consist of the same basic components: a
Central Processing Unit (CPU), memory, circuit board, storage, and
input/output devices. Almost every digital device uses the same set
of components, so examining the personal computer will give you
Chapter 2: Hardware | 35

Intel Core i7 CPU
insight into the structure of a variety of digital devices. Here’s a
“tour” of a personal computer.
Processing Data: The CPU
The core of a computer is the Central Processing Unit, or CPU. It
can be thought of as the “brains” of the device. The CPU carries out
the commands sent to it by the software and returns results to be
acted upon.

The earliest CPUs were large circuit
boards with limited functionality.
Today, a CPU can perform a large
variety of functions. There are two
primary manufacturers of CPUs for
personal computers: Intel and
Advanced Micro Devices (AMD).
The speed (“clock time”) of a CPU is
measured in hertz. A hertz is defined
as one cycle per second. A kilohertz (abbreviated kHz) is one
thousand cycles per second, a megahertz (mHz) is one million cycles
per second, and a gigahertz (gHz) is one billion cycles per second.
The CPU’s processing power is increasing at an amazing rate (see
the sidebar about Moore’s Law).
Besides a faster clock time, today’s CPU chips contain multiple
processors. These chips, known as dual-core (two processors) or
quad-core (four processors), increase the processing power of a
computer by providing the capability of multiple CPUs all sharing
the processing load. Intel’s Core i7 processors contain 6 cores and
their Core i9 processors contain 16 cores. This video shows how a
CPU works.
36 | Information Systems for Business and Beyond (2019)

Sidebar: Moore’s Law and Huang’s Law
As you know computers get faster every year. Many times we are
not sure if we want to buy today’s model because next week it
won’t be the most advanced any more. Gordon Moore, one of the
founders of Intel, recognized this phenomenon in 1965, noting that
microprocessor transistor counts had been doubling every year.1
His insight eventually evolved into Moore’s Law:
The number of integrated circuits on a chip doubles every two
years.
Moore’s Law has been generalized into the concept that
computing power will double every two years for the same price
point. Another way of looking at this is to think that the price for the
same computing power will be cut in half every two years. Moore’s
Law has held true for over forty years (see figure below).
The limits of Moore’s Law are now being reached and circuits
cannot be reduced further. However, Huang’s Law regarding
Graphics Processors Units (GPUs) may extend well into the future.
Nvidia’s CEO Jensen Huang spoke at the GPU Technology
Conference in March 2018 announcing that the speed of GPUs are
increasing faster than Moore’s Law. Nvidia’s GPUs are 25 times
faster than five years ago. He admitted that the advancement is
because of advances in architecture, memory technology,
algorithms, and interconnects.2
1. [1]
2. [2]
Chapter 2: Hardware | 37

https://commons.wikimedia.org/wiki/User:Wgsimon

https://spectrum.ieee.org/view-from-the-valley/computing/hardware/move-over-moores-law-make-way-for-huangs-law

Motherboard
Motherboard bus traces
Motherboard
The motherboard is the main
circuit board on the computer.
The CPU, memory, and storage
components, among other
things, all connect into the
motherboard. Motherboards
come in different shapes and
sizes, depending upon how
compact or expandable the
computer is designed to be. Most modern motherboards have many
integrated components, such as network interface card, video, and
sound processing, which previously required separate components.
The motherboard provides
much of the bus of the
computer (the term bus refers
to the electrical connections
between different computer
components). The bus is an
important factor in
determining the computer’s
speed – the combination of how
fast the bus can transfer data
and the number of data bits that can be moved at one time
determine the speed. The traces shown in the image are on the
underside of the motherboard and provide connections between
motherboard components.
Random-Access Memory
When a computer boots, it begins to load information from storage
38 | Information Systems for Business and Beyond (2019)

DDR4 Memory
Hard disk interior
into its working memory. This working memory, called Random-
Access Memory (RAM), can transfer data much faster than the hard
disk. Any program that you are running on the computer is loaded
into RAM for processing. In order for a computer to work effectively,
some minimal amount of RAM must be installed. In most cases,
adding more RAM will allow the computer to run faster. Another
characteristic of RAM is that it is “volatile.” This means that it can
store data as long as it is receiving power. When the computer is
turned off, any data stored in RAM is lost.
RAM is generally installed in a
personal computer through the
use of a Double Data Rate (DDR)
memory module. The type of
DDR accepted into a computer
is dependent upon the motherboard. There have been basically four
generations of DDR: DDR1, DDR2, DDR3, and DDR4. Each generation
runs faster than the previous with DDR4 capable of speeds twice as
fast as DDR3 while consuming less voltage.
Hard Disk
While the RAM is used as
working memory, the computer
also needs a place to store data
for the longer term. Most of
today’s personal computers use
a hard disk for long-term data
storage. A hard disk is
considered non-volatile
storage because when the
computer is turned off the data
remains in storage on the disk, ready for when the computer is
turned on. Drives with a capacity less than 1 Terabyte usually have
Chapter 2: Hardware | 39

https://www.kingston.com/us/memory/ddr4

Solid State Drive interior
just one platter. Notice the single platter in the image. The read/
write arm must be positioned over the appropriate track before
accessing or writing data.”
Solid State Drives
Solid State Drives (SSD) are becoming more popular in personal
computers. The SSD performs the same function as a hard disk,
namely long-term storage. Instead of spinning disks, the SSD uses
flash memory that incorporates EEPROM (Electrically Erasable
Programmable Read Only Memory) chips, which is much faster.
Solid-state drives are
currently a bit more expensive
than hard disks. However, the
use of flash memory instead of
disks makes them much lighter
and faster than hard disks. SSDs
are primarily utilized in
portable computers, making
them lighter, more durable, and
more efficient. Some computers combine the two storage
technologies, using the SSD for the most accessed data (such as the
operating system) while using the hard disk for data that is accessed
less frequently. SSDs are considered more reliable since there are
no moving parts.
40 | Information Systems for Business and Beyond (2019)

USB Drive
Removable Media
Removable storage has changed
greatly over the four decades of
PCs. Floppy disks have been
replaced by CD-ROM drives,
then they were replaced by USB
(Universal Serial Bus) drives.
USB drives are now standard on
all PCs with capacities
approaching 512 gigabytes. Speeds have also increased from 480
Megabits in USB 2.0 to 10 Gigabits in USB 3.1. USB devices also use
EEPROM technology.
3
Network Connection
When personal computers were first stand-alone units when first
developed, which meant that data was brought into the computer
or removed from the computer via removable media. Beginning in
the mid-1980s, however, organizations began to see the value in
connecting computers together via a digital network. Because of
this personal computers needed the ability to connect to these
networks. Initially, this was done by adding an expansion card to
the computer that enabled the network connection. These cards
were known as Network Interface Cards (NIC). By the mid-1990s
an Ethernet network port was built into the motherboard on most
personal computers. As wireless technologies began to dominate
3. [3]
Chapter 2: Hardware | 41

USB port on a computer
in the early 2000s, many personal computers also began including
wireless networking capabilities. Digital communication
technologies will be discussed further in Chapter 5.
Input and Output
In order for a personal
computer to be useful, it must
have channels for receiving
input from the user and
channels for delivering output
to the user. These input and
output devices connect to the
computer via various
connection ports, which
generally are part of the
motherboard and are accessible outside the computer case. In early
personal computers, specific ports were designed for each type of
output device. The configuration of these ports has evolved over the
years, becoming more and more standardized over time. Today,
almost all devices plug into a computer through the use of a USB
port. This port type, first introduced in 1996, has increased in its
capabilities, both in its data transfer rate and power supplied.
Bluetooth
Besides USB, some input and output devices connect to the
computer via a wireless-technology standard called Bluetooth
which was invented in 1994. Bluetooth exchanges data over short
distances of 10 meters up to 100 meters using radio waves. Two
devices communicating with Bluetooth must both have a Bluetooth
42 | Information Systems for Business and Beyond (2019)

communication chip installed. Bluetooth devices include pairing
your phone to your car, computer keyboards, speakers, headsets,
and home security, to name just a few.
Input Devices
All personal computers need components that allow the user to
input data. Early computers simply used a keyboard for entering
data or select an item from a menu to run a program. With the
advent operating systems offering the graphical user interface, the
mouse became a standard component of a computer. These two
components are still the primary input devices to a personal
computer, though variations of each have been introduced with
varying levels of success over the years. For example, many new
devices now use a touch screen as the primary way of data entry.
Other input devices include scanners which allow users to input
documents into a computer either as images or as text.
Microphones can be used to record audio or give voice commands.
Webcams and other types of video cameras can be used to record
video or participate in a video chat session.
Output Devices
Output devices are essential as well. The most obvious output
device is a display or monitor, visually representing the state of
the computer. In some cases, a personal computer can support
multiple displays or be connected to larger-format displays such as
a projector or large-screen television. Other output devices include
speakers for audio output and printers for hardcopy output.
Chapter 2: Hardware | 43

Sidebar: Which Hardware Components
Contribute to the Speed of Your Computer
The speed of a computer is determined by many elements, some
related to hardware and some related to software. In hardware,
speed is improved by giving the electrons shorter distances to
travel in completing a circuit. Since the first CPU was created in
the early 1970s, engineers have constantly worked to figure out
how to shrink these circuits and put more and more circuits onto
the same chip – these are known as integrated circuits. And this
work has paid off – the speed of computing devices has been
continuously improving.
Multi-core processors, or CPUs, have contributed to faster
speeds. Intel engineers have also improved CPU speeds by using
QuickPath Interconnect, a technique which minimizes the
processor’s need to communicate directly with RAM or the hard
drive. Instead, the CPU contains a cache of frequently used data
for a particular program. An algorithm evaluates a program’s data
usage and determines which data should be temporarily stored in
the cache.
The hardware components that contribute to the speed of a
personal computer are the CPU, the motherboard, RAM, and the
hard disk. In most cases, these items can be replaced with newer,
faster components. The table below shows how each of these
contributes to the speed of a computer. Besides upgrading
hardware, there are many changes that can be made to the software
of a computer to make it faster.
44 | Information Systems for Business and Beyond (2019)

http://www.microsoft.com/atwork/maintenance/speed.aspx#fbid=BJ54lqHa0zy

Component
Speed
measured
by
Units Description
CPU Clock speed
GHz
(billions of
cycles)
Hertz indicates the time it
takes to complete a cycle.
Motherboard Bus speed MHz
The speed at which data can
move across the bus.
RAM
Data
transfer
rate
Mb/s
(millions of
bytes per
second)
The time it takes for data to
be transferred from memory
to system measured in
Megabytes.
Hard Disk
Access
time
ms
(millisecond)
The time it takes for the drive
to locate the data to be
accessed.
Data
transfer
rate
MBit/s
The time it takes for data to
be transferred from disk to
system.
Other Computing Devices
A personal computer is designed to be a general-purpose device,
able to solve many different types of problems. As the technologies
of the personal computer have become more commonplace, many
of the components have been integrated into other devices that
previously were purely mechanical. The definition or description
of what defines a computer has changed. Portability has been an
important feature for most users. Here is an overview of some
trends in personal computing.
Chapter 2: Hardware | 45

MacBook Air
Portable Computers
Portable computing today
includes laptops, notebooks
and netbooks, many weighing
less than 4 pounds and
providing longer battery life.
The MacBook Air is a good
example of this: it weighs less
than three pounds and is only
0.68 inches thick!
Netbooks (short for Network
Books) are extremely light because they do not have a hard drive,
depending instead on the Internet “cloud” for data and application
storage. Netbooks depend on a Wi-Fi connection and can run Web
browsers as well as a word processor.

Smartphones
While cell phones were introduced in the 1970s, smartphones have
only been around for the past 20 years. As cell phones evolved
they gained a broader array of features and programs. Today’s
smartphones provide the user with telephone, email, location, and
calendar services, to name a few. They function as a highly mobile
computer, able to connect to the Internet through either cell
technology or Wi-Fi. Smartphones have revolutionized computing,
bringing the one feature PCs and laptops could not deliver, namely
mobility. Consider the following data regarding mobile computing 4:
4. [4]
46 | Information Systems for Business and Beyond (2019)

1. There are 3.7 billion global mobile Internet users as at January
2018.
2. Mobile devices influenced sales to the tune of over $1.4 trillion
in 2016.
3. Mobile commerce revenue in the U.S. is projected to be
$459.38 billion in 2018, and it is estimated to be $693.36 billion
by 2019.
4. By the end of 2018, over $1 trillion — or 75 percent — of
ecommerce sales in China will be done via mobile devices.
5. The average order value for online orders placed on
Smartphones in the first quarter of 2018 is $84.55 while the
average order value for orders placed on Tablets is $94.91.
6. Of the 2.79 billion active social media users in the world, 2.55
billion actively use their mobile devices for social media-
related activities.
7. 90 percent of the time spent on mobile devices is spent in
apps.
8. Mobile traffic is responsible for 52.2 percent of Internet traffic
in 2018 — compared to 50.3 percent from 2017.
9. While the total percentage of mobile traffic is more than
desktop, engagement is higher on desktop. 55.9 percent of
time spent on sites is by desktop users and 40.1 percent of time
spent on sites is by mobile users.
10. By 2020, mobile commerce will account for 45 percent of all e-
commerce activities — compared to 20.6 percent in 2016.
The Apple iPhone was introduced in January 2007 and went on
the market in June of that same year. Its ease of use and intuitive
interface made it an immediate success and solidified the future of
smartphones. The first Android phone was released in 2008 with
functionality similar to the iPhone.
Chapter 2: Hardware | 47

iPad Air
Tablet Computers
A tablet computer uses a
touch screen as its primary
input and is small enough and
light enough to be easily
transported. They generally
have no keyboard and are self-
contained inside a rectangular
case. Apple set the standard for
tablet computing with the
introduction of the iPad in 2010
using iOS, the operating system
of the iPhone. After the success
of the iPad, computer
manufacturers began to
develop new tablets that
utilized operating systems that
were designed for mobile devices, such as Android.
Global market share for tablets has changed since the early days
of Apple’s dominance. Today the iPad has about 25% of the global
market while Amazon Fire has 15% and Samsung Galaxy has 14%.
5 However, the popularity of tablets has declined sharply in recent
years.
Integrated Computing and Internet of Things
(IoT)
Along with advances in computers themselves, computing
5. [5]
48 | Information Systems for Business and Beyond (2019)

technology is being integrated into many everyday products. From
automobiles to refrigerators to airplanes, computing technology is
enhancing what these devices can do and is adding capabilities into
our every day lives thanks in part to IoT.
Internet of Things and the Cloud
The Internet of Things (IoT) is a network of billions of devices,
each with their own unique network address, around the world with
embedded electronics allowing them to connect to the Internet
for the purpose of collecting and sharing data, all without the
involvement of human beings.6
Objects ranging from a simple light bulb to a fitness band such
as FitBit to a driverless truck are all part of IoT thanks to the
processors inside them. A smartphone app can control and/or
communicate with each of these devices as well as others such as
electric garage door openers (for those who can’t recall if the door
has been closed), kitchen appliances (“Buy milk after work today.”),
thermostats such as Nest, home security, audio speakers, and the
feeding of pets.
Here are three of the latest ways that computing technologies are
being integrated into everyday products through IoT:
6. [6]
Chapter 2: Hardware | 49

https://pixabay.com/en/network-iot-internet-of-things-782707/

• How IoT Works
• The Smart House
• The Self-Driving Car
The Commoditization of the Personal
Computer
Over the past forty years, as the personal computer has gone from
technical marvel to part of everyday life, it has also become a
commodity. There is very little differentiation between computer
models and manufacturers, and the primary factor that controls
their sale is their price. Hundreds of manufacturers all over the
world now create parts for personal computers which are
purchased and assembled. As commodities, there are essentially
little or no differences between computers made by these different
companies. Profit margins for personal computers are minimal,
leading hardware developers to find the lowest-cost manufacturing
methods.
There is one brand of computer for which this is not the case
– Apple. Because Apple does not make computers that run on the
same open standards as other manufacturers, they can design and
manufacture a unique product that no one can easily copy. By
creating what many consider to be a superior product, Apple can
charge more for their computers than other manufacturers. Just
as with the iPad and iPhone, Apple has chosen a strategy of
differentiation, an attempt to avoid commoditization.
Summary
Information systems hardware consists of the components of digital
50 | Information Systems for Business and Beyond (2019)

https://www.youtube.com/watch?v=QSIPNhOiMoE

technology that you can touch. This chapter covered the
components that make up a personal computer, with the
understanding that the configuration of a personal computer is very
similar to that of any type of digital computing device. A personal
computer is made up of many components, most importantly the
CPU, motherboard, RAM, hard disk, removable media, and input/
output devices. Variations on the personal computer, such as the
smartphone, were also examined. Finally, commoditization of the
personal computer was addressed.
Study Questions
1. Write your own description of what the term information
systems hardware means.
2. What has lead to the shift toward mobility in computing?
3. What is the impact of Moore’s Law on the various hardware
components described in this chapter?
4. Write a one page summary of one of the items linked to in the
“Integrated Computing” section.
5. Explain why the personal computer is now considered a
commodity.
6. The CPU can also be thought of as the _____________ of
the computer.
7. List the units of measure for data storage in increasing order
from smallest to largest, kilobyte to yottabyte.
8. What is the bus of a computer?
9. Name two differences between RAM and a hard disk.
10. What are the advantages of solid-state drives over hard disks?
Chapter 2: Hardware | 51

Exercises
1. If you could build your own personal computer, what
components would you purchase? Put together a list of the
components you would use to create it, including a computer
case, motherboard, CPU, hard disk, RAM, and DVD drive. How
can you be sure they are all compatible with each other? How
much would it cost? How does this compare to a similar
computer purchased from a vendor such as Dell or HP?
2. Re-read the section on IoT, then find at least two scholarly
articles about IoT. Prepare a minimum of three slides that
address issues related to IoT. Be sure to give attribution to
your sources.
3. What is the current status of solid-state drives vs. hard disks?
Research online and compare prices, capacities, speed, and
durability. Again, be sure to give attribution to your sources.
Labs
1. Review the sidebar on the binary number system. Represent
the following decimal numbers in binary: 16, 100. Represent the
following binary numbers in decimal: 1011, 100100. Write the
decimal number 254 in an 8-bit byte.
2. Re-read the section on IoT, then look around your building
(dorm, apartment, or house) and make a list of possible
instances of IoTs. Be sure to list their location and likely
function.
1. Moore, G. E. (1965). Cramming more components onto
integrated circuits. Electronics Magazine, 4.
2. Huang, J. (2018, April 2). Move Over Moore’s Law: Make Room
52 | Information Systems for Business and Beyond (2019)

for Huang’s Law. IEEE Spectrum. Retrieved from
https://spectrum.ieee.org/view-from-the-valley/computing/
hardware/move-over-moores-law-make-way-for-huangs-
law↵
3. Wikipedia. (n.d.) Universal Serial Bus. Retrieved from
https://en.wikipedia.org/wiki/USB.
4. Stevens, J. (2017). Mobile Internet Statistics and Facts 2017.
Hosting Facts, August 17, 2017. Retrieved from
https://hostingfacts.com/internet-facts-stats-2016/
5. Statista. (2018). Global market share held by tablet vendors 4th
quarter 2017. Retrieved from https://www.statista.com/
statistics/276635/market-share-held-by-tablet-vendors/
6. Ranger, S. (2018, January 19). What is the IoT? ZDNet. Retrieved
from http://www.zdnet.com/article/what-is-the-internet-of-
things-everything-you-need-to-know-about-the-iot-right-
now/.
Chapter 2: Hardware | 53

Chapter 3: Software
Learning Objectives
Upon successful completion of this chapter, you will be
able to:
• define the term software;
• identify and describe the two primary categories of
software;
• describe the role ERP software plays in an
organization;
• describe cloud computing and its advantages and
disadvantages for use in an organization; and
• define the term open-source and identify its
primary characteristics.

Introduction
The second component of an information system is software, the
set of instructions that tells the hardware what to do. Software
is created by developers through the process of programming
(covered in more detail in Chapter 10). Without software, the
hardware would not be functional.
54 | Chapter 3: Software

Types of Software
Software can be broadly divided into two categories: operating
systems and application software. Operating systems manage the
hardware and create the interface between the hardware and the
user. Application software performs specific tasks such as word
processing, accounting, database management, video games, or
browsing the web.

Operating Systems
An operating system is first loaded into the computer by the
boot program, then it manages all of the programs in the computer,
including both programs native to the operating system such as
file and memory management and application software. Operating
systems provide you with these key functions:
1. managing the hardware resources of the computer;
2. providing the user-interface components;
Chapter 3: Software | 55

Linux Ubuntu desktop
3. providing a platform for software developers to write
applications.
All computing devices require an operating system. The most
popular operating systems for personal computers are: Microsoft
Windows, Apple’s Mac OS, and various versions of Linux.
Smartphones and tablets run operating systems as well, such as
iOS (Apple), Android (Google), Windows Mobile (Microsoft), and
Blackberry.
Microsoft provided the first operating system for the IBM-PC,
released in 1981. Their initial venture into a Graphical User Interface
(GUI) operating system, known as Windows, occurred in 1985.
Today’s Windows 10 supports the 64-bit Intel CPU. Recall that
“64-bit” indicates the size of data that can be moved within the
computer.
Apple introduced the Macintosh computer 1984 with the first
commercially successful GUI. Apple’s operating system for the
Macintosh is known as “Mac OS ” and also uses an Intel CPU
supporting 64-bit processing. Mac OS versions have been named
after mountains such as El Capitan, Sierra, and High Sierra.
Multitasking, virtual memory, and voice input have become
standard features of both operating systems.
The Linux operating system
is open source, meaning
individual developers are
allowed to make modifications
to the programming code.
Linux is a version of the Unix
operating. Unix runs on large
and expensive minicomputers.
Linux developer Linus Torvalds,
a professor in Finland and the creator of Linux, wanted to find a way
to make Unix run on less expensive personal computers. Linux has
many variations and now powers a large percentage of web servers
in the world.
56 | Information Systems for Business and Beyond (2019)

Sidebar: Why Is Microsoft Software So
Dominant in the Business World?
If you’ve worked in business, you may have noticed that almost
all computers in business run a version of Microsoft Windows.
However, in classrooms from elementary to college, there is almost
a balance between Macs and PCs. Why has this not extended into
the business world?
As discussed in Chapter 1, many businesses used IBM mainframe
computers back in the 1960s and 1970s. When businesses migrated
to the microcomputer (personal computer) market, they elected to
stay with IBM and chose the PC. Companies took the safe route,
invested in the Microsoft operating system and in Microsoft
software/applications.
Microsoft soon found itself with the dominant personal computer
operating system for businesses. As the networked PC began to
replace the mainframe computer, Microsoft developed a network
operating system along with a complete suite of programs focused
on business users. Today Microsoft Office in its various forms
controls 85% of the market. 1
Application Software
The second major category of software is application software.
1. [1]
Chapter 3: Software | 57

Image of Microsoft Excel
Application software is utilized directly today to accomplish a
specific goal such as word processing, calculations on a
spreadsheet, or surfing the Internet using your favorite browser.
The “Killer” App
When a new type of digital
device is invented, there are
generally a small group of
technology enthusiasts who
will purchase it just for the joy
of figuring out how it works. A
“killer” application is one that
becomes so essential that large
numbers of people will buy a
device just to run that application. For the personal computer, the
killer application was the spreadsheet.
The first spreadsheet was created by an MBA student at Harvard
University who tired of making repeated calculations to determine
the optimal result on a problem and decided to create a tool that
allowed the user to easily change values and recalculate formulas.
The result was the spreadsheet. Today’s dominant spreadsheet is
Microsoft Excel which still retains the basic functionality of the first
spreadsheet.
Productivity Software
Along with the spreadsheet, several other software applications
have become standard tools for the workplace. Known as
productivity software, these programs allow office employees to
complete their daily work efficiently. Many times these applications
58 | Information Systems for Business and Beyond (2019)

come packaged together, such as in Microsoft’s Office suite. Here is
a list of some of these applications and their basic functions:
• Word processing Users can create and edit documents using
this class of software. Functions include the ability to type and
edit text, format fonts and paragraphs, as well as add, move,
and delete text throughout the document. Tables and images
can be inserted. Documents can be saved in a variety of
electronic file formats with Microsoft Word’s DOCX being the
most popular. Documents can also be converted to other
formats such as Adobe’s PDF (Portable Document Format) or a
.TXT file.
• Spreadsheet This class of software provides a way to do
numeric calculations and analysis, displaying the result in
charts and graphs. The working area is divided into rows and
columns, where users can enter numbers, text, or formulas. It
is the formulas that make a spreadsheet powerful, allowing the
user to develop complex calculations that can change based on
the numbers entered. The most popular spreadsheet package
is Microsoft Excel, which saves its files in the XLSX format.
• Presentation Users can create slideshow presentations using
this class of software. The slides can be projected, printed, or
distributed to interested parties. Text, images, audio, and
visual can all be added to the slides. Microsoft’s PowerPoint is
the most popular software right now, saving its files in PPTX
format.
• Some office suites include other types of software. For
example, Microsoft Office includes Outlook, its e-mail
package, and OneNote, an information-gathering collaboration
tool. The professional version of Office also includes Microsoft
Access, a database package. (Databases are covered more in
Chapter 4.)

Microsoft popularized the idea of the office-software productivity
Chapter 3: Software | 59

bundle with their release of the Microsoft Office Suite. This package
continues to dominate the market and most businesses expect
employees to know how to use this software. However, many
competitors to Microsoft Office do exist and are compatible with
the file formats used by Microsoft (see table below). Microsoft also
offers a cloud-based version of their office suite named Microsoft
Office 365. Similar to Google Drive, this suite allows users to edit
and share documents online utilizing cloud-computing technology.
Utility Software and Programming Software
Utility software includes programs that allow you to fix or modify
your computer in some way. Examples include anti-malware
software and programs that totally remove software you no longer
want installed. These types of software packages were created to
fill shortcomings in operating systems. Many times a subsequent
release of an operating system will include these utility functions as
part of the operating system itself.
Programming software’s purpose is to produce software. Most of
60 | Information Systems for Business and Beyond (2019)

https://commons.wikimedia.org/wiki/User:Wgsimon

Screen shot of Tableau (click to
enlarge)
these programs provide developers with an environment in which
they can write the code, test it, and convert/compile it into the
format that can then be run on a computer. This software is typically
identified as the Integrated Development Environment (IDE) and is
provided free from the corporation that developed the
programming language that will be used to write the code.
Sidebar: “PowerPointed” to Death
As presentation software has
gained acceptance as the
primary method to formally
present information to a group
or class, the art of giving an
engaging presentation is
becoming rare. Many
presenters now just read the
bullet points in the
presentation and immediately bore those in attendance, who can
already read it for themselves. The real problem is not with
PowerPoint as much as it is with the person creating and presenting.
Author and chief evangelist Guy Kawasaki has developed the 10/20/
30 rule for Powerpoint users. Just remember: 10 slides, 20 minutes,
30 point font.”2 If you are determined to improve your PowerPoint
skills, read Presentation Zen by Garr Reynolds.
New digital presentation technologies are being developed that
go beyond Powerpoint. For example, Prezi uses a single canvas for
the presentation, allowing presenters to place text, images, and
2. [2]
Chapter 3: Software | 61

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2018/07/TABLUE

other media on the canvas, and then navigate between these objects
as they present. Tools such as Tableau allow users to analyze data in
depth and create engaging interactive visualizations.
Sidebar: I Own This Software, Right?
Well…
When you purchase software and install it on your computer, are
you the owner of that software? Technically, you are not! When you
install software, you are actually just being given a license to use it.
When you first install a package, you are asked to agree to the terms
of service or the license agreement. In that agreement, you will find
that your rights to use the software are limited. For example, in
the terms of the Microsoft Office software license, you will find
the following statement: “This software is licensed, not sold. This
agreement only gives you some rights to use the features included
in the software edition you licensed.”
For the most part, these restrictions are what you would expect.
You cannot make illegal copies of the software and you may not use
it to do anything illegal. However, there are other, more unexpected
terms in these software agreements. For example, many software
agreements ask you to agree to a limit on liability. Again, from
Microsoft: “Limitation on and exclusion of damages. You can
recover from Microsoft and its suppliers only direct damages up to
the amount you paid for the software. You cannot recover any other
damages, including consequential, lost profits, special, indirect or
incidental damages.” This means if a problem with the software
causes harm to your business, you cannot hold Microsoft or the
supplier responsible for damages.
62 | Information Systems for Business and Beyond (2019)

Applications for the Enterprise
As the personal computer proliferated inside organizations, control
over the information generated by the organization began
splintering. For instance, the customer service department creates
a customer database to keep track of calls and problem reports,
and the sales department also creates a database to keep track of
customer information. Which one should be used as the master
list of customers? Or perhaps someone in sales might create a
spreadsheet to calculate sales revenue, while someone in finance
creates a different revenue document that meets the needs of their
department, but calculates revenue differently. The two
spreadsheets will report different revenue totals. Which one is
correct? And who is managing all of this information?
Enterprise Resource Planning
In the 1990s
the need to bring an organization’s information back under
centralized control became more apparent. The Enterprise
Resource Planning (ERP) system (sometimes just called enterprise
software) was developed to bring together an entire organization
within one program. ERP software utilizes a central database that
is implemented throughout the entire organization. Here are some
key points about ERP.
• A software application. ERP is an application that is used by
Chapter 3: Software | 63

many of an organization’s employees.
• Utilizes a central database. All users of the ERP edit and save
their information from the same data source. For example, this
means there is only one customer table in the database, there
is only one sales (revenue) table in the database, etc.
• Implemented organization-wide. ERP systems include
functionality that covers all of the essential components of a
business. An organization can purchase modules for its ERP
system that match specific needs such as order entry,
manufacturing, or planning.
ERP systems were originally marketed to large corporations.
However, as more and more large companies began installing them,
ERP vendors began targeting mid-sized and even smaller
businesses. Some of the more well-known ERP systems include
those from SAP, Oracle, and Microsoft.
In order to effectively implement an ERP system in an
organization, the organization must be ready to make a full
commitment. All aspects of the organization are affected as old
systems are replaced by the ERP system. In general, implementing
an ERP system can take two to three years and cost several million
dollars.
So why implement an ERP system? If done properly, an ERP
system can bring an organization a good return on their investment.
By consolidating information systems across the enterprise and
using the software to enforce best practices, most organizations
see an overall improvement after implementing an ERP. Business
processes as a form of competitive advantage will be covered in
Chapter 9.

64 | Information Systems for Business and Beyond (2019)

Customer Relationship Management
A Customer Relationship Management (CRM) system manages an
organization’s customers. In today’s environment, it is important to
develop relationships with your customers, and the use of a well-
designed CRM can allow a business to personalize its relationship
with each of its customers. Some ERP software systems include
CRM modules. An example of a well-known CRM package is
Salesforce.

Supply Chain Management

Supply Chain
Many organizations must deal with the complex task of managing
their supply chains. At its simplest, a supply chain is the linkage
between an organization’s suppliers, its manufacturing facilities,
and the distributors of its products. Each link in the chain has a
multiplying effect on the complexity of the process. For example,
if there are two suppliers, one manufacturing facility, and two
distributors, then the number of links to manage = 4 ( 2 x 1 x
2 ). However, if two more suppliers are added, plus another
manufacturing facility, and two more distributors, then the number
of links to manage = 32 ( 4 x 2 x 4 ). Also, notice in the above
illustration that all arrows have two heads, indicating that
information flows in both directions. Suppliers are part of a
business’s supply chain. They provide information such as price,
size, quantity, etc. to the business. In turn, the business provides
information such as quantity on hand at every store to the supplier.
The key to successful supply chain management is the information
system.
Chapter 3: Software | 65

https://commons.wikimedia.org/wiki/Category:Supply_chain#/media/File:A_company%27s_supply_chain_(en)

A Supply Chain Management (SCM) system handles the
interconnection between these links as well as the inventory of
the products in their various stages of development. As discussed
previously much of Walmart’s success has come from its ability
to identify and control the supply chain for its products. Walmart
invested heavily in their information system so they could
communicate with their suppliers and manage the thousands of
products they sell.
Walmart realized in the 1980s that the key to their success was
information systems. Specifically, they needed to manage their
complex supply chain with its thousands of suppliers, thousands
of retail outlets, and millions of customers. Their success came
from being able to integrate information systems to every entity
(suppliers, warehouses, retail stores) through the sharing of sales
and inventory data. Take a moment to study the diagram
above…look for the double-headed arrow. Notice that data flows
down the supply chain from suppliers to retail stores. But it also
flows up the supply chain, back to the suppliers so they can be up to
date regarding production and shipping.

Mobile Applications
Just as with the personal computer, mobile devices such as
66 | Information Systems for Business and Beyond (2019)

smartphones and electronic tablets also have operating systems and
application software. These mobile devices are in many ways just
smaller versions of personal computers. A mobile app is a software
application designed to run specifically on a mobile device.
As shown in Chapter 2, smartphones are becoming a dominant
form of computing, with more smartphones being sold than
personal computers. A greater discussion of PC and smartphone
sales appears in Chapter 13, along with statistics regarding the
decline in tablet sales. Businesses have adjusted to this trend by
increasing their investment in the development of apps for mobile
devices. The number of mobile apps in the Apple App Store has
increased from zero in 2008 to over 2 million in 2017.3
Building a mobile app will will be covered in Chapter 10.

Cloud Computing
Historically, for software to run on a computer an individual copy
of the software had to be installed on the computer. The concept of
“cloud” computing changes this.
Cloud Computing
The “cloud” refers to applications, services, and data storage
located on the Internet. Cloud service providers rely on giant server
farms and massive storage devices that are connected via the
Internet. Cloud computing allows users to access software and data
storage services on the Internet.
You probably already use cloud computing in some form. For
example, if you access your e-mail via your web browser, you are
3. [3]
Chapter 3: Software | 67

using a form of cloud computing if you are using Google Drive’s
applications. While these are free versions of cloud computing,
there is big business in providing applications and data storage over
the web. Cloud computing is not limited to web applications. It can
also be used for services such as audio or video streaming.
Advantages of Cloud Computing
• No software to install or upgrades to maintain.
• Available from any computer that has access to the Internet.
• Can scale to a large number of users easily.
• New applications can be up and running very quickly.
• Services can be leased for a limited time on an as-needed
basis.
• Your information is not lost if your hard disk crashes or your
laptop is lost or stolen.
• You are not limited by the available memory or disk space on
your computer.
Disadvantages of Cloud Computing
• Your information is stored on someone else’s computer.
• You must have Internet access to use it.
• You are relying on a third-party to provide these services.
Cloud computing has the ability to really impact how
organizations manage technology. For example, why is an IT
department needed to purchase, configure, and manage personal
computers and software when all that is really needed is an Internet
connection?
68 | Information Systems for Business and Beyond (2019)

Using a Private Cloud
Many organizations are understandably nervous about giving up
control of their data and some of their applications by using cloud
computing. But they also see the value in reducing the need for
installing software and adding disk storage to local computers. A
solution to this problem lies in the concept of a private cloud. While
there are various models of a private cloud, the basic idea is for
the cloud service provider to section off web server space for a
specific organization. The organization has full control over that
server space while still gaining some of the benefits of cloud
computing.
Virtualization
Virtualization is the process of using software to simulate a
computer or some other device. For example, using virtualization
a single physical computer can perform the functions of several
virtual computers, usually referred to as Virtual Machines (VMs).
Organizations implement virtual machines in an effort to reduce
the number of physical servers needed to provide the necessary
services to users. This reduction in the number of physical servers
also reduces the demand for electricity to run and cool the physical
servers. For more detail on how virtualization works, see this
informational page from VMWare.

Chapter 3: Software | 69

http://www.vmware.com/virtualization/virtualization-basics/how-virtualization-works.html

Example program “Hello World”
written in Java
Software Creation
Modern software applications
are written using a
programming language such as
Java, Visual C, C++, Python, etc.
A programming language
consists of a set of commands
and syntax that can be
organized logically to execute
specific functions. Using this language a programmer writes a
program (known as source code) that can then be compiled into
machine-readable form, the ones and zeroes necessary to be
executed by the CPU. Languages such as HTML and Javascript are
used to develop web pages.
Open-Source Software
When the personal computer was first released, computer
enthusiasts banded together to build applications and solve
problems. These computer enthusiasts were motivated to share any
programs they built and solutions to problems they found. This
collaboration enabled them to more quickly innovate and fix
problems.
As software began to become a business, however, this idea of
sharing everything fell out of favor with many developers. When a
program takes hundreds of hours to develop, it is understandable
that the programmers do not want to just give it away. This led to a
new business model of restrictive software licensing which required
payment for software, a model that is still dominant today. This
model is sometimes referred to as closed source, as the source code
is not made available to others.
70 | Information Systems for Business and Beyond (2019)

There are many, however, who feel that software should not be
restricted. Just as with those early hobbyists in the 1970s, they feel
that innovation and progress can be made much more rapidly if
they share what has been learned. In the 1990s, with Internet access
connecting more people together, the open-source movement
gained steam.

Open Office Suite
Open-source software makes the source code available for
anyone to copy and use. For most people having access to the
source code of a program does little good since it is challenging to
modify existing programming code. However, open-source software
is also available in a compiled format that can be downloaded and
installed. The open-source movement has led to the development
of some of the most used software in the world such as the Firefox
browser, the Linux operating system, and the Apache web server.
Many businesses are wary of open-source software precisely
because the code is available for anyone to see. They feel that this
increases the risk of an attack. Others counter that this openness
actually decreases the risk because the code is exposed to
thousands of programmers who can incorporate code changes to
quickly patch vulnerabilities.
There are thousands of open-source applications available for
download. For example, you can get the productivity suite from
Chapter 3: Software | 71

Open Office. One good place to search for open-source software is
sourceforge.net, where thousands of programs are available for free
download.
Summary
Software gives the instructions that tell the hardware what to do.
There are two basic categories of software: operating systems and
applications. Operating systems interface with the computer
hardware and make system resources available. Application
software allows users to accomplish specific tasks such as word
processing, presentations, or databases. This group is also referred
to as productivity software. An ERP system stores all data in a
centralized database that is made accessible to all programs and
departments across the organization. Cloud computing provides
access to software and databases from the Internet via a web
browser. Developers use various programming languages to develop
software.
Study Questions
1. Develop your own definition of software being certain to
explain the key terms.
2. What are the primary functions of an operating system?
3. Which of the following are operating systems and which are
applications: Microsoft Excel, Google Chrome, iTunes,
Windows, Android, Angry Birds.
4. What is your favorite software application? What tasks does it
help you accomplish?
72 | Information Systems for Business and Beyond (2019)

http://sourceforge.net/

5. How would you categorize the software that runs on mobile
devices? Break down these apps into at least three basic
categories and give an example of each.
6. What does an ERP system do?
7. What is open-source software? How does it differ from closed-
source software? Give an example of each.
8. What does a software license grant to the purchaser of the
software?
Exercises
1. Find a case study online about the implementation of an ERP
system. Was it successful? How long did it take? Does the case
study tell you how much money the organization spent?
2. If you were running a small business with limited funds for
information technology, would you consider using cloud
computing? Find some web-based resources that support your
decision.
3. Go to sourceforge.net and review their most downloaded
software applications. Report on the variety of applications you
find. Then pick one that interests you and report back on what
it does, the kind of technical support offered, and the user
reviews.
4. Review this article on the security risks of open-source
software. Write a short analysis giving your opinion on the
different risks discussed.
5. List three examples of programming languages? What features
in each language makes it useful to developers?
Chapter 3: Software | 73

http://sourceforge.net/

http://www.zdnet.com/six-open-source-security-myths-debunked-and-eight-real-challenges-to-consider-7000014225

Lab
1. Download Apache Open Office and create a document. Note: If
your computer does not have Java Runtime Environment (JRE)
32-bit (x86) installed, you will need to download it first from
this site.Open Office runs only in 32-bit (x86) mode. Here is a
link to the Getting Started documentation for Open Office.
How does it compare to Microsoft Office? Does the fact that
you got it for free make it feel less valuable?
1. Statista. (2017). Microsoft – Statistics & Facts. Retrieved from
https://www.statista.com/topics/823/microsoft/
2. Kawasaki, G. (n.d.). The 10/20/30 Rules for PowerPoint.
Retrieved from https://guykawasaki.com/the_102030_rule/.↵
3. Statista. (2018). Number of apps in Apple App Store July 2008 to
January 2017. Retrieved from https:https://www.statista.com/
statistics/263795/number-of-available-apps-in-the-apple-
app-store/.↵
74 | Information Systems for Business and Beyond (2019)

http://www.openoffice.org/download

http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html

http://wiki.openoffice.org/w/images/3/3c/0108GS33-GettingStartedWithBase

Chapter 4: Data and
Databases
Learning Objectives
Upon successful completion of this chapter, you
will be able to:
• Describe the differences between data,
information, and knowledge;
• Describe why database technology must be
used for data resource management;
• Define the term database and identify the
steps to creating one;
• Describe the role of a database
management system;
• Describe the characteristics of a data
warehouse; and
• Define data mining and describe its role in
an organization.

Chapter 4: Data and Databases | 75

Introduction
You have already been introduced to the first two components of
information systems: hardware and software. However, those two
components by themselves do not make a computer useful. Imagine
if you turned on a computer, started the word processor, but could
not save a document. Imagine if you opened a music player but
there was no music to play. Imagine opening a web browser but
there were no web pages. Without data, hardware and software
are not very useful! Data is the third component of an information
system.
Data, Information, and Knowledge
There have been many definitions and theories about data,
information, and knowledge. The three terms are often used
interchangeably, although they are distinct in nature. We define
and illustrate the three terms from the perspective of information
systems.
76 | Information Systems for Business and Beyond (2019)

Data are the raw facts, and may
be devoid of context or intent. For example, a sales order of
computers is a piece of data. Data can be quantitative or qualitative.
Quantitative data is numeric, the result of a measurement, count,
or some other mathematical calculation. Qualitative data is
descriptive. “Ruby Red,” the color of a 2013 Ford Focus, is an example
of qualitative data. A number can be qualitative too: if I tell you my
favorite number is 5, that is qualitative data because it is descriptive,
not the result of a measurement or mathematical calculation.
Information is processed data that possess context, relevance, and
purpose. For example, monthly sales calculated from the collected
daily sales data for the past year are information. Information
typically involves the manipulation of raw data to obtain an
indication of magnitude, trends, in patterns in the data for a
purpose.
Knowledge in a certain area is human beliefs or perceptions about
relationships among facts or concepts relevant to that area. For
example, the conceived relationship between the quality of goods
Chapter 4: Data and Databases | 77

and the sales is knowledge. Knowledge can be viewed as
information that facilitates action.
Once we have put our data into context, aggregated and analyzed
it, we can use it to make decisions for our organization. We can
say that this consumption of information produces knowledge. This
knowledge can be used to make decisions, set policies, and even
spark innovation.
Explicit knowledge typically refers to knowledge that can be
expressed into words or numbers. In contrast, tacit knowledge
includes insights and intuitions, and is difficult to transfer to
another person by means of simple communications.
Evidently, when information or explicit knowledge is captured
and stored in computer, it would become data if the context or
intent is devoid.
The final step up the information ladder is the step from
knowledge (knowing a lot about a topic) to wisdom. We can say
that someone has wisdom when they can combine their knowledge
and experience to produce a deeper understanding of a topic. It
often takes many years to develop wisdom on a particular topic, and
requires patience.
Big Data
Almost all software programs require data to do anything useful.
For example, if you are editing a document in a word processor
such as Microsoft Word, the document you are working on is the
data. The word-processing software can manipulate the data: create
a new document, duplicate a document, or modify a document.
Some other examples of data are: an MP3 music file, a video file, a
spreadsheet, a web page, a social media post, and an e-book.
Recently, big data has been capturing the attention of all types of
organizations. The term refers to such massively large data sets that
conventional data processing technologies do not have sufficient
78 | Information Systems for Business and Beyond (2019)

power to analyze them. For example, Walmart must process millions
customer transactions every hour across the world. Storing and
analyzing that much data is beyond the power of traditional data
management tools. Understanding and developing the best tools
and techniques to manage and analyze these large data sets are a
problem that governments and businesses alike are trying to solve.
Databases
The goal of many information systems is to transform data into
information in order to generate knowledge that can be used for
decision making. In order to do this, the system must be able to take
data, allow the user to put the data into context, and provide tools
for aggregation and analysis. A database is designed for just such a
purpose.
Why Databases?
Data is a valuable resource in the organization. However, many
people do not know much about database technology, but use non-
database tools, such as Excel spreadsheet or Word document, to
store and manipulate business data, or use poorly designed
databases for business processes. As a result, the data are
redundant, inconsistent, inaccurate, and corrupted. For a small
data set, the use of non-database tools such as spreadsheet may
not cause serious problem. However, for a large organization,
corrupted data could lead to serious errors and destructive
consequences. The common defects in data resources management
are explained as follows.
(1) No control of redundant data
People often keep redundant data for convenience. Redundant
Chapter 4: Data and Databases | 79

data could make the data set inconsistent. We use an illustrative
example to explain why redundant data are harmful. Suppose the
registrar’s office has two separate files that store student data: one
is the registered student roster which records all students who have
registered and paid the tuition, and the other is student grade roster
which records all students who have received grades.
As you can see from the two spreadsheets, this data management
system has problems. The fact that “Student 4567 is Mary Brown,
and her major is Finance” is stored more than once. Such
occurrences are called data redundancy. Redundant data often
make data access convenient, but can be harmful. For example, if
Mary Brown changes her name or her major, then all her names and
major stored in the system must be changed altogether. For small
data systems, such a problem looks trivial. However, when the data
system is huge, making changes to all redundant data is difficult if
not impossible. As a result of data redundancy, the entire data set
can be corrupted.
(2) Violation of data integrity
Data integrity means consistency among the stored data. We
use the above illustrative example to explain the concept of data
integrity and how data integrity can be violated if the data system is
flawed. You can find that Alex Wilson received a grade in MKT211;
however, you can’t find Alex Wilson in the student roster. That is,
the two rosters are not consistent. Suppose we have a data integrity
control to enforce the rules, say, “no student can receive a grade
unless she/he has registered and paid tuition”, then such a violation
of data integrity can never happen.
(3) Relying on human memory to store and to search needed data
The third common mistake in data resource management is the
80 | Information Systems for Business and Beyond (2019)

over use of human memory for data search. A human can remember
what data are stored and where the data are stored, but can also
make mistakes. If a piece of data is stored in an un-remembered
place, it has actually been lost. As a result of relying on human
memory to store and to search needed data, the entire data set
eventually becomes disorganized.
To avoid the above common flaws in data resource management,
database technology must be applied. A database is an organized
collection of related data. It is an organized collection, because in
a database, all data is described and associated with other data.
For the purposes of this text, we will only consider computerized
databases.
Though not good for replacing databases, spreadsheets can be
ideal tools for analyzing the data stored in a database. A spreadsheet
package can be connected to a specific table or query in a database
and used to create charts or perform analysis on that data.
Data Models and Relational Databases
Databases can be organized in many different ways by using
different models. The data model of a database is the logical
structure of data items and their relationships. There have been
several data models. Since the 1980s, the relational data model
has been popularized. Currently, relational database systems are
commonly used in business organizations with few exceptions. A
relational data model is easy to understand and use.
In a relational database, data is organized into tables (or relations).
Each table has a set of fields which define the structure of the data
stored in the table. A record is one instance of a set of fields in a
table. To visualize this, think of the records as the rows (or tuple) of
the table and the fields as the columns of the table.
In the example below, we have a table of student data, with each
row representing a student record , and each column representing
Chapter 4: Data and Databases | 81

one filed of the student record. A special filed or a combination
of fields that determines the unique record is called primary key
(or key). A key is usually the unique identification number of the
records.
Rows and columns in a table
Designing a Database
Suppose a university wants to create a School Database to track
data. After interviewing several people, the design team learns that
the goal of implementing the system is to give better insight into
students’ performance and academic resources. From this, the
team decides that the system must keep track of the students, their
grades, courses, and classrooms. Using this information, the design
team determines that the following tables need to be created:
• STUDENT: student name, major, and e-mail.
• COURSE: course title, enrollment capacity.
• GRADE: this table will correlate STUDENT with COURSE,
allowing us to have any given student to enroll multiple
courses and to receive a grade for each course.
• CLASSROOM: classroom location, classroom type, and
classroom capacity
82 | Information Systems for Business and Beyond (2019)

Now that the design team has determined which tables to create,
they need to define the specific data items that each table will hold.
This requires identifying the fields that will be in each table. For
example, course title would be one of the fields in the COURSE
table. Finally, since this will be a relational database, every table
should have a field in common with at least one other table (in other
words, they should have relationships with each other).
A primary key must be selected for each table in a relational
database. This key is a unique identifier for each record in the table.
For example, in the STUDENT table, it might be possible to use the
student name as a way to identify a student. However, it is more
than likely that some students share the same name. A student’s
e-mail address might be a good choice for a primary key, since e-
mail addresses are unique. However, a primary key cannot change,
so this would mean that if students changed their e-mail address we
would have to remove them from the database and then re-insert
them – not an attractive proposition. Our solution is to use student
ID as the primary key of the STUDENT table. We will also do this
for the COURSE table and the CLASSROOM table. This solution is
quite common and is the reason you have so many IDs! The primary
key of table can be just one field, but can also be a combination of
two or more fields. For example, the combination of StudentID and
CourseID the GRADE table can be the primary key of the GRADE
table, which means that a grade is received by a particular student
for a specific course.
The next step of design of database is to identify and make the
relationships between the tables so that you can pull the data
together in meaningful ways. A relationship between two tables is
implemented by using a foreign key. A foreign key is a field in one
table that connects to the primary key data in the original table. For
example, ClassroomID in the COURSE table is the foreign key that
connects to the primary key ClassroomID in the CLASSROOM table.
With this design, not only do we have a way to organize all of the
data we need and have successfully related all the table together to
Chapter 4: Data and Databases | 83

Tables of the
student
database
meet the requirements, but have also prevented invalid data from
being entered into the database. You can see the final database
design in the figure below:

Normalization
When designing a database, one important concept to understand
is normalization. In simple terms, to normalize a database means to
design it in a way that: 1) reduces data redundancy; and 2) ensure
data integrity.
In the School Database design, the design team worked to achieve
these objectives. For example, to track grades, a simple (and wrong)
solution might have been to create a Student field in the COURSE
table and then just list the names of all of the students there.
However, this design would mean that if a student takes two or
more courses, then his or her data would have to be entered twice
or more times. This means the data are redundant. Instead, the
designers solved this problem by introducing the GRADE table.
In this design, when a student registers into the school system
before taking a course, we first must add the student to the
STUDENT table, where their ID, name, major, and e-mail address
are entered. Now we will add a new entry to denote that the
student takes a specific course. This is accomplished by adding a
record with the StudentD and the CourseID in the GRADE table.
If this student takes a second course, we do not have to duplicate
the entry of the student’s name, major, and e-mail; instead, we
84 | Information Systems for Business and Beyond (2019)

only need to make another entry in the GRADE table of the second
course’s ID and the student’s ID.
The design of the School database also makes it simple to change
the design without major modifications to the existing structure.
For example, if the design team were asked to add functionality
to the system to track instructors who teach the courses, we could
easily accomplish this by adding a PROFESSOR table (similar to the
STUDENT table) and then adding a new field to the COURSE table
to hold the professors’ ID.
Data Types
When defining the fields in a database table, we must give each field
a data type. For example, the field StudentName is text string, while
EnrollmentCapacity is number. Most modern databases allow for
several different data types to be stored. Some of the more common
data types are listed here:
• Text: for storing non-numeric data that is brief, generally
under 256 characters. The database designer can identify the
maximum length of the text.
• Number: for storing numbers. There are usually a few different
number types that can be selected, depending on how large
the largest number will be.
• Boolean: a data type with only two possible values, such as 0 or
1, “true” or “false”, “yes” or “no”.
• Date/Time: a special form of the number data type that can be
interpreted as a number or a time.
• Currency: a special form of the number data type that formats
all values with a currency indicator and two decimal places.
• Paragraph Text: this data type allows for text longer than 256
characters.
• Object: this data type allows for the storage of data that cannot
Chapter 4: Data and Databases | 85

Open Office Database Management
System
be entered via keyboard, such as an image or a music file.
There are two important reasons that we must properly define
the data type of a field. First, a data type tells the database what
functions can be performed with the data. For example, if we wish
to perform mathematical functions with one of the fields, we must
be sure to tell the database that the field is a number data type. For
example, we can subtract the course capacity from the classroom
capacity to find out the number of extra seats available.
The second important reason to define data type is so that the
proper amount of storage space is allocated for our data. For
example, if the StudentName field is defined as a Text(50) data type,
this means 50 characters are allocated for each name we want to
store. If a student’s name is longer than 50 characters, the database
will truncate it.
Database Management Systems
To the computer, a database
looks like one or more files. In
order for the data in the
database to be stored, read,
changed, added, or removed, a
software program must access
it. Many software applications
have this ability: iTunes can
read its database to give you a listing of its songs (and play the
songs); your mobile-phone software can interact with your list of
contacts. But what about applications to create or manage a
database? What software can you use to create a database, change
a database’s structure, or simply do analysis? That is the purpose of
a category of software applications called database management
systems (DBMS).
86 | Information Systems for Business and Beyond (2019)

DBMS packages generally provide an interface to view and change
the design of the database, create queries, and develop reports.
Most of these packages are designed to work with a specific type
of database, but generally are compatible with a wide range of
databases.
A database that can only be used by a single user at a time is not
going to meet the needs of most organizations. As computers have
become networked and are now joined worldwide via the Internet,
a class of database has emerged that can be accessed by two, ten,
or even a million people. These databases are sometimes installed
on a single computer to be accessed by a group of people at a
single location. Other times, they are installed over several servers
worldwide, meant to be accessed by millions. In enterprises the
relational DBMS are built and supported by companies such as
Oracle, Microsoft SQL Server, and IBM Db2. The open-source
MySQL is also an enterprise database.
Microsoft Access and Open Office Base are examples of personal
database-management systems. These systems are primarily used
to develop and analyze single-user databases. These databases are
not meant to be shared across a network or the Internet, but are
instead installed on a particular device and work with a single user
at a time. Apache OpenOffice.org Base (see screen shot) can be
used to create, modify, and analyze databases in open-database
(ODB) format. Microsoft’s Access DBMS is used to work with
databases in its own Microsoft Access Database format. Both Access
and Base have the ability to read and write to other database
formats as well.
Structured Query Language
Once you have a database designed and loaded with data, how
will you do something useful with it? The primary way to work
Chapter 4: Data and Databases | 87

with a relational database is to use Structured Query Language,
SQL (pronounced “sequel,” or simply stated as S-Q-L). Almost all
applications that work with databases (such as database
management systems, discussed below) make use of SQL as a way to
analyze and manipulate relational data. As its name implies, SQL is a
language that can be used to work with a relational database. From
a
simple request for data to a complex update operation, SQL is a
mainstay of programmers and database administrators. To give you
a taste of what SQL might look like, here are a couple of examples
using our School database:
The following query will retrieve the major of student John
Smith from the STUDENT table:
SELECT StudentMajor
FROM STUDENT
WHERE StudentName = ‘John Smith’;
The following query will list the total number of students in
the STUDENT table:
SELECT COUNT(*)
FROM STUDENT;
SQL can be embedded in many computer languages that are used
to develop platform-independent web-based applications. An in-
depth description of how SQL works is beyond the scope of this
introductory text, but these examples should give you an idea of
the power of using SQL to manipulate relational databases. Many
DBMS, such as Microsoft Access, allow you to use QBE (Query-by-
Example), a graphical query tool, to retrieve data though visualized
commands. QBE generates SQL for you, and is easy to use. In
comparison with SQL, QBE has limited functionalities and is unable
to work without the DBMS environment.
88 | Information Systems for Business and Beyond (2019)

Other Types of Databases
The relational database model is the most used database model
today. However, many other database models exist that provide
different strengths than the relational model. The hierarchical
database model, popular in the 1960s and 1970s, connected data
together in a hierarchy, allowing for a parent/child relationship
between data. The document-centric model allowed for a more
unstructured data storage by placing data into “documents” that
could then be manipulated.
Perhaps the most interesting new development is the concept
of NoSQL (from the phrase “not only SQL”). NoSQL arose from the
need to solve the problem of large-scale databases spread over
several servers or even across the world. For a relational database
to work properly, it is important that only one person be able to
manipulate a piece of data at a time, a concept known as record-
locking. But with today’s large-scale databases (think Google and
Amazon), this is just not possible. A NoSQL database can work with
data in a looser way, allowing for a more unstructured environment,
communicating changes to the data over time to all the servers that
are part of the database.
As stated earlier, the relational database model does not scale
well. The term scale here refers to a database getting larger
and larger, being distributed on a larger number of computers
connected via a network. Some companies are looking to provide
large-scale database solutions by moving away from the relational
model to other, more flexible models. For example, Google now
offers the App Engine Datastore, which is based on NoSQL.
Developers can use the App Engine Datastore to develop
applications that access data from anywhere in the world.
Amazon.com offers several database services for enterprise use,
including Amazon RDS, which is a relational database service, and
Amazon DynamoDB, a NoSQL enterprise solution.
Chapter 4: Data and Databases | 89

Sidebar: What Is Metadata?
The term metadata can be understood as “data about data.”
Examples of metadata of database are:
• number of records
• data type of field
• size of field
• description of field
• default value of field
• rules of use.
When a database is being designed, a “data dictionary” is created to
hold the metadata, defining the fields and structure of the database.
Finding Value in Data: Business Intelligence
With the rise of Big Data and a myriad of new tools and techniques
at their disposal, businesses are learning how to use information to
their advantage. The term business intelligence is used to describe
the process that organizations use to take data they are collecting
and analyze it in the hopes of obtaining a competitive advantage.
Besides using their own data, stored in data warehouses (see below),
firms often purchase information from data brokers to get a big-
picture understanding of their industries and the economy. The
results of these analyses can drive organizational strategies and
provide competitive advantage.
90 | Information Systems for Business and Beyond (2019)

Data Visualization
Data visualization is the graphical representation of information and
data. These graphical representations (such as charts, graphs, and
maps) can quickly summarize data in a way that is more intuitive
and can lead to new insights and understandings. Just as a picture
of a landscape can convey much more than a paragraph of text
attempting to describe it, graphical representation of data can
quickly make meaning of large amounts of data. Many times,
visualizing data is the first step towards a deeper analysis and
understanding of the data collected by an organization. Examples of
data visualization software include Tableau and Google Data Studio.
Data Warehouses
As organizations have begun to utilize databases as the centerpiece
of their operations, the need to fully understand and leverage the
data they are collecting has become more and more apparent.
However, directly analyzing the data that is needed for day-to-day
operations is not a good idea; we do not want to tax the operations
of the company more than we need to. Further, organizations also
want to analyze data in a historical sense: How does the data we
have today compare with the same set of data this time last month,
or last year? From these needs arose the concept of the data
warehouse.
The concept of the data warehouse is simple: extract data from
one or more of the organization’s databases and load it into the
data warehouse (which is itself another database) for storage and
analysis. However, the execution of this concept is not that simple.
A data warehouse should be designed so that it meets the following
criteria:
• It uses non-operational data. This means that the data
Chapter 4: Data and Databases | 91

Data Warehouse Process (top-down)
warehouse is using a copy of data from the active databases
that the company uses in its day-to-day operations, so the
data warehouse must pull data from the existing databases on
a regular, scheduled basis.
• The data is time-variant. This means that whenever data is
loaded into the data warehouse, it receives a time stamp,
which allows for comparisons between different time periods.
• The data is standardized. Because the data in a data warehouse
usually comes from several different sources, it is possible that
the data does not use the same definitions or units. For
example, each database uses its own format for dates (e.g.,
mm/dd/yy, or dd/mm/yy, or yy/mm/dd, etc.). In order for
the data warehouse to match up dates, a standard date format
would have to be agreed upon and all data loaded into the data
warehouse would have to be converted to use this standard
format. This process is called extraction-transformation-load
(ETL).
There are two primary schools of thought when designing a data
warehouse: bottom-up and top-down. The bottom-up approach
starts by creating small data warehouses, called data marts, to solve
specific business problems. As these data marts are created, they
can be combined into a larger data warehouse. The top- down
approach suggests that we should start by creating an enterprise-
wide data warehouse and then, as specific business needs are
identified, create smaller data marts from the data warehouse.
Benefits of Data
Warehouses
Organizations find data
warehouses quite beneficial for a number of reasons:
92 | Information Systems for Business and Beyond (2019)

• The process of developing a data warehouse forces an
organization to better understand the data that it is currently
collecting and, equally important, what data is not being
collected.
• A data warehouse provides a centralized view of all data being
collected across the enterprise and provides a means for
determining data that is inconsistent.
• Once all data is identified as consistent, an organization can
generate “one version of the truth”. This is important when the
company wants to report consistent statistics about itself,
such as revenue or number of employees.
• By having a data warehouse, snapshots of data can be taken
over time. This creates a historical record of data, which allows
for an analysis of trends.
• A data warehouse provides tools to combine data, which can
provide new information and analysis.
Data Mining and Machine Learning
Data mining is the process of analyzing data to find previously
unknown and interesting trends, patterns, and associations in order
to make decisions. Generally, data mining is accomplished through
automated means against extremely large data sets, such as a data
warehouse. Some examples of data mining include:
• An analysis of sales from a large grocery chain might
determine that milk is purchased more frequently the day after
it rains in cities with a population of less than 50,000.
• A bank may find that loan applicants whose bank accounts
show particular deposit and withdrawal patterns are not good
credit risks.
• A baseball team may find that collegiate baseball players with
specific statistics in hitting, pitching, and fielding make for
Chapter 4: Data and Databases | 93

more successful major league players.
One data mining method that an organization can use to do these
analyses is called machine learning. Machine learning is used to
analyze data and build models without being explicitly programmed
to do so. Two primary branches of machine learning exist:
supervised learning and unsupervised learning.
Supervised learning occurs when an organization has data about
past activity that has occurred and wants to replicate it. For
example, if they want to create a new marketing campaign for a
particular product line, they may look at data from past marketing
campaigns to see which of their consumers responded most
favorably. Once the analysis is done, a machine learning model is
created that can be used to identify these new customers. It is called
“supervised” learning because we are directing (supervising) the
analysis towards a result (in our example: consumers who respond
favorably). Supervised learning techniques include analyses such as
decision trees, neural networks, classifiers, and logistic regression.
Unsupervised learning occurs when an organization has data and
wants to understand the relationship(s) between different data
points. For example, if a retailer wants to understand purchasing
patterns of its customers, an unsupervised learning model can be
developed to find out which products are most often purchased
together or how to group their customers by purchase history. Is
it called “unsupervised” learning because no specific outcome is
expected. Unsupervised learning techniques include clustering and
association rules.
Privacy Concerns
The increasing power of data mining has caused concerns for many,
especially in the area of privacy. In today’s digital world, it is
becoming easier than ever to take data from disparate sources and
94 | Information Systems for Business and Beyond (2019)

combine them to do new forms of analysis. In fact, a whole industry
has sprung up around this technology: data brokers. These firms
combine publicly accessible data with information obtained from
the government and other sources to create vast warehouses of
data about people and companies that they can then sell. This
subject will be covered in much more detail in chapter 12 – the
chapter on the ethical concerns of information systems.

Sidebar: What is data science? What is data
analytics?
The term “data science” is a popular term meant to describe the
analysis of large data sets to find new knowledge. For the past
several years, it has been considered one of the best career fields
to get into due to its explosive growth and high salaries. While a
data scientist does many different things, their focus is generally
on analyzing large data sets using various programming methods
and software tools to create new knowledge for their organization.
Data scientists are skilled in machine learning and data visualization
techniques. The field of data science is constantly changing, and
data scientists are on the cutting edge of work in areas such as
artificial intelligence and neural networks.
Knowledge Management
We end the chapter with a discussion on the concept of knowledge
management (KM). All companies accumulate knowledge over the
Chapter 4: Data and Databases | 95

https://www.forbes.com/sites/louiscolumbus/2019/01/23/data-scientist-leads-50-best-jobs-in-america-for-2019-according-to-glassdoor/#2cb23c4b7474

course of their existence. Some of this knowledge is written down
or saved, but not in an organized fashion. Much of this knowledge
is not written down; instead, it is stored inside the heads of its
employees. Knowledge management is the process of creating,
formalizing the capture, indexing, storing, and sharing of the
company’s knowledge in order to benefit from the experiences and
insights that the company has captured during its existence.
Summary
In this chapter, we learned about the role that data and databases
play in the context of information systems. Data is made up of
facts of the world. If you process data in a particular context, then
you have information. Knowledge is gained when information is
consumed and used for decision making. A database is an organized
collection of related data. Relational databases are the most widely
used type of database, where data is structured into tables and all
tables must be related to each other through unique identifiers. A
database management system (DBMS) is a software application that
is used to create and manage databases, and can take the form of
a personal DBMS, used by one person, or an enterprise DBMS that
can be used by multiple users. A data warehouse is a special form of
database that takes data from other databases in an enterprise and
organizes it for analysis. Data mining is the process of looking for
patterns and relationships in large data sets. Many businesses use
databases, data warehouses, and data-mining techniques in order to
produce business intelligence and gain a competitive advantage.
96 | Information Systems for Business and Beyond (2019)

Study Questions
1. What is the difference between data, information, and
knowledge?
2. Explain in your own words how the data component relates to
the hardware and software components of information
systems.
3. What is the difference between quantitative data and
qualitative data? In what situations could the number 42 be
considered qualitative data?
4. What are the characteristics of a relational database?
5. When would using a personal DBMS make sense?
6. What is the difference between a spreadsheet and a database?
List three differences between them.
7. Describe what the term normalization means.
8. Why is it important to define the data type of a field when
designing a relational database?
9. Name a database you interact with frequently. What would
some of the field names be?
10. What is metadata?
11. Name three advantages of using a data warehouse.
12. What is data mining?
13. In your own words, explain the difference between supervised
learning and unsupervised learning. Give an example of each
(not from the book).
Exercises
1. Review the design of the School database earlier in this
chapter. Reviewing the lists of data types given, what data
types would you assign to each of the fields in each of the
tables. What lengths would you assign to the text fields?
Chapter 4: Data and Databases | 97

2. Download Apache OpenOffice.org and use the database tool to
open the “Student Clubs.odb” file available here. Take some
time to learn how to modify the database structure and then
see if you can add the required items to support the tracking of
faculty advisors, as described at the end of the Normalization
section in the chapter. Here is a link to the Getting Started
documentation.
3. Using Microsoft Access, download the database file of
comprehensive baseball statistics from the website
SeanLahman.com. (If you don’t have Microsoft Access, you can
download an abridged version of the file here that is
compatible with Apache Open Office). Review the structure of
the tables included in the database. Come up with three
different data-mining experiments you would like to try, and
explain which fields in which tables would have to be analyzed.
4. Do some original research and find two examples of data
mining. Summarize each example and then write about what
the two examples have in common.
5. Conduct some independent research on the process of
business intelligence. Using at least two scholarly or
practitioner sources, write a two-page paper giving examples
of how business intelligence is being used.
6. Conduct some independent research on the latest
technologies being used for knowledge management. Using at
least two scholarly or practitioner sources, write a two-page
paper giving examples of software applications or new
technologies being used in this field.
98 | Information Systems for Business and Beyond (2019)

http://www.openoffice.org/download/

http://www.saylor.org/site/wp-content/uploads/2014/02/Student-Clubs.odb

http://wiki.openoffice.org/w/images/3/3c/0108GS33-GettingStartedWithBase

http://www.seanlahman.com/baseball-archive/statistics/

http://www.saylor.org/site/wp-content/uploads/2014/02/lahman.odb

Chapter 5: Networking and
Communication
Learning Objectives
Upon successful completion of this chapter, you will be
able to:
• understand the history and development of
networking technologies;
• define the key terms associated with networking
technologies;
• understand the importance of broadband
technologies; and
• describe organizational networking.

Introduction
In the early days of computing, computers were seen as devices
for making calculations, storing data, and automating business
processes. However, as the devices evolved, it became apparent that
many of the functions of telecommunications could be integrated
into the computer. During the 1980s, many organizations began
Chapter 5: Networking and
Communication | 99

combining their once-separate telecommunications and
information systems departments into an Information Technology
(IT) department. This ability for computers to communicate with
one another and to facilitate communication between individuals
and groups has had a major impact on the growth of computing over
the past several decades.
Computer networking began in the 1960s with the birth of the
Internet. However, while the Internet and web were evolving,
corporate networking was also taking shape in the form of local
area networks and client-server computing. The Internet went
commercial in 1994 as technologies began to pervade all areas of the
organization. Today it would be unthinkable to have a computer that
did not include communications capabilities. This chapter reviews
the different technologies that have been put in place to enable this
communications revolution.
A Brief History of the Internet
In the Beginning: ARPANET
The story of the Internet, and networking in general, can be traced
back to the late 1950s. The United States was in the depths of the
Cold War with the USSR as each nation closely watched the other
to determine which would gain a military or intelligence advantage.
In 1957, the Soviets surprised the U.S. with the launch of Sputnik,
propelling us into the space age. In response to Sputnik, the U.S.
Government created the Advanced Research Projects Agency
(ARPA), whose initial role was to ensure that the U.S. was not
surprised again. It was from ARPA, now called DARPA
((Defense Advanced Research Projects Agency), that the Internet
first sprang.
100 | Information Systems for Business and Beyond (2019)

http://history.nasa.gov/sputnik

ARPA was the center of computing research in the 1960s, but
there was just one problem. Many of the computers could not
communicate with each other. In 1968 ARPA sent out a request
for proposals for a communication technology that would allow
different computers located around the country to be integrated
together into one network. Twelve companies responded to the
request, and a company named Bolt, Beranek, and Newman (BBN)
won the contract. They immediately began work and were able to
complete the job just one year later.

ARPA Net 1969
Professor Len Kleinrock of UCLA along with a group of graduate
students were the first to successfully send a transmission over
the ARPANET. The event occurred on October 29, 1969 when they
attempted to send the word “login” from their computer at UCLA to
the Stanford Research Institute. You can read their actual notes. The
first four nodes were at UCLA, University of California, Stanford,
and the University of Utah.

Chapter 5: Networking and Communication | 101

https://www.lk.cs.ucla.edu/internet_first_words.html

The Internet and the World Wide Web
Over the next decade, the ARPANET grew and gained popularity.
During this time, other networks also came into existence. Different
organizations were connected to different networks. This led to a
problem. The networks could not communicate with each other.
Each network used its own proprietary language, or protocol (see
sidebar for the definition of protocol) to send information back and
forth. This problem was solved by the invention of Transmission
Control Protocol/Internet Protocol (TCP/IP). TCP/IP was designed
to allow networks running on different protocols to have an
intermediary protocol that would allow them to communicate. So
as long as your network supported TCP/IP, you could communicate
with all of the other networks running TCP/IP. TCP/IP quickly
became the standard protocol and allowed networks to
communicate with each other. It is from this breakthrough that we
first got the term Internet, which simply means “an interconnected
network of networks.”
Sidebar: An Internet Vocabulary Lesson
Network communication is full of some very technical concepts
based on simple principles. Learn the following terms and you’ll be
able to hold your own in a conversation about the Internet.
• Packet The fundamental unit of data transmitted over the
Internet. When a host (PC, workstation, server, printer, etc.)
intends to send a message to another host (for example, your
PC sends a request to YouTube to open a video), it breaks the
message down into smaller pieces, called packets. Each packet
has the sender’s address, the destination address, a sequence
102 | Information Systems for Business and Beyond (2019)

number, and a piece of the overall message to be sent.
Different packets in a single message can take a variety of
routes to the destination and they can arrive at different times.
For this reason the sequence number is used to reassemble the
packets in the proper order at the destination.
• Switch A network device that connects multiple hosts together
and forwards packets based on their destination within the
local network which is commonly known as a Local Area
Network (LAN).
• Router A device that receives and analyzes packets and then
routes them towards their destination. In some cases a router
will send a packet to another router. In other cases it will send
it directly to its destination. Routers are used to connect one
network to another network.
• IP Address Every device on the Internet (personal computer, a
tablet, a smartphone, etc.) is assigned a unique identifying
number called an IP (Internet Protocol) address. Originally, the
IPv4 (version 4) standard was used. It had a format of four
numbers with values ranging from 0 and 255 separated by a
period. For example, the domain Dell.com has the IPv4 address
107.23.196.166. The IPv4 standard has a limit of 4,294,967,296
possible addresses. As the use of the Internet has grown, the
number of IP addresses needed has increased to the point
where the use of IPv4 addresses will be exhausted. This has led
to the new IPv6 standard.The IPv6 standard is formatted as
eight groups of four hexadecimal digits, such as
2001:0db8:85a3:0042:1000:8a2e:0370:7334. The IPv6 standard
has a limit of 3.4×1038 possible addresses. For example, the
domain LinkedIn.com has an IPv6 address of:
[2620:109:c002::6cae:a0a]. You probably noticed that the
address has only five groups of numbers. That’s because IPv6
allows the use of two semi-colons ( :: ) to indicate groups that
are all zeroes and do not need to be displayed. For more detail
about the IPv6 standard, see this Wikipedia article.
• Domain name If you had to try to remember the IP address of
Chapter 5: Networking and Communication | 103

https://en.wikipedia.org/wiki/IPv6

every web site you wanted to access, the Internet would not be
nearly as easy to use. A domain name is a human-friendly
name, convenient for remembering a website. These names
generally consist of a descriptive word followed by a dot
(period) and the Top-Level Domain (TLD). For example,
Wikipedia’s domain name is wikipedia.org. Wikipedia describes
the organization and .org is the TLD. Other well-known TLDs
include .com, .net, and .gov. For a list and description of top
level domain names, see this Wikipedia article.
• DNS DNS stands for “domain name server or system.” DNS acts
as the directory of websites on the Internet. When a request to
access a host with a domain name is given, a DNS server is
queried. It returns the IP address of the host requested,
allowing for proper routing.
• Packet-switching When a message’s packets are sent on the
Internet, routers try to find the optimal route for each packet.
This can result in packets being sent on different routes to
their destination. After the packets arrive they are re-
assembled into the original message for the recipient. For
more details on packet-switching, see this interactive web
page.
• Protocol A protocol is the set of rules that govern how
communications take place on a network. For example, File
Transfer Protocol (FTP) are the communication rules for
transferring files from one host to another. TCP/IP, discussed
earlier, is known as a protocol suite since it contains numerous
protocols.
104 | Information Systems for Business and Beyond (2019)

https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains

http://www.pbs.org/opb/nerds2.0.1/geek_glossary/packet_switching_flash.html

Internet Users Worldwide, December 2017.
(Public Domain. Courtesy of the Miniwatts Marketing Group)
The 1980s witnessed a significant growth in Internet
usage. Internet access came primarily from government, academic,
and research organizations. Much to the surprise of the engineers,
the early popularity of the Internet was driven by the use of
electronic mail (see the next sidebar ).
Initially, Internet use meant having to type commands, even
including IP addresses, in order to access a web server. That all
changed in 1990 when Tim Berners-Lee introduced his World Wide
Web project which provided an easy way to navigate the Internet
through the use of hypertext. The World Wide Web gained even
more steam in 1993 with the release of the Mosaic browser which
allowed graphics and text to be combined as a way to present
information and navigate the Internet.
The Dot-Com Bubble
In the 1980s and early 1990s, the Internet was being managed by
the National Science Foundation (NSF). The NSF had restricted
commercial ventures on the Internet, which meant that no one
could buy or sell anything online. In 1991, the NSF transferred its
role to three other organizations, thus getting the US government
out of direct control over the Internet and essentially opening up
commerce online.
This new commercialization of the Internet led to what is now
known as the dot-com bubble. A frenzy of investment in new dot-
Chapter 5: Networking and Communication | 105

https://www.internetworldstats.com/stats.htm

com companies took place in the late 1990s with new tech
companies issuing Initial Public Offerings (IPO) and heating up the
stock market. This investment bubble was driven by the fact that
investors knew that online commerce would change everything.
Unfortunately, many of these new companies had poor business
models and anemic financial statements showing little or no profit.
In 2000 and 2001, the bubble burst and many of these new
companies went out of business. Some companies survived,
including Amazon (started in 1994) and eBay (1995). After the dot-
com bubble burst, a new reality became clear. In order to succeed
online, e-business companies would need to develop business
models appropriate for the online environment.
Web 2.0
In the first few years of the World Wide Web, creating and hosting a
website required a specific set of knowledge. A person had to know
how to set up a web server, get a domain name, create web pages in
HTML, and troubleshoot various technical issues.
Starting in the early 2000s, major changes came about in how the
Internet was being used. These changes have come to be known as
Web 2.0. Here are some key characteristics in Web 2.0.
• Universal access to Apps
• Value is found in content, not display software
• Data can be easily shared
• Distribution is bottom up, not top down
• Employees and customers can use access and use tools on
their own
• Informal networking is encouraged since more contributors
results in better content
• Social tools encourage people to share information
1
106 | Information Systems for Business and Beyond (2019)

Social networking, the last item in the list, has led to major
changes in society. Prior to Web 2.0 major news outlets investigated
and reported important news stories of the day. But in today’s world
individuals are able to easily share their own views on various
events. Apps such as Facebook, Twitter, Youtube, and personal blogs
allow people to express their own viewpoint.
Sidebar: E-mail Is the “Killer” App for the
Internet
As discussed in chapter 3, a “killer app” is a use of a device that
becomes so essential that large numbers of people will buy the
device just to run that application. The killer app for the personal
computer was the spreadsheet, enabling users to enter data, write
formulas, and easily make “what if” decisions. With the introduction
of the Internet came another killer app – E-mail.
The Internet was originally designed as a way for the Department
of Defense to manage projects. However, the invention of electronic
mail drove demand for the Internet. While this wasn’t what
developers had in mind, it turned out that people connecting with
people was the killer app for the Internet. As we look back today, we
can see this being repeated again and again with new technologies
that enable people to connect with each other.
Sidebar: The Internet and the World Wide Web
1. [1]
Chapter 5: Networking and Communication | 107

Are Not the Same Thing
Many times the terms “Internet” and “World Wide Web,” or even
just “the web,” are used interchangeably. But really, they are not the
same thing.
The Internet is an interconnected network of networks. Services
such as email, voice and video, file transfer, and the World Wide
Web all run across the Internet.The World Wide Web is simply one
part of the Internet. It is made up of web servers that have HTML
pages that are being viewed on devices with web browsers.
The Growth of High Speed Internet
In the early days of the Internet, most access was accomplished via
a modem over an analog telephone line. A modem was connected
to the incoming phone line when then connected to a computer.
Speeds were measured in bits-per-second (bps), with speeds
growing from 1200 bps to 56,000 bps over the years. Connection to
the Internet via modems is called dial-up access. As the web became
more interactive, dial-up hindered usage when users wanted to
transfer more and more data. As a point of reference, downloading
a typical 3.5 MB song would take 24 minutes at 1200 bps and 2
minutes at 28,800 bps.
High speed Internet speeds, by definition, are a minimum of
256,000 bps, though most connections today are much faster,
measured in millions of bits per second (megabits or Mbps) or even
billions (gigabits). For the home user, a high speed connection is
usually accomplished via the cable television lines or phone lines
using a Digital Subscriber Line (DSL). Both cable and DSL have
similar prices and speeds, though price and speed can vary in local
communities. According to the website Recode, the average home
108 | Information Systems for Business and Beyond (2019)

broadband speed ranges from 12 Mbps and 125 Mbps.2
Telecommunications companies provide T1 and T3 lines for greater
bandwidth and reliability.
High speed access, also known as broadband, is important
because it impacts how the Internet is used. Communities with
high speed Internet have found residences and businesses increase
usage of digital resources. Access to high speed Internet is now
considered a basic human right by the United Nations, as declared
in their 2011 statement:
“Broadband technologies are fundamentally transforming the way
we live,” the Broadband Commission for Digital Development, set up
in 2017 by the UN Educational Scientific and Cultural Organization
(UNESCO) and the UN International Telecommunications Union
(ITU), said in issuing “The Broadband Challenge” at a leadership
summit in Geneva.
“It is vital that no one be excluded from the new global knowledge
societies we are building. We believe that communication is not just
a human need – it is a right.”3
Wireless Networking
Thanks to wireless technology, access to the Internet is virtually
everywhere, especially through a smartphone.
Wi-Fi
Wi-Fi takes an Internet signal and converts it into radio waves.
2. [2]
3. [3]
Chapter 5: Networking and Communication | 109

http://www.un.org/apps/news/story.asp?Cr=broadband&NewsID=40191#.UZlTSyvSOPU

http://www.unesco.org/new/en/unesco

http://www.itu.int/

http://www.broadbandcommission.org/Documents/Broadband_Challenge

These radio waves can be picked up within a radius of
approximately 65 feet by devices with a wireless adapter. Several
Wi-Fi specifications have been developed over the years, starting
with 802.11b in 1999, followed by the 802.11g specification in 2003
and 802.11n in 2009. Each new specification improved the speed and
range of Wi-Fi, allowing for more uses. One of the primary places
where Wi-Fi is being used is in the home. Home users access Wi-Fi
via in-home routers provided by the telecommunications firm that
services the residence.
Mobile Network
As the cellphone has evolved into the smartphone, the desire for
Internet access on these devices has led to data networks being
included as part of the mobile phone network. While Internet
connections were technically available earlier, it was really with
the release of the 3G networks in 2001 (2002 in the US) that
smartphones and other cellular devices could access data from the
Internet. This new capability drove the market for new and more
powerful smartphones, such as the iPhone, introduced in 2007. In
2011, wireless carriers began offering 4G data speeds, giving the
cellular networks the same speeds that customers were accustomed
to getting via their home connection.
Beginning in 2019, some part of the world began seeing the
implementation of 5G communication networks. Speeds associated
with 5G will be greater than 1 GB/second, providing connection
speeds to handle just about any type of application. Some have
speculated that the 5G implementation will lead households to
eliminate the purchase of wired Internet connections for their
homes, just using 5G wireless connections instead.
110 | Information Systems for Business and Beyond (2019)

3G, 4G, and 5G Comparison
3G 4G 5G
Deployed 2004-2005 2006-2010 By 2020
Bandwidth 2 mbps 200 mbps > 1 gbps,
Service
Integrated
high-quality
audio, video
and data
Dynamic
information
access, variable
devices
Dynamic information
access, variable devices
with all capabilities
(James Dean, Raconteur, December 7, 2014)
4
Sidebar: Why Doesn’t My Cellphone Work When
I Travel Abroad?
As mobile phone technologies have evolved, providers in different
countries have chosen different communication standards for their
mobile phone networks. There are two competing standards in the
US: GSM (used by AT&T and T-Mobile) and CDMA (used by the
other major carriers). Each standard has its pros and cons, but
the bottom line is that phones using one standard cannot easily
switch to the other. This is not a big deal in the US because mobile
networks exist to support both standards. But when traveling to
other countries, you will find that most of them use GSM networks.
The one exception is Japan which has standardized on CDMA. It is
possible for a mobile phone using one type of network to switch
to the other type of network by changing out the SIM card, which
controls your access to the mobile network. However, this will not
4. [4]
Chapter 5: Networking and Communication | 111

work in all cases. If you are traveling abroad, it is always best to
consult with your mobile provider to determine the best way to
access a mobile network.
Bluetooth
While Bluetooth is not generally used to connect a device to the
Internet, it is an important wireless technology that has enabled
many functionalities that are used every day. When created in 1994
by Ericsson, it was intended to replace wired connections between
devices. Today, it is the standard method for wirelessly connecting
nearby devices. Bluetooth has a range of approximately 300 feet
and consumes very little power, making it an excellent choice for
a variety of purposes. Some applications of Bluetooth include:
connecting a printer to a personal computer, connecting a mobile
phone and headset, connecting a wireless keyboard and mouse to a
computer, or connecting your mobile phone to your car, resulting in
hands free operation of your phone.
112 | Information Systems for Business and Beyond (2019)

Typical VoIP
communicati
on
VoIP
Voice over IP (VoIP) allows analog signals to be converted to digital
signals, then transmitted on a network. By using existing
technologies and software, voice communication over the Internet
is now available to anyone with a browser (think Skype, WebEx,
Google Hangouts). Beyond this, many companies are now offering
VoIP-based telephone service for business and home use.
Chapter 5: Networking and Communication | 113

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2018/07/volp

Organizational Networking
LAN and WAN
Scope of business networks
While the Internet was evolving and creating a way for
organizations to connect to each other and the world, another
revolution was taking place inside organizations. The proliferation
of personal computers led to the need to share resources such
as printers, scanners, and data. Organizations solved this problem
through the creation of local area networks (LANs), which allowed
computers to connect to each other and to peripherals.
A LAN is a local network, usually operating in the same building
or on the same campus. A Wide Area Network (WAN) provides
connectivity over a wider area such as an organization’s locations in
different cities or states.
114 | Information Systems for Business and Beyond (2019)

Client-Server
Client-server computing provides stand-alone devices such as
personal computers, printers, and file servers to work together. The
personal computer originally was used as a stand-alone computing
device. A program was installed on the computer and then used to
do word processing or calculations. With the advent of networking
and local area networks, computers could work together to solve
problems. Higher-end computers were installed as servers, and
users on the local network could run applications and share
information among departments and organizations.
Intranet
An intranet, as the name implies, provides web-based resources
for the users within an organization. These web pages are not
accessible to those outside the company. The pages typically
contain information useful to employees such as policies and
procedures. In an academic setting the intranet provides an
interface to learning resources for students.
Extranet
Sometimes an organization wants to be able to collaborate with
its customers or suppliers while at the same time maintaining the
security of being inside its own network. In cases like this a
company may want to create an extranet, which is a part of a
company’s network that can be made available securely to those
outside of the company. Extranets can be used to allow customers
to log in and place orders, or for suppliers to check their customers’
inventory levels.
Chapter 5: Networking and Communication | 115

Sometimes an organization will need to allow someone who is not
located physically within its internal network to gain secure access
to the intranet. This access can be provided by a virtual private
network (VPN). VPNs will be discussed further in Chapter 6 which
focuses on Information Security).
Sidebar: Microsoft’s SharePoint Powers the
Intranet
As organizations begin to see the power of collaboration between
their employees, they often look for solutions that will allow them
to leverage their intranet to enable more collaboration. Since most
companies use Microsoft products for much of their computing,
some are using Microsoft’s SharePoint to support employee
collaboration.
SharePoint provides a communication and collaboration platform
that integrates seamlessly with Microsoft’s Office suite of
applications. Using SharePoint, employees can share a document
and edit it together, avoiding the need to email the document for
others to review. Projects and documents can be managed
collaboratively across the organization. Corporate documents are
indexed and made available for search.
Cloud Computing
Cloud computing was covered in Chapter 3. The universal
availability of the Internet combined with increases in processing
116 | Information Systems for Business and Beyond (2019)

power and data-storage capacity have made cloud computing a
viable option for many companies. Using cloud computing,
companies or individuals can contract to store data on storage
devices somewhere on the Internet. Applications can be “rented”
as needed, giving a company the ability to quickly deploy new
applications. The I.T. department benefits from not having to
maintain software that is provided on the cloud.
Sidebar: Metcalfe’s Law
Just as Moore’s Law describes how computing power is increasing
over time, Metcalfe’s Law describes the power of networking.
Metcalfe’s Law states that the value of a telecommunications
network is proportional to the square of the number of connected
users of the system, or N2. If a network has 10 nodes, the inherent
value is 100, or 102.
Metcalfe’s Law is attributed to Robert Metcalfe, the co-inventor of
Ethernet. It attempts to address the added value provided by each
node on the network. Think about it this way: If none of your friends
were on Instagram, would you spend much time there? If no one
else at your school or place of work had e-mail, would it be very
useful to you? Metcalfe’s Law tries to quantify this value.
Summary
The networking revolution has completely changed how personal
computers are used. Today, no one would imagine using a computer
that was not connected to one or more networks. The development
Chapter 5: Networking and Communication | 117

of the Internet and World Wide Web, combined with wireless
access, has made information available at our fingertips. The Web
2.0 revolution has made everyone potential authors of web content.
As networking technology has matured, the use of Internet
technologies has become a standard for every type of organization.
The use of intranets and extranets has allowed organizations to
deploy functionality to employees and business partners alike,
increasing efficiencies and improving communications. Cloud
computing has truly made information available everywhere.
Study Questions
1. What were the first four locations hooked up to the Internet
(ARPANET)?
2. What does the term packet mean?
3. Which came first, the Internet or the World Wide Web?
4. What was revolutionary about Web 2.0?
5. What was the so-called killer app for the Internet?
6. What does the term VoIP mean?
7. What is a LAN?
8. What is the difference between an intranet and an extranet?
9. What is Metcalfe’s Law?
Exercises
1. What is the difference between the Internet and the World
Wide Web? Create at least three statements that identify the
differences between the two.
2. Who are the broadband providers in your area? What are the
118 | Information Systems for Business and Beyond (2019)

prices and speeds offered?
3. Pretend you are planning a trip to three foreign countries in
the next month. Consult your wireless carrier to determine if
your mobile phone would work properly in those countries.
What would the costs be? What alternatives do you have if it
would not work?
Labs
1. Check the speed of your Internet connection by going to the
following web site: speedtest.net
What is your download and upload speed?
2. What is the IP address of your computer? How did you find it?
Hint for Windows: Go to the start icon and click Run. Then
open the Command Line Interface by typing: cmd Then type:
ipconfigWhat is your IPv4 address?What is your IPv6 address?
3. When you enter an address in your web browser, a Domain
Name Server (DNS) is used to lookup the IP address of the site
you are seeking. To locate the DNS server your computer is
using, type: nslookupWrite down the name and address of
your DNS server.Use the nslookup command to find the
address for a favorite web site. For example, to find the IP
address of espn type: nslookup espnWrite down your website’s
name and address. Note: it is on the line following the name of
the web site you entered.
4. You can use the tracert (trace route) command to display the
path from your computer to the web site’s IP address you used
in the previous lab. For example, tracert 199.181.132.250Be
patient as tracert contacts each router in the path to your
website’s server. A “Request timed out” message indicates the
tracing is taking too long, probably due to a lack of bandwidth.
You can stop the trace by pressing Ctrl + C
Chapter 5: Networking and Communication | 119

5. The ping command allows you check connectivity between the
local host (your computer) and another host. If you are unable
to connect to another host, the ping command can be used to
incrementally test your connectivity. The IP address 127.0.0.1 is
known as your home address (local host).Begin your test by
going to your command line interface (command promkpt) and
pinging your local host: ping 127.0.0.1You should get a series of
“Reply from 127.0.0.1” messagesNext, ping the IP address you
used in lab #3.Sometimes a failed ping is not the result of a
lack of connectivity. Network administrators of some IP
addresses/hosts do not want their site pinged so they block all
ICMP packets. That’s the protocol used for pinging.
• The whois.domaintools.com site provides you with information
about a web site. For example, to find information about
google.com open your web browser and type:
whoisdomaintools.com Then in the Lookup window, type:
google.comFind information about a favorite site of yours.
Record the following: administrator name, phone number,
when the site was created, and the site’s name servers (the
names begin with “ns”).
• Network statistics can be displayed using the netstat
command. In the command line window (see lab #2 for
instructions on how to get to the command line), type: netstat
-eHow many bytes were sent and how many were
received?Execute the command again and record your results.
You should see an increase in both received and sent bytes.To
see a complete list of options/switches for the netstat
command, type: netstat ?
1. Wolcott, M. (2017). What is Web 2.0? MoneyWatch. Retrieved
from https://www.cbsnews.com/news/what-is-web-20/↵
2. Molla, R. (2017). These are the fastest and slowest Internet
120 | Information Systems for Business and Beyond (2019)

speeds”. Recode. Retrieved from https://www.recode.net/2017/
6/9/15768598/states-fastest-slowest-internet-speeds↵
3. International Telecommunications Union. (2018, January 23).
UN Broadband Commission sets goal broadband targets to
bring online the world’s 3.8 billion not connected to the
Internet. Retrieved from https://www.itu.int/en/
mediacentre/Pages/2018-PR01.aspx↵
4. “Dean, J. (2014). 4G vs 5G Mobile Technology. Raconteur
Retrieved from https://www.raconteur.net/technology/4g-
vs-5g-mobile-technology.
Chapter 5: Networking and Communication | 121

https://opentextbook.site/informationsystems2019/format/return-footnote-29-4

Chapter 6: Information
Systems Security
Learning Objectives
Upon successful completion of this chapter, you will be
able to:
• identify the information security triad;
• identify and understand the high-level concepts
surrounding information security tools; and
• secure yourself digitally.

Introduction
As computers and other digital devices have become essential to
business and commerce, they have also increasingly become a
target for attacks. In order for a company or an individual to use
a computing device with confidence, they must first be assured
that the device is not compromised in any way and that all
communications will be secure. This chapter reviews the
fundamental concepts of information systems security and
discusses some of the measures that can be taken to mitigate
122 | Chapter 6: Information Systems
Security

The security triad
security threats. The chapter begins with an overview focusing on
how organizations can stay secure. Several different measures that a
company can take to improve security will be discussed. Finally, you
will review a list of security precautions that individuals can take in
order to secure their personal computing environment.
The Information Security Triad:
Confidentiality, Integrity, Availability
(CIA)
Confidentiality
Protecting information
means you want to want to be
able to restrict access to those
who are allowed to see it. This
is sometimes referred to as
NTK, Need to Know. Everyone
else should be disallowed from
learning anything about its
contents. This is the essence of
confidentiality. For example,
federal law requires that
universities restrict access to private student information. Access to
grade records should be limited to those who have authorized
access.
Chapter 6: Information Systems Security | 123

Integrity
Integrity is the assurance that the information being accessed has
not been altered and truly represents what is intended. Just as a
person with integrity means what he or she says and can be trusted
to consistently represent the truth, information integrity means
information truly represents its intended meaning. Information can
lose its integrity through malicious intent, such as when someone
who is not authorized makes a change to intentionally misrepresent
something. An example of this would be when a hacker is hired to
go into the university’s system and change a student’s grade.
Integrity can also be lost unintentionally, such as when a
computer power surge corrupts a file or someone authorized to
make a change accidentally deletes a file or enters incorrect
information.
Availability
Information availability is the third part of the CIA triad. Availability
means information can be accessed and modified by anyone
authorized to do so in an appropriate timeframe. Depending on
the type of information, appropriate timeframe can mean different
things. For example, a stock trader needs information to be available
immediately, while a sales person may be happy to get sales
numbers for the day in a report the next morning. Online retailers
require their servers to be available twenty-four hours a day, seven
days a week. Other companies may not suffer if their web servers
are down for a few minutes once in a while.
124 | Information Systems for Business and Beyond (2019)

Tools for Information Security
In order to ensure the confidentiality, integrity, and availability of
information, organizations can choose from a variety of tools. Each
of these tools can be utilized as part of an overall information-
security policy.
Authentication
The most common way to identify someone is through their
physical appearance, but how do we identify someone sitting behind
a computer screen or at the ATM? Tools for authentication are used
to ensure that the person accessing the information is, indeed, who
they present themselves to be.
Authentication can be accomplished by identifying someone
through one or more of three factors:
1. Something they know,
2. Something they have, or
3. Something they are.
For example, the most common form of authentication today is the
user ID and password. In this case, the authentication is done by
confirming something that the user knows (their ID and password).
But this form of authentication is easy to compromise (see sidebar)
and stronger forms of authentication are sometimes needed.
Identifying someone only by something they have, such as a key or a
card, can also be problematic. When that identifying token is lost or
stolen, the identity can be easily stolen. The final factor, something
you are, is much harder to compromise. This factor identifies a user
through the use of a physical characteristic, such as a retinal scan,
Chapter 6: Information Systems Security | 125

RSA
SecureID
token
fingerprint, or facial geometry. Identifying someone through their
physical characteristics is called biometrics.
A more secure way to authenticate a user is through multi-factor
authentication. By combining two or more of the factors listed
above, it becomes much more difficult for someone to misrepresent
themselves. An example of this would be the use of an RSA SecurID
token. The RSA device is something you have, and it generates a
new access code every sixty seconds. To log in to an information
resource using the RSA device, you combine something you know,
such as a four-digit PIN, with the code generated by the device. The
only way to properly authenticate is by both knowing the code and
having the RSA device.
Access Control
Once a user has been authenticated, the next step is to ensure that
they can only access the information resources that are appropriate.
This is done through the use of access control. Access control
determines which users are authorized to read, modify, add, and/
or delete information. Several different access control models exist.
Two of the more common are: the Access Control List (ACL) and
Role-Based Access Control (RBAC).
An information security employee can produce an ACL which
identifies a list of users who have the capability to take specific
actions with an information resource such as data files. Specific
126 | Information Systems for Business and Beyond (2019)

http://www.rsa.com/node.aspx?id=1159

Comparison
of ACL and
RBAC
permissions are assigned to each user such as read, write, delete,
or add. Only users with those permissions are allowed to perform
those functions.
ACLs are simple to understand and maintain, but there are several
drawbacks. The primary drawback is that each information resource
is managed separately, so if a security administrator wanted to add
or remove a user to a large set of information resources, it would be
quite difficult. And as the number of users and resources increase,
ACLs become harder to maintain. This has led to an improved
method of access control, called role-based access control, or RBAC.
With RBAC, instead of giving specific users access rights to an
information resource, users are assigned to roles and then those
roles are assigned the access. This allows the administrators to
manage users and roles separately, simplifying administration and,
by extension, improving security.
The following image shows an ACL with permissions granted to
individual users. RBAC allows permissions to be assigned to roles,
as shown in the middle grid, and then in the third grid each user is
assigned a role. Although not modeled in the image, each user can
have multiple roles such as Reader and Editor.
Sidebar: Password Security
So why is using just a simple user ID and password not considered a
secure method of authentication? It turns out that this single-factor
Chapter 6: Information Systems Security | 127

authentication is extremely easy to compromise. Good password
policies must be put in place in order to ensure that passwords
cannot be compromised. Below are some of the more common
policies that organizations should use.
• Require complex passwords. One reason passwords are
compromised is that they can be easily guessed. A recent study
found that the top three passwords people used were
password, 123456 and 12345678.[1] A password should not be
simple, or a word that can be found in a dictionary. Hackers
first attempt to crack a password by testing every term in the
dictionary. Instead, a good password policy should require the
use of a minimum of eight characters, at least one upper-case
letter, one special character, and one digit.
• Change passwords regularly. It is essential that users change
their passwords on a regular basis. Also, passwords may not be
reused. Users should change their passwords every sixty to
ninety days, ensuring that any passwords that might have been
stolen or guessed will not be able to be used against the
company.
• Train employees not to give away passwords. One of the
primary methods used to steal passwords is to simply figure
them out by asking the users for their password. Pretexting
occurs when an attacker calls a helpdesk or security
administrator and pretends to be a particular authorized user
having trouble logging in. Then, by providing some personal
information about the authorized user, the attacker convinces
the security person to reset the password and tell him what it
is. Another way that employees may be tricked into giving away
passwords is through e-mail phishing. Phishing occurs when a
user receives an e-mail that looks as if it is from a trusted
source, such as their bank or employer. In the e-mail the user
is asked to click a link and log in to a website that mimics the
genuine website, then enter their ID and password. The userID
and password are then captured by the attacker.
128 | Information Systems for Business and Beyond (2019)

Encryption
Many times an organization needs to transmit information over the
Internet or transfer it on external media such as a flash drive. In
these cases, even with proper authentication and access control, it
is possible for an unauthorized person to gain access to the data.
Encryption is a process of encoding data upon its transmission
or storage so that only authorized individuals can read it. This
encoding is accomplished by software which encodes the plain text
that needs to be transmitted (encryption). Then the recipient
receives the cipher text and decodes it (decryption). In order for
this to work, the sender and receiver need to agree on the method
of encoding so that both parties have the same message. Known
as symmetric key encryption, both parties share the encryption key,
enabling them to encode and decode each other’s messages.
An alternative to symmetric key encryption is public key
encryption. In public key encryption, two keys are used: a public key
and a private key. To send an encrypted message, you obtain the
public key, encode the message, and send it. The recipient then uses
their private key to decode it. The public key can be given to anyone
who wishes to send the recipient a message. Each user simply needs
one private key and one public key in order to secure messages. The
private key is necessary in order to decrypt a message sent with the
public key.
Notice in the image how the sender on the left creates a plaintext
message which is then encrypted with a public key. The ciphered
text is transmitted through the communication channel and the
recipient uses their private key to decrypt the message and then
read the plain text.
Chapter 6: Information Systems Security | 129

Public Key
Encryption
Sidebar: Blockchain and Bitcoin
Blockchain
Introduced in 2008 as part of a proposal for Bitcoin, Blockchain is
a peer-to-peer network which provides an open, distributed record
of transactions between two parties. A “peer-to-peer” network is
one where there is no server between the two nodes trying to
communicate. Essentially, this means that each node acts as a server
and a client.
130 | Information Systems for Business and Beyond (2019)

Supporters see blockchain as a tool to simplify all types of
transactions: payments, contracts, etc. Motivation comes from the
desire to remove the middleman (lawyer, banker, broker) from
transactions, making them more efficient and readily available
across the Internet. Blockchain is already being used to track
products through supply chains.
Blockchain is considered a foundational technology, potentially
creating new foundations in economics and social systems. There
are numerous concerns about Blockchain and its adoption.
Consider the following:
• Speed of adoption. Initially there is a great deal of enthusiasm
by a small group. However, adoption on a larger scale can take
a great number of years even decades for a worldwide
acceptance of a new method of doing business.
• Governance. The banking sector, both in individual countries
(U. S. Federal Reserve System) and the world at large (the
International Monetary Fund), controls financial transactions.
One purpose of these organizations is an attempt to avoid
banking and financial systems collapse. Blockchain will result
in the governance of financial transactions shifting away from
these government-controlled institutions.
• Smart contracts. The smart contract will re-shape how
businesses interact. It is possible for blockchain to
automatically send payment to a vendor the instant the
product is delivered to the customer. Such “self-executing”
contracts are already taking place in banking and venture
capital funding. 1
Many are forecasting some universal form of payment or value
transfer for business transactions. Blockchain and Bitcoin are being
used to transform banking in various locations around the world.
1. [9]
Chapter 6: Information Systems Security | 131

The following Bitcoin section includes a look at a new banking
venture in Tanzania, East Africa.
Bitcoin
Bitcoin logo
Bitcoin is a world wide payment system using cryptocurrency. It
functions without a central bank, operating as a peer-to-peer
network with transactions happening directly between vendors and
buyers. Records for transactions are recorded in the blockchain.
Bitcoin technology was released in 2009. The University of
Cambridge estimated there were 2.9 and 5.8 million unique users
of bitcoin in 2017.2 This web site provides more information about
bitcoin.
A major bitcoin project is underway in Tanzania. Business
transactions in this East African country are fraught with many
challenges such as counterfeit currency and a 28% transaction fee
on individuals who do not have a bank account. Seventy percent of
the country’s population fall into this category. Benjamin Fernandes,
2. [10]
132 | Information Systems for Business and Beyond (2019)

https://www.blockchain.com/

a Tanzanian and 2017 graduate of Stanford Graduate School of
Business, is co-founder of NALA, a Tanzanian firm working to bring
cryptocurrency to a country where 96% of the population have
access to mobile devices. NALA’s goal is to provide low cost
transactions to all of the country’s citizens through
cryptocurrency.3 You can read more of this cryptocurrency venture
here.
Backups
Another essential tool for information security is a comprehensive
backup plan for the entire organization. Not only should the data
on the corporate servers be backed up, but individual computers
used throughout the organization should also be backed up. A good
backup plan should consist of several components.
• Full understanding of the organization’s information
resources. What information does the organization actually
have? Where is it stored? Some data may be stored on the
organization’s servers, other data on users’ hard drives, some
in the cloud, and some on third-party sites. An organization
should make a full inventory of all of the information that
needs to be backed up and determine the best way to back it
up.
• Regular backups of all data. The frequency of backups should
be based on how important the data is to the company,
combined with the ability of the company to replace any data
that is lost. Critical data should be backed up daily, while less
3. [11]
Chapter 6: Information Systems Security | 133

https://techsgood.org/benjamin-fernandes-building-a-digital-bank-for-east-africa-266488653e67

critical data could be backed up weekly. Most large
organizations today use data redundancy so their records are
always backed up.
• Offsite storage of backup data sets. If all backup data is being
stored in the same facility as the original copies of the data,
then a single event such as an earthquake, fire, or tornado
would destroy both the original data and the backup. It is
essential the backup plan includes storing the data in an offsite
location.
• Test of data restoration. Backups should be tested on a regular
basis by having test data deleted then restored from backup.
This will ensure that the process is working and will give the
organization confidence in the backup plan.
Besides these considerations, organizations should also examine
their operations to determine what effect downtime would have
on their business. If their information technology were to be
unavailable for any sustained period of time, how would it impact
the business?
Additional concepts related to backup include the following:
• Uninterruptible Power Supply (UPS). A UPS provides battery
backup to critical components of the system, allowing them to
stay online longer and/or allowing the IT staff to shut them
down using proper procedures in order to prevent data loss
that might occur from a power failure.
• Alternate, or “hot” sites. Some organizations choose to have
an alternate site where an exact replica of their critical data is
always kept up to date. When the primary site goes down, the
alternate site is immediately brought online so that little or no
downtime is experienced.
As information has become a strategic asset, a whole industry
has sprung up around the technologies necessary for implementing
a proper backup strategy. A company can contract with a service
134 | Information Systems for Business and Beyond (2019)

Diagram of a network configuration
with firewalls, a router, and a DMZ.
provider to back up all of their data or they can purchase large
amounts of online storage space and do it themselves. Technologies
such as Storage Area Networks (SAN) and archival systems are now
used by most large businesses for data backup.
Firewalls

Firewalls are another method
that an organization can use for
increasing security on its
network. A firewall can exist as
hardware or software, or both.
A hardware firewall is a device
that is connected to the
network and filters the packets
based on a set of rules. One
example of these rules would
be preventing packets entering
the local network that come
from unauthorized users. A software firewall runs on the operating
system and intercepts packets as they arrive to a computer.
A firewall protects all company servers and computers by
stopping packets from outside the organization’s network that do
not meet a strict set of criteria. A firewall may also be configured
to restrict the flow of packets leaving the organization. This may
be done to eliminate the possibility of employees watching YouTube
videos or using Facebook from a company computer.
A demilitarized zone (DMZ) implements multiple firewalls as part
of network security configuration, creating one or more sections of
their network that are partially secured. The DMZ typically contains
resources that need broader access but still need to be secured.
Chapter 6: Information Systems Security | 135

Intrusion Detection Systems
Intrusion Detection Systems (IDS) can be placed on the network
for security purposes. An IDS does not add any additional security.
Instead, it provides the capability to identify if the network is being
attacked. An IDS can be configured to watch for specific types of
activities and then alert security personnel if that activity occurs. An
IDS also can log various types of traffic on the network for analysis
later. It is an essential part of any good security system.
Sidebar: Virtual Private Networks
Using firewalls and other security technologies, organizations can
effectively protect many of their information resources by making
them invisible to the outside world. But what if an employee
working from home requires access to some of these resources?
What if a consultant is hired who needs to do work on the internal
corporate network from a remote location? In these cases, a Virtual
Private Network (VPN) is needed.
136 | Information Systems for Business and Beyond (2019)

Diagram of VPN (click to enlarge). Attribution to
Ludovic.ferre.

A VPN allows a user who is outside of a corporate network to
take a detour around the firewall and access the internal network
from the outside. Through a combination of software and security
measures, a VPN provides off-site access to the organization’s
network while ensuring overall security.
The Internet cloud is essentially an insecure channel through
which people communicate to various web sites/servers.
Implementing a VPN results in a secure pathway, usually referred
to as a tunnel, through the insecure cloud, virtually guaranteeing
secure access to the organization’s resources. The diagram
represents security by way of the functionality of a VPN as it
“tunnels” through the insecure Internet Cloud. Notice that the
remote user is given access to the organization’s intranet, as if the
user was physically located within the intranet.
Chapter 6: Information Systems Security | 137

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2018/07/1280px-Virtual_Private_Network_overview

Physical Security
An organization can implement the best authentication scheme in
the world, develop superior access control, and install firewalls and
intrusion detection, but its security cannot be complete without
implementation of physical security. Physical security is the
protection of the actual hardware and networking components that
store and transmit information resources. To implement physical
security, an organization must identify all of the vulnerable
resources and take measures to ensure that these resources cannot
be physically tampered with or stolen. These measures include the
following.
• Locked doors. It may seem obvious, but all the security in the
world is useless if an intruder can simply walk in and physically
remove a computing device. High value information assets
should be secured in a location with limited access.
• Physical intrusion detection. High value information assets
should be monitored through the use of security cameras and
other means to detect unauthorized access to the physical
locations where they exist.
• Secured equipment. Devices should be locked down to
prevent them from being stolen. One employee’s hard drive
could contain all of your customer information, so it is
essential that it be secured.
• Environmental monitoring. An organization’s servers and
other high value equipment should always be kept in a room
that is monitored for temperature, humidity, and airflow. The
risk of a server failure rises when these factors exceed
acceptable ranges.
• Employee training. One of the most common ways thieves
steal corporate information is the theft of employee laptops
while employees are traveling. Employees should be trained to
secure their equipment whenever they are away from the
138 | Information Systems for Business and Beyond (2019)

office.
Security Policies
Besides the technical controls listed above, organizations also need
to implement security policies as a form of administrative control.
In fact, these policies should really be a starting point in developing
an overall security plan. A good information security policy lays out
the guidelines for employee use of the information resources of the
company and provides the company recourse in the event that an
employee violates a policy.
According to the SANS Institute, a good policy is “a formal, brief,
and high-level statement or plan that embraces an
organization’s general beliefs, goals, objectives, and acceptable
procedures for a specified subject area.” Policies require
compliance. Failure to comply with a policy will result in disciplinary
action. A policy does not list the specific technical details, instead it
focuses on the desired results. A security policy should be based on
the guiding principles of confidentiality, integrity, and availability.4
Web use is a familiar example of a security policy. A web use
policy lays out the responsibilities of company employees as they
use company resources to access the Internet. A good example of a
web use policy is included in Harvard University’s “Computer Rules
and Responsibilities” policy, which can be found here.
A security policy should also address any governmental or
industry regulations that apply to the organization. For example,
if the organization is a university, it must be aware of the Family
Educational Rights and Privacy Act (FERPA), which restricts access
to student information. Health care organizations are obligated to
4. [2]
Chapter 6: Information Systems Security | 139

http://www.fas-it.fas.harvard.edu/services/student/policies/rules_and_responsibilities

follow several regulations, such as the Health Insurance Portability
and Accountability Act (HIPAA).
A good resource for learning more about security policies is the
SANS Institute’s Information Security Policy Page.
Sidebar: Mobile Security
As the use of mobile devices such as laptops and smartphones
proliferates, organizations must be ready to address the unique
security concerns that the use of these devices bring. One of the
first questions an organization must consider is whether to allow
mobile devices in the workplace at all. Many employees already have
these devices, so the question becomes: Should we allow employees
to bring their own devices and use them as part of their employment
activities? Or should we provide the devices to our employees?
Creating a BYOD (“Bring Your Own Device”) policy allows employees
to integrate themselves more fully into their job and can bring
higher employee satisfaction and productivity. In many cases, it
may be virtually impossible to prevent employees from having their
own smartphones or laptops in the workplace. If the organization
provides the devices to its employees, it gains more control over
use of the devices, but it also increases the burden of having to
administrate distribution and use.
Mobile devices can pose many unique security challenges to an
organization. Probably one of the biggest concerns is theft of
intellectual property. For an employee with malicious intent, it
would be a very simple process to connect a mobile device either to
a computer via the USB port, or wirelessly to the corporate network,
and download confidential data. It would also be easy to secretly
take a high-quality picture using a built-in camera.
When an employee does have permission to access and save
140 | Information Systems for Business and Beyond (2019)

http://www.sans.org/security-resources/policies

company data on his or her device, a different security threat
emerges. Namely, that device now becomes a target for thieves.
Theft of mobile devices (in this case, including laptops) is one of the
primary methods that data thieves use.
So what can be done to secure mobile devices? Begin with a
good policy regarding their use. According to a 2013 SANS study,
organizations should consider developing a mobile device policy
that addresses the following issues: use of the camera, use of voice
recording, application purchases, encryption at rest, Wi-Fi
autoconnect settings, Bluetooth settings, VPN use, password
settings, lost or stolen device reporting, and backup. 5
Besides policies, there are several different tools that an
organization can use to mitigate some of these risks. For example,
if a device is stolen or lost, geolocation software can help the
organization find it. In some cases, it may even make sense to install
remote data removal software, which will remove data from a device
if it becomes a security risk.
Usability
When looking to secure information resources, organizations must
balance the need for security with users’ needs to effectively access
and use these resources. If a system’s security measures make it
difficult to use, then users will find ways around the security, which
may make the system more vulnerable than it would have been
without the security measures. Consider password policies. If the
organization requires an extremely long password with several
5. [3]
Chapter 6: Information Systems Security | 141

Stop.Think.Connect. poster (click to
enlarge)
special characters, an employee may resort to writing it down and
putting it in a drawer since it will be impossible to memorize.
Personal Information Security
As a final topic for this
chapter, consider what
measures each of us, as
individual users, can take to
secure our computing
technologies. There is no way
to have 100% security, but
there are several simple steps
each individual can take to be
more secure.
• Keep your software up to
date. Whenever a software
vendor determines that a
security flaw has been
found in their software, an
update will be released so you can download the patch to fix
the problem. You should turn on automatic updating on your
computer to automate this process.
• Install antivirus software and keep it up to date. There are
many good antivirus software packages on the market today,
including some that are free.
• Be smart about your connections. You should be aware of
your surroundings. When connecting to a Wi-Fi network in a
public place, be aware that you could be at risk of being spied
on by others sharing that network. It is advisable not to access
your financial or personal data while attached to a Wi-Fi
hotspot. You should also be aware that connecting USB flash
142 | Information Systems for Business and Beyond (2019)

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2018/07/STC_Poster_3

https://www.pcmag.com/article2/0,2817,2388652,00.asp

drives to your device could also put you at risk. Do not attach
an unfamiliar flash drive to your device unless you can scan it
first with your security software.
• Backup your data. Just as organizations need to backup their
data, individuals need to so as well. The same rules apply.
Namely, do it regularly and keep a copy of it in another
location. One simple solution for this is to set up an account
with an online backup service to automate your backups.
• Secure your accounts with two-factor authentication. Most
e-mail and social media providers now have a two-factor
authentication option. When you log in to your account from
an unfamiliar computer for the first time, it sends you a text
message with a code that you must enter to confirm that you
are really you. This means that no one else can log in to your
accounts without knowing your password and having your
mobile phone with them.
• Make your passwords long, strong, and unique. Your personal
passwords should follow the same rules that are recommended
for organizations. Your passwords should be long (at least 12
random characters) and contain at least two of the following:
uppercase and lowercase letters, digits, and special characters.
Passwords should not include words that could be tied to your
personal information, such as the name of your pet. You also
should use different passwords for different accounts, so that
if someone steals your password for one account, they still are
locked out of your other accounts.
• Be suspicious of strange links and attachments. When you
receive an e-mail, tweet, or Facebook post, be suspicious of
any links or attachments included there. Do not click on the
link directly if you are at all suspicious. Instead, if you want to
access the website, find it yourself with your browser and
navigate to it directly. The I Love You virus was distributed via
email in May 2000 and contained an attachment which when
opened copied itself into numerous folders on the user’s
computer and modified the operating system settings. An
Chapter 6: Information Systems Security | 143

estimated 50,000 computers were affected, all of which could
have been avoided if users had followed the warning to not
open the attachment.
You can find more about these steps and many other ways to be
secure with your computing by going to Stop. Think. Connect. This
website is part of a campaign by the STOP. THINK. CONNECT.
Messaging Convention in partnership with the U.S. government,
including the White House.
Summary
As computing and networking resources have become more an
integral part of business, they have also become a target of
criminals. Organizations must be vigilant with the way they protect
their resources. The same holds true for individuals. As digital
devices become more intertwined in everyone’s life, it becomes
crucial for each person to understand how to protect themselves.
Study Questions
1. Briefly define each of the three members of the information
security triad.
2. What does the term authentication mean?
3. What is multi-factor authentication?
4. What is role-based access control?
5. What is the purpose of encryption?
144 | Information Systems for Business and Beyond (2019)

http://stopthinkconnect.org/

6. What are two good examples of a complex password?
7. What is pretexting?
8. What are the components of a good backup plan?
9. What is a firewall?
10. What does the term physical security mean?
Exercises
1. Describe one method of multi-factor authentication that you
have experienced and discuss the pros and cons of using
multi-factor authentication.
2. What are some of the latest advances in encryption
technologies? Conduct some independent research on
encryption using scholarly or practitioner resources, then
write a two- to three-page paper that describes at least two
new advances in encryption technology.
3. Find favorable and unfavorable articles about both blockchain
and bitcoin. Report your findings, then state your own opinion
about these technologies
4. What is the password policy at your place of employment or
study? Do you have to change passwords every so often? What
are the minimum requirements for a password?
5. When was the last time you backed up your data? What
method did you use? In one to two pages, describe a method
for backing up your data. Ask your instructor if you can get
extra credit for backing up your data.
6. Find the information security policy at your place of
employment or study. Is it a good policy? Does it meet the
standards outlined in the chapter?
7. How diligent are you in keeping your own information secure?
Review the steps listed in the chapter and comment on your
security status.
Chapter 6: Information Systems Security | 145

Labs
1. The Caesar Cipher. One of the oldest methods of encryption
was used by Julius Caesar and involved simply shifting text a
specified number of positions in the alphabet. The number of
shifted positions is known as the key. So a key = 3 would
encrypt ZOO to CRR. Decrypt the following message which has
a key = 3: FRPSXWHU
2. The Vigenere Cipher. This cipher was used as recently as the
Civil War by the Confederate forces. The key is slightly more
complex than the Caesar Cipher. Vigenere used the number of
letters after ‘A’ for his key. For example, if the key = COD, the
first letter in the cypher is shifted 2 characters (because “C” is
2 letters after the letter ‘A’), the second letter is shifted 14
letters (O being 14 letters after ‘A’), and the third letter is
shifted 3 letters (D being 3 letters after ‘A’). Then the pattern is
repeated for subsequent letters. Decrypt the following
message which has a key = COD: YSPGSWCHGCKQ
3. Frequency and Pattern Analysis. If you’ve ever watched Wheel
of Fortune you know that contestants look for patterns and
frequencies in trying to solve a puzzle. Your job in this lab is to
analyze letter frequency and letter patterns to determine the
plaintext message which in this case is a single word. The key
is a simple substitution where the same letter in plaintext
always results in the same letter in the cyphertext. The most
frequently used letters in the English language are: E, A, O , I, T,
S, N. Pattern analysis includes knowing words that have double
letters such as “school.” Other patterns include “ing” at the end
of a word, “qu” and “th” as a pairs of letters.Cyphertext =
CAGGJWhat is the key and the plaintext?
1. Gallagher, S. (2012, November 3). Born to be
146 | Information Systems for Business and Beyond (2019)

breached. Arstechnica. Retrieved from
http://arstechnica.com/information-technology/2012/11/
born-to-be-breached-the-worst-passwords-are-still-the-
most-common/
2. SANS Institute. (n.d.). Information Security Policy Templates.
Retrieved from http://www.sans.org/security-resources/
policies/Policy_Primer on May 31, 2013.
3. SANS. (n.d.). SCORE: Checklists and Step by Step Guides.
Retrieved from http://www.sans.org/score/checklists/
mobile-device-checklist.xls
4. Iansiti, M. and Lakhani, K. R. (2017, January). The truth about
blockchain. Harvard Business Review. Retrieved from
https://hbr.org/2017/01/the-truth-about-blockchain↵
5. Wikipedia. (n.d.). Bitcoin. Harvard Business Review. Retrieved
from https://en.wikipedia.org/wiki/Bitcoin↵
6. Fernandes, B. (2017, October 20). Personal telephone
interview↵
Chapter 6: Information Systems Security | 147

PART II: INFORMATION
SYSTEMS FOR STRATEGIC
ADVANTAGE
Part II: Information Systems for
Strategic Advantage | 149

Chapter 7: Does IT Matter?
Learning Objectives
Upon successful completion of this chapter, you will be
able to:
• define the productivity paradox and explain the
current thinking on this topic;
• evaluate Carr’s argument in “Does IT Matter?”;
• describe the components of competitive advantage;
and
• describe information systems that can provide
businesses with competitive advantage.

Introduction
For over fifty years, computing technology has been a part of
business. Organizations have spent trillions of dollars on
information technologies. But has all this investment in IT made
a difference? Have there been increases in productivity? Are
companies that invest in IT more competitive? This chapter looks
at the value IT can bring to an organization and attempts to answer
Chapter 7: Does IT Matter? | 151

these questions. Two important works in the past two decades have
attempted to address this issue.
The Productivity Paradox
In 1991, Erik Brynjolfsson wrote an article, published in
the Communications of the ACM, entitled “The Productivity Paradox
of Information Technology: Review and Assessment.” After
reviewing studies about the impact of IT investment on productivity,
Brynjolfsson concluded that the addition of information technology
to business had not improved productivity at all. He called this
the “productivity paradox.” While he did not draw any specific
conclusions from his work, 1 he did provide the following analysis.
Although it is too early to conclude that IT’s
productivity contribution has been subpar, a paradox
remains in our inability to unequivocally document
any contribution after so much effort. The various
explanations that have been proposed can be
grouped into four categories:
1) Mismeasurement of outputs and inputs
2) Lags due to learning and adjustment
3) Redistribution and dissipation of profits
4) Mismanagement of information and technology
In 1998, Brynjolfsson and Lorin Hitt published a follow-up paper
entitled “Beyond the Productivity Paradox [2] In this paper, the
authors utilized new data that had been collected and found that
IT did, indeed, provide a positive result for businesses. Further,
they found that sometimes the true advantages in using technology
1. [1]
152 | Information Systems for Business and Beyond (2019)

http://ccs.mit.edu/papers/CCSWP130/ccswp130.html

http://ebusiness.mit.edu/erik/bpp

were not directly relatable to higher productivity, but to “softer”
measures, such as the impact on organizational structure. They also
found that the impact of information technology can vary widely
between companies.
IT Doesn’t Matter
Just as a consensus was forming about the value of IT, the Internet
stock market bubble burst. Two years later in 2003, Harvard
professor Nicholas Carr wrote his article “IT Doesn’t Matter” in
the Harvard Business Review. In this article Carr asserted that as
information technology had become ubiquitous, it has also become
less of a differentiator, much like a commodity. Products that have
the same features and are virtually indistinguishable are considered
to be commodities. Price and availability typically become the only
discriminators when selecting a source for a commodity. In Carr’s
view all information technology was the same, delivering the same
value regardless of price or supplier. Carr suggested that since IT
is essentially a commodity, it should be managed like one. Just
select the one with the lowest cost this is most easily accessible. He
went on to say IT management should see themselves as a utility
within the company and work to keep costs down. For Carr IT’s
goal is to provide the best service with minimal downtime. Carr
saw no competitive advantage to be gained through information
technology.
As you can imagine, this article caused quite an uproar, especially
from IT companies. Many articles were written in defense of IT
while others supported Carr. In 2004 Carr released a book based on
the article entitled Does IT Matter? A year later he was interviewed
by CNET on the topic “IT still doesn’t matter.” Click here to watch
the video of Carr being interviewed about his book on CNET.
Probably the best thing to come out of the article and subsequent
book were discussions on the place of IT in a business strategy, and
Chapter 7: Does IT Matter? | 153

IT doesn’t matter, part 1

exactly what role IT could play in competitive advantage. That is the
question to be addressed in this chapter.
Competitive Advantage
What does it mean when a company has a competitive advantage?
What are the factors that play into it? Michael Porter in his
book Competitive Advantage: Creating and Sustaining Superior
Performance. writes that a company is said to have a competitive
advantage over its rivals when it is able to sustain profits that exceed
the average for the industry. According to Porter, there are two
primary methods for obtaining competitive advantage: cost
advantage and differentiation advantage. 2 So the question for I.T.
becomes: How can information technology be a factor in one or both
of these methods?
The following sections address this question by using two of
Porter’s analysis tools: the value chain and the five forces model.
Porter’s analysis in his 2001 article “Strategy and the Internet,”
which examines the impact of the Internet on business strategy and
competitive advantage, will be used to shed further light on the role
of information technology in gaining competitive advantage.3
2. [3]
3. [4]
154 | Information Systems for Business and Beyond (2019)

Diagram of
Porter’s
Value Chain
(click to
enlarge)
The Value Chain
In his book Competitive Advantage: Creating and Sustaining
Performance Porter describes exactly how a company can create
value and therefore profit. Value is built through the value chain: a
series of activities undertaken by the company to produce a product
or service. Each step in the value chain contributes to the overall
value of a product or service. While the value chain may not be a
perfect model for every type of company, it does provide a way to
analyze just how a company is producing value. The value chain is
made up of two sets of activities: primary activities and support
activities. An explanation of these activities and a discussion of
how information technology can play a role in creating value by
contributing to cost advantage or differentiation advantage appears
next.
Primary activities are the functions that directly impact the
creation of a product or service. The goal of a primary activity is to
add value that is greater than the cost of that activity. The primary
activities are:
• Inbound logistics. These are the processes that bring in raw
materials and other needed inputs. Information technology
can be used to make these processes more efficient, such as
with supply-chain management systems which allow the
suppliers to manage their own inventory.
• Operations. Any part of a business that converts the raw
materials into a final product or service is a part of operations.
Chapter 7: Does IT Matter? | 155

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2018/07/Porters-Value-Chain

From manufacturing to business process management
(covered in Chapter 8), information technology can be used to
provide more efficient processes and increase innovation
through flows of information.
• Outbound logistics. These are the functions required to get
the product out to the customer. As with inbound logistics, IT
can be used here to improve processes, such as allowing for
real-time inventory checks. IT can also be a delivery
mechanism itself.
• Sales/Marketing. The functions that will entice buyers to
purchase the products are part of sales and marketing.
Information technology is used in almost all aspects of this
activity. From online advertising to online surveys, IT can be
used to innovate product design and reach customers as never
before. The company website can be a sales channel itself.
• Service. Service activity involves the functions a business
performs after the product has been purchased to maintain
and enhance the product’s value. Service can be enhanced via
technology as well, including support services through
websites and knowledge bases.
The support activities are the functions in an organization that
support all of the primary activities. Support activities can be
considered indirect costs to the organization. The support activities
are:
• Firm infrastructure. An organization’s infrastructure includes
finance, accounting, ERP systems (covered in Chapter 9) and
quality control. All of these depend on information technology
and represent functions where I.T. can have a positive impact.
• Human Resource Management Human Resource Management
(HRM) consists of recruiting, hiring, and other services needed
to attract and retain employees. Using the Internet, HR
departments can increase their reach when looking for
candidates. I.T. also allows employees to use technology for a
156 | Information Systems for Business and Beyond (2019)

Porter’s Five Forces (click to enlarge)
more flexible work environment.
• Technology development. Technology development provides
innovation that supports primary activities. These advances
are integrated across the firm to add value in a variety of
departments. Information technology is the primary generator
of value in this support activity.
• Procurement. Procurement focuses on the acquisition of raw
materials used in the creation of products. Business-to-
business e-commerce can be used to improve the acquisition
of materials.
This analysis of the value chain provides some insight into how
information technology can lead to competitive advantage. Another
important concept from Porter is the “Five Forces Model.”
Porter’s Five Forces
Porter developed the Five
Forces model as a framework
for industry analysis. This
model can be used to help
understand the degree of
competition in an industry and
analyze its strengths and
weaknesses. The model
consists of five elements, each of which plays a role in determining
the average profitability of an industry. In 2001 Porter wrote an
article entitled ”Strategy and the Internet,” in which he takes this
model and looks at how the Internet impacts the profitability of an
industry. Below is a quick summary of each of the Five Forces and
the impact of the Internet.
• Threat of substitute products or services. The first force
Chapter 7: Does IT Matter? | 157

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2018/07/Porters-Five-Forces1

challenges the user to consider the likelihood of another
produce or service replacing the product or service you offer.
The more types of products or services there are that can meet
a particular need, the less profitability there will be in an
industry. In the communications industry, the smartphone has
largely replaced the pager. In some construction projects,
metal studs have replaced wooden studs for framing. The
Internet has made people more aware of substitute products,
driving down industry profits in those industries in which
substitution occurs. Please notice that substitution refers to a
product being replaced by a similar product for the purpose of
accomplishing the same task. It does not mean dissimilar
products or services such as flying to a destination rather than
traveling by rail.
• Bargaining power of suppliers. A supplier’s bargaining power
is strong when there are few suppliers from which your
company can obtain a needed product or service. Conversely,
when they are many suppliers their bargaining power is lower
since your company would have many sources from which to
source a product. When your company has several suppliers to
choose from, you can negotiate a lower price. When a sole
supplier exists, then your company is at the mercy of the
supplier. For example, if only one company makes the
controller chip for a car engine, that company can control the
price, at least to some extent. The Internet has given
companies access to more suppliers, driving down prices.
• Bargaining power of customers. A customer’s bargaining
power is strong when your company along with your
competitors is attempting to provide the same product to this
customer. In this instance the customer has many sources
from which to source a product so they can approach your
company and seek a price reduction. If there are few suppliers
in your industry, then the customer’s bargaining power is
considered low.
• Barriers to entry. The easier it is to enter an industry, the
158 | Information Systems for Business and Beyond (2019)

more challenging it will be to make a profit in that industry.
Imagine you are considering starting a lawn mowing business.
The entry barrier is very low since all you need is a law mower.
No special skills or licenses are required. However, this means
your neighbor next door may decide to start mowing lawns
also, resulting in increased competition. In contrast a highly
technical industry such as manufacturing of medical devices
has numerous barriers to entry. You would need to find
numerous suppliers for various components, hire a variety of
highly skilled engineers, and work closely with the Food and
Drug Administration to secure approval for the sale of your
products. In this example the barriers to entry are very high so
you should expect few competitors.
• Rivalry among existing competitors: Rivalry among existing
competitors helps you evaluate your entry into the market.
When rivalry is fierce, each competitor is attempting to gain
additional market share from the others. This can result in
aggressive pricing, increasing customer support, or other
factors which might lure a customer away from a competitor.
Markets in which rivalry is low may be easier to enter and
become profitable sooner because all of the competitors are
accepting of each other’s presence.
Porter’s five forces are used to analyze an industry to determine
the average profitability of a company within that industry. Adding
in Porter’s analysis of the Internet to his Five Forces results in the
realization that technology has lowered overall profitability. 4
4. [5]
Chapter 7: Does IT Matter? | 159

Using Information Systems for Competitive
Advantage
Having learned about Porter’s Five Forces and their impact on a
firm’s ability to generate a competitive advantage, it is time to look
at some examples of competitive advantage. A strategic information
system is designed specifically to implement an organizational
strategy meant to provide a competitive advantage. These types of
information systems began popping up in the 1980s, as noted in a
paper by Charles Wiseman entitled “Creating Competitive Weapons
From Information Systems.”5
A strategic information system attempts to do one or more of the
following:
• Deliver a product or a service at a lower cost;
• Deliver a product or service that is differentiated;
• Help an organization focus on a specific market segment;
• Enable innovation.
Here are some examples of information systems that fall into this
category.
Business Process Management Systems
In their book, IT Doesn’t Matter – Business Processes Do, Howard
Smith and Peter Fingar argue that it is the integration of information
systems with business processes that leads to competitive
advantage. The authors state that Carr’s article is dangerous
because it gave CEOs and IT managers approval to start cutting
5. [6]
160 | Information Systems for Business and Beyond (2019)

Comparison
of process
with and
without EDI
(click to
enlarge)
their technology budgets, putting their companies in peril. True
competitive advantage can be found with information systems that
support business processes. Chapter 8 focuses on the use of
business processes for competitive advantage.
Electronic Data Interchange
Electronic Data Interchange (EDI) provides a competitive advantage
through integrating the supply chain electronically. EDI can be
thought of as the computer-to-computer exchange of business
documents in a standard electronic format between business
partners. By integrating suppliers and distributors via EDI, a
company can vastly reduce the resources required to manage the
relevant information. Instead of manually ordering supplies, the
company can simply place an order via the computer and the
products are ordered.
Chapter 7: Does IT Matter? | 161

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2018/07/EDI-example-1

Collaborative Systems
As organizations began to implement networking technologies,
information systems emerged that allowed employees to begin
collaborating in different ways. These systems allowed users to
brainstorm ideas together without the necessity of physical, face-
to-face meetings. Tools such as video conferencing with Skype or
WebEx, collaboration and document sharing with Microsoft
SharePoint, and project management with SAP’s Project System
make collaboration possible in a variety of endeavors.
Broadly speaking, any software that allows multiple users to
interact on a document or topic could be considered collaborative.
Electronic mail, a shared Word document, and social networks fall
into this broad definition. However, many software tools have been
created that are designed specifically for collaborative purposes.
These tools offer a broad spectrum of collaborative functions. Here
is just a short list of some collaborative tools available for businesses
today:
• Google Drive. Google Drive offers a suite of office applications
(such as a word processor, spreadsheet, drawing, presentation)
that can be shared between individuals. Multiple users can edit
the documents at the same time and the threaded comments
option is available.
• Microsoft SharePoint. SharePoint integrates with Microsoft
Office and allows for collaboration using tools most office
workers are familiar with. SharePoint was covered in greater
detail in chapter 5.
• Cisco WebEx. WebEx combines video and audio
communications and allows participants to interact with each
other’s computer desktops. WebEx also provides a shared
whiteboard and the capability for text-based chat to be going
on during the sessions, along with many other features. Mobile
editions of WebEx allow for full participation using
162 | Information Systems for Business and Beyond (2019)

http://drive.google.com/

http://office.microsoft.com/en-us/microsoft-sharepoint-collaboration-software-FX103479517.aspx

http://webex.com/

smartphones and tablets.
• GitHub. Programmers/developers use GitHub for web-based
team development of computer software.
Decision Support Systems
A decision support system (DSS) helps an organization make a
specific decision or set of decisions. DSSs can exist at different
levels of decision-making within the organization, from the CEO
to first level managers. These systems are designed to take inputs
regarding a known (or partially-known) decision making process
and provide the information necessary to make a decision. DSSs
generally assist a management level person in the decision-making
process, though some can be designed to automate decision-
making.
An organization has a wide variety of decisions to make, ranging
from highly structured decisions to unstructured decisions. A
structured decision is usually one that is made quite often, and one
in which the decision is based directly on the inputs. With
structured decisions, once you know the necessary information you
also know the decision that needs to be made. For example,
inventory reorder levels can be structured decisions. Once your
inventory of widgets gets below a specific threshold, automatically
reorder ten more. Structured decisions are good candidates for
automation, but decision-support systems are generally not built
for them.
An unstructured decision involves a lot of unknowns. Many times
unstructured decisions are made for the first time. An information
system can support these types of decisions by providing the
decision makers with information gathering tools and collaborative
capabilities. An example of an unstructured decision might be
Chapter 7: Does IT Matter? | 163

https://github.com/

dealing with a labor issue or setting policy for the implementation
of a new technology.
Decision support systems work best when the decision makers
are having to make semi-structured decisions. A semi-structured
decision is one in which most of the factors needed for making the
decision are known but human experience and other outside factors
may still impact the decision. A good example of an semi-structured
decision would be diagnosing a medical condition (see sidebar).
As with collaborative systems, DSSs can come in many different
formats. A nicely designed spreadsheet that allows for input of
specific variables and then calculates required outputs could be
considered a DSS. Another DSS might be one that assists in
determining which products a company should develop. Input into
the system could include market research on the product,
competitor information, and product development costs. The
system would then analyze these inputs based on the specific rules
and concepts programmed into it. The system would report its
results with recommendations and/or key indicators to be used in
making a decision. A DSS can be looked at as a tool for competitive
advantage because it can give an organization a mechanism to make
wise decisions about products and innovations.
164 | Information Systems for Business and Beyond (2019)

Isabel screen shot
Sidebar: Isabel – A Health Care DSS
A discussed in the text, DSSs
are best applied to semi-
structured decisions, in which
most of the needed inputs are
known but human experience
and environmental factors also
play a role. A good example for
today is Isabel, a health care
DSS. The creators of Isabel
explain how it works:
Isabel uses the information routinely captured
during your workup, whether free text or structured
data, and instantaneously provides a diagnosis
checklist for review. The checklist contains a list of
possible diagnoses with critical “Don’t Miss
Diagnoses” flagged. When integrated into your
Electronic Medical Records (EMR) system, Isabel can
provide “one click” seamless diagnosis support with
no additional data entry. 6
Investing in IT for Competitive Advantage
In 2008, Brynjolfsson and McAfee published a study in the Harvard
Business Review on the role of IT in competitive advantage, entitled
6. [7]
Chapter 7: Does IT Matter? | 165

http://www.isabelhealthcare.com/

http://hbr.org/2008/07/investing-in-the-it-that-makes-a-competitive-difference/ar/1

“Investing in the IT That Makes a Competitive Difference.” Their
study confirmed that IT can play a role in competitive advantage if
deployed wisely. In their study, they drew three conclusions7:
• First, the data show that IT has sharpened differences
among companies instead of reducing them. This
reflects the fact that while companies have always
varied widely in their ability to select, adopt, and exploit
innovations, technology has accelerated and amplified
these differences.
• Second, good management matters. Highly qualified
vendors, consultants, and IT departments might be
necessary for the successful implementation of
enterprise technologies themselves, but the real value
comes from the process innovations that can now be
delivered on those platforms. Fostering the right
innovations and propagating them widely are both
executive responsibilities – ones that can’t be delegated.
• Finally, the competitive shakeup brought on by IT is not
nearly complete, even in the IT-intensive US economy.
You can expect to see these altered competitive
dynamics in other countries, as well, as their IT
investments grow.
Information systems can be used for competitive advantage, but
they must be used strategically. Organizations must understand
how they want to differentiate themselves and then use all the
elements of information systems (hardware, software, data, people,
and process) to accomplish that differentiation.
7. [8]
166 | Information Systems for Business and Beyond (2019)

Summary
Information systems are integrated into all components of business
today, but can they bring competitive advantage? Over the years,
there have been many answers to this question. Early research
could not draw any connections between IT and profitability, but
later studies have shown that the impact can be positive. IT is
not a panacea. Just purchasing and installing the latest technology
will not by itself make a company more successful. Instead, the
combination of the right technologies and good management will
give a company the best chance for a positive result.
Study Questions
1. What is the productivity paradox?
2. Summarize Carr’s argument in “Does IT Matter.”
3. How is the 2008 study by Brynjolfsson and McAfee different
from previous studies? How is it the same?
4. What does it mean for a business to have a competitive
advantage?
5. What are the primary activities and support activities of the
value chain?
6. What has been the overall impact of the Internet on industry
profitability? Who has been the true winner?
7. How does EDI work?
8. Give an example of a semi-structured decision and explain
what inputs would be necessary to provide assistance in
making the decision.
9. What does a collaborative information system do?
10. How can IT play a role in competitive advantage, according to
Chapter 7: Does IT Matter? | 167

the 2008 article by Brynjolfsson and McAfee?
Exercises
1. Analyze Carr’s position in regards to PC vs. Mac, Open Office
vs. Microsoft Office, and Microsoft Powerpoint vs. Tableau.
2. Do some independent research on Nicholas Carr (the author of
“IT Doesn’t Matter”) and explain his current position on the
ability of IT to provide competitive advantage.
3. Review the WebEx website. What features of WebEx would
contribute to good collaboration? Compare WebEx with other
collaboration tools such as Skype or Google Hangouts?
Lab
1. Think of a semi-structured decision that you make in your
daily life and build your own DSS using a spreadsheet that
would help you make that decision.
1. Brynjolfsson, E. (1994). The Productivity Paradox of Information
Technology: Review and Assessment. Center for Coordination
Science MIT Sloan School of Management: Cambridge,
Massachusetts.↵
2. Brynjolfsson, E. and Hitt, L. (1998). Beyond the Productivity
Paradox. Communications of the ACM, 41, 49–55. ↵
3. Porter, M. (1985). Competitive Advantage: Creating and
Sustaining Superior Performance. New York: The Free Press. ↵
4. Porter, M. (2001, March). Strategy and the Internet. Harvard
168 | Information Systems for Business and Beyond (2019)

http://webex.com/

Business Review, 79 ,3. Retrieved from http://hbswk.hbs.edu/
item/2165.html ↵
5. Porter, M. (2001, March). Strategy and the Internet. Harvard
Business Review, 79, 3. Retrieved from http://hbswk.hbs.edu/
item/2165.html↵
6. Wiseman, C. and MacMillan, I. C. (1984). Creating Competitive
Weapons From Information Systems. Journal Of Business
Strategy, 5(2)., 42.↵
7. Isabel. (n.d.). Broaden Your Differential Diagnosis. Retrieved
from http://www.isabelhealthcare.com/home/ourmission. ↵
8. McAfee, A. and Brynjolfsson, E. (2008, July-August). Investing in
the IT That Makes a Competitive Difference. Harvard Business
Review.↵
Chapter 7: Does IT Matter? | 169

Chapter 8: Business Processes
Learning Objectives
Upon successful completion of this chapter, you will be
able to:
• define the term business process;
• understand the tools of documentation of business
processes;
• identify the different systems needed to support
business processes in an organization;
• explain the value of an enterprise resource
planning (ERP) system;
• explain how business process management and
business process reengineering work; and
• understand how information technology combined
with business processes can bring an organization
competitive advantage.

Introduction
The fourth component of information systems is process. But what is
a process and how does it tie into information systems? And in what
170 | Chapter 8: Business Processes

ways do processes have a role in business? This chapter looks to
answer those questions and also describe how business processes
can be used for strategic advantage.
What Is a Business Process?
We have all heard the term process before, but what exactly does
it mean? A process is a series of tasks that are completed in order to
accomplish a goal. A business process, therefore, is a process that is
focused on achieving a goal for a business. Processes are something
that businesses go through every day in order to accomplish their
mission. The better their processes, the more effective the business.
Some businesses see their processes as a strategy for achieving
competitive advantage. A process that achieves its goal in a unique
way can set a company apart. A process that eliminates costs can
allow a company to lower its prices (or retain more profit). If you
have worked in a business setting, you have participated in a
business process. Anything from a simple process for making a
sandwich at Subway to building a space shuttle utilizes one or more
business processes. In the context of information systems, a
business process is a set of business activities performed by human
actors and/or the information system to accomplish a specific
outcome.
Documenting a Process
Every day each of us will perform many processes without even
thinking about them such as getting ready for work, using an ATM,
texting a friend, etc. As processes grow more complex, documenting
becomes necessary. It is essential for businesses to do this because
it allows them to ensure control over how activities are undertaken
Chapter 8: Business Processes | 171

in their organization. It also allows for standardization. For example,
McDonald’s has the same process for building a Big Mac in all of its
restaurants.
The simplest way to document a process is to just create a list.
The list shows each step in the process. Each step can be checked
off upon completion. A simple process such as how to create an
account on gmail might look like this:
1. Go to gmail.com.
2. Click “Create account.”
3. Enter your contact information in the “Create your Google
Account” form.
4. Choose your username and password.
5. Agree to User Agreement and Privacy Policy by clicking on
“Submit.”
For processes that are not so straightforward, documenting all of
the steps as a checklist may not be sufficient. For example, here
is the process for determining if an article for a term needs to be
added to Wikipedia:
1. Search Wikipedia to determine if the term already exists.
2. If the term is found, then an article is already written, so you
must think of another term. Go to step 1.
3. If the term is not found, then look to see if there is a related
term.
4. If there is a related term, then create a redirect.
5. If there is not a related term, then create a new article.
This procedure is relatively simple. In fact it has the same number
of steps as the previous example, but because it has some decision
points, it is more difficult to track as a simple list. In these cases it
may make more sense to use a diagram to document the process.
172 | Information Systems for Business and Beyond (2019)

Diagram of an example business
process (click to enlarge)

Business Process
Modeling Notation
A diagramming tool for
documentation of business
process is a formalized visual
language that provides systems
analysts with the ability to describe the business processes
unambiguously, to visualize the business processes for systematic
understanding, and to communicate the business process for
business process management. Natural languages (e.g., English) are
incapable to explain complex business processes. Diagrams have
been used as tools for business process modeling in the information
systems field. There have been many types of business process
diagramming tools, and each of them has its own style and syntax to
serve its particular purpose. The most commonly used business
process diagramming tools are Business Process Modeling Notation
(BPMN), Data Flow Diagram (DFD), and the Unified Modeling
Language (UML).
BPMN is an extension of the traditional flowchart method by
adding more diagramming elements for descriptions of business
process. The objective of BPMN is to support business process
documentation by providing intuitive notations for business rules.
The flowchart style diagrams in BPMN can provide detailed
specifications business processes from start to end. However,
BPMN is short of the ability of system decomposition for large
information systems.
DFD has served as a foundation of many other tools of
documentation of business process. The central concept of DFD is
a top-down approach to understanding a system. The top-down
approach is consistent with the system concept that views a system
Chapter 8: Business Processes | 173

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2018/07/Process_diagram1

in a holistic manner and concerns an understanding of a system
by examining the components and their interactions within the
system. More importantly, while describing a business process by
using DFD, the data stores used in the process and generated data
flows in the process are also defined. We will provide an example
of DFD in the Sidebar section of this chapter to illustrate the
integration of data and business tasks in documenting a business
process.
The Unified Modeling Language (UML) is a general-purpose
modeling tool in the field of software engineering for constructing
all types of computerized systems. UML includes a set of various
types of diagrams with different subjects of modeling and
diversified graphics styles. The diversified diagrams in UML can
provide detailed specifications for software engineering in many
perspectives for construction of information systems, but could
be too complicated for documenting business processes from the
perspective of business process management.
Managing Business Process Documentation
As organizations begin to document their processes, it becomes an
administrative responsibility to keep track of them. As processes
change and improve, it is important to know which processes are
the most recent. It is also important to manage the process so
that it can be easily updated. The requirement to manage process
documentation has been one of the driving forces behind the
creation of the document management system. A document
management system stores and tracks documents and supports the
following functions.
• Versions and timestamps. The document management system
will keep multiple versions of documents. The most recent
version of a document is easy to identify and will be
174 | Information Systems for Business and Beyond (2019)

An ERP System (click to enlarge)
considered the default.
• Approvals and workflows. When a process needs to be
changed, the system will manage both access to the
documents for editing and the routing of the document for
approval.
• Communication. When a process changes, those who
implement the process need to be made aware of the changes.
The document management system will notify the appropriate
people when a change to a document has been approved.
Of course, document management systems are not only used for
managing business process documentation. Many other types of
documents are managed in these systems, such as legal documents
or design documents.
ERP Systems
An Enterprise Resource Planning (ERP) system is software with a
centralized database that can be used to run an entire company.
Here are some of the main components of an ERP system.
Computer program. The
system is a computer program,
which means that it has been
developed with specific logic
and rules behind it. It is
customized and installed to
work specifically for an
individual organization.
• Centralized database. All data
in an ERP system is stored in a
single, central database.
Centralization is key to the success of an ERP. Data entered in
Chapter 8: Business Processes | 175

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2018/07/ERP

one part of the company can be immediately available to other
parts of the company.
• Used to run an entire company. An ERP can be used to
manage an entire organization’s operations. Companies can
purchase modules for an ERP that represent different
functions within the organization such as finance,
manufacturing, and sales. Some companies choose to purchase
many modules, others choose a subset of the modules.
An ERP system not only centralizes an organization’s data, but
the processes it enforces are the processes the organization has
adopted. When an ERP vendor designs a module, it has to
implement the rules for the associated business processes. Best
practices can be built into the ERP – a major selling point for ERP. In
other words, when an organization implements an ERP, it also gets
improved best practices as part of the deal.
For many organizations the implementation of an ERP system is
an excellent opportunity to improve their business practices and
upgrade their software at the same time. But for others an ERP
brings a challenge. Is the process embedded in the ERP really better
than the process they are currently utilizing? And if they implement
this ERP and it happens to be the same one that all of their
competitors have, will they simply become more like them, making
it much more difficult to differentiate themselves? A large
organization may have one version of the ERP, then acquire a
subsidiary which has a more recent version. Imagine the challenge
of requiring the subsidiary to change back to the earlier version.
One of the criticisms of ERP systems has been that they
commoditize business processes, driving all businesses to use the
same processes and thereby lose their uniqueness. The good news
is that ERP systems also have the capability to be configured with
custom processes. For organizations that want to continue using
their own processes or even design new ones, ERP systems offer
customization so the ERP is unique to the organization.
176 | Information Systems for Business and Beyond (2019)

Registered
Trademark
of SAP
There is a drawback to customizing an ERP system. Namely,
organizations have to maintain the changes themselves. Whenever
an update to the ERP system comes out, any organization that
has created a custom process will be required to add that change
to their new ERP version. This requires someone to maintain a
listing of these changes as well as re-testing the system every time
an upgrade is made. Organizations will have to wrestle with this
decision. When should they go ahead and accept the best-practice
processes built into the ERP system and when should they spend
the resources to develop their own processes?
Some of the best-known ERP vendors are SAP, Microsoft, and
Oracle.
Business Process Management
Organizations that are serious about improving their business
processes will also create structures to manage those
processes. Business process management (BPM) can be thought of
as an intentional effort to plan, document, implement, and
distribute an organization’s business processes with the support of
information technology.
BPM is more than just automating some simple steps. While
automation can make a business more efficient, it cannot be used to
Chapter 8: Business Processes | 177

provide a competitive advantage. BPM, on the other hand, can be an
integral part of creating that advantage.
Not all of an organization’s processes should be managed this way.
An organization should look for processes that are essential to the
functioning of the business and those that may be used to bring a
competitive advantage. The best processes to look at are those that
include employees from multiple departments, those that require
decision-making that cannot be easily automated, and processes
that change based on circumstances. Here is an example.
Suppose a large clothing retailer is looking to gain a competitive
advantage through superior customer service. A task force is
created to develop a state-of-the-art returns policy that allows
customers to return any article of clothing, no questions asked. The
organization also decides that, in order to protect the competitive
advantage that this returns policy will bring, they will develop their
own customization to their ERP system to implement this returns
policy. In preparation for the rollout of the system, all customer
service employees are trained, showing how to use the new system
and specifically how to process returns. Once the updated returns
process is implemented, the organization will be able to measure
several key indicators about returns that will allow them to adjust
the policy as needed. For example, if it is determined that many
women are returning their high-end dresses after wearing them
once, they could implement a change to the process that limits
the return period to 14 days from the original purchase date. As
changes to the returns policy are made, the changes are rolled out
via internal communications and updates to the returns processing
on the system are made.
If done properly, business process management will provide
several key benefits to an organization, which can be used to
contribute to competitive advantage. These benefits include:
• Empowering employees. When a business process is designed
correctly and supported with information technology,
employees will be able to implement it on their own authority.
178 | Information Systems for Business and Beyond (2019)

In the returns policy example, an employee would be able to
accept returns made before fourteen days or use the system to
make determinations on what returns would be allowed after
fourteen days.
• Built-in reporting. By building measurement into the
programming, the organization can stay current on key
metrics regarding their processes. In this example, these can
be used to improve the returns process and also, ideally, to
reduce returns.
• Enforcing best practices. As an organization implements
processes supported by information systems, it can work to
implement the best practices for that class of business process.
In this example, the organization may want to require that all
customers returning a product without a receipt show a legal
ID. This requirement can be built into the system so that the
return will not be processed unless a valid ID number is
entered.
• Enforcing consistency. By creating a process and enforcing it
with information technology, it is possible to create
consistency across the entire organization. In this example, all
stores in the retail chain can enforce the same returns policy. If
the returns policy changes, the change can be instantly
enforced across the entire chain.
Business Process Re-engineering
As organizations look to manage their processes to gain a
competitive advantage, it is also important to understand that
existing ways of doing things may not be the most effective or
efficient. A process developed in the 1950s is not going to be better
just because it is now supported by technology.
In 1990 Michael Hammer published an article in the Harvard
Business Review entitled “Reengineering Work: Don’t Automate,
Obliterate.” This article suggested that simply automating a bad
Chapter 8: Business Processes | 179

process does not make it better. Instead, companies should “blow
up” their existing processes and develop new processes that take
advantage of the new technologies and concepts. He states in the
introduction to the article:
Many of our job designs, work flows, control mechanisms,
and organizational structures came of age in a different
competitive environment and before the advent of the
computer. They are geared towards greater efficiency and
control. Yet the watchwords of the new decade are
innovation and speed, service, and quality.
It is time to stop paving the cow paths. Instead of
embedding outdated processes in silicon and software, we
should obliterate them and start over. We should “re-
engineer” our businesses: use the power of modern
information technology to radically redesign our business
processes in order to achieve dramatic improvements in
their performance.1
Business Process Re-engineering (BPR) is not just taking an existing
process and automating it. BPR is fully understanding the goals of a
process and then dramatically redesigning it from the ground up to
achieve dramatic improvements in productivity and quality. But this
is easier said than done. Most people think in terms of how to do
small, local improvements to a process. Complete redesign requires
thinking on a larger scale. Hammer provides some guidelines for
how to go about doing business process re-engineering:
• Organize around outcomes, not tasks. This simply means
design the process so that, if possible, one person performs all
the steps. Instead of passing the task on to numerous people,
one person does the entire process, resulting in greater speed
1. [1]
180 | Information Systems for Business and Beyond (2019)

and customer responsiveness.
• Have those who use the outcomes of the process perform the
process. With the use of information technology many simple
tasks are now automated so the person who needs the
outcome should be empowered to perform it. Hammer
provides the following example. Instead of having every
department in the company use a purchasing department to
order supplies, have the supplies ordered directly by those
who need the supplies using an information system.
• Merge information processing work into the real work that
produces the information. When one part of the company
creates information, such as sales information or payment
information, it should be processed by that same department.
There is no need for one part of the company to process
information created in another part of the company.
• Treat geographically dispersed resources as though they
were centralized. With the communications technologies
available today, it becomes easier than ever to focus on
physical location. A multinational organization does not need
separate support departments (such as IT, purchasing, etc.) for
each location anymore.
• Link parallel activities instead of integrating their results.
Departments that work in parallel should be sharing data and
communicating with each other during a process instead of
waiting until each group is done and then comparing notes.
The outdated concept of only linking outcomes results in re-
work, increased costs, and delays.
• Put the decision points where the work is performed, and
build controls into the process. The people who do the work
should have decision making authority and the process itself
should have built-in controls using information
technology. Today’s workforce is more educated and
knowledgeable than in the past so providing workers with
information technology can result in the employees controlling
their processes.
Chapter 8: Business Processes | 181

• Capture information at the source. Requiring information to
be entered more than once causes delays and errors. With
information technology, an organization can capture it once
and then make it available whenever needed.
These principles may seem like common sense today, but in 1990
they took the business world by storm. Hammer gives example after
example of how organizations improved their business processes
by many orders of magnitude without adding any new employees,
simply by changing how they did things (see sidebar).
Unfortunately, business process re-engineering got a bad name in
many organizations. This was because it was used as an excuse for
cost cutting that really had nothing to do with BPR. For example,
many companies simply used it as a reason for laying off part of
their workforce. However, today many of the principles of BPR have
been integrated into businesses and are considered part of good
business-process management.
Sidebar: Reengineering the College
Bookstore
The process of purchasing the correct textbooks in a timely manner
for college classes has always been problematic. Now with online
bookstores competing directly with the college bookstore for
students’ purchases, the college bookstore is under pressure to
justify its existence.
But college bookstores have one big advantage over their
competitors, namely they have access to students’ data. Once a
student has registered for classes, the bookstore knows exactly
what books that student will need for the upcoming term. To
leverage this advantage and take advantage of new technologies,
182 | Information Systems for Business and Beyond (2019)

College
Bookstore
Redesign
the bookstore wants to implement a new process that will make
purchasing books through the bookstore advantageous to students.
Though they may not be able to compete on price, they can provide
other advantages such as reducing the time it takes to find the
books and the ability to guarantee that the book is the correct
one for the class. In order to do this, the bookstore will need to
undertake a process redesign.
The goal of the process redesign is simple. Capture a higher
percentage of students as customers of the bookstore. After
diagramming the existing process and meeting with student focus
groups, the bookstore comes up with a new process. In the new
process the bookstore utilizes information technology to reduce the
amount of work the students need to do in order to get their books.
In this new process the bookstore sends the students an e-mail
with a list of all the books required for their upcoming classes. By
clicking a link in this e-mail the students can log into the bookstore,
confirm their books, and complete the purchase. The bookstore will
then deliver the books to the students. And there is an additional
benefit to the faculty: Professors are no longer asked to delay start
of semester assignments while students wait for books to arrive in
the mail. Instead, students can be expected to promptly complete
their assignments and the course proceeds on schedule.
Chapter 8: Business Processes | 183

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2018/07/bookstore-flowchart

College bookstore data flow diagram
(original) (Click to enlarge)
College bookstore data flow diagram
(redesigned) (Click to enlarge)

Here are the changes to this process shown as data flow diagrams:

184 | Information Systems for Business and Beyond (2019)

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2018/07/DFD1B

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2018/07/DFD2A

Sidebar: ISO Certification
Many organizations now claim that they are using best practices
when it comes to business processes. In order to set themselves
apart and prove to their customers, and potential customers, that
they are indeed doing this, these organizations are seeking out
an ISO 9000 certification. ISO is an acronym for International
Standards Organization (website here). This body defines quality
standards that organizations can implement to show that they are,
indeed, managing business processes in an effective way. The ISO
9000 certification is focused on quality management.
In order to receive ISO certification, an organization must be
audited and found to meet specific criteria. In its most simple form,
the auditors perform the following review.
• Tell me what you do (describe the business process).
• Show me where it says that (reference the process
documentation).
• Prove that this is what happened (exhibit evidence in
documented records).
Chapter 8: Business Processes | 185

http://www.iso.org/iso/home.html

Over the years, this certification has evolved and many branches
of the certification now exist. ISO certification is one way to
separate an organization from others. You can find out more about
the ISO 9000 standard here.
Summary
The advent of information technologies has had a huge impact on
how organizations design, implement, and support business
processes. From document management systems to ERP systems,
information systems are tied into organizational processes. Using
business process management, organizations can empower
employees and leverage their processes for competitive advantage.
Using business process reengineering, organizations can vastly
improve their effectiveness and the quality of their products and
services. Integrating information technology with business
processes is one way that information systems can bring an
organization lasting competitive advantage.
Study Questions
1. What does the term business process mean?
2. What are three examples of business process from a job you
have had or an organization you have observed?
3. What is the value in documenting a business process?
4. What is an ERP system? How does an ERP system enforce best
practices for an organization?
186 | Information Systems for Business and Beyond (2019)

http://www.iso.org/iso/home/standards/management-standards/iso_9000.htm

5. What is one of the criticisms of ERP systems?
6. What is business process re-engineering? How is it different
from incrementally improving a process?
7. Why did BPR get a bad name?
8. List the guidelines for redesigning a business process.
9. What is business process management? What role does it play
in allowing a company to differentiate itself?
10. What does ISO certification signify?
Exercises
1. Think of a business process that you have had to perform in
the past. How would you document this process? Would a
diagram make more sense than a checklist? Document the
process both as a checklist and as a diagram.
2. Review the return policies at your favorite retailer, then answer
this question. What information systems do you think would
need to be in place to support their return policy?
3. If you were implementing an ERP system, in which cases would
you be more inclined to modify the ERP to match your
business processes? What are the drawbacks of doing this?
4. Which ERP is the best? Do some original research and
compare three leading ERP systems to each other. Write a
two- to three-page paper that compares their features.

Labs
1. Visit a fast food restaurant of your choice. Observe the
Chapter 8: Business Processes | 187

processes used in taking an order, filling the order, and
receiving payment. Create a flowchart showing the steps used.
Then create a second flowchart indicating where you would
recommend improvements to the processes.
2. Virginia Mason Medical Center, located in Seattle, Washington,
needed to radically change some of their business processes.
Download the case study. Then read the case study and
respond to the following items.
1. Number of campuses
2. Number of employees
3. Number of physicians
4. Nature of the issue at Virginia Mason
5. “You cannot improve a process until…”
6. Discuss staff walking distance and inventory levels
7. How were patient spaces redesigned?
8. What happened to walking distance after this redesign?
9. Inventory was reduced by what percent?
10. Total cost savings =
1. Hammer, M. (1990). Reengineering work: don’t automate,
obliterate. Harvard Business Review 68.4, 104–112.↵
188 | Information Systems for Business and Beyond (2019)

https://drive.google.com/file/d/19LMjui3a6X6Ea-YOCA5W-1ofhcieROFj/view?usp=sharing

Chapter 9: The People in
Information Systems
Learning Objectives
Upon successful completion of this chapter, you will be
able to:
• describe each of the different roles that people play
in the design, development, and use of information
systems;
• understand the different career paths available to
those who work with information systems;
• explain the importance of where the information-
systems function is placed in an organization; and
• describe the different types of users of information
systems.

Introduction
The opening chapters of this text focused on the technology behind
information systems, namely hardware, software, data, and
networking. The last chapter covered business processes and the
Chapter 9: The People in Information
Systems | 189

U. S. Bureau
of Labor
Statistics –
2020
Projections
key role they can play in the success of a business. This chapter
discusses people, the last component of an information system.
People are involved in information systems in just about every
way. People imagine information systems, people develop
information systems, people support information systems, and,
perhaps most importantly, people use information systems.
The Creators of Information Systems
The first group of people to be considered play a role in designing,
developing, and building information systems. These people are
generally technical and have a background in programming,
analysis, information security, or database design. Just about
everyone who works in the creation of information systems has a
minimum of a bachelor’s degree in computer science or information
systems, though that is not necessarily a requirement. The process
of creating information systems will be covered in more detail in
Chapter 10.
The following chart shows the U. S. Bureau of Labor Statistics
projections for computing career employment in 2020.
190 | Information Systems for Business and Beyond (2019)

Systems Analyst
The systems analyst straddles the divide between identifying
business needs and imagining a new or redesigned system to fulfill
those needs. This individual works with a team or department
seeking to identify business requirements and analyze the specific
details of an existing system or a system that needs to be built.
Generally, the analyst is required to have a good understanding
of the business itself, the purpose of the business, the business
processes involved, and the ability to document them well. The
analyst identifies the different stakeholders in the system and works
to involve the appropriate individuals in the analysis process.
Prior to analyzing the problem or the system of concern, the
analyst needs to a) clearly identify the problem, b) gain approval for
the project, c) identify the stakeholders, and d) develop a plan to
monitor the project. The analysis phase of the project can be broken
down into five steps.
1. Seek out and identify the details
2. Specify requirements
3. Decide which requirements are most important
4. Create a dialog showing how the user interacts with the
existing system
5. Ask users to critique the list of requirements that have been
developed
The analysis phase involves both the systems analyst and the
users. It is important to realize the role the users take in the analysis
of the system. Users can have significant insights into how well the
current system functions as well as suggest improvements.
Once the requirements are determined, the analyst begins the
process of translating these requirements into an information
systems design. It is important to understand which different
technological solutions will work and provide several alternatives
to the client, based on the company’s budgetary constraints,
Chapter 9: The People in Information Systems | 191

technology constraints, and culture. Once the solution is selected,
the analyst will create a detailed document describing the new
system. This new document will require that the analyst understand
how to speak in the technical language of systems developers.
The design phase results in the components of the new system
being identified, including how they relate to one another. The
designer needs to communicate clearly with software developers as
well database administrators by using terminology that is consistent
with both of these specialties. The design phase of the project can
be broken down into six steps.
1. Design the hardware environment
2. Design the software
3. Design how the new system will interface with the users
4. Design hardware interfaces
5. Design database tables
6. Design system security
A systems analyst generally is not the one who does the actual
development of the information system. The design document
created by the systems analyst provides the detail needed to create
the system and is handed off to a developer to actually write the
software and to the database administrator to build the database
and tables that will be in the database.
Sometimes the system may be assembled from off-the-shelf
components by a person called a systems integrator. This is a
specific type of systems analyst that understands how to get
different software packages to work with each other.
To become a systems analyst, you should have a background both
in the business analysis and in systems design. Many analysts first
work as developers and have business experience before becoming
system analysts. It is vital for analysts to clearly understand the
purpose of the business of interest, realizing that all businesses are
unique.
192 | Information Systems for Business and Beyond (2019)

Programmer/Developer
Programmers spend their time writing computer code in a
programming language. In the case of systems development,
programmers generally attempt to fulfill the design specifications
given to them by a systems analyst/designer. Many different styles
of software development exist A programmer may work alone for
long stretches of time or work as part of a team with other
developers. A programmer needs to be able to understand complex
processes and also the intricacies of one or more programming
languages.
Computer Engineer
Computer engineers design the computing devices that are used
every day. There are many types of computer engineers who work
on a variety of different types of devices and systems. Some of the
more prominent computer engineering jobs are as follows:
• Hardware engineer. A hardware engineer designs hardware
and test components such as microprocessors, memory
devices, routers, and networks. Many times, a hardware
engineer is at the cutting edge of computing technology,
creating something brand new. Other times, the hardware
engineer’s job is to re-engineer an existing component to work
faster or use less power. Many times a hardware engineer’s job
is to write code to create a program that will be implemented
directly on a computer chip.
• Software engineer. Software engineers tend to focus on a
specific area of software such as operating systems, networks,
applications, or databases. Software engineers use three
primary skill areas: computer science, engineering, and
mathematics.
Chapter 9: The People in Information Systems | 193

• Systems engineer. A systems engineer takes the components
designed by other engineers and makes them all work
together, focusing on the integration of hardware and
software. For example, to build a computer the mother board,
processor, memory, and hard disk all have to work together. A
systems engineer has experience with many different types of
hardware and software and knows how to integrate them to
create new functionality.
• Network engineer. A network engineer understands the
networking requirements of an organization and then designs
a communications system to meet those needs, using the
networking hardware and software, sometimes referred to as a
network operating system. Network engineers design both
local area networks as well as wide area networks.
There are many different types of computer engineers, and often
the job descriptions overlap. While many may call themselves
engineers based on a company job title, there is also a professional
designation of “professional engineer” which has specific
requirements. In the United States each state has its own set of
requirements for the use of this title, as do different countries
around the world. Most often, it involves a professional licensing
exam.
Information Systems Operations and
Administration
Another group of information systems professionals are involved in
the day-to-day operations and administration of IT. These people
must keep the systems running and up-to-date so that the rest
of the organization can make the most effective use of these
resources.
194 | Information Systems for Business and Beyond (2019)

Computer Operator
A computer operator is the person who oversees the mainframe
computers and data centers in organizations. Some of their duties
include keeping the operating systems up to date, ensuring available
memory and disk storage, providing for redundancy (think
electricity, connectivity to the Internet, and database backups), and
overseeing the physical environment of the computer. Since
mainframe computers increasingly have been replaced with servers,
storage management systems, and other platforms, computer
operators’ jobs have grown broader and include working with these
specialized systems.
Database Administrator
A Database Administrator (DBA) is the person who designs and
manages the databases for an organization. This person creates and
maintains databases that are used as part of applications or the
data warehouse. The DBA also consults with systems analysts and
programmers on projects that require access to or the creation of
databases.
Help Desk/Support Analyst
Most mid-size to large organizations have their own information
technology help desk. The help desk is the first line of support for
computer users in the company. Computer users who are having
problems or need information can contact the help desk for
assistance. Many times a help desk worker is a junior level employee
who is able to answer basic issues that users need assistance with.
Help desk analysts work with senior level support analysts or have a
Chapter 9: The People in Information Systems | 195

computer knowledgebase at their disposal to help them investigate
the problem at hand. The help desk is a great place to break into
working in IT because it exposes you to all of the different
technologies within the company. A successful help desk analyst
should have good communications skills and a sincere interest in
helping users.
Trainer
A computer trainer conducts classes to teach people specific
computer skills. For example, if a new ERP system is being installed
in an organization, one part of the implementation process is to
teach all of the users how to use the new system. A trainer may work
for a software company and be contracted to come in to conduct
classes when needed; a trainer may work for a company that offers
regular training sessions. Or a trainer may be employed full time for
an organization to handle all of their computer instruction needs.
To be successful as a trainer you need to be able to communicate
technical concepts clearly and demonstrate patience with learners.
Managing Information Systems

The management of information-systems functions is critical to
the success of information systems within the organization. Here
are some of the jobs associated with the management of
information systems.
196 | Information Systems for Business and Beyond (2019)

CIO
The Chief Information Officer (CIO) is the head of the information-
systems function. This person aligns the plans and operations of the
information systems with the strategic goals of the organization.
Tasks include budgeting, strategic planning, and personnel
decisions for the information systems function. The CIO must also
be the face of the IT department within the organization. This
involves working with senior leaders in all parts of the organization
to ensure good communication, planning, and budgeting.
Interestingly, the CIO position does not necessarily require a lot
of technical expertise. While helpful, it is more important for this
person to have good management skills and understand the
business. Many organizations do not have someone with the title
of CIO. Instead, the head of the information systems function is
called the Vice President of Information Systems or Director of
Information Systems.
Functional Manager
As an information systems organization becomes larger, many of
the different functions are grouped together and led by a manager.
These functional managers report to the CIO and manage the
employees specific to their function. For example, in a large
organization there are a group of systems analysts who report to
a manager of the systems analysis function. For more insight into
how this might look, see the discussion later in the chapter of how
information systems are organized.
Chapter 9: The People in Information Systems | 197

Gantt Chart
for
managing
projects
ERP Management
Organizations using an ERP require one or more individuals to
manage these systems. EPR managers make sure that the ERP
system is completely up to date, work to implement any changes to
the ERP that are needed, and consult with various user departments
on needed reports or data extracts.
Project Managers
Information systems projects are notorious for going over budget
and being delivered late. In many cases a failed IT project can spell
doom for a company. A project manager is responsible for keeping
projects on time and on budget. This person works with the
stakeholders of the project to keep the team organized and
communicates the status of the project to management. Gantt
charts, shown above, are used to graphically illustrate a project’s
schedule, tasks, and resources.
A project manager does not have authority over the project team.
198 | Information Systems for Business and Beyond (2019)

Instead, the project manager coordinates schedules and resources
in order to maximize the project outcomes. This leader must be a
good communicator and an extremely organized person. A project
manager should also have good people skills. Many organizations
require each of their project managers to become certified as a
Project Management Professional (PMP).
Information Security Officer
An information security officer is in charge of setting information
security policies for an organization and then overseeing the
implementation of those policies. This person may have one or more
people reporting to them as part of the information security team.
As information has become a critical asset, this position has become
highly valued. The information security officer must ensure that the
organization’s information remains secure from both internal and
external threats.
Emerging Roles
As technology evolves many new roles are becoming more common
as other roles diminish. For example, as we enter the age of “big
data,” we are seeing the need for more data analysts and business
intelligence specialists. Many companies are now hiring social
media experts and mobile technology specialists. The increased use
of cloud computing and Virtual Machine (VM) technologies also is
increasing demand for expertise in those areas.
Chapter 9: The People in Information Systems | 199

http://www.pmi.org/Certification/Project-Management-Professional-PMP.aspx

Career Paths in Information Systems
(click to enlarge)
Career Paths in Information Systems
These job descriptions do not
represent all possible jobs
within an information systems
organization. Larger
organizations will have more
specialized roles, while smaller
organizations may combine
some of these roles. Many of
these roles may exist outside of
a traditional information-
systems organization, as we will
discuss below.
Working with information
systems can be a rewarding
career choice. Whether you
want to be involved in very
technical jobs (programmer,
database administrator), or you
want to be involved in working
with people (systems analyst, trainer, project manager), there are
many different career paths available.

Many times those in technical jobs who want career advancement
find themselves in a dilemma. A person can continue doing
technical work, where sometimes their advancement options are
limited, or become a manager of other employees and put
themselves on a management career track. In many cases those
proficient in technical skills are not gifted with managerial skills.
Some organizations, especially those that highly value their
technically skilled employees, create a technical track that exists in
parallel to the management track so that they can retain employees
who are contributing to the organization with their technical skills.
200 | Information Systems for Business and Beyond (2019)

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2018/07/Career-Paths

CISCO certification badge
Sidebar: Are Certifications Worth Pursuing?
As technology becomes more important to businesses, hiring
employees with technical skills is becoming critical. But how can
an organization ensure that the person they are hiring has the
necessary skills? Many organizations are including technical
certifications as a prerequisite for getting hired.

Cisco Certified Internetwork Expert.
Certifications are
designations given by a
certifying body that someone
has a specific level of
knowledge in a specific
technology. This certifying
body is often the vendor of the
product itself, though
independent certifying
organizations, such as
CompTIA, also exist. Many of these organizations offer certification
tracks, allowing a beginning certificate as a prerequisite to getting
more advanced certificates. To get a certificate, you generally
attend one or more training classes and then take one or more
certification exams. Passing the exams with a certain score will
qualify you for a certificate. In most cases, these classes and
certificates are not free. In fact a highly technical certification can
cost thousands dollars. Some examples of the certifications in
highest demand include Microsoft (software certifications), Cisco
(networking), and SANS (security).
For many working in IT, determining whether to pursue one or
more of these certifications is an important question. For many jobs,
Chapter 9: The People in Information Systems | 201

http://certification.comptia.org/home.aspx

http://www.microsoft.com/learning/en/us/certification-overview.aspx

http://www.cisco.com/web/learning/certifications/index.html

http://www.sans.org/

such as those involving networking or security, a certificate will be
required by the employer as a way to determine which potential
employees have a basic level of skill. For those who are already in
an IT career, a more advanced certificate may lead to a promotion.
For those wondering about the importance of certification, the best
solution is to talk to potential employers and those already working
in the field to determine the best choice.
Organizing the Information Systems
Function
In the early years of computing, the information-systems function
(generally called “data processing”) was placed in the finance or
accounting department of the organization. As computing became
more important, a separate information-systems function was
formed, but it still was generally placed under the Chief Financial
Officer and considered to be an administrative function of the
company. By the 1980s and 1990s, when companies began
networking internally and then connecting to the Internet, the
information systems function was combined with the
telecommunications functions and designated as the Information
Technology (IT) department. As the role of information technology
continued to increase, its place in the organization became more
important. In many organizations today, the head of IT (the CIO)
reports directly to the CEO.
Where in the Organization Should IS Be?
Before the advent of the personal computer, the information
202 | Information Systems for Business and Beyond (2019)

systems function was centralized within organizations in order to
maximize control over computing resources. When the PC began
proliferating, many departments within organizations saw it as a
chance to gain some computing resources for themselves. Some
departments created an internal information systems group,
complete with systems analysts, programmers, and even database
administrators. These departmental IS groups were dedicated to
the information needs of their own departments, providing quicker
turnaround and higher levels of service than a centralized IT
department. However, having several IS groups within an
organization led to a lot of inefficiencies. There were now several
people performing the same jobs in different departments. This
decentralization also led to company data being stored in several
places all over the company.
In some organizations a matrix reporting structure developed in
which IT personnel were placed within a department and reported
to both the department management and the functional
management within IS. The advantages of dedicated IS personnel
for each department must be weighed against the need for more
control over the strategic information resources of the company.
For many companies, these questions are resolved by the
implementation of the ERP system (see discussion of ERP in Chapter
8). Because an ERP system consolidates most corporate data back
into a single database, the implementation of an ERP system
requires organizations to find “silos” of data so that they can
integrate them back into the corporate system. The ERP allows
organizations to regain control of their information and influences
organizational decisions throughout the company.
Outsourcing
Frequently an organization needs a specific skill for a limited period
of time. Instead of training existing employees or hiring new staff,
Chapter 9: The People in Information Systems | 203

it may make more sense to outsource the job. Outsourcing can be
used in many different situations within the information systems
function, such as the design and creation of a new website or the
upgrade of an ERP system. Some organizations see outsourcing as a
cost-cutting move, contracting out a whole group or department.
New Models of Organizations
The integration of information technology has influenced the
structure of organizations. The increased ability to communicate
and share information has led to a “flattening” of the organizational
structure due to the removal of one or more layers of management.
The network-based organizational structure is another changed
enabled by information systems. In a network-based organizational
structure, groups of employees can work somewhat independently
to accomplish a project. People with the right skills are brought
together for a project and then released to work on other projects
when that project is over. These groups are somewhat informal and
allow for all members of the group to maximize their effectiveness.
Information Systems Users – Types of Users
Besides the people who work to create, administer, and manage
information systems, there is one more extremely important group
of people, namely, the users of information systems. This group
represents a very large percentage of an organization’s employees.
If the user is not able to successfully learn and use an information
system, the system is doomed to failure.

Technology adoption user types
204 | Information Systems for Business and Beyond (2019)

Diffusion of Innovation (click to
enlarge)
One tool that can be used to
understand how users will
adopt a new technology comes
from a 1962 study by Everett
Rogers. In his book, Diffusion of
Innovation,[1]Rogers studied
how farmers adopted new
technologies and noticed that
the adoption rate started slowly
and then dramatically
increased once adoption hit a
certain point. He identified five specific types of technology
adopters:
• Innovators. Innovators are the first individuals to adopt a new
technology. Innovators are willing to take risks, are the
youngest in age, have the highest social class, have great
financial liquidity, are very social, and have the closest contact
with scientific sources and interaction with other innovators.
Risk tolerance is high so there is a willingness to adopt
technologies thast may ultimately fail. Financial resources help
absorb these failures (Rogers, 1962, p. 282).
• Early adopters. The early adopters are those who adopt
innovation soon after a technology has been introduced and
proven. These individuals have the highest degree of opinion
leadership among the other adopter categories, which means
that these adopters can influence the opinions of the largest
majority. Characteristics include being younger in age, having a
higher social status, possessing more financial liquidity, having
advanced education, and being more socially aware than later
adopters. These adopters are more discrete in adoption
choices than innovators, and realize judicious choice of
adoption will help them maintain a central communication
position (Rogers, 1962, p. 283).
• Early majority. Individuals in this category adopt an innovation
Chapter 9: The People in Information Systems | 205

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2018/07/diffusion-of-innovation

after a varying degree of time. This time of adoption is
significantly longer than the innovators and early adopters.
This group tends to be slower in the adoption process, has
above average social status, has contact with early adopters,
and seldom holds positions of opinion leadership in a system
(Rogers, 1962, p. 283).
• Late majority. The late majority will adopt an innovation after
the average member of the society. These individuals approach
an innovation with a high degree of skepticism, have below
average social status, very little financial liquidity, are in
contact with others in the late majority and the early majority,
and show very little opinion leadership.
• Laggards. Individuals in this category are the last to adopt an
innovation. Unlike those in the previous categories, individuals
in this category show no opinion leadership. These individuals
typically have an aversion to change agents and tend to be
advanced in age. Laggards typically tend to be focused on
“traditions,” are likely to have the lowest social status and the
lowest financial liquidity, be oldest of all other adopters, and be
in contact with only family and close friends.[2]
These five types of users can be translated into information
technology adopters as well, and provide additional insight into how
to implement new information systems within the organization. For
example, when rolling out a new system, IT may want to identify
the innovators and early adopters within the organization and work
with them first, then leverage their adoption to drive the rest of the
implementation to the other users.
Summary
In this chapter we have reviewed the many different categories
of individuals who make up the people component of information
206 | Information Systems for Business and Beyond (2019)

systems. The world of information technology is changing so fast
that new roles are being created all the time and roles that existed
for decades are being phased out. This chapter this chapter should
have given you a good idea and appreciation for the importance of
the people component of information systems.
Study Questions
1. Describe the role of a systems analyst.
2. What are some of the different roles for a computer engineer?
3. What are the duties of a computer operator?
4. What does the CIO do?
5. Describe the job of a project manager.
6. Explain the point of having two different career paths in
information systems.
7. What are the advantages and disadvantages of centralizing the
IT function?
8. What impact has information technology had on the way
companies are organized?
9. What are the five types of information-systems users?
10. Why would an organization outsource?
Exercises
1. Which IT job would you like to have? Do some original
research and write a two-page paper describing the duties of
the job you are interested in.
2. Spend a few minutes on Dice or Monster to find IT jobs in your
area. What IT jobs are currently available? Write up a two-page
Chapter 9: The People in Information Systems | 207

http://dice.com/

http://monster.com/

paper describing three jobs, their starting salary (if listed), and
the skills and education needed for the job.
3. How is the IT function organized in your school or place of
employment? Create an organization chart showing how the IT
organization fits into your overall organization. Comment on
how centralized or decentralized the IT function is.
4. What type of IT user are you? Take a look at the five types of
technology adopters and then write a one-page summary of
where you think you fit in this model.
Lab
1. Define each job in the list, then ask 10 friends to identify which
jobs they have heard about or know something about. Tabulate
your results.
2. Chief marketing technologist
3. Developer evangelist
4. Ethical hacker
5. Business intelligence analyst
6. Digital marketing manager
7. Growth hacker
8. UX designer
9. Cloud architect
10. Data detective
11. Master of edge computing
12. Digital prophet
13. NOC specialist
14. SEO/SEM specialist
1. Rogers, E. M. (1962). Diffusion of innovations. New York: Free
Press↵
208 | Information Systems for Business and Beyond (2019)

2. Rogers, E. M. (1962). Diffusion of innovations. New York: Free
Press↵
Chapter 9: The People in Information Systems | 209

Chapter 10: Information
Systems Development
Learning Objectives
Upon successful completion of this chapter, you will be
able to:
• Explain the overall process of developing new
software;
• Explain the differences between software
development methodologies;
• Understand the different types of programming
languages used to develop software;
• Understand some of the issues surrounding the
development of websites and mobile applications; and
• Identify the four primary implementation policies.

Introduction
When someone has an idea for a new function to be performed by
a computer, how does that idea become reality? If a company wants
to implement a new business process and needs new hardware or
210 | Chapter 10: Information
Systems Development

Software
development
methodologie
s
software to support it, how do they go about making it happen?
This chapter covers the different methods of taking those ideas and
bringing them to reality, a process known as information systems
development.
Programming
Software is created via programming, as discussed in Chapter 2.
Programming is the process of creating a set of logical instructions
for a digital device to follow using a programming language. The
process of programming is sometimes called “coding” because the
developer takes the design and encodes it into a programming
language which then runs on the computer.
The process of developing good software is usually not as simple
as sitting down and writing some code. Sometimes a programmer
can quickly write a short program to solve a need, but in most
instances the creation of software is a resource-intensive process
that involves several different groups of people in an organization.
In order to do this effectively, the groups agree to follow a specific
software development methodology. The following sections review
several different methodologies for software development, as
summarized in the table below and more fully described in the
following sections.

Chapter 10: Information Systems Development | 211

Systems Development Life Cycle
The Systems Development Life Cycle (SDLC) was first developed in
the 1960s to manage the large software projects associated with
corporate systems running on mainframes. This approach to
software development is very structured and risk averse, designed
to manage large projects that include multiple programmers and
systems that have a large impact on the organization. It requires
a clear, upfront understanding of what the software is supposed
to do and is not amenable to design changes. This approach is
roughly similar to an assembly line process, where it is clear to
all stakeholders what the end product should do and that major
changes are difficult and costly to implement.
Various definitions of the SDLC methodology exist, but most
contain the following phases.
1. Preliminary Analysis. A request for a replacement or new
system is first reviewed. The review includes questions such
as: What is the problem-to-be-solved? Is creating a solution
possible? What alternatives exist? What is currently being
done about it? Is this project a good fit for our organization?
After addressing these question, a feasibility study is launched.
The feasibility study includes an analysis of the technical
feasibility, the economic feasibility or affordability, and the
legal feasibility. This step is important in determining if the
project should be initiated and may be done by someone with a
title of Requirements Analyst or Business Analyst
2. System Analysis. In this phase one or more system analysts
work with different stakeholder groups to determine the
specific requirements for the new system. No programming is
done in this step. Instead, procedures are documented, key
players/users are interviewed, and data requirements are
developed in order to get an overall impression of exactly what
the system is supposed to do. The result of this phase is a
212 | Information Systems for Business and Beyond (2019)

system requirements document and may be done by someone
with a title of Systems Analyst
3. System Design. In this phase, a designer takes the system
requirements document created in the previous phase and
develops the specific technical details required for the system.
It is in this phase that the business requirements are translated
into specific technical requirements. The design for the user
interface, database, data inputs and outputs, and reporting are
developed here. The result of this phase is a system design
document. This document will have everything a programmer
needs to actually create the system and may be done by
someone with a title of Systems Analyst, Developer, or Systems
Architect, based on the scale of the project.
4. Programming. The code finally gets written in the
programming phase. Using the system design document as a
guide, programmers develop the software. The result of this
phase is an initial working program that meets the
requirements specified in the system analysis phase and the
design developed in the system design phase. These tasks are
done by persons with titles such as Developer, Software
Engineer, Programmer, or Coder.
5. Testing. In the testing phase the software program developed
in the programming phase is put through a series of structured
tests. The first is a unit test, which evaluates individual parts of
the code for errors or bugs. This is followed by a system test in
which the different components of the system are tested to
ensure that they work together properly. Finally, the user
acceptance test allows those that will be using the software to
test the system to ensure that it meets their standards. Any
bugs, errors, or problems found during testing are resolved
and then the software is tested again. These tasks are done by
persons with titles such as Tester, Testing Analyst, or Quality
Assurance.
6. Implementation. Once the new system is developed and tested,
it has to be implemented in the organization. This phase
Chapter 10: Information Systems Development | 213

The SDLC method (click to enlarge)
includes training the users, providing documentation, and data
conversion from the previous system to the new system.
Implementation can take many forms, depending on the type
of system, the number and type of users, and how urgent it is
that the system become operational. These different forms of
implementation are covered later in the chapter.
7. Maintenance. This final phase takes place once the
implementation phase is complete. In the maintenance phase
the system has a structured support process in place. Reported
bugs are fixed and requests for new features are evaluated and
implemented. Also, system updates and backups of the
software are made for each new version of the program. Since
maintenance is normally an Operating Expense (OPEX) while
much of development is a Capital Expense (CAPEX), funds
normally come out of different budgets or cost centers.
The SDLC methodology is
sometimes referred to as the
waterfall methodology to
represent how each step is a
separate part of the process.
Only when one step is
completed can another step
begin. After each step an
organization must decide when
to move to the next step. This methodology has been criticized for
being quite rigid, allowing movement in only one direction, namely,
forward in the cycle. For example, changes to the requirements are
not allowed once the process has begun. No software is available
until after the programming phase.
Again, SDLC was developed for large, structured projects. Projects
using SDLC can sometimes take months or years to complete.
Because of its inflexibility and the availability of new programming
techniques and tools, many other software development
214 | Information Systems for Business and Beyond (2019)

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2019/07/SDLC-Waterfall

methodologies have been developed. Many of these retain some of
the underlying concepts of SDLC, but are not as rigid.
Rapid Application Development
RAD Methodology (click to enlarge)
Rapid Application Development (RAD) focuses on quickly building
a working model of the software, getting feedback from users, and
then using that feedback to update the working model. After several
iterations of development, a final version is developed and
implemented.
The RAD methodology consists of four phases.
1. Requirements Planning. This phase is similar to the preliminary
analysis, system analysis, and design phases of the SDLC. In
this phase the overall requirements for the system are defined,
a team is identified, and feasibility is determined.
Chapter 10: Information Systems Development | 215

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2018/06/RADModel

2. User Design. In the user design phase representatives of the
users work with the system analysts, designers, and
programmers to interactively create the design of the system.
Sometimes a Joint Application Development (JAD) session is
used to facilitate working with all of these various
stakeholders. A JAD session brings all of the stakeholders for a
structured discussion about the design of the system.
Application developers also participate and observe, trying to
understand the essence of the requirements.
3. Construction. In the construction phase the application
developers, working with the users, build the next version of
the system through an interactive process. Changes can be
made as developers work on the program. This step is
executed in parallel with the User Design step in an iterative
fashion, making modifications until an acceptable version of
the product is developed.
4. Cutover. Cutover involves switching from the old system to the
new software. Timing of the cutover phase is crucial and is
usually done when there is low activity. For example, IT
systems in higher education undergo many changes and
upgrades during the summer or between fall semester and
spring semester. Approaches to the migration from the old to
the new system vary between organizations. Some prefer to
simply start the new software and terminate use of the old
software. Others choose to use an incremental cutover,
bringing one part online at a time. A cutover to a new
accounting system may be done one module at a time such as
general ledger first, then payroll, followed by accounts
receivable, etc. until all modules have been implemented. A
third approach is to run both the old and new systems in
parallel, comparing results daily to confirm the new system is
accurate and dependable. A more thorough discussion of
implementation strategies appears near the end of this
chapter.
216 | Information Systems for Business and Beyond (2019)

As you can see, the RAD methodology is much more compressed
than SDLC. Many of the SDLC steps are combined and the focus
is on user participation and iteration. This methodology is much
better suited for smaller projects than SDLC and has the added
advantage of giving users the ability to provide feedback throughout
the process. SDLC requires more documentation and attention to
detail and is well suited to large, resource-intensive projects. RAD
makes more sense for smaller projects that are less resource
intensive and need to be developed quickly.
Agile Methodologies
Agile methodologies are a group of methodologies that utilize
incremental changes with a focus on quality and attention to detail.
Each increment is released in a specified period of time (called a
time box), creating a regular release schedule with very specific
objectives. While considered a separate methodology from RAD,
the two methodologies share some of the same principles such as
iterative development, user interaction, and flexibility to change.
The agile methodologies are based on the “Agile Manifesto,” first
released in 2001.
Chapter 10: Information Systems Development | 217

http://agilemanifesto.org/

Agile Methodology
Agile and Iterative Development
The diagram above emphasizes iterations in the center of agile
development. You should notice how the building blocks of the
developing system move from left to right, a block at a time, not the
entire project. Blocks that are not acceptable are returned through
feedback and the developers make the needed modifications.
Finally, notice the Daily Review at the top of the diagram. Agile
Development means constant evaluation by both developers and
customers (notice the term “Collaboration”) of each day’s work.
The characteristics of agile methodology include:
• Small cross-functional teams that include development team
members and users;
• Daily status meetings to discuss the current state of the
project;
• Short time-frame increments (from days to one or two weeks)
for each change to be completed; and
218 | Information Systems for Business and Beyond (2019)

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2018/07/AGILE

Lean Methodology (click to enlarge)
• Working project at the end of each iteration which
demonstrates progress to the stakeholders.
The goal of agile methodologies is to provide the flexibility of an
iterative approach while ensuring a quality product.
Lean Methodology
One last methodology to
discuss is a relatively new
concept taken from the
business bestseller The Lean
Startup by Eric Reis. Lean
focuses on taking an initial idea
and developing a Minimum
Viable Product (MVP). The MVP
is a working software
application with just enough
functionality to demonstrate
the idea behind the project.
Once the MVP is developed, the development team gives it to
potential users for review. Feedback on the MVP is generated in two
forms. First, direct observation and discussion with the users and
second, usage statistics gathered from the software itself. Using
these two forms of feedback, the team determines whether they
should continue in the same direction or rethink the core idea
behind the project, change the functions, and create a new MVP.
This change in strategy is called a pivot. Several iterations of the
MVP are developed, with new functions added each time based on
the feedback, until a final product is completed.
The biggest difference between the iterative and non-iterative
methodologies is that the full set of requirements for the system are
not known when the project is launched. As each iteration of the
Chapter 10: Information Systems Development | 219

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2018/06/Lean-Methology

http://theleanstartup.com/

The quality triangle (click to enlarge)
project is released, the statistics and feedback gathered are used to
determine the requirements. The lean methodology works best in
an entrepreneurial environment where a company is interested in
determining if their idea for a program is worth developing.
Sidebar: The Quality Triangle
When developing software or
any sort of product or service,
there exists a tension between
the developers and the
different stakeholder groups
such as management, users,
and investors. This tension
relates to how quickly the
software can be developed
(time), how much money will be spent (cost), and how well it will be
built (quality). The quality triangle is a simple concept. It states that
for any product or service being developed, you can only address
two of the following: time, cost, and quality.
So why can only two of the three factors in the triangle be
considered? Because each of these three components are in
competition with each other! If you are willing and able to spend
a lot of money, then a project can be completed quickly with high
quality results because you can provide more resources towards
its development. If a project’s completion date is not a priority,
then it can be completed at a lower cost with higher quality results
using a smaller team with fewer resources. Of course, these are
just generalizations, and different projects may not fit this model
perfectly. But overall, this model is designed to help you understand
220 | Information Systems for Business and Beyond (2019)

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2018/06/Quality-Triangle

the trade-offs that must be made when you are developing new
products and services.
There are other, fundamental reasons why low-cost, high-quality
projects done quickly are so difficult to achieve.
1. The human mind is analog and the machines the software run
on are digital. These are completely different natures that
depend upon context and nuance versus being a 1 or a 0.
Things that seem obvious to the human mind are not so
obvious when forced into a 1 or 0 binary choice.
2. Human beings leave their imprints on the applications or
systems they design. This is best summed up by Conway’s Law
(1968) – “Organizations that design information systems are
constrained to do so in a way that mirrors their internal
communication processes.” Organizations with poor
communication processes will find it very difficult to
communicate requirements and priorities, especially for
projects at the enterprise level (i.e., that affect the whole
organization.
Programming Languages
As noted earlier, developers create programs using one of several
programming languages. A programming language is an artificial
language that provides a way for a developer to create programming
code to communicate logic in a format that can be executed by
the computer hardware. Over the past few decades, many different
types of programming languages have evolved to meet a variety of
needs. One way to characterize programming languages is by their
“generation.”
Chapter 10: Information Systems Development | 221

http://melconway.com/Home/Conways_Law.html

Generations of Programming Languages
Early languages were specific to the type of hardware that had to be
programmed. Each type of computer hardware had a different low
level programming language. In those early languages very specific
instructions had to be entered line by line – a tedious process.
First generation languages were called machine code because
programming was done in the format the machine/computer could
read. So programming was done by directly setting actual ones
and zeroes (the bits) in the program using binary code. Here is an
example program that adds 1234 and 4321 using machine language:
10111001 00000000
11010010 10100001
00000100 00000000
10001001 00000000
00001110 10001011
00000000 00011110
00000000 00011110
00000000 00000010
10111001 00000000
11100001 00000011
00010000 11000011
10001001 10100011
00001110 00000100
00000010 00000000
Assembly language is the second generation language and uses
English-like phrases rather than machine-code instructions,
making it easier to program. An assembly language program must
be run through an assembler, which converts it into machine code.
Here is a sample program that adds 1234 and 4321 using assembly
language.
MOV CX,1234
222 | Information Systems for Business and Beyond (2019)

MOV DS:[0],CX
MOV CX,4321
MOV AX,DS:[0]
MOV BX,DS:[2]
ADD AX,BX
MOV DS:[4],AX
Third-generation languages are not specific to the type of
hardware on which they run and are similar to spoken languages.
Most third generation languages must be compiled. The developer
writes the program in a form known generically as source code,
then the compiler converts the source code into machine code,
producing an executable file. Well-known third generation
languages include BASIC, C, Python, and Java. Here is an example
using BASIC:
A=1234
B=4321
C=A+B
END
Fourth generation languages are a class of programming tools that
enable fast application development using intuitive interfaces and
environments. Many times a fourth generation language has a very
specific purpose, such as database interaction or report-writing.
These tools can be used by those with very little formal training in
programming and allow for the quick development of applications
and/or functionality. Examples of fourth-generation languages
include: Clipper, FOCUS, SQL, and SPSS.
Why would anyone want to program in a lower level language
when they require so much more work? The answer is similar to
why some prefer to drive manual transmission vehicles instead of
automatic transmission, namely, control and efficiency. Lower level
languages, such as assembly language, are much more efficient and
execute much more quickly. The developer has finer control over
the hardware as well. Sometimes a combination of higher and lower
Chapter 10: Information Systems Development | 223

level languages is mixed together to get the best of both worlds. The
programmer can create the overall structure and interface using a
higher level language but use lower level languages for the parts of
the program that are used many times, require more precision, or
need greater speed.
The programming language spectrum (click to enlarge).
Compiled vs. Interpreted
Besides identifying a programming language based on its
generation, we can also classify it through the distinction of
whether it is compiled or interpreted. A computer language is
written in a human-readable form. In a compiled language the
program code is translated into a machine-readable form called
an executable that can be run on the hardware. Some well-known
compiled languages include C, C++, and COBOL.
Interpreted languages require a runtime program to be installed
in order to execute. Each time the user wants to run the software
the runtime program must interpret the program code line by line,
then run it. Interpreted languages are generally easier to work with
but also are slower and require more system resources. Examples
224 | Information Systems for Business and Beyond (2019)

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2018/06/Programming-Languages-Spectrum

of popular interpreted languages include BASIC, PHP, PERL, and
Python. The web languages of HTML and JavaScript are also
considered interpreted because they require a browser in order to
run.
The Java programming language is an interesting exception to
this classification, as it is actually a hybrid of the two. A program
written in Java is partially compiled to create a program that can
be understood by the Java Virtual Machine (JVM). Each type of
operating system has its own JVM which must be installed before
any program can be executed. The JVM approach allows a single
Java program to run on many different types of operating systems.
Procedural vs. Object-Oriented
A procedural programming language is designed to allow a
programmer to define a specific starting point for the program and
then execute sequentially. All early programming languages worked
this way. As user interfaces became more interactive and graphical,
it made sense for programming languages to evolve to allow the
user to have greater control over the flow of the program. An object-
oriented programming language is designed so that the programmer
defines “objects” that can take certain actions based on input from
the user. In other words, a procedural program focuses on the
sequence of activities to be performed while an object oriented
program focuses on the different items being manipulated.
Chapter 10: Information Systems Development | 225

Employee object
Consider a human resources
system where an “EMPLOYEE”
object would be needed. If the
program needed to retrieve or
set data regarding an employee,
it would first create an
employee object in the program
and then set or retrieve the
values needed. Every object has
properties, which are
descriptive fields associated with the object. Also known as a
Schema, it is the logical view of the object (i.e., each row of
properties represents a column in the actual table, which is known
as the physical view). The employee object has the properties
“EMPLOYEEID”, “FIRSTNAME”, “LASTNAME”, “BIRTHDATE” and
“HIREDATE”. An object also has methods which can take actions
related to the object. There are two methods in the example. The
first is “ADDEMPLOYEE()”, which will create another employee
record. The second is “EDITEMPLOYEE()” which will modify an
employee’s data.

Programming Tools
To write a program, you need little more than a text editor and a
good idea. However, to be productive you must be able to check
the syntax of the code, and, in some cases, compile the code. To
be more efficient at programming, additional tools, such as an
Integrated Development Environment (IDE) or computer-aided
software-engineering (CASE) tools can be used.
226 | Information Systems for Business and Beyond (2019)

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2019/07/employee-table-schema

Screen shot
of Oracle
Eclipse
Integrated Development Environment
For most programming languages an Integrated Development
Environment (IDE) can be used to develop the program. An IDE
provides a variety of tools for the programmer, and usually includes:
• Editor. An editor is used for writing the program. Commands
are automatically color coded by the IDE to identify command
types. For example, a programming comment might appear in
green and a programming statement might appear in black.
• Help system. A help system gives detailed documentation
regarding the programming language.
• Compiler/Interpreter. The compiler/interpreter converts the
programmer’s source code into machine language so it can be
executed/run on the computer.
• Debugging tool. Debugging assists the developer in locating
errors and finding solutions.
• Check-in/check-out mechanism. This tool allows teams of
programmers to work simultaneously on a program without
overwriting another programmer’s code.
Examples of IDEs include Microsoft’s Visual Studio and Oracle’s
Eclipse. Visual Studio is the IDE for all of Microsoft’s programming
Chapter 10: Information Systems Development | 227

https://opentextbook.site/informationsystems2019/wp-content/uploads/sites/3/2018/07/ECLIPSE-IDE

http://www.microsoft.com/visualstudio

http://www.eclipse.org/downloads/index-developer.php

languages, including Visual Basic, Visual C++, and Visual C#. Eclipse
can be used for Java, C, C++, Perl, Python, R, and many other
languages.
CASE Tools
While an IDE provides several tools to assist the programmer in
writing the program, the code still must be written. Computer-
Aided Software Engineering (CASE) tools allow a designer to develop
software with little or no programming. Instead, the CASE tool
writes the code for the designer. CASE tools come in many varieties.
Their goal is to generate quality code based on input created by the
designer.
Sidebar: Building a Website
In the early days of the World Wide Web, the creation of a website
required knowing how to use HyperText Markup Language (HTML).
Today most websites are built with a variety of tools, but the final
product that is transmitted to a browser is still HTML. At its simplest
HTML is a text language that allows you to define the different
components of a web page. These definitions are handled through
the use of HTML tags with text between the tags or brackets. For
example, an HTML tag can tell the browser to show a word in italics,
to link to another web page, or to insert an image. The HTML code
below selects two different types of headings (h1 and h2) with text
below each heading. Some of the text has been italicized. The output
as it would appear in a browser is shown after the HTML code.

This is a first-level heading

228 | Information Systems for Business and Beyond (2019)

HTML
output
Here is some text. Here is some emphasized text.

Here is a second-level heading h1 { color:blue; text-align:center; }

This is a first-level heading

Here is some text. Here is some emphasized text.

Here is a second-level heading
Cambridge Analytica, 12-251
Career paths, 9-189
Carr, Nicholas, 1-12, 2-26, 7-147
CASE tools, 10-215
Castells, Manuel, 11-233
Cellphone abroad, 5-114
Central Processing Unit (CPU), 2-36, video 2-37, multi-core 2-45
Certifications, 9-190
Change management, 10-223
Chief Information Officer (CIO), 9-186
Client-server, 1-21, 5-116
Cloud computing, 1-25, 3-68, 5-118
Collaborative systems, 7-155, 13-283
Code of ethics, 12-252
Commoditization, 2-50
Competitive advantage, 1-13, 2-26, 7-147, 7-153, 7-158
Compiled v. interpreted, 10-213
Components, 1-14
Computer engineer, 9-183
Computer operator, 9-185
Confidentiality, 6-124
Copyright, 12-256
Creative Commons, 12-261
Cross platform development, 10-221
Customer Relationship Management (CRM), 3-65
Data dictionary, 4-93
Data-Information-Knowledge-Wisdom, 4-77
Data integrity, 4-86
Data mining, 4-96, sidebar, 4-97
Data privacy, 12-251
Data types, 4-83
310 | Information Systems for Business and Beyond (2019)

Data warehouse, 4-93, benefits, 4-95
Database, 4-78
Database administrator, 9-185
Database, enterprise, 4-91
Database spreadsheet sidebar, 4-85
Database Management System (DBMS), 4-90
Database, Relational, 4-78
Decimal numbering system, 2-34
Decision Support Systems (DSS), 7-156
Developer, 9-183
Digital devices, 2-33
Digital divide, 11-240
Digital Millennium Copyright Act, 12-260
Disintermediation, 1-23
Domain name, 5-107
DNS, 5-107
Do Not Track, 12-273
Dot-comm bubble, 1-235, 5-109
Double Data Rate (DDR), 2-40
Eclipse IDE, 3-61
Electronic Data Interchange (EDI), 7-154
Email, 5-110
Encryption, 6-128
End-user computing, 10-220
Enterprise Resource Planning (ERP), 1-21, 3-64, 8-166
Eras, business computing, 1-25
Ethics, 12-250
Extranet, 5-117
Facebook, 11-251, 13-280
Fair use, 12-258
Family Educational Rights and Privacy Act, 12-271
Fernandes, Benjamin, 11-245
Findable, 13-286
Firewalls, 6-132
First sale doctrine, 12-257
Index | 311

Ford, Henry, 12-250
Friedman, Thomas, 11-234
Gantt chart, 9-188
General Data Protection Regulation, 12-272
Global firm, 11-236
Globalization, 11-232
Ghemawat, Pankaj, 11-236
Hammer, Michael, 8-170
Hard disk, 2-41
Hardware, 1-15, 2-32
Health Insurance Portability and Accountability Act, 12-271
Huang’s Law, 2-38
Implementation Methodologies, 10-222
Information security triad, 6-124
Information systems, 1-14
Information systems employment, 9-180
Integrity, 6-124
Intellectual property, 12-255
Internet speed, 11-239
Internet usage statistics, 11-233
Intrusion Detection System (IDS), 6-133
IBM-PC, 1-20
Integrated circuits, 2-45
Internet, 1-22, internet and www, 5-111, high speed, 5-111
Internet of Things (IoT), 2-49, 13-286, install, 13-287
IP address, 5-106
Integrated Development Environment (IDE), 10-214
Internet user worldwide, 5-108
Intranet, 5-116
Isabel, 7-157
ISO certification, 8-174
IT doesn’t matter, 7-147
Key-Value database, 4-89
Kim, Paul, 11-243
Knowledge Management (KM), 4-98
312 | Information Systems for Business and Beyond (2019)

Laptop, 1-12
Lean methodologies, 10-207
Linux, 3-56
Local Area Network (LAN), 1-21
Machine code, 10-209
Mainframe, 1-18
Manufacturing Resource Planning (MRP), 1-19
Metadata, 4-92
Metcaffe’s Law, 5-119
Microsoft Excel, 3-57
Mobile applications, 3-67, building, 10-221, cross platform, 10-221
Mobile phone users worldwide, 13-280
Mobile networking, 5-113
Mobile security, 6-136
Mobile technology trends, 13-282
Motherboard, 2-39
Moore’s Law, 2-37
Nanobot, 13-289
Network Interface Card (NIC), 2-44
Nielsen, Jakob, 11-241
Non-obvious relationship awareness, 12-269
Normalization, 4-82
NoSQL, 4-89
Office application suites, 3-60
Open source software, 3-71
Openoffice, 3-72
Operating systems, 1-15, 3-55
Outsourcing, 9-193
Ownership of software, 3-63
Packet, 5-106
Password security, 6-130
Patent, 12-263
Patent troll, 12-265
PC, 1-12
Personal information security, 6-138
Index | 313

Personally identifiable information, 12-268
Physical security, 6-134
Powerpoint, 3-62
Portable computer, 2-47
Porter’s five forces, 7-150
Post PC world, 1-24
Primary key, 4-80
Printable, 13-284
Privacy, data, 4-97, 12-267
Procedural v. object-oriented, 10-213
Productivity paradox, 7-146
Productivity software, 3-58
Project manager, 9-188
Programming language spectrum, 10-212
Protocol, 5-108
Public key encryption, 6-129
Quality triangle, 10-208
Random Access Memory (RAM), 2-40
Rapid Application Development (RAD), 10-203
Retail Link, Walmart, 1-27
Router, 5-106
RSA SecurID token, 6-126
Security policies, 6-135
Sharepoint, 5-118
Smartphone, 1-12, 2-47
Software, 1-15
Solid State Drive (SSD), 2-41
Stop Think Connect, 6-139
Structured Query Language (SQL) 4-86
Student Clubs database, 4-81
Supply Chain Management, 1-27, 3-66
Support analyst, 9-185
Switch, 5-106
Systems analyst, 9-181
Systems Development Life Cycle (SDLC), 10-200
314 | Information Systems for Business and Beyond (2019)

Tableau, 3-62
Tablet, 2-48, decline, 13-282
TCP/IP, 5-105
Ted talk fibre optic, 1-23
Time-sharing, 1-19
Trademark, 12-265
Universal Serial Bus (USB), 2-42
Unmanned Aerial Vehicle, 13-290
Usability, 6-138
Users, adoption types, 9-194
Value chain, 7-148
Virtual Machine (VM), 3-70
Virtual Private Network (VPN), 6-133
Virtualization, 3-70
Voice Over IP (VOIP), 5-115
Walmart, 1-26, 4-91
Wearable, 13-282
Web 2.0, 1-23, 5-109
Web services, 10-219
Website, build, 10-216
Wi-fi, 5-112
Windows operating system, 1-20
Word size, 2-34
World 3.0, 11-236
World is flat, 11-234
World Wide Web (WWW), 1-22
Index | 315

Information Systems for Business and Beyond (2019)
Information Systems for Business and Beyond (2019)
Title Page
Copyright
Book Contributors
Changes from Previous Edition
How you can help
Introduction
Part I: What is an information system?
Chapter 1: What Is an Information System?
Chapter 2: Hardware
Chapter 3: Software
Chapter 4: Data and Databases
Chapter 5: Networking and Communication
Chapter 6: Information Systems Security
Part II: Information Systems for Strategic Advantage
Chapter 7: Does IT Matter?
Chapter 8: Business Processes
Chapter 9: The People in Information Systems
Chapter 10: Information Systems Development
Part III: Information Systems Beyond the Organization
Chapter 11: Globalization and the Digital Divide
Chapter 12: The Ethical and Legal Implications of Information Systems
Chapter 13: Trends in Information Systems
Index

Turn in your highest-quality paper
Get a qualified writer to help you with

“ Paper ”
Get high-quality paper
NEW! AI matching with writer

Hire a Writer

Client Reviews

4.9

Sitejabber

4.6

Trustpilot

4.8

Our Guarantees

100% Confidentiality

Information about customers is confidential and never disclosed to third parties.

Original Writing

We complete all papers from scratch. You can get a plagiarism report.

Timely Delivery

No missed deadlines – 97% of assignments are completed in time.

Money Back

If you're confident that a writer didn't follow your order details, ask for a refund.

New to Your Trusted Assignment Help Service? Sign up & Save

Calculate the price of your order

Type of paper needed:

Pages:

You will get a personal manager and a discount.

Academic level:

We'll send you the first draft for approval by at

Total price:

$0.00

Power up Your Academic Success with the
Team of Professionals. We’ve Got Your Back.

Power up Your Study Success with Experts We’ve Got Your Back.

Order Now Order Now