Explain why IT projects such as Web site development or redesign are less likely to be delivered on time and within budget than large building construction proje
Project Management
Each week, you will be asked to respond to the prompt or prompts in the discussion forum. Your initial post should be a minimum of 300 words in length, and you should respond to two additional posts from your peers.
Explain why IT projects (such as Web site development or redesign) are less likely to be delivered on time and within budget than large building construction projects. Include a discussion of how project management software can help IT project managers achieve their goals.
© Cengage Learning 2015
1
Figure 13.2 Advantages and disadvantages of custom-designed applications © Cengage Learning 2015
Outsourcing meanings in the IT arena
To commission the development of an application to another organization
To hire the services of another company to manage all or parts of the services usually rendered by an IT unit in the organization
May not include development of new applications
Outsouricing custom-designed (tailored) software is software, developed by another company, specifically for the needs of an organization
There are several advantages which are
The software is a good fit to business needs
The software is a good fit to organizational culture
There is dedicated maintenance
Seamless interfaces with other systems can be included
Specialized security
Potential for strategic advantage
Disadvantages can be
A high cost
The organization must fund all development costs
Staff may be diverted from other projects
Software is less likely to be compatible with other organizations’ systems
Must deal with an inherent conflicts when outsourcing software development:
Client wants a firm contract and set of requirements
Specific requirements may mean that no deviation is allowed if changes are needed later as development progresses
Changes may involve hefty additional charges
Offshoring: outsourcing to other countries such as Costa Rica, Indonesia, Columbia, etc.
1
Licensing Applications
Purchasing software usually means purchasing a license to use the software
There is a large selection of high-quality packaged software available
Groups of ready-made software
Relatively inexpensive software that helps in the workplace, such as office suites
Large, costly applications that support entire organizational functions, such as HR or financial management
© Cengage Learning 2015
2
2
Purchasing software usually means purchasing a license to use the software
There is a large selection of high-quality packaged software available
Groups of ready-made software
Relatively inexpensive software that helps in the workplace, such as office suites
Large, costly applications that support entire organizational functions, such as HR or financial management
Software licensing benefits are:
Immediate system availability
High quality
Low price (license fee)
And Available support
A Beta version is a prerelease version of software to be tested by companies who want to use it
After-the-sale support often includes a period of up to one year of free service
Large applications require installation specialists
Some software licensing risks are:
There can be a loose fit between needs and features
We must determine if the software will comply with company needs and organizational culture
There can be difficulties in customizing the software for company needs
The vendor may dissolve or stop supporting the software before the company is ready and may be left without support and maintenance
High turnover of vendor personnel may result in lowered support expertise from vendor
If custom modifications are undertaken, vendor updates may require, tedious “weaving” into customized system
© Cengage Learning 2015
3
Figure 13.8 Benefits and risks of Software as a Service (SaaS) © Cengage Learning 2015
An application service provider (ASP) is an organization that offers software through a network (the Internet or private network)
Software as a service (SaaS) are applications available through a network
No software is installed on a client’s computers
Files may be stored on local storage devices
ASPs may rent the software they offer
The benefits of renting software are:
There is no need to learn how to maintain the software
There is no large start-up fee
Storage hardware is unnecessary
Software is usually available sooner
A good option for small companies
Considered a “software on demand” approach
The risks of renting software are
The lack of control may be an issue, as the client’s data is managed by the vendor
The vendor is unlikely to make many customized changes to the software
Response time is impacted by traffic levels
There may be security risks through a public network
Many clients use leased lines instead of the Internet to limit security risks
3
© Cengage Learning 2015
4
Figure 13.9 Guidelines for end-user development of information technology applications
© Cengage Learning 2015
User application development is when a nonprogrammer users write their own business applications
Characteristics of user-developed software are:
Simple and limited in scope software
Small applications developed for immediate or brief needs
Software is maintained by end users
Challenges of user-developed applications are:
Managing the reaction of IT professionals,
Providing support.,
Compatibility issues,
And managing access
Advantages of user development of applications are:
Shortened lead times
Good fit to needs
Compliance with culture
Efficient utilization of resources
Acquisition of skills
And freeing up IS staff time
Disadvantages of user-developed applications are
Poorly developed applications
Islands of information
Duplication
Security problems
and poor or no documentation
4
Goals of Information Security
Protecting IT resources is a primary concern
Securing corporate ISs is becoming increasingly challenging
Major goals of information security
Reduce the risk of systems ceasing operation
Maintain information confidentiality
Ensure the integrity and reliability of data resources
Ensure the uninterrupted availability of resources
Ensure compliance with policies and laws
© Cengage Learning 2015
5
5
Protecting IT resources is a primary concern
Securing corporate ISs is becoming increasingly challenging
Major goals of information security are to
Reduce the risk of systems ceasing operation,
Maintain information confidentiality,
Ensure the integrity and reliability of data resources,
Ensure the uninterrupted availability of resources,
And Ensure compliance with policies and laws
Laws passed by U.S. Congress setting standards for protecting privacy
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Sarbanes-Oxley Act of 2002 (SOX)
CIA triad: foundational concepts of information systems security
Confidentiality
Integrity
Availability
Risks associated with cloud computing and data storage
Downtime: the period of time during which an IS is not available
$26 billion lost annually in the U.S. due to downtime
Costs of downtime vary depending on industry, the size of the company, and other factors
There are also risk to hardware.
The #1 cause of system downtime is hardware failure
Major causes of hardware damage
Natural disasters
Fires, floods, earthquakes, hurricanes, tornadoes, and lightning
Blackouts and brownouts
Blackout: total loss of electricity
Brownout: partial loss of electricity
Uninterruptible power supply (UPS): backup power for a short time
Major causes of hardware damage
Vandalism
Deliberate destruction
Deliberate alteration or destruction is often done as a prank, but has a high cost
Online vandal’s target may be a company’s website
Hacking: unauthorized access
Honeytoken: a bogus record in a networked database used to combat hackers
Honeypot: a server containing a mirrored copy of a database or a bogus database
Educates security officers about vulnerable points
Virus: spreads from computer to computer
Worm: spreads in a network without human intervention
Antivirus software: protects against viruses
Trojan horse: a virus disguised as legitimate software
Logic bomb: software that is programmed to cause damage at a specific time
Unintentional, non-malicious damage can be caused by:
Poor training
Lack of adherence to backup procedures
Unauthorized downloading and installation of software may cause damage
Human error
There are risks to online operations. Many hackers try daily to interrupt online businesses
Some types of attacks
Unauthorized access
Data theft
Defacing of webpages
Denial of service
Hijacking computers
Denial of service (DoS): an attacker launches a large number of information requests
Slows down legitimate traffic to site
Distributed denial of service (DDoS): an attacker launches a DoS attack from multiple computers
Usually launched from hijacked personal computers called “zombies”
There is no definitive cure for this
A site can filter illegitimate traffic
Computer Hijacking is using some or all of a computer’s resources without the consent of its owner
Often done for making a DDoS attack
Done by installing a software bot on the computer
Main purpose of hijacking is usually to send spam
Bots are planted by exploiting security holes in operating systems and communications software
A bot usually installs e-mail forwarding software
Security Measures
Organizations can protect against attacks using various approaches, including:
Firewalls
Authentication
Encryption
Digital signatures
Digital certificates
© Cengage Learning 2015
6
6
Organizations can take security measures to protect against attacks using various approaches, including:
Firewalls
Authentication
Encryption
Digital signatures
And Digital certificates
Firewall: hardware and software that blocks access to computing resources
The best defense against unauthorized access over the Internet
Firewalls are now routinely integrated into routers
DMZ: demilitarized zone approach
One end of the network is connected to the trusted network, and the other end to the Internet
Connection is established using a proxy server
Proxy server: “represents” another server for all information requests from resources inside the trusted network
Can also be placed between the Internet and the trusted network when there is no DMZ
Authentication: the process of ensuring that you are who you say you are
Encryption: coding a message into an unreadable form
Messages are encrypted and authenticated to ensure security
Important when communicating confidential information, e.g., financial and medical records
A message may be text, image, sound, or other digital information
Encryption programs scramble the transmitted information
Plaintext is the original message
Ciphertext is the encoded message
Encryption uses a mathematical algorithm and a key
A Key is a unique combination of bits that will decipher the ciphertext
Public-key encryption uses two keys, one public and one private
Symmetric encryption is when the sender and the recipient use the same key
Asymmetric encryption is when both a public and a private key are used
Transport Layer Security (TLS) is a protocol for transactions on the Web that uses a combination of public key and symmetric key encryption
HTTPS is a the secure version of HTTP
A Digital signature is a means to authenticate online messages; implemented with public keys
A Message digest is unique fingerprint of file
Digital certificates are computer files that associate one’s identity with one’s public key
Issued by certificate authority
Certificate authority (CA) is a trusted third party
A digital certificate contains its holder’s name, a serial number, its expiration dates, and a copy of holder’s public key
Also contains the digital signature of the CA
The downside of security measures are:
For Single sign-on (SSO) a user must enter his or her name/password only once
Single sign-on saves employees time
Encryption slows down communication
Every message must be encrypted and then decrypted
IT specialists must clearly explain the implications of security measures to upper management
Recovery Measures
Security measures may reduce mishaps, but no one can control all disasters
Preparation for uncontrolled disasters requires that recovery measures are in place
Redundancy may be used
Very expensive, especially in distributed systems
Other measures must be taken
© Cengage Learning 2015
7
7
Security measures may reduce mishaps, but no one can control all disasters
Recovery measures are preparation for uncontrolled disasters that require recovery of data and information.
Redundancy may be used
It is Very expensive, especially in distributed systems
Other measures must be taken
A Business recovery plan is a detailed plan about what should be done and by whom if critical systems go down
Also called a disaster recovery plan, business resumption plan, or business continuity plan
To develop a business recovery plan
Obtain management’s commitment to the plan
Establish a planning committee
Perform risk assessment and impact analysis
Prioritize recovery needs
Mission-critical applications: those without which the business cannot conduct operations
Select a recovery plan
Select vendors
Develop and implement the plan
Test the plan
Continually test and evaluate
Can outsource recovery plans to firms that specialize in disaster recover planning
Hot sites are alternative sites that a business can use when a disaster occurs
Backup sites provide desks, computer systems, and Internet links
Companies that implement hot sites
IBM
Hewlett-Packard
SunGard Availability Services
,
CHAPTER 12 MANAGINGELECTRONIC COMMERCE IMPLEMENTATIONS
Summary
This chapter provides an overview of managing electronic commerce implementations. The first step is setting overall goals for the implementation. More specific objectives derive from these overall goals and include planned benefits and planned costs. The benefit and cost objectives should be stated in measurable terms, such as dollars or quantities, and they should be linked to the organization’s business strategies. Before undertaking any online business initiative, companies should evaluate the initiative’s estimated costs and benefits. Some costs, such as opportunity costs, can be difficult to identify and estimate. Funding for online business implementations can come from internal sources in midsize or large firms. Small new businesses can be funded from personal savings or loans and investments made by family and friends. As the startup increases in size, it can turn to angel investors and, eventually, venture capitalists before turning to a public offering of its stock. The most common evaluation technique for online business initiatives is ROI. The benefits of electronic commerce projects can be harder to define and quantify in monetary units than the benefits expected from most other IT projects, so managers should be careful when using quantitative measures such as ROI to evaluate electronic commerce projects. Companies must decide how much, if any, of an electronic commerce project to outsource. Forming an internal team that includes knowledgeable individuals from within the company is a good first step in developing an outsourcing strategy. The internal team develops the specific project objectives and is responsible for meeting those objectives. The internal team can select from specific strategies, such as using incubators or outsourcing various parts of the project, and should supervise the staffing of any part of the project that is to be developed internally. Project management is a formal way to plan and control specific tasks and resources used in a project. It provides project managers with a tool they can use to make informed trade-offs among the project elements of schedule, cost, and performance. Large organizations are beginning to use project portfolio management techniques to track and make trade-offs among multiple ongoing projects. Electronic commerce initiatives are usually completed within a short time frame and thus are less likely to run out of control than other information systems development projects. The company must staff the electronic commerce implementation regardless of whether portions of the project are outsourced. Critical staffing areas include business management, application specialists, customer service staff, systems administration, network operations staff, social network marketing staff, and database administration. A good way for all participants to learn from project experiences is to conduct a postimplementation audit that compares project objectives to the actual results.
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
