Experts See Vulnerability as Outsiders Code Software

This article discusses the increasing concerns over the amount of firms that are outsourcing their hardware and software management. Though being beneficial is of high importance in terms of time and cost savings of 20-40%; concerns are being raised by people with obvious self-interest. The potential loss of jobs relates directly to the loss of their standard of living. It also mentions that while the operations of outsource in countries like U.S, Britain and India are considered safe nervousness is beginning to grow among companies and the government, with the possibility of abuse by hackers and cyber terrorist countries.

According to the Forrester Research of Cambridge, Mass, forecasts that the acceleration in the outsourcing would result in 3.3 million American job’s moving offshore by 2015. It also estimated that 70% of these jobs will move to India, 20% to Philippines and 10% to China. Transferring every management to offshore can be risky unless evaluating the particular needs. As at Intel, all the software were being reviewed for safety though the cost is more, but it protects you from making big mistakes.

It has proven to be beneficial for companies engaging in offshore outsourcing, yet it is very important to assess the reliability of such process of management. It is also necessary to check for every possible glitch that could bring problems and increase their total cost of ownership or corrupt the system.

Experts See Vulnerability As Outsiders Code Software
JOHN SCHWARTZ
New York Times (1857-Current file); Jan 6, 2003; Retrieved on June 7, 2008 from ProQuest Historical Newspapers The New York Times

Nestle Tries for an All-For-One Global Strategy

Q2. What type of global business and systems strategy did Nestle adopt? Was this strategy appropriate for Nestlé’s business model?

Ans: The traditional strategy of decentralized strategy at Nestle had created inefficiency; preventing the company from competing successfully on e-commerce. Thus, in order to solve the problem, Nestle adopted the strategy of global standardization of operational process. This will help the company standardize and coordinate its information systems and business process rather than managing 80 different information technologies.

The adopted strategy was initially considered inappropriate for the wide spread business operations. Though at the end, it proved to be beneficial for the company in cost savings and increasing its overall productivity.


Q3. What management, organization, and technology challenges did Nestle have to deal with to standardize its business processes and systems?
Ans:
Management: The challenge faced was the decentralization of the business process. Each local organization conducted business in their own culture which prevented Nestle from leveraging worldwide buying power to obtain lower prices for raw materials.

Organization: The challenges Nestle faced in the organizational, was lacking truly global brand products. Its products were being rebranded, repackaged and reformulated according to the preferences of each region.

Technology: Technically, Nestle faced the challenges in supporting 80 different information technology units, running nearly 900 IBM AS/400 midrange computers, 15 mainframes and 200 UNIX systems. This prompted observers to describe Nestlé’s infrastructure as a Tower of Babel.

Can the U.S. Army Reserve Pay Soldiers Correctly?

Q1. Write a system analysis report about the U.S. Army pay system. What have been the problems with existing systems? What management, organization, and technology factors caused the problems? What was the impact of these problems? What are the objectives and information requirements of a new systems solution?

Answer:
1. Problems in existing system: The existing pay system has dire problems of asymmetrical payments. The inability to keep up-to-date information is caused by an out-of-date system. This old system requires the manual input of updates, resulting in increasing chances of error occurrence.

2. Management, operation and technological problems: The problems in their management and operation are lacking a system that, automatically updates changes. It also lacks integration between the Personnel System and the Regional Level Application system to process the salaries, bonuses and benefits.

Moreover, the technologies are been in use since the Vietnam War. The old aged systems needed manual updates, increasing potential for error. The languages used to write the systems are dated back to 40 years making it unable to work at an acceptable level.

3. Impacts of the problems:
-Increasing possibility of system damage without proper documentation
-High degree of error due to constant need for manual updates
-Soldiers have to file correct tax returns due to lacking revise tax rates.
-Report of overpayment to 1,300 soldiers worth 1.5 millions.
-Demand for return of overpayment to families of the deceased, for error in active status

4. Objectives and information requirement of a new systems solution: The main objective is to have a flexible new system that will enable the personnel and regional system to integrate smoothly. The system also needed to automatically update the current deployment and redeployment status of the soldiers.



Q3. Describe the role of end users and technical specialist in analyzing the problem and developing a solution.

Answer: The end user shouldn’t have to re-enter data once this system is in place. And the amount of duplicate work will be eliminated. The Unit Commander was responsible for processing the hard copy of any mobilization. If this was not done; payroll would not know the pay scale. The proper check amounts will be sent without further errors. The ‘new system’ is still on the drawing board, since 2006. The system will have the capability to encompass the payment processing with mass updates for various degrees of duty pay.

The solution will be to build a system that automatically updates the occurring changes in a soldier’s status, to reduce manual error. There is need for a centralized database system that collects all the information and when needed, updates and sends to the particular payroll or personnel system. Also, the system should have a prolonged capability to hold the information rather deleting at the end of each 30 day cycle. This will efficiently and effectively improve their pay system by limiting their inaccuracy.

How much is enough?

I thought it was an interesting article, where the author Blanton Godfrey, pointing out that in Six Sigma, changes are made without sufficient proof of validity. The advantage in manufacturing and servicing environments is the verification of benefits from such changes; through ways of collecting data, strengthening the evidence. But, data will not always give positive results. Instead, the way to have significant results is to increase the power of detecting changes and reducing the scope of experiment.

The common phrase used in Six Sigma training and practice “failed to reject the null hypothesis” shows the presence of flaws, hindering in achieving significant results. The reasons: small sample size, correlations in variables, choosing the wrong model and the inability to detect changes.

During a speech at the Institute for Healthcare Improvement National Forum, Don Berwick (CEO) raised a critical question; when do you have sufficient proof of success to implement what you feel is a positive change?

In response, the author mentioned there is a need for additional statistics tools; do more real-time or unplanned experiments to gain insight and information of the organization. Generally, organizations fail in collecting and analyzing data carefully. The changes rarely get implemented 100% by all employees, at the same time. For example; at hospitals, a new drug is introduced – some doctors’ start administering it, while others continue to prescribe the older, more familiar drug. The implementation of process change in some organization also results in some employees immediately applying – while others take time to adapt.

An efficient and thorough study of the collected data and information will gain beneficial change in well designed and planned experiments.

ASQ Six Sigma Forum Magazine; Feb 2008; 7, 2; Retrieved on May 31st from ABI/INFORM Global

Mobile GIS Improves Productivity in the Field

This article talks about how the Laurens Electric Cooperative implemented the Geographic Information System (GIS) and improved productivity and increased efficiency among all their service vehicles and personnel. LEC is a non-profit member –owned utility company with 5000 customers. In 2004, the company equipped its 120 trucks with laptops embedded with GIS mobile software. This software is updated two or three times a week.

Saving Lineman Time: With the installation of GIS technology, the crewmen can easily find customers by name or ID. The zoom and pan technology enables locating pieces of equipment such as transformers and substations. Using the digital maps help linemen locate grid numbers, roads or customers. It also saves valuable time in repairs since all the information is at their fingertips. When the company first installed the computers it met with resistance from some of the crew members. This was mostly due to the “old tool mentality”. After the company had training sessions the crewmen realized the value of such a system.

Minimizing Outages: This digital mapping saves time and becomes invaluable during storms. The GIS software helps the crews identify problems and get an individual, substation or subdivision back on-line, quickly. By seeing where exactly the problem area is visually on a map, the field crews can make better decisions in terms of how to restore power.
If the need arises the GIS can be updated continuously. It keeps management informed of the location, of all their crews and dispatches them to specific locations.

Increasing Dispatch Efficiency: The mobile software effectively handles outage situations and improves the efficiency of dispatch. The interactive maps of the electrical system helps linemen find ways to deal with a power outage before they arrive at a location, thus increasing efficiency. This eliminates down time and the problem can be fixed much quickly. It also keeps management informed of the specific location where the job and the crew is.

In the past four years, LEC has continually updated and improved its GIS software and capabilities. LEC is now looking to partner with another system integrator that supports the electrical community and is exploring the possibility of investing in global positioning system technology.



Mobile GIS Improves Productivity in the Field; Transmission & Distribution World; Nov 2007; 59, 11; Retrived on May 15 from ABI/INFORM Global

Can Information System Make Your Doctor Better?

Q1. What problems are hospitals and physicians encountering in diagnosing diseases and prescription medications? What management, organization, and technology factors are responsible for these problems?
Ans: Physicians encounter problems of misdiagnosing and wrong medications to their patients in hospitals, nursing homes and doctor’s office. As reported by the National Academy of Science’s Institute of Medicine that, each year more than 1.5 million Americans are injured by drug errors and estimation of more than 7,000 Americans die because of inappropriate prescriptions. Erroneous charges are incurred to patients for faulty medication bills amounting about $3.5 billion annually.
Human factor is the key responsible for these problems because of their handwriting, memory lapses, fatigue and distractions. The proliferation of medications also raises confusions and complexity for doctors in proper prescriptions.

Q3. What obstacles prevent computer systems from improving the medical industry? How can these obstacles be removed?
Ans: Computer systems like CPOE and DDS have proven to be very effective at hospitals; enhancing activities by saving time and people lives. The obstacles that prevent computer systems from improving the medical industry are:
1) The resistance from doctors to change the traditional way of treatment, due to the complexity of the system.
2) Simple glitches in the system increase the likelihood of ordering wrong medications by scattering patient data and drug ordering forms. The program needs to be well designed.
3) Lack of gearing these systems towards the nurse, who actually has the greater impact.
4) Rigidity of such a system over the traditional paperwork also obstruct from improving the medical industry.

The obstacles can be overcome if: effective communication among the medical staff is achieved. They also need to learn more about the system and trust it. Finally, the system must be designed to have thorough pertinent information regarding each patient.

The Top 10 Most Significant Ecommerce Developments

This article clearly shows how the ecommerce had brought different developments in today’s way of doing business. There are lots of companies who are part of the ecommerce trend in the businesses. As in chapter 10 as well as in previous chapter, we use examples of companies like Google, eBay and others. This article shows the impact of such business on the overall operation of business.

The Software& Information Industry Association (SIIA) had unveiled a list of the top most significant ecommerce developments during the past decade on the 10th anniversary of the Framework for Global Electronic Commerce. From events to products to websites, the SIIA’s list of significant ecommerce developments of the past 10 years encompasses a wide range of innovations. This list was compiled and ranked by panel of policy and industry expert who were selected by SIIA’s staff.

Google (September 1998): The search engine is now used by 30% of internet users for services including maps, blogs and video.
Broadband Penetration of U.S. Internet Users Reached 50 % (June 2004): It took broadband 4 years to reach 50% of the population. By the end fo 2007, the number will reach an estimated 90%.
eBay Auctions(September 1997): After the growth of eBay, thousands of people quit their jobs and now earn money exclusively through online auctions.
Amazon.com (May 1997): The template for online stores, Amazon gained tremendous popularity through its ease of use and selection, and heralded the important role of ecommerce in the U.S.
Google Ad Words (2000): This was the beginning of keywords ads, which now represents 40% of the market share of online advertising.
Open Standards HTML 4.0 (released 1997): The World Wide Wed Consortium, which is not controlled by any company or government, oversees HTML standards. The opne standards allow entire industries to grow as benefit to everyone.
Wi-Fi 802.11 (Launched 1997): The Internet went from home and office into the worlds as Internet users were able to connect anywhere without cables and wires.
User-Generated Content (Youtube 2005): Youtube may have started with shaky, amateurish videos, but it is not an integral part of 2008 presidential campaign, the center pf copyright battles, and a place where anyone and everyone can express themselves.
iTunes (2001): In a world of pirated music and CD sales in decline, iTunes popularized the sale of legal music downloads, which has now generated more than $2 billion.
Blackberry (1999): This all-in-one communication device took the business world by storm, delivering Web in the palm of person’s hand.

These are the major companies that have and will be talked about when it comes to the evolution of technology. It’s so amazing to see the impact of such revolutionary in the development of e-commerce.

Scott Koerwer
Information Today; Sep 2007; 24, 8; ABI/INFORM Global

Can eBay Continue Growing?

Q1. What is eBay’s business model and business strategy? How successful has it been?
Ans: The business model of eBay is a web-based automated auction service, founded in 1995 by Pierre Omidyar and Jeff Skoll. eBay earns its revenue mainly from fees and commissions, associated with its trading services; basically through transmitting of information. The company itself holds no inventory and is not responsible for shipping.

The company’s growth strategy focuses on expansion and continuing innovations, to enhance the variety of products on its sites. It assists buyers and sellers trade high-end goods and chattel; fine arts, automobiles, jewelry to clothing, consumer electronics and house wares.

The company has been successful and profitable attracting more than 200 million users by 2006. eBay now employs more than 8,000 full-time workers and has operations in 32 countries, including services in Mexico and eight South American countries. In 2005, the eBay users listed 1.8 billion items for auction; resulting in $40 billion worth of goods. In 2006, it was expected to be surpassed by 2 billion.


Q2. What are the problems that eBay is currently facing?
Ans: eBay is currently facing several problems:
a) With the increased seller fees, the growth rate in the United States and Germany had been slowed, though the losses were covered by the rapid growth in France and Italy.
b) eBay had trouble penetrating the real estate, travel, new car sales and expensive collectibles market.
c) Increasing competition in the auction site obstructs eBay from monitoring its compliance with diverse laws and regulations as it expands internationally.
d) eBay failed in ensuring a secured trade environment with fraud protection.
e) The company’s customer service department struggles with the task of satisfying online buyers and sellers.

SHEILDING WEB SERVICE FROM ATTACK

Web services are almost irresistible. By nature, they allow one system to find and interact with another, with little or no human intervention. Yet, the very virtues that make web services compelling; their use of trusted protocols and their use of multiple intermediaries make them a potential access for criminals. Ultimately, the recognition that we need to tackle is the Web services' vulnerabilities as part of a growing awareness that security must be addressed in the code of applications, not just through firewalls and gateways.

The common reasons for vulnerabilities are the mistaken belief that applications are exposed only to internal personnel rather than the world at large. Web services frequently pass messages through several intermediaries before they reach their final destination, undercutting technologies such as SSL, which secures connections only across the open Internet.
A high percentage of Web services interact with databases. SOAP and XML make it easy to disguise malicious payloads, opening new avenues for buffer-overflow attacks, targeting an enterprise's most vital systems. Other common Web service exploits include XML parser attacks, in which an infinite string leads to a denial of service, and XML external entity attacks, in which a request points to an invalid file, resulting in an error that may cause the Web service to give out information it shouldn't disclose.

Defensive Measures: Although Web services raise risks, organizations need not fall victim to security breaches if they take proactive measures. That means the biggest defense comes from ensuring code works, preferably before it's ever exposed to the Net. Although plenty of coders use blacklists to prevent well-known types of malicious routines from being executed, the more prudent approach is to employ white lists, for example; a field that asks for a Social Security number will accept only a positive value that has nine digits.

Security professionals should also take careful inventory of every service that's exposed to the Internet, preferably through an audit carried out by someone external to the IT department. That approach can be particularly effective in identifying services left behind by a previous generation of developers. Whether the services are already in place or not yet deployed, each one needs to be thoroughly tested using a variety of methods: 1) scan every port of every IP address and carefully query each service that responds, 2) looking to see whether UDDI servers, WSDLs and/or other self-describing mechanisms are giving up information that could aid an attacker.

Thus this article is closely related to both the chapter 7 (Telecommunication, the internet and wireless) and chapter 8 (Securing Information System). Technology has brought tremendous positive changes in terms of a variety of systems but has also raised major concerns over security. It is for sure, that the more we innovate there will always be someone better working to destroy it.

Dan Goodin, InfoWorld, San Mateo: Nov 27, 2006. Volume 28, Issue 48; pg. 29, 3 pgs

A stolen Laptop at the Department of Veterans Affairs: The Worst Data Theft Ever?

Q1. List and describe the security weakness at the department of Veterans Affairs.
Ans: The department of Veterans Affairs has several security problems in the areas indicated:
· Not Encrypted Records: Most noteworthy is that all the information data including names, social security numbers, health records and financial records were not encrypted. This makes any outsider easy access to sensitive information.
· Lack of Proper Rules: There are no established rules and regulations in regards to handling and managing the data systems. Among these is the relaxed feeling about this private and sensitive information allowing employees to take the office software and other accessories to their home.
· Cost Savings: The department is too overly concentrated on savings than implementing a secure IT environment. Their resistance to undergo change for a centralized management of IT programs and activities has further weakened the overall enforcement.
· CIO and Chief Information Security Officer lack direct authority to implement regulations.

The above drawbacks clearly show prominent weakness in their security system. This indeed can be rectified.

Q3. How effectively did the VA deal with these problems?
Ans: The VA did not deal with the problems effectively from the start. When the incident occurred, the superior did not tell the Inspector Generals Office and they did not inform the respective authorities. As matter of fact, Jim Nicholson, the secretary of VA learned about this after 13 days. Also, law enforcement was not informed until 2 weeks after it was discovered.

This delayed a thorough investigation to help solve the case. If the respective authorities were informed immediately it would have prevented this dilemma. Seeing the chain of events unfold it is quite obvious of their inability to handle the problem.

Cloud Computing Extends SOA Capability

This article relates to Chapter 5 where it describes about the software tools such as Web Services and SOA (Service-Oriented Architecture); as the tool in improving the software applications. As defined, web-services as a set of loosely coupled software component that exchanged information using the web languages. And SOA is a set of self-contained services that communicate with each other to create a working software application.

Andy Scurto based this article on an Insurance company. He mentioned that as long as insurance companies have been around they have shared one thing in common with many other large businesses; they want to know all the details and how to save money.

Insurance companies have large capital invested in their inner workings and many times it may be outdated. There is a company called Tech Target, an on-line source of technology information that uses a combination of internet connections, software and other services that bring outdated systems up to par. The executives of the insurance companies are used to “hands on” and this was no longer required. Computing was no longer done internally but globally, where the programs were stored in a “cloud”. These computer clouds allow employees to access any application or service. All they have to do is request it and the cloud delivers.

With the clouds capabilities the computer environment has become globally interactive. Around the world these computing clouds are performing the various tasks that bring companies into today’s business world.

Similarly, our insurance agency run quotes look up information on new products, print applications and order exams all on-line. Other areas we use this service for is tracking the applicant’s policy through underwriting, crediting agents accounts and tracking their performance. It also has become convenient and easy to check up to date information and report back to the client or current policyholder. We require certain applications from the company and the company cloud delivers.

Andy Scurto
National Underwriter. P & C Erlanger; Mar 10, 2008; Volume 112, Issue 9; ABI/INFORM Global

Merrill Lynch connects Past and Future Technology

Q1. Why did Merrill Lynch need to update its IT infrastructure?
Ans: Merrill Lynch had needed to update the IT infrastructure because of its critical role in the business operation. The technology platform of the past had been the key success in generating revenue and growth of the firm. It is the technology that had given Merrill Lynch a competitive advantage in the growing financial market.

Thus, in order to stay competitive, Merrill Lynch is compelled to modernize their infrastructure technology.

Q2. What is the relationship of information technology to Merrill Lynch’s business strategy? How was its web services initiative related to that strategy?
Ans: The information technology is very much embedded into Merrill Lynch business strategy. The company processes around 23,000 programs with 80 million daily on-line transactions shows a crucial role played by information technology. It is vital to the company to handle such volume of data, to better serve their clients and brokers.

The web service facilitates the business strategy of Merrill Lynch by making their operations more convenient and effective to their customers. It ensured security of the private information and provides flexibility in choosing the applications. On top, it also allows the firm to correct errors before launching the services. As such, Merrill Lynch saved $41 million in application development costs and boosted their investment by selling X4ML (web service tools) to SOA Software Inc.

Not to mention, the web service conformed the current mainframe security as well as web security for inscription, authentication and authorization.

Article summary: Erosion of Trust--E-commerce and the Loss of Privacy

This article I found relates to Chapter 4; about how the information system leads to an ethical dilemma. It describes the development of trust by the consumer when doing e-business, and how to maintain it.

Some of the concerns expressed are the usage of cookies and web bugs that collect personal information. This information could be private information or sensitive, opening the possibility for fraud. With the information obtained by e-business, a company must develop a strong trust with consumers by assuring quality and protection.

According to The Federal Trade Commission (FTC), the self-regulation in the United States is failing to provide adequate protection for consumers. Legislation sought by the FTC would be based on four core elements: notice, choice, access and security.
· Clear notice to consumers of what information is collected and use.
· Choice as to how this information will be used for purposes beyond which it was originally collected
· Accessing of the collected information including a reasonable opportunity to correct inaccuracies and delete information.
· Reasonable security precautions to safeguard information collected about consumers.

Concerns over privacy in the US have been further deteriorated by the attempted sale of consumer information by dot-coms. With trust being the core foundation, lack of privacy is threatening the future of e-business. On one hand, e-commerce facilitates the gathering of information; however, many consumers consider such usage of collected information to be an invasion of their privacy.

There is neither a simple solution nor a single view on whether violation of privacy is ethical or not.

Information Systems Control Journal, Volume 3, 2001
By Jonathan D. Andrews, CA, CISA, FCA

Is the Telephone Company violating your privacy?

1. Yes. I think the increased surveillance power and capability of the US government present an ethical dilemma. When the government has not been authorized by you, the law abiding citizen of the United States, to “listen in” or track your movements I feel it is an invasion of privacy. This is also a violation of the Fourth Amendment.

2. It is the responsibility of the government to protect its people. The Fourth Amendment also allows the government to track ones that may hurt us or strike on Americas’ soil. If the information received from the telecommunication could help prevent, counter attack or prepare us of some impending situation then I think it would be ethical. This is for national security.

4. The White House and the Senate Judiciary committee reached the agreement of approving the NSA in regards to the wire tapping program. It was the best compromise on a delicate issue of national security vs. privacy rights.
Yes. While the solution might not be perfect, it at least satisfies both parties as well as it protects the telecommunication companies

Blockbuster vs. Netflix: Which will win out?

1. Blockbuster’s business model is based on rental and sales of DVD’s. Since its operation onset in 1985, Blockbuster has enjoyed a very successful monopoly, opening 9100 stores in 25 countries within 20 years. This established Blockbuster as the market leader. But with the emergence of a new competitor - Netflix in 1998, Blockbusters business was adversely affected.


2. Netflix had challenged the business model of Blockbuster by launching online video rentals. The whole process of accessing video selections, delivery and returns were consolidated into an easy to understand procedure. Anyone can order anytime, anywhere without retail store prices and just mail back in a postage paid envelope.

As such, Netflix forced Blockbuster to reassess its place in the video rental business, creating the list of problems below:
a)This increasing rivalry from Netflix forced Blockbuster to initiate its own online rental market, incurring additional expenses on top of the retail stores.
b)It forced Blockbuster to reduce their subscriber price to $14.99, as compared to NetFlixs’ $19.99.
c)Blockbuster acquired only 1 million subscribers, but Netflix had 3 million by the end of year. This showed a continued downward trend of customers.
d)Blockbuster has to restructure the business model, implementing the new campaign of “No more late fees”, which failed to offset its cost.

4. Since starting the trend of online rental, in 1998, Netflix has attracted more customers and earned higher revenue than Blockbuster. Although Netflix has only 35 distribution centers around the world as compared to 30 such facilities from Blockbuster it generated almost 2 million more customers. Within 5 years of being in business Netflix had gained 2 to 7 percent in market shares, projecting the revenue to reach 1 billion in 2005 and $3 billion by 2009.

With the increasing new technology like cable subscription of movies (VOD), online rentals by Amazon.com and Apple entering into such business model pushes Blockbuster and Netflix to the edge.