Discussion Question – Module 05: Cybersecurity and Risk Management

Module 05: Cybersecurity and Risk Management
Discussion Question
Question Requirements:
Discussion
1. Discuss the current state of cybercrime and how this concerns you as a business manager.
2. Discuss why frameworks, standards, and models are an important part of a business
manager’s cybersecurity program. Can these keep an organization safe?
Discuss the concepts, principles, and theories from your textbook. Cite your textbooks and
cite any other sources if appropriate.
Directions:
• Discuss the concepts, principles, and theories from your textbook. Cite your textbooks and
cite any other sources.
• Write a discussion that includes an introduction paragraph, the body, and a conclusion
paragraph to address the assignment’s guide questions.
• Your initial post should address all components of the question with a 600-word limit.
Learning Outcomes
1. Examine the impact cyber threats pose to a business.
2. Articulate the importance of cyber risk management.
3. Analyze how internal audits and controls can protect business assets.
4. Analyze how risk management standards can ensure compliance.
Readings
Required
• Chapter 5 in Information Technology for Management: On-Demand Strategies for
Performance, Growth, and Sustainability
• Gungor, A. (2023, September 7). Debunking The Top 5 Cybersecurity Myths. Bernard
Marr. https://bernardmarr.com/debunking-the-top-5-cybersecurity-myths/
• View the following videos:
• Chapter 5 Whiteboard Animation Videos, part 1
• Chapter 5 Whiteboard Animation Videos, part 2
• Chapter 5 Whiteboard Animation Videos, part 3
Recommended:
• Chapter 5 PowerPoint Presentation
IT for Management: On-Demand Strategies for
Performance, Growth, and Sustainability
Twelfth Edition
Turban, Pollard, Wood
Chapter 5
Data Privacy and Cyber Security
Learning Objectives (1 of 5)
Data Privacy
Concerns and
Regulations
Regulatory
Controls,
Frameworks
and Models
Defending
Against
Cyberattacks
and Managing
Risk
Extent and
Cost of
Cyberattacks
and
Cyberthreats
Cyberattack
Targets and
Consequences
Copyright ©2021 John Wiley & Sons, Inc.
2
Data Privacy Concerns and Regulations
• Data privacy is the right to self-determine what
information about you is made accessible, to whom,
when, and for what use or purpose
• It centers around the following four main concerns:
1. How data are shared with third parties
2. How data are collected and stored
3. How data are used
4. How data are regulated
Copyright ©2021 John Wiley & Sons, Inc.
3
Confused, Concerned, and Out of Control
Copyright ©2021 John Wiley & Sons, Inc.
4
Privacy paradox is the disconnect between how important people
say their online privacy is versus how they actually behave in real
life.
Copyright ©2021 John Wiley & Sons, Inc.
5
U.S. Consumer Protection Data Privacy
Regulations
• U.S. Federal consumer protection data privacy
regulations currently in place include:
• Health Insurance Portability and Accountability Act
(HIPAA)
• Gramm-Leach-Bliley Act
• Privacy Protection Act of 1980
• Driver’s Privacy Protection Act (DPPA)
• Fair Credit Reporting Act
• All 50 U.S. states have adopted data breach notification laws. At
least 35 states and Puerto Rico have data disposal laws and 25
states have enacted data privacy laws
Copyright ©2021 John Wiley & Sons, Inc.
6
European Union’s General Data
Protection Rules (GDPR)
• The GDPR is an EU-wide consumer Bill of Rights
enacted in May 2018.
• It empowers EU consumers by forcing retailers,
marketers, and others to explicitly tell consumers how
they are collecting, using, and storing consumers’
personal data.
• Companies that violate the GDPR face a maximum fine
of $23 million (€20 million) or 4% of their annual global
turnover, whichever is larger.
Copyright ©2021 John Wiley & Sons, Inc.
7
The EU-U.S. Privacy Shield
• The EU does not consider the data privacy laws
currently in place in the United States to be adequate,
so U.S. businesses must work around this requirement
by adhering to the EU-U.S. Privacy Shield.
• The EU-U.S. and Swiss-U.S. Privacy Shields are designed
to provide companies on both sides of the Atlantic with
a mechanism to comply with GDPR data protection
requirements.
Copyright ©2021 John Wiley & Sons, Inc.
8
Data Privacy Concerns and Regulations:
Questions
1.
What are the four main concerns of data privacy?
2.
Why is it important for you to know how your online data is handled?
3.
What is the name of the phenomenon where users are concerned
about data privacy, but their behaviors contradict these concerns?
4.
Who has responsibility for data privacy laws at the U.S. federal level?
5.
Name three U.S. consumer protection data privacy regulations.
6.
What is the name of the new California data protection law?
7.
Is an EU citizen who does not live in the EU protected under the GDPR?
8.
Why is the United States not considered part of the GDPR?
9.
What is the name of the mechanism that brings the United States under
the jurisdiction of the GDPR?
Copyright ©2021 John Wiley & Sons, Inc.
9
Learning Objectives (2 of 5)
Data Privacy
Concerns and
Regulations
Regulatory
Controls,
Frameworks
and Models
Defending
Against
Cyberattacks
and Managing
Risk
Extent and
Cost of
Cyberattacks
and
Cyberthreats
Cyberattack
Targets and
Consequences
Copyright ©2021 John Wiley & Sons, Inc.
10
Cyberattacks and Cyberthreat Terminology
(1 of 2)
• Cyberattack is an actual attempt to expose, alter,
disable, destroy, steal, or gain unauthorized access to a
computer system, infrastructure, network, or any other
smart device.
• Cyber threat is the method used to commit a
cyberattack that seeks to damage data, steal sensitive
data, or disrupt digital life in general.
• Cyber security is the discipline dedicated to protecting
information and systems used to process and store it
from attack, damage, or unauthorized access.
Copyright ©2021 John Wiley & Sons, Inc.
11
Cyberattacks and Cyberthreat Terminology
(2 of 2)
• Data breach is the successful retrieval of sensitive
information by an unauthorized individual, group, or
software system.
• Vulnerability is a gap in IT security defenses of a
network, system, or application that can be exploited
by a cyber threat to gain unauthorized access.
• Attack vector is a path or means by which a computer
criminal can gain access to a computer or network
server in order to deliver a malicious outcome.
Copyright ©2021 John Wiley & Sons, Inc.
12
Copyright ©2021 John Wiley & Sons, Inc.
13
Copyright ©2021 John Wiley & Sons, Inc.
14
Unintentional Cyber Threats
• The causes for these unintentional cyber threats fall
into three major categories:
1. Human error can occur in the design of the hardware
or information system; during programming, testing, or
data entry; neglecting to change default passwords or
failing to manage patches
2. Environmental hazards include volcanoes,
earthquakes, blizzards, floods, power failures or strong
fluctuations, fires, defective heating, ventilation and
HVAC systems, explosions, radioactive fallout, and
water-cooling- system failures.
3. Computer systems failures can occur as the result of
poor manufacturing, defective materials, or poor
maintenance.
Copyright ©2021 John Wiley & Sons, Inc.
15
Intentional Cyber Threats
• Intentional security breaches are overt and direct
actions designed to disrupt a system and include data
theft such as inappropriate use of data; theft of
computer time; theft of equipment and/or software;
deliberate manipulation in handling, entering,
programming, processing, or transferring data;
sabotage; malicious damage to computer resources;
destruction from malware and similar attacks; and
miscellaneous computer abuses and Internet fraud
Copyright ©2021 John Wiley & Sons, Inc.
16
Intentional
Cyber threats:
Hacking
• Hacking is broadly defined as intentionally
accessing a computer without authorization or
exceeding authorized access. There are three
types of hackers.
• Hacktivist: is short for hacker-activist, or
someone who performs hacking to promote
awareness, or otherwise support a social,
political, economic, or other cause.
Copyright ©2021 John Wiley & Sons, Inc.
17
Intentional Cyber Threats: Social
Engineering
• A hacker’s clever use of deception or manipulation of
people’s tendency to trust, be helpful, or simply follow
their curiosity on social media.
• In a phishing attack, the attacker sends an e-mail to
gain the victim’s trust by evoking a sense of curiosity,
urgency or fear, to steal confidential information. This is
done by the attacker posing as a known person or
legitimate organization.
Copyright ©2021 John Wiley & Sons, Inc.
18
Intentional Cyberthreats: Spear Phishing
• Spear phishers often target select groups of people
with something in common
• Trick user into opening an infected email
• Emails sent that look like the real thing
• Confidential information extracted through seemingly
legitimate website requests for passwords, user IDs,
PINs, account numbers, and so on.
Copyright ©2021 John Wiley & Sons, Inc.
19
Intentional Cyber threats: Malware
Refers to various levels of intrusive or malicious software that can
run undetected in the background on an IS or personal computer.
Types of intrusive software:
•Cookie
•Spamware
•Adware
•Spyware
Types of hostile malware:
•
•
•
•
•
•
•
•
•
•
Zero-Day
Backdoor
Rootkit
Boot Record Infector
File Infector
Keylogger
Virus
Worm
Trojan
RATS
Copyright ©2021 John Wiley & Sons, Inc.
20
Intentional Cyber threats: Botnets
• The term botnet is derived from the words robot and
network.
• Cyber criminals use trojan viruses to breach the
security of several user computers, take control of each
computer and organize all of the infected machines
into a network of “bots” they can remotely control for
malicious purposes.
• Botnets are typically used to send spam and phishing emails and launch DDoS attacks.
Copyright ©2021 John Wiley & Sons, Inc.
21
Intentional Cyber threats: Ransomware and
Cryptojacking
• Ransomware is designed to block access to a computer
system until a sum of money has been paid. Ransomware
works by first infiltrating a computer with malware and
then encrypting all the files on the disk.
• Cryptojacking is a ransomware-like scheme to use other
people’s devices without their consent or knowledge to
secretly syphon off cryptocurrency at the victim’s expense.
a. SQL Injection is one of the most dangerous
vulnerabilities of a network app since attackers can use
SQL injection to bypass application security measures.
The intent is to execute SQL code inside an app or
Web page for personal gain or simply to be destructive.
Copyright ©2021 John Wiley & Sons, Inc.
22
Intentional Cyber
threats: Man-inthe-middle (MitM)
• MitM attacks occur when cyber
criminals insert themselves
between two-parties in a
transaction with the intention of
stealing data.
Copyright ©2021 John Wiley & Sons, Inc.
23
Intentional Cyber threats: Denial of Service Attacks
Copyright ©2021 John Wiley & Sons, Inc.
24
Intentional Cyber threats: Insider
Threats
• Internal threats and misuse of privileges threats are a
major challenge largely due to the many ways an
employee or contractor can carry out malicious
activities
• Data tampering is a common means of cyberattack
Refers to an attack during which someone enters false or
fraudulent data into a computer, or changes/deletes existing
data
o Data tampering is extremely serious because it may not be
detected; the method often used by insiders and fraudsters
o
Copyright ©2021 John Wiley & Sons, Inc.
25
Cyber Threats: Intentional/Unintentional
• Physical theft or loss is the threat of an information
asset going missing, whether through negligence or
malice
• Miscellaneous errors: The main concern related to this
source of cyberthreat is a shortage of capacity that
prevents information from being available where and
when needed.
Copyright ©2021 John Wiley & Sons, Inc.
26
Copyright ©2021 John Wiley & Sons, Inc.
27
Copyright ©2021 John Wiley & Sons, Inc.
28
High Profile and Under the Radar
Attacks
• Advanced Persistent Threats (APT)
o
o
o
Launched by attacker through phishing to again access to enterprise’s
network
Designed for long-term espionage
Profit-motivated cybercriminals often operate in stealth mode to continue
long-term activities
• Hackers and hacktivists, commonly with personal agendas, carry
out high-profile attacks to further their causes.
o
Anonymous and LulzSec are two hacker groups who have committed
daring data breaches, data compromises, data leaks, thefts, threats, and
privacy invasions.
Copyright ©2021 John Wiley & Sons, Inc.
29
How Much Does a Cyberattack Really
Cost an Organization?
• In 2019 the global average total cost of a data breach
was $3.92 million.
• The average size of a data breach was 25,575 records,
the cost per record lost was $150 and it took an
average of 279 days for companies to identify and
contain a breach.
• Companies in the United States reported the highest
average cost of a breach at $8.19 million and health
care had the highest industry average cost of $6.45
million.
Copyright ©2021 John Wiley & Sons, Inc.
30
Extent and Cost of Cyberattacks and
Cyberthreats: Questions
1.
Define and give an example of an intentional threat and an unintentional
threat.
2.
Why might management not treat cyberthreats as a top priority?
3.
Describe the differences between distributed denial-of-service (DDoS),
telephony denial-of-service (TDoS), and permanent denial-of-service (PDoS).
4.
List and define three types of malware.
5.
What are the risks caused by data tampering?
6.
Define what a trojan is and explain why it is dangerous.
7.
Why are MitM attacks on the rise? How might companies guard against
MitM attacks?
8.
What is cryptojacking? How can you protect yourself from being a victim of
cryptojacking?
Copyright ©2021 John Wiley & Sons, Inc.
31
Learning Objectives (3 of 5)
Data Privacy
Concerns and
Regulations
Regulatory
Controls,
Frameworks
and Models
Defending
Against
Cyberattacks
and Managing
Risk
Extent and
Cost of
Cyberattacks
and
Cyberthreats
Cyberattack
Targets and
Consequences
Copyright ©2021 John Wiley & Sons, Inc.
32
Cyberattack Targets and Consequences
• Managers make the mistake of underestimating IT
vulnerabilities and threats and appear detached from
the value of confidential data (even high-tech
companies).
• Targets for cyberattacks include weak passwords;
critical infrastructure; theft of IP; identity theft; shadow
IT; bring your own device (BYOD) and social media.
Copyright ©2021 John Wiley & Sons, Inc.
33
Weak Passwords and Critical
Infrastructure
• Weak Passwords: The capture and misuse of credentials, such as
user’s IDs and passwords, is one of the foundation skills hackers
use them execute numerous types of cyberthreats, such as
phishing, leaving organizations open to data breaches
• Critical infrastructure: Systems and assets, whether physical or
virtual, so vital to a country that the incapacity or destruction of
such systems and assets would have a debilitating impact on
security, national economic security, national public health or
safety, or any combination of those matters
• Industroyer: A new form of malware developed to target
critical infrastructure in the energy sector
Copyright ©2021 John Wiley & Sons, Inc.
34
Copyright ©2021 John Wiley & Sons, Inc.
35
Theft of Intellectual Property
• Intellectual Property is a work or invention that is the
result of creativity that has commercial value.
• Includes copyrighted property such as a blueprint,
manuscript or a design, and is protected by law from
unauthorized use by others.
• Intellectual property can represent more than 80% of a
company’s value.
• Losing customer data to hackers can be costly and
embarrassing but losing intellectual property,
commonly known as trade secrets, could threaten a
company’s existence.
Copyright ©2021 John Wiley & Sons, Inc.
36
Identity
Theft
• Thefts where individuals’ Social Security and credit
card numbers are stolen and used by thieves.
• Made worse by electronic sharing and databases
• Shadow IT (stealth IT) introduces security risks
when unsupported hardware and software used by
individuals or departments circumvent IT security
measures that apply to approved technology
Copyright ©2021 John Wiley & Sons, Inc.
37
Bring Your Own Device (BYOD)
• Bring Your Own Device (BYOD): employees providing
their own (mobile) devices for business purposes to
reduce expenses through cut purchase and
maintenance costs.
• Roughly 87% of U.S. organizations are using or planning
to use BYOD
• Cuts business costs by not having to purchase and
maintain employees’ mobile devices
• Security risk: mobile devices rarely have strong
authentication, access controls, and encryption even
though they connect to mission-critical data and cloud
services. Could also be lost or stolen.
Copyright ©2021 John Wiley & Sons, Inc.
38
Social Media Attacks
• Social networks and cloud computing increase
vulnerabilities by providing a single point of failure and
attack for organized criminal networks.
• Facebook recently reported that it disabled almost 1.3
billion fake accounts
• Twitter suspended 70 million accounts
• LinkedIn openly admitted they have no reliable system
for identifying and counting duplicate or fraudulent
accounts.
Copyright ©2021 John Wiley & Sons, Inc.
39
Networks and Services Increase
Exposure to Risk
• Time-to-exploitation is the elapsed time between when
vulnerability is discovered and when it is exploited
• When new vulnerabilities are found in operating systems,
applications, or wired and wireless networks, patches are
released by the vendor or security organization
• Patch is a software program that users download and install to
fix a vulnerability.
Copyright ©2021 John Wiley & Sons, Inc.
40
Cyberattack Targets and Consequences:
Questions
1. What is a critical infrastructure?
2. List three types of critical infrastructures.
3. How do social network and cloud computing increase
vulnerability?
4. Why are patches and service packs needed?
5. Why is it important to protect IP?
6. How are the motives of hacktivists and APTs different?
7. Explain why data on laptops and computers need to be
encrypted.
8. Explain how identity theft can occur.
Copyright ©2021 John Wiley & Sons, Inc.
41
Learning Objectives (4 of 5)
Data Privacy
Concerns and
Regulations
Regulatory
Controls,
Frameworks
and Models
Defending
Against
Cyberattacks
and Managing
Risk
Extent and
Cost of
Cyberattacks
and
Cyberthreats
Cyberattack
Targets and
Consequences
Copyright ©2021 John Wiley & Sons, Inc.
42
Defending Against Cyberattacks
and Managing Risk
• To effectively guard against cyberattacks, top
management must sponsor and promote security
initiatives and fund them as a top priority
• The first step in a cyber security initiative is to choose a
cyber defense strategy
• Then adopt risk mitigation strategies specific to
different types of assets and
• Deploy robust security measures that are not just the
responsibility of IT and top management, but the
ongoing duty of everyone in an organization
Copyright ©2021 John Wiley & Sons, Inc.
43
Copyright ©2021 John Wiley & Sons, Inc.
44
Cyber Defense Strategies
• The primary objective of IT security management is to
defend all the components of an information system.
• To do this a company must gather strategic and tactical
intelligence to develop a customized cybersecurity
defense.
• Strategic intelligence informs HOW an organization will
defend itself.
• Tactical intelligence informs WHAT an organization
needs to do when it is attacked.
Copyright ©2021 John Wiley & Sons, Inc.
45
Copyright ©2021 John Wiley & Sons, Inc.
46
Managing
Risk
• Risk is a situation involving exposure to
danger.
• Risks mitigation is the action taken to
reduce threats and ensure resiliency.
Copyright ©2021 John Wiley & Sons, Inc.
47
Securing Systems: Cyber Defense Tools
• Antivirus Software: Anti-malware tools are designed to
detect malicious codes and prevent users from
downloading them
• Intrusion Detection Systems (IDSs): An IDS scans for
unusual or suspicious traffic.
• Intrusion Prevention Systems (IPSs): An IPS is designed to
take immediate action— such as blocking specific IP
addresses—whenever a traffic-flow anomaly is detected.
• IP Intelligence Services: IP intelligence service providers
can help organizations significantly reduce malicious
network activity
Copyright ©2021 John Wiley & Sons, Inc.
48
Protecting Against Malware Reinfection,
Signatures, Mutations, and Variants
• Attempts to remove the malware can fail and the
malware may reinfect the host for two reasons:
1. Malware is captured in backups or archives
2. Malware infects removable media
• Malware signature is a unique value that indicates the
presence of malicious code.
• Zero-day exploits—malware so new their signatures
are not yet known
Copyright ©2021 John Wiley & Sons, Inc.
49
Protect Mobile Devices
• Mobile biometrics, such as voice and fingerprint biometrics, can
significantly improve the security of physical devices
• Voice biometrics is an effective authentication solution across a
wide range of consumer devices including smartphones, tablets,
and TVs
• Rogue application monitoring is used to detect and destroy
malicious applications
• Mobile kill switch or remote wipe capability as well as
encryption are needed in the event of loss or theft of a device
• Encryption is process of converting information or data into a
code and is essential to prevent unauthorized access to sensitive
information transmitted online
Copyright ©2021 John Wiley & Sons, Inc.
50
Becoming
IT
Resilient
• IT resilience is the ability to protect
data and apps from any planned or
unplanned disruption to eliminate the
risk of downtime to maintain a
seamless customer experience.
Copyright ©2021 John Wiley & Sons, Inc.
51
Backup and Recovery
• An effective IT resilience strategy should consist of four
elements:
1. Availability—keep customers continuously connected
to their data and apps.
2. Mobility—be able to move apps and workloads while
keeping them fully protected.
3. Agility—maintain the freedom to choose your own
cloud and be able to move to, from and between
clouds.
4. Training—IT and non-IT employees must understand
their roles in case of a disruption or disaster and been
trained in how to respond.
Copyright ©2021 John Wiley & Sons, Inc.
52
Copyright ©2021 John Wiley & Sons, Inc.
53
Business Continuity Planning (1 of 3)
• Business continuity refers to maintaining business
functions or restoring them quickly when there has
been a major disruption.
• The plan covers business processes, assets, human
resources, business partners, and more.
• Each function in the business should have a feasible
backup plan.
Copyright ©2021 John Wiley & Sons, Inc.
54
Business Continuity Planning (2 of 3)
• To supplement and strengthen a business continuity plan the
following strategies can be put in place to help reduce the
impact of a disaster or disruption:
• Direct individual employees to make regular off-site
backups of their files that can be accessed remotely
with a secure username and password
• Deploy a cloud-based Email Continuity Solution to
provide uninterrupted access to e-mail.
• Make sure you have cross-device software compatibility
so that business can continue on employee mobile
devices.
• Unify communications on a secure off-site cloud server
that will keep operating in the event of a power outage,
natural disaster or other disruptions.
Copyright ©2021 John Wiley & Sons, Inc.
55
Business Continuity Planning (3 of 3)
• To supplement and strengthen a business continuity plan the
following strategies can be put in place to help reduce the
impact of a disaster or disruption (cont.):
• Establish a service-level agreement with your provider
that offers fast support, emergency backup and routing
to alternative servers when necessary.
• Put processes in place to ensure that IT teams can act
quickly without approvals in case of a disaster or
disruption.
• Make sure enough resources are allocated in the IT
budget for adequate business continuity and disaster
recovery services
Copyright ©2021 John Wiley & Sons, Inc.
56
Disaster Recovery Services
• Set up a secure, off-site disaster recovery space. The
three types of sites are:
1. Hot site: all the necessary equipment
including office space, furniture,
communications capabilities and computer
equipment
2. Warm site: a fully equipped physical data
center, but it has no customer data
3. Cold site: provides office space but requires
the customer to provide and install the
equipment needed to continue operations
Copyright ©2021 John Wiley & Sons, Inc.
57
Defending Against Cyberattacks and
Managing Risk: Questions
1. Explain why it is becoming more important for organizations to
make cyber risk management a high priority?
2. Name three IT defense tools.
3. What is the purpose of rogue application monitoring?
4. Why is a mobile kill switch or remote wipe capability an
important part of managing cyber risk?
5. Why does an organization need to have a business continuity
plan?
6. Name the three essential cybersecurity defenses.
7. What is the difference between hot, warm, and cold sites?
8. When and why do companies impose do-not-carry rules?
Copyright ©2021 John Wiley & Sons, Inc.
58
Learning Objectives (5 of 5)
Data Privacy
Concerns and
Regulations
Regulatory
Controls,
Frameworks
and Models
Defending
Against
Cyberattacks
and Managing
Risk
Extent and
Cost of
Cyberattacks
and
Cyberthreats
Cyberattack
Targets and
Consequences
Copyright ©2021 John Wiley & Sons, Inc.
59
Regulatory Controls, Frameworks, and
Models
• General defense
controls are
established to
protect the system
regardless of the
specific application.
• Application defense
controls are
safeguards that are
intended to protect
specific applications.
Copyright ©2021 John Wiley & Sons, Inc.
60
Physical controls
• Physical controls protect physical computer facilities
and resources. Appropriate physical security may
include several physical controls such as:
• Appropriate design of the data center (noncombustible
and waterproof).
• Shields against electromagnetic fields.
• Emergency power shutoff and backup batteries.
• Properly designed and maintained air-conditioning
systems.
• Motion detector alarms that detect physical intrusion.
• Badges for authorized persons.
Copyright ©2021 John Wiley & Sons, Inc.
61
Access controls
• Access controls dictates who is authorized to use an
organization’s computing resources. Restricted access is
achieved through a two-step process of
1.
2.
•
•
user authentication to identify different users on the network
and
user authorization that grants or denies specific access
permissions.
Data security controls are needed to protect sensitive data
throughout the five stages of its lifecycle from creation to
disposal.
Communications controls restrict access to devices on the
network to endpoint devices that comply with the
organization’s security policy and secure the flow of data
across networks.
Copyright ©2021 John Wiley & Sons, Inc.
62
Administrative controls
• Administrative controls deal with issuing guidelines and
monitoring compliance with an organization’s security
guidelines.
• Examples of administrative controls are:
• Appropriately select, train, and supervise employees,
especially in accounting and information systems
• Foster company loyalty
• Require periodic modification of access controls, such
as passwords
• Perform periodic random audits of the system
Copyright ©2021 John Wiley & Sons, Inc.
63
Application Defense Controls
• An application defense control is a security practice
that blocks or restricts unauthorized apps from
executing in ways that put data at risk.
• Application controls include:
• Completeness checks to ensure records processing
from start to finish
• Validity checks to ensure only valid data is input or
processed
• Authentication to identify users
• Authorization to ensure appropriate permissions
• Input controls to ensure data integrity of all data entered
Copyright ©2021 John Wiley & Sons, Inc.
64
Auditing Information Systems
• Auditing is an additional layer of controls or safeguards.
• Auditing a website is a good preventive measure to
manage the legal risk.
• Auditing e-commerce is also more complex since, in
addition to the website, one needs to audit order
taking, order fulfillment, and all support systems.
Copyright ©2021 John Wiley & Sons, Inc.
65
Government Regulations
• As cyber threats continue to evolve and gain
momentum in other industries, more and more
legislative bills are being proposed
• The Federal Information Security Management Act
(FISMA) that requires federal agencies to develop,
document, and implement an information security and
protection program
• In 2019, at least 43 U.S. states introduced bills that
dealt significantly with cyber security. Of these, 31
states enacted cyber security legislation
Copyright ©2021 John Wiley & Sons, Inc.
66
Risk Management and IT Governance
Frameworks
• Two widely accepted frameworks that guide risk
management and IT governance are:
• Enterprise Risk Management Framework ERM is a riskbased approach to managing an enterprise developed
by the Committee of Sponsoring Organizations of the
Treadway Commission (COSO).
• The COBIT 2019 Framework. COBIT 2019 is a globally
recognized governance framework that integrates
security, risk management, and IT governance
developed by ISACA—the International Systems Audit
and Control Association (www.isaca.org)
Copyright ©2021 John Wiley & Sons, Inc.
67
Enterprise Risk Management Framework
Copyright ©2021 John Wiley & Sons, Inc.
68
The COBIT 2019 Framework
Copyright ©2021 John Wiley & Sons, Inc.
69
Industry Security Standards
• Industry groups impose their own standards to protect
their customers and their members’ brand images and
revenues.
• One example is the Payment Card Industry Data
Security Standard (PCI DSS) created by Visa,
MasterCard, American Express, and Discover.
• PCI is required for all members, merchants, or service
providers that store, process, or transmit cardholder
data.
Copyright ©2021 John Wiley & Sons, Inc.
70
IT Security Defense-In-Depth Model
The Defense-in-Depth
Model is based upon the
premise that no
organization can ever be
fully protected by a single
layer of security. However,
when there are multiple
levels of security defenses
in place the gaps created
by a single level of security
can be effectively
eliminated.
Copyright ©2021 John Wiley & Sons, Inc.
71
Copyright ©2021 John Wiley & Sons, Inc.
72
Defense-in-Depth Model: Step 1
Gain Senior Management Commitment and Support
• IT security is best when it is top-driven.
• Senior managers decide how stringent information
security policies and practices should be to comply with
laws and regulations.
• Other factors influencing information security policies
are a corporation’s culture and how valuable their data
are to criminals.
Copyright ©2021 John Wiley & Sons, Inc.
73
Defense-in-Depth Model: Step 2
Develop Acceptable Use Policies and IT Security Training
• An acceptable use policy (AUP) explains what
management has decided are acceptable and
unacceptable activities, and the consequences of
noncompliance.
• Rules about tweets, texting, social media, e-mail,
applications, and hardware should be treated as
extensions of other corporate policies—such as
physical safety, equal opportunity, harassment, and
discrimination.
Copyright ©2021 John Wiley & Sons, Inc.
74
Defense-in-Depth Model: Step 3
Create and Enforce IT Security Procedures and
Enforcement
a. Define enforcement procedures
b. Designate and empower an internal incident response
team (IRT)
c. Define notification procedures
d. Define a breach response communications plan
e. Monitor information and social media sources
Copyright ©2021 John Wiley & Sons, Inc.
75
Defense-in-Depth Model: Step 4
Implement Security Tools: Hardware and Software
• The selection of hardware and software defenses is
based on risk, security budget, AUP, and secure
procedures.
• Technology defense mechanisms need to be:
• able to provide strong authentication and access control
of industrial grade
• appropriate for the types of networks and operating
systems
• installed and configured correctly
• tested rigorously
• maintained regularly
Copyright ©2021 John Wiley & Sons, Inc.
76
Regulatory Controls, Frameworks and
Models: Questions
1.
2.
3.
4.
5.
What is the purpose of general defense controls?
What is the purpose of application defense controls?
Name the five major categories of general controls.
Name four application controls.
Explain authentication and name two methods of
authentication.
6. What are the six major objectives of a defense strategy?
7. What is the purpose of the PCI DSS?
8. What are the major elements in COBIT 2019?
9. What four components comprise the IT security defense-indepth model?
Copyright ©2021 John Wiley & Sons, Inc.
77
Copyright
Copyright © 2021 John Wiley & Sons, Inc.
All rights reserved. Reproduction or translation of this work beyond that permitted in
Section 117 of the 1976 United States Act without the express written permission of the
copyright owner is unlawful. Request for further information should be addressed to the
Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up
copies for his/her own use only and not for distribution or resale. The Publisher assumes
no responsibility for errors, omissions, or damages, caused by the use of these programs
or from the use of the information contained herein.
Copyright ©2021 John Wiley & Sons, Inc.
78
Information Technology
for Management
On-Demand Strategies for Performance,
Growth and Sustainability
Eleventh Edition
Information Technology
for Management
On-Demand Strategies for Performance,
Growth and Sustainability
Eleventh Edition
EFRA IM T U RB AN
C A ROL P OLLAR D
Appalachian State University
GREGORY W OOD
Canisius College
VP AND EDITORIAL DIRECTOR
EXECUTIVE EDITOR
EDITORIAL ASSISTANT
EDITORIAL MANAGER
CONTENT MANAGEMENT DIRECTOR
CONTENT MANAGER
SENIOR CONTENT SPECIALIST
PRODUCTION EDITOR
PHOTO RESEARCHER
COVER PHOTO CREDIT
Mike McDonald
Lise Johnson
Ethan Lipson
Judy Howarth
Lisa Wojcik
Nichole Urban
Nicole Repasky
Loganathan Kandan
Billy Ray
© Ditty_about_summer/Shutterstock
This book was set in 9.5/12.5 pt Source Sans Pro by SPi Global and printed and bound by Strategic
Content Imaging.
Founded in 1807, John Wiley & Sons, Inc. has been a valued source of knowledge and understanding
for more than 200 years, helping people around the world meet their needs and fulfill their aspirations. Our company is built on a foundation of principles that include responsibility to the communities we serve and where we live and work. In 2008, we launched a Corporate Citizenship Initiative, a
global effort to address the environmental, social, economic, and ethical challenges we face in our
business. Among the issues we are addressing are carbon impact, paper specifications and procurement, ethical conduct within our business and among our vendors, and community and charitable
support. For more information, please visit our website: www.wiley.com/go/citizenship.
Copyright © 2018, 2015, 2013, 2011, 2010 John Wiley & Sons, Inc. All rights reserved. No part of this
publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any
means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior
written permission of the Publisher, or authorization through payment of the appropriate per-copy
fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923 (Web site: www.
copyright.com). Requests to the Publisher for permission should be addressed to the Permissions
Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030-5774, (201) 748-6011, fax
(201) 748-6008, or online at: www.wiley.com/go/permissions.
Evaluation copies are provided to qualified academics and professionals for review purposes only,
for use in their courses during the next academic year. These copies are licensed and may not be sold
or transferred to a third party. Upon completion of the review period, please return the evaluation
copy to Wiley. Return instructions and a free of charge return shipping label are available at: www.
wiley.com/go/returnlabel. If you have chosen to adopt this textbook for use in your course, please
accept this book as your complimentary desk copy. Outside of the United States, please contact your
local sales representative.
ISBN: 978-1-118-89079-0 (PBK)
ISBN: 978-1-119-39783-0 (EVALC)
Library of Congress Cataloging in Publication Data:
Names: Turban, Efraim, author. | Pollard, Carol (Carol E.), author. | Wood,
Gregory R., author.
Title: Information technology for management : on-demand strategies for
performance, growth and sustainability / Efraim Turban, Carol Pollard,
Gregory R. Wood.
Description: 11th edition. | Hoboken, NJ : John Wiley & Sons, 2018. |
Includes bibliographical references and index. |
Identifiers: LCCN 2017037711 (print) | LCCN 2017046158 (ebook) | ISBN
9781118890868 (epub) | ISBN 9781119172390 (pdf) | ISBN 9781118890790 (pbk.)
Subjects: LCSH: Management information systems.
Classification: LCC T58.6 (ebook) | LCC T58.6 .T765 2017 (print) | DDC
658.4/038011—dc23
LC record available at https://lccn.loc.gov/2017037711
The inside back cover will contain printing identification and country of origin if omitted from this
page. In addition, if the ISBN on the back cover differs from the ISBN on this page, the one on the
back cover is correct.
Brief Contents
PREFACE
8 Retail, E-commerce, and Mobile Commerce
Technology 240
xiii
ACKNOWLEDGMENTS
xviii
PART 1 Reshaping Enterprises and Consumers
in the On-Demand Economy
1
Disruptive IT Impacts Companies,
Competition, and Careers 1
2
Information Systems, IT Architecture, Data
Governance, and Cloud Computing 25
3
Data Management, Data Analytics,
and Business Intelligence 65
4
5
Networks, Collaborative Technology,
and the Internet of Things 101
Cybersecurity and Risk Management
Technology 127
PART 2 Winning, Engaging, and Retaining
Consumers for Growth
6
7
Search, Semantic, and Recommendation
Technology 165
Web 2.0 and Social Technology
199
PART 3 Optimizing Performance, Processes,
and Productivity
9 Functional Business Systems 269
10
Enterprise Systems 300
11
Data Visualization and Geographic
Information Systems 331
PART 4 Managing Business Relationships,
Projects, and Ethical Responsibilities
12
IT Strategy, Sourcing, and Strategic
Technology Trends 354
13
Systems Development and Project
Management 385
14
IT Ethics, Privacy, and Sustainability 417
GLOSSARY 443
ORGANIZATION INDEX
NAME INDEX 450
SUBJECT INDEX 451
448
v
Contents
PREFACE
xiii
ACKNOWLEDGMENTS
xviii
PART 1 Reshaping Enterprises
and Consumers in the On-Demand
Economy
1 Disruptive IT Impacts Companies,
Competition, and Careers
1
Case 1.1 Opening Case: Uber and Airbnb Revolutionize
Business Models in the On-Demand Economy 3
1.1
Doing Business in the On-Demand Economy 4
Growth of the On-Demand Economy 5
Digital Business Models 6
IT’s Role in the On-Demand Economy 7
IT Business Objectives 8
1.2 Business Process Improvement and Competitive
Advantage 8
What Is a Business Process? 9
Improving Business Processes 9
Don’t Automate, Obliterate! 10
Gaining a Competitive Advantage 11
Software Support for BPM 13
1.3 IT Innovation and Disruption 13
Social–Mobile–Analytics–Cloud (SMAC) Model 13
Technology Mega Trends 14
Lessons Learned from Companies Using Disruptive
Technologies 16
1.4 IT and You 17
On-Demand Workers 17
IT Adds Value to Your Performance and Career 19
Becoming an Informed IT User 21
Case 1.2 Business Case: The Internet of Things Comes
to the NFL 23
Case 1.3 Video Case: Knowing More and Doing More
2 Information Systems,
24
IT Architecture, Data Governance,
and Cloud Computing 25
Case 2.1 Opening Case: Detoxing Location-Based
Advertising Data at MEDIATA 27
2.1
vi
IS Concepts and Classification
28
Components of an IS 29
Data, Information, Knowledge, and Wisdom 30
Types of ISs 31
Transaction Processing System (TPS) 32
Management Information System (MIS) 33
Decision Support System (DSS) 34
Executive Information System (EIS) 35
ISS Exist within Corporate Culture 36
2.2 IT Infrastructure, IT Architecture, and Enterprise
Architecture 37
EA Helps to Maintain Sustainability 38
Developing an Enterprise Architecture (EA) 41
2.3 Information Management and Data
Governance 42
Information Management Harnesses
Scattered Data 43
Reasons for Information Deficiencies 43
Factors Driving the Shift from Silos to Sharing
and Collaboration 45
Business Benefits of Information Management 45
Data Governance: Maintaining Data Quality
and Cost Control 46
2.4 Data Centers and Cloud Computing 48
Data Centers 48
Integrating Data to Combat Data Chaos 50
Cloud Computing 52
Selecting a Cloud Vendor 52
Cloud Infrastructure 54
Issues in Moving Workloads from the Enterprise
to the Cloud 54
2.5 Cloud Services and Virtualization 55
Anything as a Service (XAAS) Models 55
Going Cloud 58
Virtualization and Virtual Machines 58
Case 2.2 Business Case: Data Chaos Creates Risk 62
Case 2.3 Video Case: Cloud Computing at Coca-Cola Is
Changing Everything 63
3 Data Management, Data Analytics,
and Business Intelligence
65
Case 3.1 Opening Case: Coca-Cola Strategically Manages
Data to Retain Customers and Reduce Costs 66
3.1
Data Management and Database Technologies
Database Management Systems and SQL 69
DBMS and Data Warehousing Vendors
Respond to Latest Data Demands 72
69
CONT E N TS
3.2
Centralized and Distributed Database
Architectures 73
Garbage In, Garbage Out 75
Data Ownership and Organizational Politics 76
Data Life Cycle and Data Principles 77
Master Data and Master Data Management 78
3.3 Data Warehouses 79
Procedures to Prepare EDW Data for Analytics 80
Building a Data Warehouse 80
Real-Time Support from an Active Data
Warehouse 81
3.4 Big Data Analytics and Data Discovery 83
Human Expertise and Judgment are Needed 85
Data and Text Mining 88
Creating Business Value 88
Text Analytics Procedure 90
Analytics Vendor Rankings 90
3.5 Business Intelligence and
Electronic Records Management 91
Business Benefits of BI 92
Common Challenges: Data Selection
and Quality 92
Aligning BI Strategy with Business Strategy 92
BI Architecture and Analytics 93
Electronic Records Management 94
Legal Duty to Retain Business Records 94
ERM Best Practices 94
ERM Benefits 95
ERM for Disaster Recovery,
Business Continuity, and Compliance 95
Case 3.2 Business Case: Big Data Analytics is the “Secret
Sauce” for Revitalizing McDonald’s 98
Comparing 3G, 4G, 4G LTE, and 5G Network
Standards 110
Circuit versus Packet Switching 111
Application Program Interfaces and Operating
Systems 111
4.3 Mobile Networks and Near-Field
Communication 113
Increase in Mobile Network Traffic and Users 114
Higher Demand for High-Capacity Mobile
Networks 115
Mobile Infrastructure 115
Two Components of Wireless Infrastructure 116
Business Use of Near-Field Communication 117
Choosing Mobile Network Solutions 118
4.4 Collaborative Technologies and the Internet
of Things 119
Virtual Collaboration 120
Group Work and Decision Processes 120
The Internet of Things (IoT) 121
IoT Sensors, Smart Meters, and the Smart Grid 121
Case 4.2 Business Case: Google Maps API for
Business 125
Case 4.3 Video Case: Small Island Telecom Company
Goes Global 126
5 Cybersecurity and Risk
Management Technology
5.1
4 Networks, Collaborative
Technology, and the Internet
of Things 101
4.1
4.2
Network Fundamentals 104
Network Types 104
Intranets, Extranets, and Virtual Private
Networks 105
Network Terminology 105
Functions Supported by Business Networks
Quality of Service 107
Internet Protocols (IP), APIs, and Network
Capabilities 109
106
127
Case 5.1 Opening Case: Yahoo Wins the Gold and Silver
Medal for the Worst Hacks in History! 129
Case 3.3 Video Case: Verizon Improves Its
Customer Experience with Data Driven
Decision-Making 99
Case 4.1 Opening Case: Sony Builds an IPv6 Network
to Fortify Competitive Edge 102
vi i
5.2
5.3
The Face and Future of Cyberthreats 130
Intentional Threats 132
Unintentional Threats 132
Hacking 133
Cyber Social Engineering and Other Related
Web-Based Threats 134
Denial-of-Service 137
Insider and Privilege Misuse 137
Physical Theft or Loss 138
Miscellaneous Errors 138
New Attack Vectors 138
Cyberattack Targets and Consequences 139
“High-Profile” and “Under-the-Radar” Attacks 139
Critical Infrastructure Attacks 140
Theft of Intellectual Property 141
Identity Theft 142
Bring Your Own Device 142
Social Media Attacks 144
Cyber Risk Management 146
IT Defenses 146
Business Continuity Planning 149
Government Regulations 149
viii
CO NT EN TS
7 Web 2.0 and Social
5.4
Defending Against Fraud 150
Occupational Fraud Prevention
and Detection 151
General Controls 152
Internal Controls 153
Cyber Defense Strategies 153
Auditing Information Systems 155
5.5 Frameworks, Standards, and Models 155
Risk Management and IT Governance
Frameworks 155
Industry Standards 157
IT Security Defense-In-Depth Model 157
Case 5.2 Business Case: Lax Security at LinkedIn
Exposed 161
Technology
199
Case 7.1 Opening Case: Social Customer Service Takes
Off at KLM 200
7.1
Using Search Technology for Business
Success 168
How Search Engines Work 168
Web Directories 168
How Crawler Search Engines Work 169
Why Search Is Important for Business 172
6.2 Organic Search and Search Engine
Optimization 178
Strategies for Search Engine Optimization 178
Content and Inbound Marketing 180
Black Hat versus White Hat SEO: Ethical Issues
in Search Engine Optimization 181
6.3 Pay-Per-Click and Paid Search Strategies 182
Creating a PPC Advertising Campaign 182
Metrics for Paid Search Advertising 184
6.4 A Search for Meaning—Semantic Technology 184
What Is the Semantic Web? 185
The Language(s) of Web 3.0 185
Semantic Web and Semantic Search 186
Semantic Web for Business 187
6.5 Recommendation Engines 188
Recommendation Filters 189
Case 6.2 Business Case: Deciding What to Watch—Video
Recommendations at Netflix 195
Web 2.0—The Social Web 201
The Constantly Changing Web 201
Invention of the World Wide Web 202
A Platform for Services and Social Interaction 202
Emergence of Social Applications, Networks,
and Services 203
Why Managers Should Understand Web
Technology 205
Communicating on the Web 206
Social Media Applications and Services 207
Social Media Is More than Facebook, YouTube, and
Twitter 207
With Web 2.0, Markets are Conversations 209
7.2 Social Networking Services and Communities 210
The Power of the Crowd 212
Crowdfunding 212
Social Networking Services 213
Facebook Dominates Social Networking 214
Google Takes on Facebook with G+ 216
Be in the Now with Snapchat 217
And Now for Something Different: Second Life 218
Private Social Networks 219
Future of Social Networking Systems 220
7.3 Engaging Consumers with Blogs and
Microblogs 220
What Is the Purpose of a Blog? 220
Blogging and Public Relations 222
Reading and Subscribing to Blogs 222
Blogging Platforms 222
Microblogs 223
Twitter 223
Tumblr Blogs 225
7.4 Mashups, Social Metrics, and
Monitoring Tools 226
What Makes a Mashup Social 226
RSS Technology 227
Social Monitoring Services 227
7.5 Enterprise 2.0: Workplace Collaboration and
Knowledge Sharing 229
Tools for Meetings and Discussions 230
Social Tools for Information Retrieval and
Knowledge Sharing 230
Social Bookmarking Tools 231
Content Creation and Sharing 232
Case 7.2 Business Case: Facebook Helps Songkick Rock
the Ticket Sales Industry 236
Case 6.3 Video Case: Power Searching with
Google 196
Case 7.3 Business Case: AT&T’s “It Can Wait” Campaign
against Distracted Driving 237
Case 5.3 Video Case: Botnets, Malware Security, and
Capturing Cybercriminals 163
PART 2 Winning, Engaging, and
Retaining Consumers for Growth
6 Search, Semantic, and
Recommendation Technology
165
Case 6.1 Opening Case: Mint.com Uses Search
Technology to Rank Above Established
Competitors 166
6.1
CONT E N TS
8 Retail, E-commerce, and Mobile
Commerce Technology
240
Case 8.1 Opening Case: Macy’s Races Ahead with Mobile
Retail Strategies 241
8.1
Retailing Technology 243
Keeping Up with Consumer Demands and
Behavior 243
The Omni-Channel Retailing Concept 244
8.2 Business-to-Consumer (B2C) E-commerce 246
Online Banking 246
International and Multiple-Currency
Banking 246
Online Recruiting 246
Issues in Online Retailing 250
Online Business and Marketing Planning 250
8.3 Business-to-Business (B2B) E-commerce and
E-procurement 251
Sell-Side Marketplaces 251
E-Sourcing 252
E-Procurement 252
Electronic Data Interchange (EDI) Systems 253
Public and Private Exchanges 253
8.4 Mobile Commerce 253
Information: Competitive Advantage in Mobile
Commerce 255
Mobile Entertainment 258
Hotel Services and Travel Go Wireless 259
Mobile Social Networking 259
8.5 Mobile Transactions and Financial Services 260
Mobile Payment Systems 260
Mobile Banking and Financial Services 262
Short Codes 263
Security Issues 263
Case 8.2 Business Case: Chegg’s Mobile Strategy 266
Case 8.3 Video Case: Searching with Pictures
Using MVS 267
PART 3 Optimizing Performance,
Processes, and Productivity
9 Functional Business Systems
269
Case 9.1 Opening Case: Ducati Redesigns Its
Operations 271
9.1
Business Management Systems and Functional
Business Systems 272
Business Management Systems (BMSs) 273
Management Levels 273
Business Functions vs. Cross-Functional Business
Processes 274
Transaction Processing Systems 275
ix
9.2
Production and Operations Management
Systems 277
Transportation Management Systems 278
Logistics Management 278
Inventory Control Systems 279
Computer-Integrated Manufacturing and
Manufacturing Execution Systems 281
9.3 Sales and Marketing Systems 282
Data-Driven Marketing 284
Sales and Distribution Channels 284
Social Media Customer Service 284
Marketing Management 285
9.4 Accounting, Finance, and Regulatory Systems 286
Financial Disclosure: Reporting and
Compliance 286
Fraud Prevention and Detection 289
Auditing Information Systems 291
Financial Planning and Budgeting 291
9.5 Human Resource Systems, Compliance, and
Ethics 293
HR Information Systems 293
Management and Employee Development 295
HR Planning, Control, and Management 295
Case 9.2 Business Case: HSBC Combats Fraud in Splitsecond Decisions 297
Case 9.3 Video Case: United Rentals Optimizes Its
Workforce with Human Capital Management
10 Enterprise Systems
298
300
Case 10.1 Opening Case: 3D Printing Drives the “AlwaysOn” Supply Chain 301
10.1 Enterprise Systems 303
Implementation Challenges of Enterprise
Systems 305
Investing in Enterprise Systems 305
Implementation of Best Practices 306
Enterprise Systems Insights 307
10.2 Enterprise Resource Planning (ERP) 307
Brief History of ERP 308
Technology Perspective 308
Achieving ERP Success 311
10.3 Supply Chain Management Systems 313
Managing the Flow of Materials, Data,
and Money 315
Order Fulfillment and Logistics 315
Steps in the Order Fulfillment Process 315
Innovations Driving Supply Chain Strategic
Priorities 316
10.4 Customer Relationship Management Systems 319
How are CRM Apps Different from ERP? Why are they
Different? 319
CRM Technology Perspective 320
x
CONT ENTS
Customer Acquisition and Retention 320
CRM for a Competitive Edge 320
Common CRM Mistakes: How to Avoid
Them 321
Justifying CRM 322
10.5 Enterprise Social Platforms 323
Growth of Enterprise Social Investments
and Markets 323
Sharepoint 324
Oracle’s Social Network 326
Jive 326
Chatter 326
Case 10.2 Business Case: Lowe’s Fresh Approach to
Supply Chain Management 328
Case 10.3 Video Case: Procter & Gamble: Creating
Conversations in the Cloud with 4.8 Billion
Consumers 329
11 Data Visualization and Geographic
Information Systems
331
Case 11.1 Opening Case: Safeway and PepsiCo
Collaborate to Reduce Stock Outages using Data
Visualization 332
11.1 Data Visualization and Learning 334
Learning, Exploration, and Discovery with
Visualization 336
Data Discovery Market Separates from the
BI Market 336
How Is Data Visualization Used in Business? 340
Data Visualization Tools 341
11.2 Enterprise Data Mashups 342
Mashup Architecture 343
Why Do Business Users Need Data Mashup
Technology? 344
Enterprise Mashup Technology 344
11.3 Digital Dashboards 345
Dashboards are Real Time 347
How Operational and Strategic
Dashboards Work 348
Benefits of Digital Dashboards 348
11.4 Geographic Information Systems and
Geospatial Data 349
Geocoding 350
GIS Is Not Your Grandfather’s Map 350
Infrastructure and Location-Aware Collection
of Geospatial Data 350
Applying GIS in Business 351
Case 11.2 Visualization Case: Are You Ready for
Football? 353
Case 11.3 Video Case: The Beauty of Data
Visualization—Data Detective 353
PART 4 Managing Business
Relationships, Projects, and Ethical
Responsibilities
12 IT Strategy, Sourcing, and Strategic
Technology Trends
354
Case 12.1 Opening Case: Intel Reaps Rewards from
Sustainable IT Strategy 355
12.1 IT Strategic Planning 357
Value Drivers 358
IT Strategic Plan Objectives 358
IT and Business Disconnects 359
Corporate and IT Governance 359
Reactive Approach to IT Investments Will Fail 359
IT Strategic Planning Process 359
12.2 Aligning IT with Business Objectives 362
Achieving and Sustaining a Competitive
Advantage 364
12.3 IT Sourcing Strategies 367
Sourcing and Cloud Services 368
Factors Driving Outsourcing 369
Outsourcing Risks and Hidden Costs 370
Offshoring 370
Outsourcing Life Cycle 371
Managing IT Vendor Relationships 373
Contracts: Get Everything in Writing 373
12.4 Balanced Scorecard 374
The Balanced Scorecard 374
Using the Balance Scorecard 375
Applying the BSC 377
12.5 Strategic Technology Trends 378
Strategic Technology Scanning 380
Finding Strategic Technologies 380
Case 12.2 Business Case: Cisco IT Improves Strategic
Vendor Management 382
Case 12.3 Data Analysis: Third-Party versus CompanyOwned Offshoring 383
13 Systems Development and Project
Management
385
Case 13.1 Opening Case: Denver International Airport
Learns from Mistakes Made in Failed BaggageHandling System Project 386
13.1 System Development Life Cycle 388
Stages of the SDLC 388
13.2 Systems Development Methodologies 391
Waterfall Model 391
Object-Oriented Analysis and Design 392
Agile Methodology 392
CONT E N TS
The DevOps Approach to Systems
Development 394
13.3 Project Management Fundamentals 395
What Is a Project? 396
Choosing Projects 396
The Triple Constraint 397
The Project Management Framework 397
13.4 Initiating, Planning, and Executing Projects 399
Project Initiation 400
Project Planning 400
Project Execution 403
13.5 Monitoring/Controlling and Closing
Projects 404
Project Monitoring and Controlling 404
Project Closing or Post Mortem 407
Why Projects Fail 408
IT Project Management Mistakes 410
Case 13.2 Business Case: Steve Jobs’ Shared Vision
Project Management Style 412
Case 13.3 Demo Case: Mavenlink Project Management
and Planning Software 413
14 IT Ethics, Privacy, and
Sustainability
417
Case 14.1 Opening Case: Lessons Learned: How Google
Glass Raised Risk and Privacy Challenges 418
14.1 IT Ethics 420
Ethical versus Unethical Behavior 420
Competing Responsibilities 423
14.2 Privacy and Civil Rights 424
Privacy and the New Privacy
Paradox 424
Social Media Recruiting 425
Legal Note: Civil Rights 426
Competing Legal Concerns 427
Financial Organizations Must Comply with Social
Media Guidelines 428
14.3 Technology Addictions and Focus
Management 430
Digital Distractions and Loss of Focus 430
Focus Management 430
14.4 ICT and Sustainable Development 432
Global Temperature Rising Too Much
Too Fast 432
IT and Global Warming 433
Technology to Transform Business and
Society 436
Next Wave of Disruption Will Be More
Disruptive 438
Case 14.2 Business Case: Android Auto and
CarPlay Keep Drivers Safe, Legal, and
Productive 439
Case 14.3 Video Case: IT Ethics in the
Workplace 440
GLOSSARY 443
ORGANIZATION INDEX
NAME INDEX 450
SUBJECT INDEX 451
448
xi
Preface
Information Technology for Management discusses a variety of
business strategies and explains how they rely on data, digital
technology, and mobile devices to support them in the ondemand economy. Our goal is to provide students from any
business discipline with a strong foundation for understanding the critical role that digital technology plays in enhancing
business sustainability, profitability, and growth and excel in
their careers. Enabling technologies discussed in this textbook
include the following:
has applied her innovative teaching and learning techniques to
create a stronger pedagogical focus and more engaging format
for the text.
• Performance Combining the latest capabilities in big data
analytics, reporting, collaboration, search, and digital communication helps enterprises be more agile and cuts costs to
optimize business performance and profitability.
Strong Pedagogical Approach To encourage improved learning outcomes, we employed a blended learning approach, in
which different types of delivery and learning methods, enabled
and supported by technology, are blended with traditional
learning methods. For example, case study and theoretical
content are presented visually, textually, and/or interactively
to enable different groups of students to use different learning
strategies in different combinations to fit their individual learning style and enhance their learning. Throughout the book,
content has been reorganized to improve development of the
topics and improve understanding and readability. A large
number of images that did not enhance understanding have
been removed and replaced with informative and interactive
figures and tables that better convey critical concepts.
• Growth Strategic technologies enable business to create
new core competencies, expand their markets, and move
into new markets to experience exponential growth in the
on-demand economy.
• Sustainability Cloud services are fundamental to sustaining business profitability and growth in today’s ondemand economy. They play a critical role in managing
projects and sourcing agreements, respecting personal privacy, encouraging social responsibility, and attracting and
engaging customers across multimedia channels to promote
sustainable business performance and growth.
In this 11th edition, students learn, explore, and understand
the importance of IT’s role in supporting the three essential
components of business performance improvement: technology,
business processes, and people.
What’s New in the
11th Edition?
In the 11th edition of IT for Management, we present and discuss concepts in a comprehensive yet easy-to-understand format by actively engaging students through a wide selection of
case studies, interactive figures, video animations, tech notes,
concept check questions, online and interactive exercises, and
critical thinking questions. We have enhanced the 11th edition
in the following ways:
New Author Dr. Carol Pollard, Professor of Computer Information Systems at the Walker College of Business and former
Executive Director of the Center for Applied Research in Emerging Technologies (CARET) at Appalachian State University in
North Carolina, has taken the helm for the 11th edition. Carol
Diverse Audience IT for Management is directed toward
undergraduate, introductory MBA courses, and Executive Education courses in Management Information Systems and General
Business programs. Concepts are explained in a straightforward
way, and interactive elements, tools, and techniques provide
tangible resources that appeal to all levels of students.
Leading-Edge Content Prior to and during the writing process, we consulted with a number of vendors, IT professionals,
and managers who are hands-on users of leading technologies,
to learn about their IT/business successes, challenges, experiences, and recommendations. To integrate the feedback of
these business and IT professionals, new or updated chapter
opening and closing cases have been added to many of the
chapters along with the addition of relevant, leading-edge
content in the body of the chapters.
New Technologies and Expanded Topics New to this edition
are the IT framework, business process reengineering, geocoding, systems developments methodologies, including Waterfall, object-oriented analysis, Agile and DevOps, advances
in Search Technology, the growth of Mobile Commerce and
Mobile Payment Systems, the Always-On Supply Chain, and
the Project Management framework. In addition, with more
purchases and transactions starting online and attention being
a scarce resource, students learn how search, semantic, and
recommendation technologies function to improve revenue.
Table P-1 provides a detailed list of new and expanded topics.
Useful Tools and Techniques New to this edition is a feature
we call the “IT Toolbox.” This involves the provision of a set of
useful tools or techniques relevant to chapter content. Collectively, these tools and techniques equip readers with a suite of
IT tools that will be useful in their university classes, workplace,
and personal life.
xiii
xiv
PR EFAC E
Engaging Students
to Assure Learning
• IT at Work boxes spotlight real-world cases and innovative uses of IT.
The 11th edition of Information Technology for Management
engages students with up-to-date coverage of the most important IT trends today. Over the years, this IT textbook has distinguished itself with an emphasis on illustrating the use of
cutting-edge business technologies for supporting and achieving managerial goals and objectives. The 11th edition continues this tradition with more interactive activities and analyses.
• Tech Note boxes explore topics such as “Key
Performance Indicators” and “Six Basic Systems
Development Guidelines.”
Real-World Case Studies Each chapter contains numerous
real-world examples illustrating how businesses use IT to increase
productivity, improve efficiency, enhance communication and
collaboration, and gain a competitive edge. Faculty will appreciate
a variety of options for reinforcing student learning that include
three different types of Case Studies (opening case, video case,
and business case), along with interactive figures and whiteboard
animations that provide a multimedia overview of each chapter.
Interactive Figures and Whiteboard Animations The unique
presentation of interactive figures and whiteboard animations facilitates reflection on the textual content of the book
and provides a clear path to understanding key concepts. The
whiteboard animations fit particularly well with the “flipping
the classroom” model and complement additional functionality and assets offered throughout the 11th edition. The interactive figures actively engage the students in their own learning
to effectively reinforce concepts.
• Definitions of Key Terms appear in the margins
throughout the book.
• Career Insight boxes highlight different jobs in the IT
for management field.
End-of-Chapter Activities At the end of each chapter,
features designed to assure student learning include the
following:
• Critical Thinking Questions are designed to facilitate
student discussion.
• Online and Interactive Exercises encourage students
to explore additional topics.
• Analyze and Decide questions help students apply IT
concepts to business decisions.
• Concept Questions test students’ comprehension of
each learning objective at the end of each chapter to
ensure that the students are clear on the concepts.
Students are provided with immediate feedback on
their performance.
Learning Aids Each chapter contains various learning aids,
which include the following:
Details of New and Enhanced
Features of the 11th Edition
• Learning Objectives are listed at the beginning of each
chapter to help students focus their efforts and alert
them to the important concepts that will be discussed.
The textbook consists of 14 chapters organized into four modules. All chapters have new or updated sections, as shown in
Table P-1.
TA BL E P- 1
Overview of New and Expanded Topics and Innovative Enterprises Discussed in the Chapters
Chapter
New and Expanded IT and Business Topics
Innovative Enterprises
1. Disruptive IT Impacts
Companies, Competition,
and Careers
• IT’s role in the on-demand economy
• Business process improvement
• Business process re-engineering
• SMAC model
• Nature of on-demand work
• Becoming an informed IT user
• Technology mega trends
• Uber
• Airbnb
• FitBit
• NFL
• Teradata
2. Information Systems, IT Architecture, Data Governance, and
Cloud Computing
• IS concepts and framework
• Information, knowledge, wisdom model
• Software-defined data center
• Mediata
• National Climatic Data center
• U.S. National Security Agency
• Apple
• Uber
• WhatsApp
• Slack
• Vanderbilt University Medical Center
• Coca-Cola
PRE FAC E
TA BLE P- 1
xv
Overview of New and Expanded Topics and Innovative Enterprises Discussed in the Chapters (continued)
Chapter
New and Expanded IT and Business Topics
Innovative Enterprises
3. Data Management, Data
Analytics, and Business
Intelligence
• Dirty data costs and consequences
• Coca-Cola
• Data life cycle
• Capitol One
• Genomics and big data
• Travelocity
• Aligning business intelligence with business strategy
• First Wind
• Argo Corporation
• Walmart
• Infinity Insurance
• DoD and Homeland Security
• CarMax
• McDonald’s
• Verizon
4. Networks, Collaborative
Technology, and the
Internet of Things
• IPv6 protocol
• Sony
• Types of networks
• AT & T
• Network terminology
• Time-Warner
• Quality of service
• Amazon
• Net neutrality
• Warner Music
• Mobile networks and near-field communication
• Proctor & Gamble
• Internet of Things
• Walmart
• Ford
• Asda
• Unilever
• Caterpillar
• Santander
• Google
• Isle of Man
5. Cybersecurity and Risk
Management Technology
6. Search, Semantic, and Recommendation Technology
• Data breaches
• Yahoo
• Major sources of cyberthreats
• Global Payments, Inc.
• Classes of hackers
• Government of China
• Spear phishing
• Google
• Crimeware categories
• U.S. Chamber of Commerce
• Denial of service
• Brookings Institution
• KPMG data loss barometer
• LinkedIn
• Enterprise risk management framework
• Damballa
• Social search technologies
• Mint.com
• Personal assistant and voice search
• Google
• Mobile search and mobile SEO
• Microsoft
• On-page and off-page SEO factors
• Yahoo
• Updates to Google’s ranking algorithm
• Netflix
• Semantic search technologies
• Apple
• Amazon
• Diigo
• World Wide Web Consortium (W3C)
(continued)
xvi
PR EFAC E
TA BL E P- 1
Overview of New and Expanded Topics and Innovative Enterprises Discussed in the Chapters (continued)
Chapter
New and Expanded IT and Business Topics
Innovative Enterprises
7. Web 2.0 and Social Technology
• Snapchat, the #2 social platform
• KLM Royal Dutch Airlines
• Social bookmarking
• Facebook, Inc.
• Social customer service moves from optional
to essential
• Myntra
• Role of APIs in development of new Web applications
and functionality
• Kickstarter.com
• The dominance of Facebook and the demise
of Google+
• Emerging virtual-world technology
• Snap, Inc.
• GoFundMe.com
• Oculus VR
• High Fidelity
• Twitter
• Social Mention
• Diigo
• Clipix
• Dropbox
8. Retail, E-commerce, and
Mobile Commerce Technology
• Direct and marketplace B2B ecommerce
• Macys Department Stores
• In-store retail technology
• Amazon.com
• Omni-channel retailing
• Ally Bank
• Growth of mobile commerce
• LinkedIn.com
• Growth of the mobile gaming market
• Alibaba.com
• Mobile payment methods
• Dell, Inc.
• Mobile visual search
• The Walt Disney Company
• PayPal, Inc.
• Chegg.com
9. Functional Business Systems
• Business management systems
• Ducati Motor Holding S.p.A.
• Cross-functional coordination and integration
of systems
• Office Depot
• Systems that support supply-chain management
• BAE Systems
• Social customer service
• eXtensible Business Reporting Language (XBRL)
• Schurman Fine Papers
• Adweek
• Salesforce.com
• LinkedIn
• HSBC Bank
• United Rentals
10. Enterprise Systems
• 3D printing impact on supply chain
• Organovo
• Selecting an ERP vendor
• Ferrari
• Factors for ERP success
• GE
• Order fulfillment
• Siemens
• Always-on supply chain
• Organic Valley Family of Farms
• Enterprise social platforms
• Boers & Co.
• Peters Ice Cream
• ScanSource
• Avanade
• Dillards
• FoxMeyer Drugs
• Joint Munitions Command
• Flower.com
• Red Robin
• Lowe’s
• Procter & Gamble
PR E FACE
TA BLE P- 1
xvii
Overview of New and Expanded Topics and Innovative Enterprises Discussed in the Chapters (continued)
Chapter
New and Expanded IT and Business Topics
Innovative Enterprises
11. Data Visualization and
Geographic Information
Systems
• Increasing reliance on data discovery
• Safeway
• Data visualization tools
• PepsiCo
• Enterprise data mashups
• IBM
• Geocoding
• ADP Corp.
• Department of Veterans Affairs
• General Motors
12. IT Strategy, Sourcing, and
Strategic Technology Trends
• Business–IT alignment
• Intel
• IT strategic planning
• Nestle Nespresso
• Porter’s competitive forces model
• LinkedIn
• Porter’s value chain model
• ESSA Academy
• Five-phase outsourcing life cycle
• Cisco
• IT sourcing strategies
• Citigroup
• Strategic technology trends
• Technology scanning
13. Systems Development and
Project Management
• SDLC stages
• Denver International Airport
• Systems development methodologies
• U.S. Census Bureau
• DevOps
• Apple
• Project management framework
• Mavenlink
• PM core and support knowledge areas
• Responsibility matrix
14. IT Ethics, Privacy, and
Sustainability
• Ethical vs. unethical behavior
• Google
• Privacy paradox
• Target
• Climate change
• Facebook
• Technology addiction
• SnapChat
• “People-first” approach to technology
• NASA
• Disruptive technologies
• Apple
Supplemental Materials
An extensive package of instructional materials is available
to support this 11th edition. These materials are accessible
from the book companion website at www.wiley.com/college/
turban.
• Instructor’s Manual The Instructor’s Manual presents
objectives from the text with additional information to make
them more appropriate and useful for the instructor. The
manual also includes practical applications of concepts,
case-study elaboration, answers to end-of-chapter questions, questions for review, questions for discussion, and
Internet exercises.
• Test Bank The test bank contains over 1,000 questions and problems (about 75 per chapter) consisting of
multiple-choice, short answer, fill-ins, and critical thinking/
essay questions.
• PowerPoint Presentation A series of slides designed
around the content of the text incorporates key points from
the text and illustrations where appropriate.
• Chapter Summary Whiteboard Animations A series of
video animations that summarize the content of each chapter
in an entertaining way to engage the students in grasping the
subject matter.
xviii
PR EFAC E
Acknowledgments
No book is produced through the sole efforts of its authors, and
this book is no exception. Many people contributed to its creation, both directly and indirectly, and we wish to acknowledge
their contributions.
Special thanks go to the team at John Wiley, particularly
Darren Lalonde, Emma Townsend-Merino, Ethan Lipson, and
Loganathan Kandan for their ongoing and encouraging editorial expertise and leadership. Their guidance, patience, humor,
and support during the development and production of this
most recent version of the textbook made the process much
easier. We couldn’t have done it without you!
Our sincere thanks also go to the following reviewers of the
11th edition. Their feedback, insights, and suggestions were
invaluable in ensuring the accuracy and readability of the book:
Joni Adkins, Northwest Missouri State University
Ahmad Al-Omari, Dakota State University
Rigoberto Chinchilla, Eastern Illinois University
Michael Donahue, Towson University
Samuel Elko, Seton Hill University
Robert Goble, Dallas Baptist University
Eileen Griffin, Canisius College
Binshan Lin, Louisiana State University in Shreveport
Thomas MacMullen, Eastern Illinois University
James Moore, Canisius College
Beverly S. Motich, Messiah College
Barin Nag, Towson University
Luis A. Otero, Inter-American University of Puerto Rico,
Metropolitan Campus
John Pearson, Southern Illinois University
Daniel Riding, Florida Institute of Technology
Josie Schneider, Columbia Southern University
Derek Sedlack, South University
Eric Weinstein, The University of La Verne
Patricia White, Columbia Southern University
Gene A. Wright, University of Wisconsin–Milwaukee
Many thanks also go to our dedicated graphic designers,
Kevin Hawley and Nathan Sherrill, without whose help we
would not have been able to create the innovative Whiteboard
Animations, and to Senior Photo Editor, Billy Ray, whose extensive and expert research into the images used in the textbook
greatly enhanced the overall “look” of this 11th edition.
Extra special thanks go to our families, friends, and colleagues for the enormous encouragement, support, and understanding they provided as we dedicated time and effort to
creating this new edition.
Finally, we dedicate the 11th edition of Information
Technology for Management to the Memory of Dr. Linda
Volonino, the driving force behind editions 7 through 10 of IT
for Management. Thank you Linda, for all your hard work in
providing the foundation for this latest edition of the textbook.
CAROL POLLARD
GREGORY WOOD
CHAPTER 1
Disruptive IT Impacts Companies,
Competition, and Careers
CHAPTE R O UT L INE
L E A R N I NG O BJE CTI VE S
Case 1.1 Opening Case: Uber, Airbnb, and the
On-Demand Economy
1.1 Doing Business in the On-Demand Economy
1.1 Describe how the on-demand economy is changing the way
that business is conducted.
1.2 Business Process Improvement and
Competitive Advantage
1.2 Explain the role of IT in business process improvement.
Understand the concepts of business process reengineering
and competitive advantage.
1.3 IT Innovation and Disruption
1.3 Describe innovating technologies and explain how they are
disrupting enterprises.
1.4 IT and You
1.4 Understand the value of being an “informed user” of IT and
the ways in which IT can add value to your career path and
performance in the on-demand economy.
Case 1.2 Business Case: The Internet of Things
Comes to the NFL
Case 1.3 Video Case: What Is the Value of Knowing
More and Doing More?
Introduction
The more digital technology advances, the more it is almost instantly integrated into our daily
lives. Many managers and entrepreneurs recognize the need to integrate digital technology
into their products and services. For example, it has been estimated that 78% of business
1
2
CH A PT ER 1
Disruptive IT Impacts Companies, Competition, and Careers
leaders expect their organizations to be a digital business by 2020. Outdated and complex
application architectures with a mix of interfaces can delay or prevent the release of new
products and services, and maintaining these obsolete systems absorbs large portions of the
information technology (IT) budget.
Companies such as Uber, Airbnb, Shyp, TaskRabbit, and other participants in the ondemand economy are leveraging IT to create exciting new business models and revolutionize the way workers, businesses, and customers interact and compete. Peter Hinssen, a
well-known business author, university lecturer, and digital consultant, described the change
in digital technology as follows:
Technology used to be nice. It used to be about making things a little bit better, a little
bit more efficient. But, technology stopped being nice: it’s disruptive. It’s changing our
business models, our consumer markets, our organizations. (MacIver, 2015)
As businesses continue to join the on-demand economy, IT professionals must constantly
scan for innovative new technologies to provide business value and help shape the future of
the business. For example, smart devices, mobile apps, sensors, and technology platforms—
along with increased customer demand for digital interactions and on-demand services—have
moved commerce in fresh new directions. We’ve all heard the phrase “there’s an app for that”
and that kind of consumer thinking is what drives the on-demand economy.
Business leaders today need to know what steps to take to get the most out of mobile,
social, cloud, big data, analytics, visualization technologies, and the Internet of Things (IoT) to
move their business forward and enable new on-demand business models. Faced with opportunities and challenges, managers need to know how to leverage IT earlier and more efficiently
than their competitors.
A goal of this book is to empower you to improve your use and management of IT at
work by raising your understanding of IT terminology, practices, and tools and developing
your IT skills to transform you into an informed IT user. Throughout this book, you will learn
how digital technology is transforming business and society in the on-demand economy as
the IT function takes on key strategic and operational roles that determine an enterprise’s
success or failure. You will also be provided with an in-depth look at IT trends that have
immediate and future capacity to influence products, services competition, and business
relationships. Along the way, we’ll describe many different ways in which IT is being used
and can be used in business and provide you with the some of the terminology, techniques
and tools that enable organizations to leverage IT to improve growth, performance, and
sustainability.
In this opening chapter, you will learn about the powerful impacts of digital technology
on people, business, government, entertainment, and society that are occurring in today’s ondemand economy. You will also discover how leading companies are deploying digital technology and changing their business models, business processes, customer experiences, and
ways of working. We will present examples of innovative products, services, and distribution
channels to help you understand the digital revolution that is currently shaping the future of
business, the economy and society and changing management careers. And, we’ll explain why
IT is important to you and how becoming an “informed user” of IT will add significant value to
your career and overall quality of life.
Introduction 3
Case 1.1 Opening Case
NICOLAS MAETERLINCK / Stringer /
Getty Images
THE ON-DEMAND BUSINESS FRAMEWORK
CORE ON-DEMAND
SERVICES
CONSUMER
TECHNOLOGY
Logistics Management
Offline Services Move Online
Vendor Management
Interface Layer
Ubiquitous Connectivity
Mobile Adoption
App Marketplace
COMPLIMENTARY
RESOURCES
CONSUMER
BEHAVIOR
Payment Systems
Cloud Services
CRM Platforms
1099 Community
Convenience
Efficiency
Simplicity
Instant Gratification
THE
ON-DEMAND
ECONOMY
Uber and Airbnb Revolutionize Business Models
in the On-Demand Economy
categories in the on-demand world. Forward-thinking companies are
reshaping these industries.
If you’ve used Uber or Airbnb, then you have participated in the
on-demand economy where speed, convenience, and simplicity
are key factors in consumer behavior and purchasing decisions.
Michael Boland, author of What’s Driving the Local On-Demand Economy, explains that as consumers, “We’re being conditioned to expect
everything on-demand as the mobile device increasingly becomes the
remote control for the physical world” (Boland, 2015). For example,
the majority of consumers who tap an Uber app to get a ride would
not consider dialing an 800 number for a taxi. With all transactions
performed by apps and automated processes, the entire process from
hailing to paying for a ride is slick, quick, and easy, without cash or
credit cards.
Uber Business Model
Tech Platforms Enabled On-Demand Services to Take Off
Decades of technological innovation have given us smartphone apps,
mobile payment platforms, GPS and map technology, and social
authentication. These technologies are being used to build the infrastructure needed for on-demand services. This infrastructure—also
referred to as a technology platform or technology stack—supports
the exchange and coordination of staggering amounts of data. The
term technology stack reflects the fact that the platform is made up of
multiple layers (stacks) of hardware, software, network connectivity,
and data analytics capabilities.
In many consumer markets today, companies that do not have
iPhone or Android apps or technology platforms that support the
exchange of goods and services—no matter how useful their website—
may find themselves losing their competitive edge.
On-Demand Economy Requires a New Business Model
Uber and Airbnb are popular examples of companies that developed
on-demand business models to transform slow-to-innovate industries. A simple definition of business model is the way a company
generates revenue and makes a profit. On-demand business models provide real-time fulfillment of goods and services, which have
attracted millions of users worldwide. This model fits best when
speed and convenience matter the most. The ground transportation, grocery, and restaurant industries are examples of hyper-growth
Uber disrupted the taxi industry with a workforce that is essentially
any person with a smartphone and a car. Location-aware smartphone
apps bring drivers and passengers together, while in-app accounts
make the cashless payment process effortless. By simply opening the
Uber app and pressing the middle button for several seconds (a long
press), customers can order a ride to their current location, selecting
the kind of car they want. Payment is automatically charged to the
credit card on file with receipts via email.
The Uber concept developed in response to taxi scarcities. It
started on a snowy Paris night in 2008 when the two founders could
not get a cab. They wanted a dead-simple app that could get them
a car with a tap. On June 1, 2015, the entrepreneurs celebrated
Uber fifth anniversary and announced that the company had grown
into a transportation network covering 311 cities in 58 countries in
North and South Americas, Europe, Africa, Asia Pacific, and the
Middle East.
Uber has invested in new and developing technologies and partnerships. The company partnered with Carnegie Mellon University to
build robotic cars and new mapping software. In March 2015, Uber purchased deCarta, a 40-person mapping start-up to reduce its dependence on Google maps.
Airbnb Business Model
Another disruption to a traditional industry occurred when Airbnb
blindsided the hotel industry. Airbnb allows anyone with a spare
apartment or room—even if only for a day—to run their own bed and
breakfast by giving them a technology platform to market themselves
to a global market. By 2016, the Airbnb site had over 1.5 million listings in 190 countries and 34,000 cities. Over 40 million guests have
used Airbnb worldwide. For comparison, Hilton, InterContinental, and
Marriott, the largest hotel chains in the world, have less than 1 million
rooms each.
Uber and Airbnb do not own inventory. Instead, they scale up
(expand) by improving their ability to acquire and match customers
and service providers.
4
CH A PT ER 1
Disruptive IT Impacts Companies, Competition, and Careers
Business Success in Terms of Company Growth
and Valuation
The ride-hailing app Uber and the housing rental app Airbnb are two
of the most valuable start-ups, as displayed in Figure 1.1. Valuation
of a company at its early stages is based heavily on its growth potential
and future value. In contrast, the valuation of an established company
is based on its present value, which is calculated using traditional
financial ratios and techniques related to revenues or other assets.
Uber’s massive market value—estimated at $60 billion—is
greater than 80% of all Standard & Poor (S&P) 500 companies, many
of which have been around for 25, 50, or 100 years. Investors valued
Airbnb at $24 billion—higher than the value of the hotel giant Marriott
Airbnb
Started in 2008
Airbnb—short for Air Bed and
Breakfast
The leading disrupter in the hotel
and vacation rental market
By 2016, Airbnb was valued at
about $25 billion. Exceeded the
value of Marriott International
FIGURE 1.1
International. These companies would never have been able to grow
in the old way as a traditional organization, with their own inventory of
products, services, and workforce and traditional forms of technology.
Questions
1. In what ways are the Uber and Airbnb business similar or
different?
2. How did Uber achieve its new business model?
3. To what extent do you think changing their business models contributed to the success of Uber and Airbnb?
Sources: Compiled from Primack (2015), Storbaek (2015), Winkler and MacMillan
(2015,) Jaconi (2014), Uber.com (2017), Airbnb.com (2017).
Uber
Started in 2009. Founder Garrett
Camp wanted to tackle the taxi
shortage problem in San Francisco
Uber epitomizes disruption
Changed the way customers think
about grabbing a ride
By 2016, Uber had higher valuation
than companies that make the cars
its drivers use–GM, Honda, and Ford
On-demand business models of Airbnb and Uber have been extremely
successful.
Doing Business in the
On-Demand Economy
1.1
On-demand economy is the
economic activity created by
technology companies that fulfill
consumer demand through
the immediate provisioning of
products and services.
The on-demand economy is revolutionizing commercial activities in businesses around the
world. The businesses in this new economy are fueled by years of technology innovation and a
radical change in consumer behavior. As companies become more highly digitized, it becomes
more and more apparent that what companies can do depends on what their IT and data management systems can do. For over a decade, powerful new digital approaches to doing business
have emerged. And there is sufficient proof to expect even more rapid and dramatic changes
due to IT breakthroughs and advances.
In market segment after market segment, mobile communications and technology stacks
make it financially feasible for companies to bring together consumers and providers of products and services. These capabilities have created the on-demand economy. As Ev Williams,
cofounder of Twitter says,
The internet makes human desires more easily attainable. In other words, it offers
convenience. Convenience on the internet is basically achieved by two things: speed,
and cognitive ease. If you study what the really big things on the internet are, you
realize they are masters at making things fast and not making people think.
Doing Business in the On-Demand Economy
The proliferation of smartphone-connected consumers, simple and secure purchase flows, and
location-based services are a few of the market conditions and technological innovations that
are propelling the explosion of on-demand services.
Just as the rapid growth of online-only Amazon and eBay transformed retail, the even faster
growth of app-driven companies, like Uber, Airbnb, and Grubhub, has disrupted the taxi, hotel,
and restaurant markets. As you read in the opening case, in six short years, Uber changed the
taxi industry as it rose from start-up to the world’s most valuable private technology company,
and Airbnb tackled the fiercely competitive hotel market and attracted more than 60 million
customers to become the third most valuable venture-capital-backed company in the world.
Another example is Grubhub who became No. 1 in online food ordering, controlling over 20%
of that $9 billion market. What today’s successful technology businesses have in common are
platform-based business models. Platforms consist of hardware, software, and networks that
provide the connectivity for diverse transactions, such as ordering, tracking, user authentication, and payments. These business models are designed to serve today’s on-demand
economy, which is all about time (on-demand), convenience (tap an app), and personalized
service (my way). For example, millennials want the ease of online payment over cash and
insist on efficiency for all aspects of their lives, including shopping, delivery, and travel.
Key strategic and tactical questions that determine an organization’s profitability and
management performance are shown in Figure 1.2. Answers to each question require an
understanding of the capabilities of mundane to complex IT, which ones to implement and
how to manage them.
Strategic direction:
industry, markets,
and customers
• What do we do?
• What is our direction?
• What markets & customers should
we be targeting and how do we
prepare for them?
Business model
• How do we do it?
• How do we generate revenues &
profits to sustain ourselves and
build our brand?
Business
processes,
producers,
and technology
FIGURE 1.2
• How well do we do it?
• How can we be more
efficient?
Key strategic and tactical questions.
Growth of the On-Demand Economy
Whether it is ease of scheduled deliveries or the corresponding time savings, the growth of
the on-demand economy is a product of its alignment with consumers’ growing appetite
for greater convenience, speed, and simplicity. A recent survey reported that 86.5 million
Americans have used the services of at least one on-demand start-up company (Chriss, 2016).
The growth of the on-demand economy demonstrates the high level of interest consumers
have in on-demand services from dog walking to laundry services, short-term home rentals,
massages, and truck hauling. Although just applying a mobile app to an existing service will not
ensure a company’s success, IT is a vital and integral part of the all businesses that are part of
the on-demand economy.
5
6
CH A PT ER 1
Disruptive IT Impacts Companies, Competition, and Careers
Low Cost of Entry One of the reasons that the on-demand economy has taken off is
that it is easier than ever to become an on-demand business. Companies like Dispatch, a software as-a-service company, allow entrepreneurs to move into the on-demand world quickly
and inexpensively. For example, Aatlantic Fitness, a fitness equipment repair service company,
moved into the on-demand economy using Dispatch, and Handyman Connection, a 20-yearold home repair service company, is using Dispatch’s platform to compete with Handy, an ondemand service for house cleaning that has raised $60 million in venture capital.
Digital Business Models
The on-demand economy is driving the transformation of traditional business models to digital
business models to serve customers what they want and where they want it.
Business models are the ways enterprises generate revenue or sustain themselves. Digital
business models define how businesses make money via digital technology. Companies that
adopt digital business models are better positioned to take advantage of business opportunities and survive, according to the Accenture Technology Vision 2013 report (Accenture, 2013).
Figure 1.3 contains examples of new technologies that destroyed old business models and
created new ones.
Twitter dominates the
reporting of news and events
as they are still happening
Facebook became the most
powerful sharing network
in the world
Location-aware technologies
track items through
production and delivery to
reduce wasted time and
inefficiency in supply chains
and other business-tobusiness (B2B) transactions
Smartphones, tablets, other
touch devices, and their apps
reshaped how organizations
interact with customers—and
how customers want
businesses to interact with
them
FIGURE 1.3 Digital business models refer to how companies engage
their customers digitally to create value via websites, social channels, and
mobile devices.
The ways in which market leaders are transitioning to digital business models include the
following:
• NBA talent scouts rely on sports analytics and advanced scouting systems NBA talent
scouts used to crunch players’ stats, watch live player performances, and review hours of
tapes to create player profiles. Now software that tracks players’ performance has changed
how basketball and soccer players are evaluated. For example, STATS’ SportVU technology
is revolutionizing the way sports contests are viewed, understood, played, and enjoyed.
SportVU uses six palm-sized digital cameras that track the movement of every player
on the court, record ball movement 25 times per second, and convert movements into
statistics. SportVU produces real-time and highly complex statistics to complement the traditional play-by-play. Predictive sport analytics can provide a 360-degree view of a player’s
performance and help teams make trading decisions. Sports analytics bring about small
competitive advantages that can shift games and even playoff series.
• Dashboards keep casino floor staff informed of player demand Competition in the
gaming industry is fierce, particularly during bad economic conditions. The use of manual
spreadsheets and gut-feeling decisions did not lead to optimal results. Casino operators facing pressure to increase their bottom line have invested in analytic tools, such as
Doing Business in the On-Demand Economy
Tangam’s Yield Management solution (TYM). TYM is used to increase the yield (profitability)
of blackjack, craps, and other table games. The analysis and insights from real-time apps
are used to improve the gaming experience and comfort of players.
Today, a top concern of well-established corporations, global financial institutions, born-on-theWeb retailers, and government agencies is how to design their digital business models in order to
• Deliver an incredible customer experience
• Turn a profit
• Increase market share
• Engage their employees
In the digital (online) space, the customer experience must measure up to the very best the
Web has to offer. Stakes are high for those who get it right—or get it wrong. Forrester research
repeatedly confirms there is a strong relationship between the quality of a firm’s customer
experience and loyalty, which, in turn, increases revenue (Schmidt-Subramanian et al., 2013).
IT’s Role in the On-Demand Economy
According to the 2016 survey conducted by the Society of Information Management (SIM), 1,213
IT leaders (including 490 chief information officers (CIOs)) from 801 companies reported companies that are more highly digitized and tightly connected are putting a greater emphasis on
the strategic use of IT to enhance growth and improve performance. As a result, IT priorities and
spending are changing (Kappelman et al., 2017).
A review of the top 10 IT management priorities reported in the survey results is shown
in Table 1.1. Along with business-IT alignment and security, Table 1.1 clearly demonstrates a
need for companies to focus on strategic and organizational priorities such as innovation, IT
and business agility, speed of IT delivery, and business productivity and efficiency.
TA B L E 1 . 1
10 Top IT Management Priorities
IT Management Issues
1
Technology Alignment with the Business
2
Security, Cybersecurity & Privacy
3
Innovation
4
IT Agility & Flexibility
5
Business Agility & Flexibility
6
Business Cost Reduction & Controls
7
IT Cost Reduction & Controls
8
Speed of IT Delivery & IT Time to Market
9
Business Strategic Planning
10
Business Productivity & Efficiency
Adapted from Kappelman et al. (2017).
To address these issues, IT leaders said they need to focus on relationships, meet more
frequently with top management, and spend significant amounts of time with functional
leaders, customers, and suppliers. Companies also need to emphasize finding, keeping,
and developing IT talent and on improving IT to improve business performance. These
findings point to one clear message—IT in the on-demand economy is about meeting customer needs.
7
8
CH A PT ER 1
Disruptive IT Impacts Companies, Competition, and Careers
IT Business Objectives
Now, more than ever, IT must be responsive to the needs of consumers who are demanding a
radical overhaul of business processes in companies across diverse industry sectors. Intuitive
interfaces, around-the-clock availability, real-time fulfillment, personalized treatment, global
consistency, and zero errors—this is the world to which customers have become increasingly
accustomed. And, it’s not just about providing a superior user or customer experience—when
companies get it right, they can also offer more competitive prices because of lower costs, better operational controls, and open themselves up to less risk.
According to Chirantan Basu of Chron (Basu, 2017), to stay abreast of the ever-changing
business landscape and customer needs, IT today must concentrate on the following six
business objectives:
1. Product development From innovations in microprocessors to efficient drug-delivery
systems, IT helps businesses respond quickly to changing customer demands.
2. Stakeholder integration Companies use their investor relations websites to
communicate with shareholders, research analysts, and others in the market.
3. Process improvement An ERP system replaces dozens of legacy systems for finance,
human resources, and other functional areas, to increase efficiency and cost-effectiveness
of internal business processes.
4. Cost efficiencies IT allows companies to reduce transaction and implementation costs,
such as costs of duplication and postage of email versus snail mail.
5. Competitive advantage Companies can use agile development, prototyping, and other
systems methodologies to being a product to market cost-effectively and quickly.
6. Globalization Companies can outsource most of their noncore functions, such as HR
and finance, to offshore companies and use ICT to stay in contact with its global employees, customers, and suppliers 24/7.
Every technology innovation triggers opportunities and threats to business models and strategies. With rare exceptions, every business model depends on a mix of IT, knowledge of its
potential, the requirements for success, and, equally important, its limitations.
Questions
1. What precipitated the on-demand economy?
2. How is IT contributing to the success of the on-demand economy?
3. List the six IT business objectives.
4. What are the key strategic and tactical questions that determine an organization’s profi…

Turn in your highest-quality paper
Get a qualified writer to help you with

“ Discussion Question – Module 05: Cybersecurity and Risk Management ”

Get high-quality paper

NEW! AI matching with writer

Are you stuck with your online class?

Get help from our team of writers!

Order Today