Discussion Management Of Information Systems
Week 7 – Choices in Systems Acquisition and Risks, Security, and Disaster Recovery
Sousa, K., & Oz, E. (2015). Management Information Systems, 7th Edition. Cengage Learning.
· Chapter 13
· Chapter 14
Week 7 Lecture 1 – Choices in Systems Acquisition and Risks, Security
Management of Information Systems
Choices in Systems Acquisition and Risks, Security
Options to consider when acquiring a new system are, development in-house, outsourcing, licensing, software as a service (SaaS), and having users develop the system. There are trade-offs to consider for each option. In-house development has several advantages to consider such as a good fit to organizational need and culture, dedicated maintenance, since the developers are accessible within the company, seamless interface, when the system is custom-made for an organization special requirements can be implemented to ensure that it has proper interfaces with other systems, and specialized security, special security measures can be integrated into an application. Additionally, there is a potential for strategic advantage. Some of the disadvantages of in-house development are, high cost, a long wait for development personnel, who might be busy with other projects and the application may be excessively organization specific to integrate with other systems.
Advantages of outsourcing are improved financial planning sense outsourcing enables a client to know the exact costs of IT functions over the period of a contract. Another advantage is reduced license and maintenance fee discounts. Outsourcing gives businesses an opportunity to increase their attention to the core business by letting experts manage IT. Outsourcing also provides shorter implementation time as IT vendors can in most cases complete a new application in less time than in-house development. A reduction in personnel as another advantage as IS salaries and benefits are expensive. Outsourcing increases access to highly qualified knowledge. Clients can tap into the IT vendor’s knowledge and experience gained by working with many clients in different environments.
Some of the risks of outsourcing IT services are a loss of control, a loss of experienced employees, outsourcing involves transferring organizations employees to the highest vendor, the risk of losing competitive advantage outsourcing the development of strategic systems is the same as disclosing trade secrets. Another disadvantage is high price despite careful pre-contractual calculations companies find that outsourcing cost them significantly more than if they had spent their resources on in-house development.
Benefits of licensing software are immediate system availability, low price (the license fee), available support, and high quality. Immediate availability shortens the time from when a decision is made to acquire the new system and when the new system begins to be productive. The product is high quality because the software company specializes in producing the product. The licensing fee is small because the cost of developing the software has been spread out among many elements. Software support is usually included with the license.
Figure 11 Steps in licensing software © Cengage Learning 2015
Some of the risks of licensing software are that the software is a loose fit to the needs of the organization and culture software’s ready-made and developed for the widest common denominator another risk is that modifications to the software can be difficult and complicated to maintain. There is a chance that the vendor could dissolve or stop supporting the software. Changes in the vendor’s organization can influence the support and the quality of software upgrades.
Software as a service (SaaS)
An application service provider (ASP) is an organization that offers use of software over a network such as the Internet or a private network. Applications provided by ASPs are referred to as software as a service (SaaS). The application is not installed on the client’s computer. However, the client can choose to save data to their local computer. Benefits of software as a service are, the elimination of the need to maintain application software, elimination of reliance on experts for installation and maintenance, there’s no need to purchase hardware for installation, there’s a significant reduction in implementation time, there’s no financial risk, and the support is provided by the SaaS vendor.
Caveat emptor, buyer, beware. ASPs can disappoint organizations by not providing the scope of services and level of reliability expected. Before deciding on an ASP thoroughly research its history, validate the ASP’s financial strength, ensure that you understand the price structure, get a list of the ASP’s infrastructure, and carefully craft a service contract. An important aspect to check is the uptime of the ASP systems. An appropriate uptime percentage would be 99.999%. An inappropriate percentage would be 99.9% that allows 500 minutes per year of downtime which would be unacceptable in most cases.
User application development
Another alternative to software development is user application development which is sometimes appropriate when organizations do not wish to purchase or rent an application that is not very complex. User application development is performed by nonprogrammers for their own use. These applications tend to be fairly simple and limited in scope, and can be maintained by the end-users. These applications are usually used for a brief period of time and then discarded end-user should not develop complex applications that interface with other systems. An advantage of end-user development is sure to lead times. Another advantages user application development is a good fit to the organizational needs. User application development complies with the organizational culture, and it can be an efficient use of resources, and it also frees up information systems staff time.
A disadvantage of user application development is that the applications are can be poorly developed. Another disadvantage is that an organization that relies on users development runs a risk of creating islands of information or private databases. Sometimes users will develop applications that are identical to existing systems elsewhere in the organization. Security issues could arise, particularly if the user developer is given access to organizational databases to develop the application. Additionally, user-developed applications tend to be poorly documented.
Week 7 Lecture 2 – Disaster Recovery
Management of Information Systems
Risks and Security
As companies have increased their dependency on the Internet, the risk to information has increased. Information technology has connected individuals and organizations, and threats have increased proportionately. Security and data breaches associated with information technology has eroded trust in business organizations and government entities. Although hardware and software are expensive investments and should be protected, security of data is far more critical for an organization.
Controls are actions taken to minimize damage to or loss of data, software, or hardware. Controls are applied in the form of hardware, procedures, and software. A control is a constraint. The challenge is to apply a constraint that poses minimal delay and inconvenience to legitimate users of data, hardware, and software.
Increasingly businesses are creating business recovery plans or business continuity plans, or business resumption plans. These plans detail what should be done if critical systems go down. Business recovery plans should not focus on the damage to an organization’s assets, but to its business. The plan should contain contingencies in the case of a disaster that would enable resumption of business operations.
Experts have proposed nine steps to a business recovery plan.
Obtain management’s commitment to the plan
Establish a planning committee
Perform risk assessment and implement analysis
Prioritize recovery needs
Select a recovery plan
Develop and implement the plan
Test the plan
Continually test and evaluate
Some companies choose not to develop fully their own recovery plan and choose to outsource it to companies that specialize in either disaster recovery planning or provision of alternative sites. Some companies provide both planning and software for disaster recovery. Duplicate databases and applications are maintained for clients.