1

2
 Seven highly
disruptive
business models

3
4
Business Objectives of IT

1. Product Development—IT helps businesses respond quickly to changing

customer demands
2. Stakeholder Integration—companies use their investor relations websites to
communicate with shareholders, research analysts, and others in the market
3. Process Improvement—An ERP systems replaces dozens of legacy systems
for finance, human resources, and other functional areas, to increase
efficiency and cost-effectiveness of internal business processes
4. Cost Efficiencies—IT allows companies to reduce transaction and
implementation costs, such as costs of duplication and postage of email vs
snail mail.
5. Competitive Advantage—Companies can use agile development,
prototyping, and other systems methodologies to bring a product to market
cost effectively and quickly.
6. Globalization—companies can outsource most of their non-core functions,
such as HR and finance, to offshore companies and use ICT to stay in contact
with its global employees, customers and suppliers

5
 Doing Business in the On-Demand and Sharing Economies: Infrastructure
• Technology platform is the operating system and computer hardware used as a
base upon which other applications, processes, or technologies are developed.
• Technology stack is the multiple layers of hardware, software, network
connectivity, and data analytics capability that comprise a technology platform

Doing Business in the On-Demand and Sharing Economies: Questions

1. Name four disruptive business models and describe what they offer to their
customers.
2. How is IT contributing to the success of the on-demand and shared economies?
3. List the six IT business objectives
4. What are the key strategic and tactical questions that determine an organization’s
profitability and management performance?
5. What is a business model?
6. What is a digital business model?
7. Give two examples of how companies are transitioning to digital business models.
8. What factors are driving the move to digital business models?

6
 Business Process Characteristics
1. Formal Processes or Standard Operating Procedures (SOP): documented and have
well-established steps.
2. Informal Processes: typically undocumented, undefined, or are knowledge-
intensive.
3. Range from slow, rigid to fast-moving, adaptive.
4. Can be rigid, resistant to change, or adaptive, responding to change.
5. Critical success factor (CSF) is an element that is necessary to ensure the success of
an organization or project, such as access to adequate financial resources.

Business Process Improvement: BPR

• Cycle time is the period to complete one cycle of an operation or to complete a function,
job, or task from start to finish.
• Process Improvement
- Continuous examination to determine whether processes are still necessary or operating
at peak efficiency by eliminating wasted steps called Business Process Reengineering
(BPR).
- Digital technology enhances processes by:
• Automating manual procedures
• Expanding data flows to reach more functions and parallel sequential activities
• Creating innovative business processes to create new models.
• Business process management (BPM) consists of the methods, tools, and technology to
support and continuously improve business processes.
7
 Competitive Advantage: its Components

Business Process Improvement and Competition: Questions

1. What is a business process? Give three examples.

2. What is the difference between business deliverables and objectives?
3. List and give examples of the three components of a business process.
4. Explain the differences between formal and informal processes.
5. What is an SOP?
6. What is the purpose of BPM?

8
IS Concepts and Classification

• Information system (IS) is a combination of information technology and

people’s activities using technology to support business processes, operations,
management, and decision-making at different levels of the organization.
• Technology supports organizations and almost every business unit within an
organization.

Components of an
Information System

9
Data, Information, Knowledge, & Wisdom

Data describes products, customers, events, activities,

and transactions that are recorded, classified, and
stored.
Information is data that have been processed,
organized, or put into context with meaning and
value to the recipient.
Knowledge applies understanding, experience,
accumulated learning, and expertise to current
problem.
- Explicit knowledge is the most basic form of
knowledge and is easy to communicate, store,
and distribute
- Tacit knowledge is the opposite of explicit
knowledge and is difficult to transfer to
others. It is personal, context-specific, and
experiential.
Wisdom is a collection of values, ethics, moral codes,
and prior experiences that form an evaluated
understanding or commonsense judgment.

10
11
Transaction Processing Systems (TPS)

Transaction processing system (TPS) is an information system that collects,

monitors, stores, processes, and distributes specific types of data input from ongoing
transactions.
• Internal transactions: originate or occur within the organization (payroll,
purchases, etc.)
• External transactions: originate outside the organization (customers, suppliers,
etc.)

Real-Time Versus Batch Processing

• Real-time processing or OLTP: processes each transaction as it occurs

• Batch Processing: collects all transactions for a time period, then processes the data at
a predetermined time, such as hourly, daily, or weekly
• Batch processing costs less than OLTP, but may be inaccurate from update delays

12
13
Comparing IT infrastructure, IT architecture, and EA

14
Measuring EA Success: KPIs

• Key Performance Indicators (KPIs) are a set of quantifiable measures used to

evaluate factors that are critical to the success of an organization.
• KPIs help reduce the complex nature of EA performance to a small number of
understandable measures such as capabilities, operational performance, project
performance, and financial performance.

EA Components

15
Data Centers and Cloud Computing: Questions
1. What is a data center?
2. What is the difference between on premise data centers and cloud computing?
3. What is an SDDC?
4. What are the advantages of using an SDDC?
5. How can cloud computing solve the problems of managing software licenses?
6. What factors should be considered when selecting a cloud vendor or provider?
7. When are private clouds used instead of public clouds?
8. Explain three issues that need to be addressed when moving to cloud computing or services.

Virtualization and Virtual Machines: Questions

1. What are the main types of XaaS?
2. What are the advantages of using cloud computing?
3. How might companies risk violating regulation or compliance requirements with cloud
services?
4. In what ways is a virtualized information system different from a traditional information
system?
5. Describe the different types of Virtualization.
6. What is load balancing and why is it important?

16
Data Management

• Oversees the end-to-end lifecycle of data from creation and initial storage to the time
when it becomes obsolete and is deleted.
• The goals of effective data management include:
1. Mitigating the risks and costs of complying with regulations.
2. Ensuring legal requirements are met.
3. Safeguarding data security.
4. Maintaining accuracy of data and availability.
5. Certifying consistency in data that come from or go to multiple locations.
6. Ensuring that data conform to organizational best practices for access,
storage, backup, and disposal.
• Benefits of data management include:
1. greater compliance
2. higher security
3. less legal liability
4. improved sales and marketing strategies
5. better product classification
6. improved data governance to reduce risk.

17
Data modeling language: Approaches to the modeling language of the DBMS
include hierarchical, network, relational, and object-
oriented.
Data modeling language: Network
A data model that allows multiple records to be linked to
the same parent.
Data modeling language: Relational
An approach to managing data using a structure and
language that involves the use of data tables to collect
groups of elements into relations.
Data modeling language: Object-Oriented (OO)
A data model that supports the modelling and creation of
data entities as objects that contain both data and the
relationships of those data
Data modeling language: Blockchain
A distributed ledger represented by a sequential chain of
data blocks that records transactions, establishes identity
of the user, and establishes contracts.

18
Electronic Document, Record, and
Content Management
• Electronic content is a collection of
documents, records, and unstructured
data available as a broad range of digital
assets, such as audio, video, flash,
multimedia files, and so on.
• Electronic document is any paper,
electronic form, file, email, fax, contract,
lease, and so on actively being worked
on.
• Electronic record is any document that
has been made final and is no longer
meant to be altered.

19
Internet of Things (IoT) is the network of physical objects or “things”
embedded with electronics, software, sensors, and network connectivity, that
enables these objects to collect and exchange data.

Factors Driving IoT

• Development of more smart devices with Wi-Fi capabilities
• More widely available broadband Internet
• Overwhelming popularity of the smartphone
• Development of IPv6
• Introduction of 5G networks
• Lower cost of connecting
• Development of embedded sensors

20
The Growth of IoT
The popularity and use of IoT is
growing. In 1990, there were 300,000
connected IoT devices, in 2019 there
were 14.2 billion, and it is estimated
that the number of IoT connections
would be 25 billion in 2021.

21
Advantages of IoT Disadvantages of IoT

• Monitoring performance, quality, and • Network security

reliability of products and services • Data privacy
• Gaining insight into potential new • Data analysis capabilities
products and service • Data collection capabilities
• Support sales • Realistic efficiency opportunities
• Better understand product use • Realistic new revenue
• Remote troubleshooting of products opportunities
• Deliver revenue-generating post-sales • Cost
service
• More efficiently deliver post-sales services

22
Edge computing is a
new networking
technology that brings
the data closer to
where it is being used
and is being enabled by
the new, faster 5G
networks.

23
Data privacy is the right to self-determine what information about you is made accessible, to whom,
when, and for what use or purpose.
It centers around the following four main concerns:
1. How data are shared with third parties
2. How data are collected and stored
3. How data are used
4. How data are regulated

Terminology
• Cyberattack is an actual attempt to expose, alter, disable, destroy, steal, or gain unauthorized
access to a computer system, infrastructure, network, or any other smart device.
• Cyber threat is the method used to commit a cyberattack that seeks to damage data, steal
sensitive data, or disrupt digital life in general.
• Cyber security is the discipline dedicated to protecting information and systems used to process
and store it from attack, damage, or unauthorized access.
• Data breach is the successful retrieval of sensitive information by an unauthorized individual,
group, or software system.
• Vulnerability is a gap in IT security defenses of a network, system, or application that can be
exploited by a cyber threat to gain unauthorized access.
• Attack vector is a path or means by which a computer criminal can gain access to a computer or
network server in order to deliver a malicious outcome.

24
Cyber Threats: Intentional/Unintentional

Physical theft or loss is the threat of an information asset going missing, whether
through negligence or malice
Miscellaneous errors: The main concern related to this source of cyberthreat is a
shortage of capacity that prevents information from being available where and when
needed.

25
26
27
28
29
Managing Risk
• Risk is a situation
involving exposure to
danger.
• Risks mitigation is the
action taken to reduce
threats and ensure
resiliency.

30
Business Continuity Planning
• Business continuity refers to maintaining business functions or restoring them quickly
when there has been a major disruption.
• The plan covers business processes, assets, human resources, business partners, and
more.
• Each function in the business should have a feasible backup plan.
• To supplement and strengthen a business continuity plan the following strategies can
be put in place to help reduce the impact of a disaster or disruption:
• Direct individual employees to make regular off-site backups of their files that can be
accessed remotely with a secure username and password
• Deploy a cloud-based Email Continuity Solution to provide uninterrupted access to e-mail.
• Make sure you have cross-device software compatibility so that business can continue on
employee mobile devices.
• Unify communications on a secure off-site cloud server that will keep operating in the event
of a power outage, natural disaster or other disruptions.
• To supplement and strengthen a business continuity plan the following strategies
can be put in place to help reduce the impact of a disaster or disruption (cont.):
• Establish a service-level agreement with your provider that offers fast support, emergency
backup and routing to alternative servers when necessary.
• Put processes in place to ensure that IT teams can act quickly without approvals in case of a
disaster or disruption.
• Make sure enough resources are allocated in the IT budget for adequate business continuity
and disaster recovery services

31
Regulatory Controls, Frameworks, and Models

• General defense controls are

established to protect the system
regardless of the specific
application.
• Application defense controls are
safeguards that are intended to
protect specific applications.

32
Risk Management and IT Governance Frameworks

Two widely accepted frameworks that guide risk management

and IT governance are:
• Enterprise Risk Management Framework ERM is a risk-based
approach to managing an enterprise developed by the Committee of
Sponsoring Organizations of the Treadway Commission (COSO).
• The COBIT 2019 Framework. COBIT 2019 is a globally recognized
governance framework that integrates security, risk management,
and IT governance developed by ISACA—the International Systems
Audit and Control Association (www.isaca.org)

33
34
35
IT Security Defense-In-Depth Model

The Defense-in-Depth
Model is based upon the
premise that no
organization can ever be
fully protected by a single
layer of security. However,
when there are multiple
levels of security defenses
in place the gaps created
by a single level of security
can be effectively
eliminated.

36